mirror of
https://github.com/scsibug/nostr-rs-relay.git
synced 2025-09-01 03:40:46 -04:00
Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
26f296f76f | ||
|
|
c3c9b5dcd2 | ||
|
|
da29bdd837 | ||
|
|
bacb85024c | ||
|
7a77c459bb | ||
|
|
34c8b04926 | ||
|
|
1032a51220 | ||
|
79abd981e1 | ||
|
b1957ab2b1 | ||
|
|
23aa6e7313 | ||
|
|
fb751ba252 | ||
|
|
7c5e851b82 | ||
|
|
f965c53434 | ||
|
|
74376d94e5 |
1669
Cargo.lock
generated
1669
Cargo.lock
generated
File diff suppressed because it is too large
Load Diff
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "nostr-rs-relay"
|
||||
version = "0.8.10"
|
||||
version = "0.8.13"
|
||||
edition = "2021"
|
||||
authors = ["Greg Heartsfield <scsibug@imap.cc>"]
|
||||
description = "A relay implementation for the Nostr protocol"
|
||||
@@ -39,7 +39,7 @@ lazy_static = "1.4"
|
||||
governor = "0.4"
|
||||
nonzero_ext = "0.3"
|
||||
hyper = { version="0.14", features=["client", "server","http1","http2","tcp"] }
|
||||
hyper-tls = "0.5"
|
||||
hyper-rustls = { version = "0.24" }
|
||||
http = { version = "0.2" }
|
||||
parse_duration = "2"
|
||||
rand = "0.8"
|
||||
@@ -57,6 +57,7 @@ qrcode = { version = "0.12.0", default-features = false, features = ["svg"] }
|
||||
nostr = { version = "0.18.0", default-features = false, features = ["base", "nip04", "nip19"] }
|
||||
[target.'cfg(not(target_env = "msvc"))'.dependencies]
|
||||
tikv-jemallocator = "0.5"
|
||||
log = "0.4"
|
||||
|
||||
[dev-dependencies]
|
||||
anyhow = "1"
|
||||
|
||||
@@ -40,7 +40,7 @@ description = "A newly created nostr-rs-relay.\n\nCustomize this with your own i
|
||||
# Use an in-memory database instead of 'nostr.db'.
|
||||
# Requires sqlite engine.
|
||||
# Caution; this will not survive a process restart!
|
||||
in_memory = true
|
||||
#in_memory = false
|
||||
|
||||
# Database connection pool settings for subscribers:
|
||||
|
||||
@@ -160,7 +160,7 @@ reject_future_seconds = 1800
|
||||
#]
|
||||
# Enable NIP-42 authentication
|
||||
#nip42_auth = false
|
||||
# Send DMs events (kind 4) only to their authenticated recipients
|
||||
# Send DMs (kind 4 and 44) and gift wraps (kind 1059) only to their authenticated recipients
|
||||
#nip42_dms = false
|
||||
|
||||
[verified_users]
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||
tonic_build::configure()
|
||||
.build_server(false)
|
||||
.build_server(true)
|
||||
.protoc_arg("--experimental_allow_proto3_optional")
|
||||
.compile(&["../../proto/nauthz.proto"], &["../../proto"])?;
|
||||
Ok(())
|
||||
|
||||
10
src/conn.rs
10
src/conn.rs
@@ -156,7 +156,7 @@ impl ClientConn {
|
||||
self.auth = Challenge(Uuid::new_v4().to_string());
|
||||
}
|
||||
|
||||
pub fn authenticate(&mut self, event: &Event, relay_url: &String) -> Result<()> {
|
||||
pub fn authenticate(&mut self, event: &Event, relay_url: &str) -> Result<()> {
|
||||
match &self.auth {
|
||||
Challenge(_) => (),
|
||||
AuthPubkey(_) => {
|
||||
@@ -181,15 +181,15 @@ impl ClientConn {
|
||||
return Err(Error::AuthFailure);
|
||||
}
|
||||
|
||||
let mut challenge: Option<&String> = None;
|
||||
let mut relay: Option<&String> = None;
|
||||
let mut challenge: Option<&str> = None;
|
||||
let mut relay: Option<&str> = None;
|
||||
|
||||
for tag in &event.tags {
|
||||
if tag.len() == 2 && tag.get(0) == Some(&"challenge".into()) {
|
||||
challenge = tag.get(1);
|
||||
challenge = tag.get(1).map(|x| x.as_str());
|
||||
}
|
||||
if tag.len() == 2 && tag.get(0) == Some(&"relay".into()) {
|
||||
relay = tag.get(1);
|
||||
relay = tag.get(1).map(|x| x.as_str());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,6 +11,7 @@ use crate::repo::NostrRepo;
|
||||
use crate::server::NostrMetrics;
|
||||
use governor::clock::Clock;
|
||||
use governor::{Quota, RateLimiter};
|
||||
use log::LevelFilter;
|
||||
use nostr::key::FromPkStr;
|
||||
use nostr::key::Keys;
|
||||
use r2d2;
|
||||
@@ -20,7 +21,6 @@ use sqlx::ConnectOptions;
|
||||
use std::sync::Arc;
|
||||
use std::thread;
|
||||
use std::time::{Duration, Instant};
|
||||
use tracing::log::LevelFilter;
|
||||
use tracing::{debug, info, trace, warn};
|
||||
|
||||
pub type SqlitePool = r2d2::Pool<r2d2_sqlite::SqliteConnectionManager>;
|
||||
|
||||
@@ -355,7 +355,7 @@ impl Event {
|
||||
return Err(EventInvalidId);
|
||||
}
|
||||
// * validate the message digest (sig) using the pubkey & computed sha256 message hash.
