feat: send notices when authorization checks fail

config.toml

@@ -80,6 +80,7 @@ reject_future_seconds = 1800
 # metadata for event authors, "passive" to perform validation but
 # never block publishing, or "disabled" to do nothing.
 #mode = "disabled"
+mode = "passive"
 
 # Domain names that will be prevented from publishing events.
 #domain_blacklist = ["wellorder.net"]

src/db.rs

@@ -27,6 +27,13 @@ use tokio::task;
 
 pub type SqlitePool = r2d2::Pool<r2d2_sqlite::SqliteConnectionManager>;
 pub type PooledConnection = r2d2::PooledConnection<r2d2_sqlite::SqliteConnectionManager>;
+
+/// Events submitted from a client, with a return channel for notices
+pub struct SubmittedEvent {
+    pub event: Event,
+    pub notice_tx: tokio::sync::mpsc::Sender<String>,
+}
+
 /// Database file
 pub const DB_FILE: &str = "nostr.db";
 
@@ -76,7 +83,7 @@ pub fn build_conn(flags: OpenFlags) -> Result<Connection> {
 
 /// Spawn a database writer that persists events to the SQLite store.
 pub async fn db_writer(
-    mut event_rx: tokio::sync::mpsc::Receiver<Event>,
+    mut event_rx: tokio::sync::mpsc::Receiver<SubmittedEvent>,
     bcast_tx: tokio::sync::broadcast::Sender<Event>,
     metadata_tx: tokio::sync::broadcast::Sender<Event>,
     mut shutdown: tokio::sync::broadcast::Receiver<()>,
@@ -131,18 +138,20 @@ pub async fn db_writer(
                 break;
             }
             let mut event_write = false;
-            let event = next_event.unwrap();
-
+            let subm_event = next_event.unwrap();
+            let event = subm_event.event;
+            let notice_tx = subm_event.notice_tx;
             // check if this event is authorized.
             if let Some(allowed_addrs) = whitelist {
-                debug!("Checking against pubkey whitelist");
                 // if the event address is not in allowed_addrs.
                 if !allowed_addrs.contains(&event.pubkey) {
                     info!(
                         "Rejecting event {}, unauthorized author",
                         event.get_event_id_prefix()
                     );
-                    // TODO: define a channel that can send NOTICEs back to the client.
+                    notice_tx
+                        .try_send("pubkey is not allowed to publish to this relay".to_owned())
+                        .ok();
                     continue;
                 }
             }
@@ -171,6 +180,12 @@ pub async fn db_writer(
                                   uv.name.to_string(),
                                   event.get_author_prefix()
                             );
+                            notice_tx
+                                .try_send(
+                                    "NIP-05 verification is no longer valid (expired/wrong domain)"
+                                        .to_owned(),
+                                )
+                                .ok();
                             continue;
                         }
                     }
@@ -179,6 +194,9 @@ pub async fn db_writer(
                             "no verification records found for pubkey: {:?}",
                             event.get_author_prefix()
                         );
+                        notice_tx
+                            .try_send("NIP-05 verification needed to publish events".to_owned())
+                            .ok();
                         continue;
                     }
                     Err(e) => {
@@ -207,6 +225,12 @@ pub async fn db_writer(
                 }
                 Err(err) => {
                     warn!("event insert failed: {:?}", err);
+                    notice_tx
+                        .try_send(
+                            "relay experienced an error trying to publish the latest event"
+                                .to_owned(),
+                        )
+                        .ok();
                 }
             }
 

src/main.rs

@@ -13,6 +13,7 @@ use nostr_rs_relay::close::CloseCmd;
 use nostr_rs_relay::config;
 use nostr_rs_relay::conn;
 use nostr_rs_relay::db;
+use nostr_rs_relay::db::SubmittedEvent;
 use nostr_rs_relay::error::{Error, Result};
 use nostr_rs_relay::event::Event;
 use nostr_rs_relay::event::EventCmd;
@@ -51,7 +52,7 @@ async fn handle_web_request(
     pool: db::SqlitePool,
     remote_addr: SocketAddr,
     broadcast: Sender<Event>,
-    event_tx: tokio::sync::mpsc::Sender<Event>,
+    event_tx: tokio::sync::mpsc::Sender<SubmittedEvent>,
     shutdown: Receiver<()>,
 ) -> Result<Response<Body>, Infallible> {
     match (
@@ -232,7 +233,8 @@ fn main() -> Result<(), Error> {
         let (bcast_tx, _) = broadcast::channel::<Event>(settings.limits.broadcast_buffer);
         // validated events that need to be persisted are sent to the
         // database on via this channel.
-        let (event_tx, event_rx) = mpsc::channel::<Event>(settings.limits.event_persist_buffer);
+        let (event_tx, event_rx) =
+            mpsc::channel::<SubmittedEvent>(settings.limits.event_persist_buffer);
         // establish a channel for letting all threads now about a
         // requested server shutdown.
         let (invoke_shutdown, shutdown_listen) = broadcast::channel::<()>(1);
@@ -359,7 +361,7 @@ async fn nostr_server(
     pool: db::SqlitePool,
     mut ws_stream: WebSocketStream<Upgraded>,
     broadcast: Sender<Event>,
-    event_tx: tokio::sync::mpsc::Sender<Event>,
+    event_tx: mpsc::Sender<SubmittedEvent>,
     mut shutdown: Receiver<()>,
 ) {
     // get a broadcast channel for clients to communicate on
@@ -370,6 +372,9 @@ async fn nostr_server(
     // Create a channel for receiving query results from the database.
     // we will send out the tx handle to any query we generate.
     let (query_tx, mut query_rx) = mpsc::channel::<db::QueryResult>(256);
+    // Create channel for receiving NOTICEs
+    let (notice_tx, mut notice_rx) = mpsc::channel::<String>(32);
+
     // maintain a hashmap of a oneshot channel for active subscriptions.
     // when these subscriptions are cancelled, make a message
     // available to the executing query so it knows to stop.
@@ -408,9 +413,12 @@ async fn nostr_server(
                 // Send a ping
                 ws_stream.send(Message::Ping(Vec::new())).await.ok();
             },
+            Some(notice_msg) = notice_rx.recv() => {
+                let n = notice_msg.to_string().replace("\"", "");
+                ws_stream.send(Message::Text(format!("[\"NOTICE\",\"{}\"]", n))).await.ok();
+            },
             Some(query_result) = query_rx.recv() => {
                 // database informed us of a query result we asked for
-                //let res = EventRes(query_result.sub_id,query_result.event);
                 client_received_event_count += 1;
                 // send a result
                 let subesc = query_result.sub_id.replace("\"", "");
@@ -474,14 +482,9 @@ async fn nostr_server(
                             Ok(e) => {
                                 let id_prefix:String = e.id.chars().take(8).collect();
                                 debug!("successfully parsed/validated event: {:?} from client: {:?}", id_prefix, cid);
-                                // TODO: consider moving some/all
-                                // authorization checks here, instead
-                                // of the DB module, so we can send a
-                                // proper NOTICE back to the client if
-                                // they are unable to write.
-
-                                // Write this to the database
-                                event_tx.send(e.clone()).await.ok();
+                                // Write this to the database.
+                                let submit_event = SubmittedEvent { event: e.clone(), notice_tx: notice_tx.clone() };
+                                event_tx.send(submit_event).await.ok();
                                 client_published_event_count += 1;
                             },
                             Err(_) => {