mirror of
https://github.com/0ceanSlim/grain.git
synced 2024-11-23 00:57:14 +00:00
blacklist moved to it's own yml
This commit is contained in:
parent
5133c3a005
commit
3de1aeb998
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,6 +1,7 @@
|
||||
/tmp
|
||||
config.yml
|
||||
whitelist.yml
|
||||
blacklist.yml
|
||||
relay_metadata.json
|
||||
grain.exe
|
||||
/build
|
||||
|
13
app/static/examples/blacklist.example.yml
Normal file
13
app/static/examples/blacklist.example.yml
Normal file
@ -0,0 +1,13 @@
|
||||
enabled: true
|
||||
permanent_ban_words:
|
||||
- nigger
|
||||
temp_ban_words:
|
||||
- crypto
|
||||
- web3
|
||||
- airdrop
|
||||
max_temp_bans: 3
|
||||
temp_ban_duration: 3600
|
||||
permanent_blacklist_pubkeys:
|
||||
- db0c9b8acd6101adb9b281c5321f98f6eebb33c5719d230ed1870997538a9765
|
||||
permanent_blacklist_npubs:
|
||||
- npub1x0r5gflnk2mn6h3c70nvnywpy2j46gzqwg6k7uw6fxswyz0md9qqnhshtn
|
@ -63,20 +63,6 @@ rate_limit:
|
||||
limit: 25
|
||||
burst: 50
|
||||
|
||||
blacklist: #Removing a pubkey from the Blacklist requires a hard restart; Blacklist overides the Whitelist
|
||||
enabled: true
|
||||
permanent_ban_words: [] # Words that trigger a permanent ban
|
||||
temp_ban_words: # Words that trigger a temporary ban
|
||||
- crypto
|
||||
- web3
|
||||
- airdrop
|
||||
max_temp_bans: 3 # Number of temporary bans before a permanent ban
|
||||
temp_ban_duration: 3600 # Temporary ban duration in seconds
|
||||
permanent_blacklist_pubkeys: # List of permanently banned public keys
|
||||
- db0c9b8acd6101adb9b281c5321f98f6eebb33c5719d230ed1870997538a9765
|
||||
permanent_blacklist_npubs: # List of permanently banned npubs
|
||||
- npub1x0r5gflnk2mn6h3c70nvnywpy2j46gzqwg6k7uw6fxswyz0md9qqnhshtn
|
||||
|
||||
event_purge:
|
||||
enabled: true # Toggle to enable/disable event purging
|
||||
keep_duration_days: 2 # Number of days to keep events
|
||||
|
@ -15,51 +15,51 @@ import (
|
||||
|
||||
// CheckBlacklist checks if a pubkey is in the blacklist based on event content
|
||||
func CheckBlacklist(pubkey, eventContent string) (bool, string) {
|
||||
blacklistConfig := GetConfig().Blacklist
|
||||
blacklistConfig := GetBlacklistConfig()
|
||||
if blacklistConfig == nil || !blacklistConfig.Enabled {
|
||||
return false, ""
|
||||
}
|
||||
|
||||
if !blacklistConfig.Enabled {
|
||||
return false, ""
|
||||
}
|
||||
log.Printf("Checking blacklist for pubkey: %s", pubkey)
|
||||
|
||||
log.Printf("Checking blacklist for pubkey: %s", pubkey)
|
||||
// Check for permanent blacklist by pubkey or npub.
|
||||
if isPubKeyPermanentlyBlacklisted(pubkey, blacklistConfig) {
|
||||
log.Printf("Pubkey %s is permanently blacklisted", pubkey)
|
||||
return true, fmt.Sprintf("pubkey %s is permanently blacklisted", pubkey)
|
||||
}
|
||||
|
||||
// Check for permanent blacklist by pubkey or npub
|
||||
if isPubKeyPermanentlyBlacklisted(pubkey, blacklistConfig) {
|
||||
log.Printf("Pubkey %s is permanently blacklisted", pubkey)
|
||||
return true, fmt.Sprintf("pubkey %s is permanently blacklisted", pubkey)
|
||||
}
|
||||
// Check for temporary ban.
