Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nip42 authorized whitelisted client can always post #215

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

nip42 authorized whitelisted client can always post #215

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,8 @@ limit_scrapers = false
#]
# Enable NIP-42 authentication
#nip42_auth = false
# Allow whitelisted NIP-42 authenticated client to post from any pubkey
#nip42_whitelist = false
# Send DMs (kind 4 and 44) and gift wraps (kind 1059) only to their authenticated recipients
#nip42_dms = false

Expand Down
2 changes: 2 additions & 0 deletions src/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ pub struct Limits {
pub struct Authorization {
pub pubkey_whitelist: Option<Vec<String>>, // If present, only allow these pubkeys to publish events
pub nip42_auth: bool, // if true enables NIP-42 authentication
pub nip42_whitelist: bool, // if true allows whitelisted NIP-42 authenticated clients to publish events from any pubkey
pub nip42_dms: bool, // if true send DMs only to their authenticated recipients
}

Expand Down Expand Up @@ -325,6 +326,7 @@ impl Default for Settings {
authorization: Authorization {
pubkey_whitelist: None, // Allow any address to publish
nip42_auth: false, // Disable NIP-42 authentication
nip42_whitelist: false, // Disable NIP-42 whitelist
nip42_dms: false, // Send DMs to everybody
},
pay_to_relay: PayToRelay {
Expand Down
12 changes: 11 additions & 1 deletion src/db.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,9 +204,19 @@ pub async fn db_writer(
if !pay_to_relay_enabled {
// check if this event is authorized.
if let Some(allowed_addrs) = whitelist {
let mut whitelisted = false;
if settings.authorization.nip42_auth && settings.authorization.nip42_whitelist {
if let Some(auth_pubkey) = subm_event.auth_pubkey.clone() {
if allowed_addrs.contains(&hex::encode(auth_pubkey)) {
// A nip42 authenticated whitelisted client can post whatever they want
debug!("nip42 authenticated client may publish");
whitelisted = true;
}
}
}
// TODO: incorporate delegated pubkeys
// if the event address is not in allowed_addrs.
if !allowed_addrs.contains(&event.pubkey) {
if !whitelisted && !allowed_addrs.contains(&event.pubkey) {
debug!(
"rejecting event: {}, unauthorized author",
event.get_event_id_prefix()
Expand Down