|
||||
let sig = schnorr::Signature::from_str(&self.sig).unwrap();
|
||||
let sig = schnorr::Signature::from_str(&self.sig).map_err(|_| EventInvalidSignature)?;
|
||||
if let Ok(msg) = secp256k1::Message::from_slice(digest.as_ref()) {
|
||||
if let Ok(pubkey) = XOnlyPublicKey::from_str(&self.pubkey) {
|
||||
SECP.verify_schnorr(&sig, &msg, &pubkey)
|
||||
|
||||
@@ -63,7 +63,7 @@ pub struct RelayInfo {
|
||||
/// Convert an Info configuration into public Relay Info
|
||||
impl From<Settings> for RelayInfo {
|
||||
fn from(c: Settings) -> Self {
|
||||
let mut supported_nips = vec![1, 2, 9, 11, 12, 15, 16, 20, 22, 33, 40, 42];
|
||||
let mut supported_nips = vec![1, 2, 9, 11, 12, 15, 16, 20, 22, 33, 40];
|
||||
|
||||
if c.authorization.nip42_auth {
|
||||
supported_nips.push(42);
|
||||
|
||||
@@ -41,7 +41,7 @@ impl std::convert::From<Nip05Name> for nauthz_grpc::event_request::Nip05Name {
|
||||
}
|
||||
|
||||
// conversion of event tags into gprc struct
|
||||
fn tags_to_protobuf(tags: &Vec<Vec<String>>) -> Vec<TagEntry> {
|
||||
fn tags_to_protobuf(tags: &[Vec<String>]) -> Vec<TagEntry> {
|
||||
tags.iter()
|
||||
.map(|x| TagEntry { values: x.clone() })
|
||||
.collect()
|
||||
|
||||
@@ -11,7 +11,7 @@ use crate::repo::NostrRepo;
|
||||
use hyper::body::HttpBody;
|
||||
use hyper::client::connect::HttpConnector;
|
||||
use hyper::Client;
|
||||
use hyper_tls::HttpsConnector;
|
||||
use hyper_rustls::HttpsConnector;
|
||||
use std::sync::Arc;
|
||||
use std::time::Duration;
|
||||
use std::time::Instant;
|
||||
@@ -133,7 +133,12 @@ impl Verifier {
|
||||
) -> Result<Self> {
|
||||
info!("creating NIP-05 verifier");
|
||||
// setup hyper client
|
||||
let https = HttpsConnector::new();
|
||||
let https = hyper_rustls::HttpsConnectorBuilder::new()
|
||||
.with_native_roots()
|
||||
.https_or_http()
|
||||
.enable_http1()
|
||||
.build();
|
||||
|
||||
let client = Client::builder().build::<_, hyper::Body>(https);
|
||||
|
||||
// After all accounts have been re-verified, don't check again
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
use http::Uri;
|
||||
use hyper::client::connect::HttpConnector;
|
||||
use hyper::Client;
|
||||
use hyper_tls::HttpsConnector;
|
||||
use hyper_rustls::HttpsConnector;
|
||||
use nostr::Keys;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use serde_json::Value;
|
||||
@@ -72,7 +72,11 @@ pub struct LNBitsPaymentProcessor {
|
||||
impl LNBitsPaymentProcessor {
|
||||
pub fn new(settings: &Settings) -> Self {
|
||||
// setup hyper client
|
||||
let https = HttpsConnector::new();
|
||||
let https = hyper_rustls::HttpsConnectorBuilder::new()
|
||||
.with_native_roots()
|
||||
.https_only()
|
||||
.enable_http1()
|
||||
.build();
|
||||
let client = Client::builder().build::<_, hyper::Body>(https);
|
||||
|
||||
Self {
|
||||
|
||||
@@ -21,8 +21,7 @@ use crate::utils::{self, is_hex, is_lower_hex};
|
||||
use nostr::key::Keys;
|
||||
use tokio::sync::mpsc::Sender;
|
||||
use tokio::sync::oneshot::Receiver;
|
||||
use tracing::log::trace;
|
||||
use tracing::{debug, error, info, warn};
|
||||
use tracing::{debug, error, info, trace, warn};
|
||||
|
||||
pub type PostgresPool = sqlx::pool::Pool<Postgres>;
|
||||
|
||||
|
||||
@@ -1072,8 +1072,6 @@ fn query_from_filter(f: &ReqFilter) -> (String, Vec<Box<dyn ToSql>>, Option<Stri
|
||||
// find evidence of the target tag name/value existing for this event.
