mirror of
https://github.com/scsibug/nostr-rs-relay.git
synced 2024-11-14 15:09:07 -05:00
nip42 authorized whitelisted client can always post
This commit is contained in:
parent
6329acd82b
commit
53429075d6
|
@ -173,6 +173,8 @@ limit_scrapers = false
|
||||||
#]
|
#]
|
||||||
# Enable NIP-42 authentication
|
# Enable NIP-42 authentication
|
||||||
#nip42_auth = false
|
#nip42_auth = false
|
||||||
|
# Allow whitelisted NIP-42 authenticated client to post from any pubkey
|
||||||
|
#nip42_whitelist = false
|
||||||
# Send DMs (kind 4 and 44) and gift wraps (kind 1059) only to their authenticated recipients
|
# Send DMs (kind 4 and 44) and gift wraps (kind 1059) only to their authenticated recipients
|
||||||
#nip42_dms = false
|
#nip42_dms = false
|
||||||
|
|
||||||
|
|
|
@ -83,6 +83,7 @@ pub struct Limits {
|
||||||
pub struct Authorization {
|
pub struct Authorization {
|
||||||
pub pubkey_whitelist: Option<Vec<String>>, // If present, only allow these pubkeys to publish events
|
pub pubkey_whitelist: Option<Vec<String>>, // If present, only allow these pubkeys to publish events
|
||||||
pub nip42_auth: bool, // if true enables NIP-42 authentication
|
pub nip42_auth: bool, // if true enables NIP-42 authentication
|
||||||
|
pub nip42_whitelist: bool, // if true allows whitelisted NIP-42 authenticated clients to publish events from any pubkey
|
||||||
pub nip42_dms: bool, // if true send DMs only to their authenticated recipients
|
pub nip42_dms: bool, // if true send DMs only to their authenticated recipients
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -325,6 +326,7 @@ impl Default for Settings {
|
||||||
authorization: Authorization {
|
authorization: Authorization {
|
||||||
pubkey_whitelist: None, // Allow any address to publish
|
pubkey_whitelist: None, // Allow any address to publish
|
||||||
nip42_auth: false, // Disable NIP-42 authentication
|
nip42_auth: false, // Disable NIP-42 authentication
|
||||||
|
nip42_whitelist: false, // Disable NIP-42 whitelist
|
||||||
nip42_dms: false, // Send DMs to everybody
|
nip42_dms: false, // Send DMs to everybody
|
||||||
},
|
},
|
||||||
pay_to_relay: PayToRelay {
|
pay_to_relay: PayToRelay {
|
||||||
|
|
12
src/db.rs
12
src/db.rs
|
@ -204,9 +204,19 @@ pub async fn db_writer(
|
||||||
if !pay_to_relay_enabled {
|
if !pay_to_relay_enabled {
|
||||||
// check if this event is authorized.
|
// check if this event is authorized.
|
||||||
if let Some(allowed_addrs) = whitelist {
|
if let Some(allowed_addrs) = whitelist {
|
||||||
|
let mut whitelisted = false;
|
||||||
|
if settings.authorization.nip42_auth && settings.authorization.nip42_whitelist {
|
||||||
|
if let Some(auth_pubkey) = subm_event.auth_pubkey.clone() {
|
||||||
|
if allowed_addrs.contains(&hex::encode(auth_pubkey)) {
|
||||||
|
// A nip42 authenticated whitelisted client can post whatever they want
|
||||||
|
debug!("nip42 authenticated client may publish");
|
||||||
|
whitelisted = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
// TODO: incorporate delegated pubkeys
|
// TODO: incorporate delegated pubkeys
|
||||||
// if the event address is not in allowed_addrs.
|
// if the event address is not in allowed_addrs.
|
||||||
if !allowed_addrs.contains(&event.pubkey) {
|
if !whitelisted && !allowed_addrs.contains(&event.pubkey) {
|
||||||
debug!(
|
debug!(
|
||||||
"rejecting event: {}, unauthorized author",
|
"rejecting event: {}, unauthorized author",
|
||||||
event.get_event_id_prefix()
|
event.get_event_id_prefix()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user