39 lines
1.4 KiB
Go
39 lines
1.4 KiB
Go
package policies
|
|
|
|
import (
|
|
"context"
|
|
|
|
"slices"
|
|
|
|
"github.com/fiatjaf/khatru"
|
|
"github.com/nbd-wtf/go-nostr"
|
|
)
|
|
|
|
// RejectKind04Snoopers prevents reading NIP-04 messages from people not involved in the conversation.
|
|
func RejectKind04Snoopers(ctx context.Context, filter nostr.Filter) (bool, string) {
|
|
// prevent kind-4 events from being returned to unauthed users,
|
|
// only when authentication is a thing
|
|
if !slices.Contains(filter.Kinds, 4) {
|
|
return false, ""
|
|
}
|
|
|
|
ws := khatru.GetConnection(ctx)
|
|
senders := filter.Authors
|
|
receivers, _ := filter.Tags["p"]
|
|
switch {
|
|
case ws.AuthedPublicKey == "":
|
|
// not authenticated
|
|
return true, "restricted: this relay does not serve kind-4 to unauthenticated users, does your client implement NIP-42?"
|
|
case len(senders) == 1 && len(receivers) < 2 && (senders[0] == ws.AuthedPublicKey):
|
|
// allowed filter: ws.authed is sole sender (filter specifies one or all receivers)
|
|
return false, ""
|
|
case len(receivers) == 1 && len(senders) < 2 && (receivers[0] == ws.AuthedPublicKey):
|
|
// allowed filter: ws.authed is sole receiver (filter specifies one or all senders)
|
|
return false, ""
|
|
default:
|
|
// restricted filter: do not return any events,
|
|
// even if other elements in filters array were not restricted).
|
|
// client should know better.
|
|
return true, "restricted: authenticated user does not have authorization for requested filters."
|
|
}
|
|
}
|