|
||||
// Query for Kind/Since/Until additionally, to reduce the number of tags that come back.
|
||||
let kind_clause;
|
||||
let since_clause;
|
||||
let until_clause;
|
||||
if let Some(ks) = &f.kinds {
|
||||
// kind is number, no escaping needed
|
||||
let str_kinds: Vec<String> =
|
||||
@@ -1082,16 +1080,16 @@ fn query_from_filter(f: &ReqFilter) -> (String, Vec<Box<dyn ToSql>>, Option<Stri
|
||||
} else {
|
||||
kind_clause = String::new();
|
||||
};
|
||||
if f.since.is_some() {
|
||||
since_clause = format!("AND created_at >= {}", f.since.unwrap());
|
||||
let since_clause = if f.since.is_some() {
|
||||
format!("AND created_at >= {}", f.since.unwrap())
|
||||
} else {
|
||||
since_clause = String::new();
|
||||
String::new()
|
||||
};
|
||||
// Query for timestamp
|
||||
if f.until.is_some() {
|
||||
until_clause = format!("AND created_at <= {}", f.until.unwrap());
|
||||
let until_clause = if f.until.is_some() {
|
||||
format!("AND created_at <= {}", f.until.unwrap())
|
||||
} else {
|
||||
until_clause = String::new();
|
||||
String::new()
|
||||
};
|
||||
|
||||
let tag_clause = format!(
|
||||
|
||||
@@ -30,6 +30,8 @@ use hyper::upgrade::Upgraded;
|
||||
use hyper::{
|
||||
header, server::conn::AddrStream, upgrade, Body, Request, Response, Server, StatusCode,
|
||||
};
|
||||
use nostr::key::FromPkStr;
|
||||
use nostr::key::Keys;
|
||||
use prometheus::IntCounterVec;
|
||||
use prometheus::IntGauge;
|
||||
use prometheus::{Encoder, Histogram, HistogramOpts, IntCounter, Opts, Registry, TextEncoder};
|
||||
@@ -60,8 +62,6 @@ use tungstenite::error::Error as WsError;
|
||||
use tungstenite::handshake;
|
||||
use tungstenite::protocol::Message;
|
||||
use tungstenite::protocol::WebSocketConfig;
|
||||
use nostr::key::FromPkStr;
|
||||
use nostr::key::Keys;
|
||||
|
||||
/// Handle arbitrary HTTP requests, including for `WebSocket` upgrades.