|
||||
if isPubKeyTemporarilyBlacklisted(pubkey) {
|
||||
log.Printf("Pubkey %s is temporarily blacklisted", pubkey)
|
||||
return true, fmt.Sprintf("pubkey %s is temporarily blacklisted", pubkey)
|
||||
}
|
||||
|
||||
// Check for temporary ban
|
||||
if isPubKeyTemporarilyBlacklisted(pubkey) {
|
||||
log.Printf("Pubkey %s is temporarily blacklisted", pubkey)
|
||||
return true, fmt.Sprintf("pubkey %s is temporarily blacklisted", pubkey)
|
||||
}
|
||||
// Check for permanent ban based on wordlist.
|
||||
for _, word := range blacklistConfig.PermanentBanWords {
|
||||
if strings.Contains(eventContent, word) {
|
||||
err := AddToPermanentBlacklist(pubkey)
|
||||
if err != nil {
|
||||
return true, fmt.Sprintf("pubkey %s is permanently banned and failed to save: %v", pubkey, err)
|
||||
}
|
||||
return true, "blocked: pubkey is permanently banned"
|
||||
}
|
||||
}
|
||||
|
||||
// Check for permanent ban based on wordlist
|
||||
for _, word := range blacklistConfig.PermanentBanWords {
|
||||
if strings.Contains(eventContent, word) {
|
||||
err := AddToPermanentBlacklist(pubkey)
|
||||
if err != nil {
|
||||
return true, fmt.Sprintf("pubkey %s is permanently banned and failed to save: %v", pubkey, err)
|
||||
}
|
||||
return true, "blocked: pubkey is permanently banned"
|
||||
}
|
||||
}
|
||||
// Check for temporary ban based on wordlist.
|
||||
for _, word := range blacklistConfig.TempBanWords {
|
||||
if strings.Contains(eventContent, word) {
|
||||
err := AddToTemporaryBlacklist(pubkey, *blacklistConfig)
|
||||
if err != nil {
|
||||
return true, fmt.Sprintf("pubkey %s is temporarily banned and failed to save: %v", pubkey, err)
|
||||
}
|
||||
return true, "blocked: pubkey is temporarily banned"
|
||||
}
|
||||
}
|
||||
|
||||
// Check for temporary ban based on wordlist
|
||||
for _, word := range blacklistConfig.TempBanWords {
|
||||
if strings.Contains(eventContent, word) {
|
||||
err := AddToTemporaryBlacklist(pubkey, blacklistConfig)
|
||||
if err != nil {
|
||||
return true, fmt.Sprintf("pubkey %s is temporarily banned and failed to save: %v", pubkey, err)
|
||||
}
|
||||
return true, "blocked: pubkey is temporarily banned"
|
||||
}
|
||||
}
|
||||
|
||||
return false, ""
|
||||
return false, ""
|
||||
}
|
||||
|
||||
|
||||
// Checks if a pubkey is temporarily blacklisted
|
||||
func isPubKeyTemporarilyBlacklisted(pubkey string) bool {
|
||||
mu.Lock()
|
||||
@ -142,63 +142,61 @@ func AddToTemporaryBlacklist(pubkey string, blacklistConfig types.BlacklistConfi
|
||||
return nil
|
||||
}
|
||||
|
||||
// Checks if a pubkey is permanently blacklisted (only using config.yml)
|
||||
func isPubKeyPermanentlyBlacklisted(pubKey string, blacklistConfig types.BlacklistConfig) bool {
|
||||
if !blacklistConfig.Enabled {
|
||||
return false
|
||||
}
|
||||
func isPubKeyPermanentlyBlacklisted(pubKey string, blacklistConfig *types.BlacklistConfig) bool {
|
||||
if blacklistConfig == nil || !blacklistConfig.Enabled {
|
||||
return false
|
||||
}
|
||||
|
||||
// Check pubkeys
|
||||
for _, blacklistedKey := range blacklistConfig.PermanentBlacklistPubkeys {
|
||||
if pubKey == blacklistedKey {
|
||||
return true
|
||||
}
|
||||
}
|
||||
// Check pubkeys.
