mirror of
https://github.com/0ceanSlim/grain.git
synced 2024-10-30 01:26:32 +00:00
seperate kind and key whitelists
This commit is contained in:
parent
9e04328436
commit
2ef15d6e17
@ -4,11 +4,14 @@ mongodb:
|
|||||||
|
|
||||||
server:
|
server:
|
||||||
port: ":8080" # Port for the server to listen on
|
port: ":8080" # Port for the server to listen on
|
||||||
whitelist:
|
pubkey_whitelist:
|
||||||
enabled: false
|
enabled: false
|
||||||
pubkeys: #["3fe0ab6cbdb7ee27148202249e3fb3b89423c6f6cda6ef43ea5057c3d93088e4",
|
pubkeys: #["3fe0ab6cbdb7ee27148202249e3fb3b89423c6f6cda6ef43ea5057c3d93088e4",
|
||||||
#"cac0e43235806da094f0787a5b04e29ad04cb1a3c7ea5cf61edc1c338734082b"]
|
#"cac0e43235806da094f0787a5b04e29ad04cb1a3c7ea5cf61edc1c338734082b"]
|
||||||
npubs: #["npub18ls2km9aklhzw9yzqgjfu0anhz2z83hkeknw7sl22ptu8kfs3rjq54am44"]
|
npubs: #["npub18ls2km9aklhzw9yzqgjfu0anhz2z83hkeknw7sl22ptu8kfs3rjq54am44"]
|
||||||
|
kind_whitelist:
|
||||||
|
enabled: false
|
||||||
|
kinds: #[0, 1]
|
||||||
rate_limit:
|
rate_limit:
|
||||||
ws_limit: 100 # Global rate limit for WebSocket messages (50 messages per second)
|
ws_limit: 100 # Global rate limit for WebSocket messages (50 messages per second)
|
||||||
ws_burst: 200 # Global burst limit for WebSocket messages (allows a burst of 100 messages)
|
ws_burst: 200 # Global burst limit for WebSocket messages (allows a burst of 100 messages)
|
||||||
|
@ -9,5 +9,6 @@ type ServerConfig struct {
|
|||||||
Port string `yaml:"port"`
|
Port string `yaml:"port"`
|
||||||
} `yaml:"server"`
|
} `yaml:"server"`
|
||||||
RateLimit RateLimitConfig `yaml:"rate_limit"`
|
RateLimit RateLimitConfig `yaml:"rate_limit"`
|
||||||
Whitelist WhitelistConfig `yaml:"whitelist"`
|
PubkeyWhitelist PubkeyWhitelistConfig `yaml:"pubkey_whitelist"`
|
||||||
|
KindWhitelist KindWhitelistConfig `yaml:"kind_whitelist"`
|
||||||
}
|
}
|
||||||
|
6
config/types/whitelistKindConfig.go
Normal file
6
config/types/whitelistKindConfig.go
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
package config
|
||||||
|
|
||||||
|
type KindWhitelistConfig struct {
|
||||||
|
Enabled bool `yaml:"enabled"`
|
||||||
|
Kinds []string `yaml:"kinds"`
|
||||||
|
}
|
@ -1,6 +1,6 @@
|
|||||||
package config
|
package config
|
||||||
|
|
||||||
type WhitelistConfig struct {
|
type PubkeyWhitelistConfig struct {
|
||||||
Enabled bool `yaml:"enabled"`
|
Enabled bool `yaml:"enabled"`
|
||||||
Pubkeys []string `yaml:"pubkeys"`
|
Pubkeys []string `yaml:"pubkeys"`
|
||||||
Npubs []string `yaml:"npubs"`
|
Npubs []string `yaml:"npubs"`
|
@ -9,6 +9,7 @@ import (
|
|||||||
"grain/server/handlers/kinds"
|
"grain/server/handlers/kinds"
|
||||||
"grain/server/handlers/response"
|
"grain/server/handlers/response"
|
||||||
"grain/server/utils"
|
"grain/server/utils"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
relay "grain/server/types"
|
relay "grain/server/types"
|
||||||
|
|
||||||
@ -59,9 +60,15 @@ func HandleKind(ctx context.Context, evt relay.Event, ws *websocket.Conn, eventS
|
|||||||
rateLimiter := config.GetRateLimiter()
|
rateLimiter := config.GetRateLimiter()
|
||||||
sizeLimiter := config.GetSizeLimiter()
|
sizeLimiter := config.GetSizeLimiter()
|
||||||
|
|
||||||
// Check whitelist
|
// Check if the kind is whitelisted
|
||||||
if !isWhitelisted(evt.PubKey) {
|
if config.GetConfig().KindWhitelist.Enabled && !isKindWhitelisted(evt.Kind) {
|
||||||
response.SendOK(ws, evt.ID, false, "not allowed: pubkey is not whitelisted")
|
response.SendOK(ws, evt.ID, false, "not allowed: event kind is not whitelisted")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check pubkey/npub whitelist only if the kind is not whitelisted
|
||||||
|
if config.GetConfig().PubkeyWhitelist.Enabled && !isPubKeyWhitelisted(evt.PubKey) {
|
||||||
|
response.SendOK(ws, evt.ID, false, "not allowed: pubkey or npub is not whitelisted")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -129,21 +136,21 @@ func determineCategory(kind int) string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Helper function to check if a pubkey or npub is whitelisted
|
// Helper function to check if a pubkey or npub is whitelisted
|
||||||
func isWhitelisted(pubKey string) bool {
|
func isPubKeyWhitelisted(pubKey string) bool {
|
||||||
cfg := config.GetConfig()
|
cfg := config.GetConfig()
|
||||||
if !cfg.Whitelist.Enabled {
|
if !cfg.PubkeyWhitelist.Enabled {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check pubkeys
|
// Check pubkeys
|
||||||
for _, whitelistedKey := range cfg.Whitelist.Pubkeys {
|
for _, whitelistedKey := range cfg.PubkeyWhitelist.Pubkeys {
|
||||||
if pubKey == whitelistedKey {
|
if pubKey == whitelistedKey {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check npubs
|
// Check npubs
|
||||||
for _, npub := range cfg.Whitelist.Npubs {
|
for _, npub := range cfg.PubkeyWhitelist.Npubs {
|
||||||
decodedPubKey, err := utils.DecodeNpub(npub)
|
decodedPubKey, err := utils.DecodeNpub(npub)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println("Error decoding npub:", err)
|
fmt.Println("Error decoding npub:", err)
|
||||||
@ -156,3 +163,24 @@ func isWhitelisted(pubKey string) bool {
|
|||||||
|
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func isKindWhitelisted(kind int) bool {
|
||||||
|
cfg := config.GetConfig()
|
||||||
|
if !cfg.KindWhitelist.Enabled {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check event kinds
|
||||||
|
for _, whitelistedKindStr := range cfg.KindWhitelist.Kinds {
|
||||||
|
whitelistedKind, err := strconv.Atoi(whitelistedKindStr)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println("Error converting whitelisted kind to int:", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if kind == whitelistedKind {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user