nostr/nostr-rs-relay
1
0
Fork 0
mirror of https://github.com/scsibug/nostr-rs-relay.git synced 2024-11-14 15:09:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

nip42 authorized whitelisted client can always post

Browse Source
This commit is contained in:
Sjors Provoost 2024-09-16 16:08:28 +02:00
parent 6329acd82b
commit 53429075d6
No known key found for this signature in database
GPG Key ID: 57FF9BDBCC301009
3 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.toml
View File

@ -173,6 +173,8 @@ limit_scrapers = false
#] #]
# Enable NIP-42 authentication # Enable NIP-42 authentication
#nip42_auth = false #nip42_auth = false
# Allow whitelisted NIP-42 authenticated client to post from any pubkey
#nip42_whitelist = false
# Send DMs (kind 4 and 44) and gift wraps (kind 1059) only to their authenticated recipients # Send DMs (kind 4 and 44) and gift wraps (kind 1059) only to their authenticated recipients
#nip42_dms = false #nip42_dms = false

2
src/config.rs
View File

@ -83,6 +83,7 @@ pub struct Limits {
pub struct Authorization { pub struct Authorization {
pub pubkey_whitelist: Option<Vec<String>>, // If present, only allow these pubkeys to publish events pub pubkey_whitelist: Option<Vec<String>>, // If present, only allow these pubkeys to publish events
pub nip42_auth: bool, // if true enables NIP-42 authentication pub nip42_auth: bool, // if true enables NIP-42 authentication
pub nip42_whitelist: bool, // if true allows whitelisted NIP-42 authenticated clients to publish events from any pubkey
pub nip42_dms: bool, // if true send DMs only to their authenticated recipients pub nip42_dms: bool, // if true send DMs only to their authenticated recipients
} }
@ -325,6 +326,7 @@ impl Default for Settings {
authorization: Authorization { authorization: Authorization {
pubkey_whitelist: None, // Allow any address to publish pubkey_whitelist: None, // Allow any address to publish
nip42_auth: false, // Disable NIP-42 authentication nip42_auth: false, // Disable NIP-42 authentication
nip42_whitelist: false, // Disable NIP-42 whitelist
nip42_dms: false, // Send DMs to everybody nip42_dms: false, // Send DMs to everybody
}, },
pay_to_relay: PayToRelay { pay_to_relay: PayToRelay {

12
src/db.rs
View File

@ -204,9 +204,19 @@ pub async fn db_writer(
if !pay_to_relay_enabled { if !pay_to_relay_enabled {
// check if this event is authorized. // check if this event is authorized.
if let Some(allowed_addrs) = whitelist { if let Some(allowed_addrs) = whitelist {
let mut whitelisted = false;
if settings.authorization.nip42_auth && settings.authorization.nip42_whitelist {
if let Some(auth_pubkey) = subm_event.auth_pubkey.clone() {
if allowed_addrs.contains(&hex::encode(auth_pubkey)) {
// A nip42 authenticated whitelisted client can post whatever they want
debug!("nip42 authenticated client may publish");
whitelisted = true;
}
}
}
// TODO: incorporate delegated pubkeys // TODO: incorporate delegated pubkeys
// if the event address is not in allowed_addrs. // if the event address is not in allowed_addrs.
if !allowed_addrs.contains(&event.pubkey) { if !whitelisted && !allowed_addrs.contains(&event.pubkey) {
debug!( debug!(
"rejecting event: {}, unauthorized author", "rejecting event: {}, unauthorized author",
event.get_event_id_prefix() event.get_event_id_prefix()