|
||||
for _, blacklistedKey := range blacklistConfig.PermanentBlacklistPubkeys {
|
||||
if pubKey == blacklistedKey {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
// Check npubs
|
||||
for _, npub := range blacklistConfig.PermanentBlacklistNpubs {
|
||||
decodedPubKey, err := utils.DecodeNpub(npub)
|
||||
if err != nil {
|
||||
fmt.Println("Error decoding npub:", err)
|
||||
continue
|
||||
}
|
||||
if pubKey == decodedPubKey {
|
||||
return true
|
||||
}
|
||||
}
|
||||
// Check npubs.
|
||||
for _, npub := range blacklistConfig.PermanentBlacklistNpubs {
|
||||
decodedPubKey, err := utils.DecodeNpub(npub)
|
||||
if err != nil {
|
||||
fmt.Println("Error decoding npub:", err)
|
||||
continue
|
||||
}
|
||||
if pubKey == decodedPubKey {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
return false
|
||||
}
|
||||
|
||||
func AddToPermanentBlacklist(pubkey string) error {
|
||||
// Remove the mutex lock from here
|
||||
blacklistConfig := GetConfig().Blacklist
|
||||
blacklistConfig := GetBlacklistConfig()
|
||||
if blacklistConfig == nil {
|
||||
return fmt.Errorf("blacklist configuration is not loaded")
|
||||
}
|
||||
|
||||
// Check if already blacklisted
|
||||
if isPubKeyPermanentlyBlacklisted(pubkey, blacklistConfig) {
|
||||
return fmt.Errorf("pubkey %s is already in the permanent blacklist", pubkey)
|
||||
}
|
||||
// Check if already blacklisted.
|
||||
if isPubKeyPermanentlyBlacklisted(pubkey, blacklistConfig) {
|
||||
return fmt.Errorf("pubkey %s is already in the permanent blacklist", pubkey)
|
||||
}
|
||||
|
||||
// Add pubkey to the blacklist
|
||||
blacklistConfig.PermanentBlacklistPubkeys = append(blacklistConfig.PermanentBlacklistPubkeys, pubkey)
|
||||
// Add pubkey to the permanent blacklist.
|
||||
blacklistConfig.PermanentBlacklistPubkeys = append(blacklistConfig.PermanentBlacklistPubkeys, pubkey)
|
||||
|
||||
// Persist changes to config.yml
|
||||
return saveBlacklistConfig(blacklistConfig)
|
||||
// Persist changes to blacklist.yml.