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
@@ -1029,25 +1029,23 @@ fn make_notice_message(notice: &Notice) -> Message {
|
||||
Message::text(json.to_string())
|
||||
}
|
||||
|
||||
fn allowed_to_send(event_str: &String, conn: &conn::ClientConn, settings: &Settings) -> bool {
|
||||
fn allowed_to_send(event_str: &str, conn: &conn::ClientConn, settings: &Settings) -> bool {
|
||||
// TODO: pass in kind so that we can avoid deserialization for most events
|
||||
if settings.authorization.nip42_dms {
|
||||
match serde_json::from_str::<Event>(event_str) {
|
||||
Ok(event) => {
|
||||
if event.kind == 4 {
|
||||
if event.kind == 4 || event.kind == 44 || event.kind == 1059 {
|
||||
match (conn.auth_pubkey(), event.tag_values_by_name("p").first()) {
|
||||
(Some(auth_pubkey), Some(recipient_pubkey)) => {
|
||||
recipient_pubkey == auth_pubkey || &event.pubkey == auth_pubkey
|
||||
},
|
||||
(_, _) => {
|
||||
false
|
||||
},
|
||||
}
|
||||
(_, _) => false,
|
||||
}
|
||||
} else {
|
||||
true
|
||||
}
|
||||
},
|
||||
Err(_) => false
|
||||
}
|
||||
Err(_) => false,
|
||||
}
|
||||
} else {
|
||||
true
|
||||
|
||||
@@ -37,7 +37,7 @@ pub fn is_lower_hex(s: &str) -> bool {
|
||||
})
|
||||
}
|
||||
|
||||
pub fn host_str(url: &String) -> Option<String> {
|
||||
pub fn host_str(url: &str) -> Option<String> {
|
||||
Url::parse(url)
|
||||
.ok()
|
||||
.and_then(|u| u.host_str().map(|s| s.to_string()))
|
||||
|
||||
@@ -52,7 +52,7 @@ mod tests {
|
||||
let challenge = client_conn.auth_challenge().unwrap();
|
||||
let event = auth_event(challenge);
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Ok(())));
|
||||
assert_eq!(client_conn.auth_challenge(), None);
|
||||
@@ -67,7 +67,7 @@ mod tests {
|
||||
assert_eq!(client_conn.auth_pubkey(), None);
|
||||
|
||||
let event = auth_event(&"challenge".into());
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -87,14 +87,14 @@ mod tests {
|
||||
let challenge = client_conn.auth_challenge().unwrap().clone();
|
||||
|
||||
let event = auth_event(&challenge);
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Ok(())));
|
||||
assert_eq!(client_conn.auth_challenge(), None);
|
||||
assert_eq!(client_conn.auth_pubkey(), Some(&event.pubkey));
|
||||
|
||||
let event1 = auth_event(&challenge);
|
||||
let result1 = client_conn.authenticate(&event1, &RELAY.into());
|
||||
let result1 = client_conn.authenticate(&event1, RELAY.into());
|
||||
|
||||
assert!(matches!(result1, Ok(())));
|
||||
assert_eq!(client_conn.auth_challenge(), None);
|
||||
@@ -118,7 +118,7 @@ mod tests {
|
||||
let mut event = auth_event(challenge);
|
||||
event.sig = event.sig.chars().rev().collect::<String>();
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -138,7 +138,7 @@ mod tests {
|
||||
let challenge = client_conn.auth_challenge().unwrap();
|
||||
let event = auth_event_with_kind(challenge, 9999999999999999);
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -158,7 +158,7 @@ mod tests {
|
||||
let challenge = client_conn.auth_challenge().unwrap();
|
||||
let event = auth_event_with_created_at(challenge, unix_time() - 1200); // 20 minutes
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -178,7 +178,7 @@ mod tests {
|
||||
let challenge = client_conn.auth_challenge().unwrap();
|
||||
let event = auth_event_with_created_at(challenge, unix_time() + 1200); // 20 minutes
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -197,7 +197,7 @@ mod tests {
|
||||
|
||||
let event = auth_event_without_tags();
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -216,7 +216,7 @@ mod tests {
|
||||
|
||||
let event = auth_event_without_challenge();
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -236,7 +236,7 @@ mod tests {
|
||||
let challenge = client_conn.auth_challenge().unwrap();
|
||||
let event = auth_event_without_relay(challenge);
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -255,7 +255,7 @@ mod tests {
|
||||
|
||||
let event = auth_event(&"invalid challenge".into());
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
@@ -275,7 +275,7 @@ mod tests {
|
||||
let challenge = client_conn.auth_challenge().unwrap();
|
||||
let event = auth_event_with_relay(challenge, &"xyz".into());
|
||||
|
||||
let result = client_conn.authenticate(&event, &RELAY.into());
|
||||
let result = client_conn.authenticate(&event, RELAY.into());
|
||||
|
||||
assert!(matches!(result, Err(Error::AuthFailure)));
|
||||
}
|
||||
|
||||
@@ -73,7 +73,7 @@ async fn publish_test() -> Result<()> {
|
||||
let event_sub = r#"["REQ", "simple", {}]"#;
|
||||
sub_ws.send(event_sub.into()).await?;
|
||||
// read from subscription
|
||||
let ws_next = sub_ws.next().await;
|
||||
let _ws_next = sub_ws.next().await;
|
||||
let _res = relay.shutdown_tx.send(());
|
||||
Ok(())
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user