nip42 authorized whitelisted client can always post

This commit is contained in:
Sjors Provoost 2024-09-16 16:08:28 +02:00
parent 6329acd82b
commit 53429075d6
No known key found for this signature in database
GPG Key ID: 57FF9BDBCC301009
3 changed files with 15 additions and 1 deletions

View File

@ -173,6 +173,8 @@ limit_scrapers = false
#]
# Enable NIP-42 authentication
#nip42_auth = false
# Allow whitelisted NIP-42 authenticated client to post from any pubkey
#nip42_whitelist = false
# Send DMs (kind 4 and 44) and gift wraps (kind 1059) only to their authenticated recipients
#nip42_dms = false

View File

@ -83,6 +83,7 @@ pub struct Limits {
pub struct Authorization {
pub pubkey_whitelist: Option<Vec<String>>, // If present, only allow these pubkeys to publish events
pub nip42_auth: bool, // if true enables NIP-42 authentication
pub nip42_whitelist: bool, // if true allows whitelisted NIP-42 authenticated clients to publish events from any pubkey
pub nip42_dms: bool, // if true send DMs only to their authenticated recipients
}
@ -325,6 +326,7 @@ impl Default for Settings {
authorization: Authorization {
pubkey_whitelist: None, // Allow any address to publish
nip42_auth: false, // Disable NIP-42 authentication
nip42_whitelist: false, // Disable NIP-42 whitelist
nip42_dms: false, // Send DMs to everybody
},
pay_to_relay: PayToRelay {

View File

@ -204,9 +204,19 @@ pub async fn db_writer(
if !pay_to_relay_enabled {
// check if this event is authorized.
if let Some(allowed_addrs) = whitelist {
let mut whitelisted = false;
if settings.authorization.nip42_auth && settings.authorization.nip42_whitelist {
if let Some(auth_pubkey) = subm_event.auth_pubkey.clone() {
if allowed_addrs.contains(&hex::encode(auth_pubkey)) {
// A nip42 authenticated whitelisted client can post whatever they want
debug!("nip42 authenticated client may publish");
whitelisted = true;
}
}
}
// TODO: incorporate delegated pubkeys
// if the event address is not in allowed_addrs.
if !allowed_addrs.contains(&event.pubkey) {
if !whitelisted && !allowed_addrs.contains(&event.pubkey) {
debug!(
"rejecting event: {}, unauthorized author",
event.get_event_id_prefix()