|
||||
return saveBlacklistConfig(*blacklistConfig)
|
||||
}
|
||||
|
||||
func saveBlacklistConfig(blacklistConfig types.BlacklistConfig) error {
|
||||
configData := GetConfig()
|
||||
configData.Blacklist = blacklistConfig
|
||||
data, err := yaml.Marshal(blacklistConfig)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to marshal blacklist config: %v", err)
|
||||
}
|
||||
|
||||
data, err := yaml.Marshal(configData)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to marshal config: %v", err)
|
||||
}
|
||||
err = os.WriteFile("blacklist.yml", data, 0644)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to write config to file: %v", err)
|
||||
}
|
||||
|
||||
err = os.WriteFile("config.yml", data, 0644)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to write config to file: %v", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
return nil
|
||||
}
|
||||
|
@ -12,8 +12,10 @@ import (
|
||||
var (
|
||||
cfg *configTypes.ServerConfig
|
||||
whitelistCfg *configTypes.WhitelistConfig
|
||||
blacklistCfg *configTypes.BlacklistConfig
|
||||
once sync.Once
|
||||
whitelistOnce sync.Once
|
||||
blacklistOnce sync.Once
|
||||
)
|
||||
|
||||
// LoadConfig loads the server configuration from config.yml
|
||||
@ -62,4 +64,28 @@ func GetConfig() *configTypes.ServerConfig {
|
||||
|
||||
func GetWhitelistConfig() *configTypes.WhitelistConfig {
|
||||
return whitelistCfg
|
||||
}
|
||||
|
||||
// LoadBlacklistConfig loads the blacklist configuration from blacklist.yml
|
||||
func LoadBlacklistConfig(filename string) (*configTypes.BlacklistConfig, error) {
|
||||
data, err := os.ReadFile(filename)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var config configTypes.BlacklistConfig
|
||||
err = yaml.Unmarshal(data, &config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
blacklistOnce.Do(func() {
|
||||
blacklistCfg = &config
|
||||
})
|
||||
|
||||
return blacklistCfg, nil
|
||||
}
|
||||
|
||||
func GetBlacklistConfig() *configTypes.BlacklistConfig {
|
||||
return blacklistCfg
|
||||
}
|
@ -8,4 +8,4 @@ type BlacklistConfig struct {
|
||||
TempBanDuration int `yaml:"temp_ban_duration"`
|
||||
PermanentBlacklistPubkeys []string `yaml:"permanent_blacklist_pubkeys"`
|
||||
PermanentBlacklistNpubs []string `yaml:"permanent_blacklist_npubs"`
|
||||
}
|
||||
}
|
6
main.go
6
main.go
@ -23,6 +23,7 @@ import (
|
||||
func main() {
|
||||
utils.EnsureFileExists("config.yml", "app/static/examples/config.example.yml")
|
||||
utils.EnsureFileExists("whitelist.yml", "app/static/examples/whitelist.example.yml")
|
||||
utils.EnsureFileExists("blacklist.yml", "app/static/examples/blacklist.example.yml")
|
||||
utils.EnsureFileExists("relay_metadata.json", "app/static/examples/relay_metadata.example.json")
|
||||
|
||||
restartChan := make(chan struct{})
|
||||
@ -45,6 +46,11 @@ func main() {
|
||||
log.Fatal("Error loading whitelist config: ", err)
|
||||
}
|
||||
|
||||
_, err = config.LoadBlacklistConfig("blacklist.yml")
|
||||
if err != nil {
|
||||
log.Fatal("Error loading blacklist config: ", err)
|
||||
}
|
||||
|
||||
go mongo.ScheduleEventPurging(cfg)
|
||||
|
||||
config.SetResourceLimit(&cfg.ResourceLimits)
|
||||
|
@ -68,7 +68,13 @@ func HandleEvent(ws *websocket.Conn, message []interface{}) {
|
||||
}
|
||||
|
||||
func handleBlacklistAndWhitelist(ws *websocket.Conn, evt nostr.Event) bool {
|
||||
// Get the current whitelist configuration
|
||||
whitelistCfg := config.GetWhitelistConfig()
|
||||
if whitelistCfg == nil {
|
||||
fmt.Println("Whitelist configuration is not loaded.")
|
||||
response.SendNotice(ws, "", "Internal server error: whitelist configuration is missing")
|
||||
return false
|
||||
}
|
||||
|
||||
// If domain whitelisting is enabled, dynamically fetch pubkeys from domains
|
||||
if whitelistCfg.DomainWhitelist.Enabled {
|
||||
@ -103,6 +109,7 @@ func handleBlacklistAndWhitelist(ws *websocket.Conn, evt nostr.Event) bool {
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func handleRateAndSizeLimits(ws *websocket.Conn, evt nostr.Event, eventSize int) bool {
|
||||
rateLimiter := config.GetRateLimiter()
|
||||
sizeLimiter := config.GetSizeLimiter()
|
||||
|
Loading…
Reference in New Issue
Block a user