whitelist configs moved to it's own yml file

2024-11-21 16:17:13 +00:00 · 2024-10-16 09:57:58 -04:00 · 2024-10-16 09:57:58 -04:00 · 5133c3a005
commit 5133c3a005
parent 9df03646db
13 changed files with 226 additions and 178 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,6 @@
 /tmp
 config.yml
+whitelist.yml
 relay_metadata.json
 grain.exe
 /build
--- a/app/static/examples/config.example.yml
+++ b/app/static/examples/config.example.yml
@ -63,19 +63,6 @@ rate_limit:
      limit: 25
      burst: 50

-pubkey_whitelist:
-  enabled: false
-  pubkeys: [] # List of allowed public keys
-  npubs: [] # List of allowed npubs (Nostr public keys in bech32 format)
-
-kind_whitelist:
-  enabled: false
-  kinds: [] # List of allowed event kinds
-
-domain_whitelist:
-  enabled: false
-  domains: [] # List of allowed domains
-
 blacklist: #Removing a pubkey from the Blacklist requires a hard restart; Blacklist overides the Whitelist
  enabled: true
  permanent_ban_words: [] # Words that trigger a permanent ban
--- a/app/static/examples/whitelist.example.yml
+++ b/app/static/examples/whitelist.example.yml
@ -0,0 +1,20 @@
+pubkey_whitelist:
+  enabled: false
+  pubkeys:
+    - pubkey1
+    - pubkey2
+  npubs:
+    - npub18ls2km9aklhzw9yzqgjfu0anhz2z83hkeknw7sl22ptu8kfs3rjq54am44
+    - npub2
+
+kind_whitelist:
+  enabled: false
+  kinds:
+    - "1"
+    - "2"
+
+domain_whitelist:
+  enabled: false
+  domains:
+    - "example.com"
+    - "anotherdomain.com"
--- a/config/Whitelist.go
+++ b/config/Whitelist.go
@ -6,21 +6,19 @@ import (
 	"strconv"
 )

-// Helper function to check if a pubkey or npub is whitelisted
+// Check if a pubkey or npub is whitelisted
 func IsPubKeyWhitelisted(pubKey string) bool {
-	cfg := GetConfig()
+    cfg := GetWhitelistConfig()
    if !cfg.PubkeyWhitelist.Enabled {
        return true
    }

-	// Check pubkeys
    for _, whitelistedKey := range cfg.PubkeyWhitelist.Pubkeys {
        if pubKey == whitelistedKey {
            return true
        }
    }

-	// Check npubs
    for _, npub := range cfg.PubkeyWhitelist.Npubs {
        decodedPubKey, err := utils.DecodeNpub(npub)
        if err != nil {
@ -35,13 +33,13 @@ func IsPubKeyWhitelisted(pubKey string) bool {
    return false
 }

+// Check if a kind is whitelisted
 func IsKindWhitelisted(kind int) bool {
-	cfg := GetConfig()
+    cfg := GetWhitelistConfig()
    if !cfg.KindWhitelist.Enabled {
        return true
    }

-	// Check event kinds
    for _, whitelistedKindStr := range cfg.KindWhitelist.Kinds {
        whitelistedKind, err := strconv.Atoi(whitelistedKindStr)
        if err != nil {
--- a/config/loadConfig.go
+++ b/config/loadConfig.go
@ -11,9 +11,12 @@ import (

 var (
    cfg            *configTypes.ServerConfig
+    whitelistCfg   *configTypes.WhitelistConfig
    once           sync.Once
+    whitelistOnce  sync.Once
 )

+// LoadConfig loads the server configuration from config.yml
 func LoadConfig(filename string) (*configTypes.ServerConfig, error) {
    data, err := os.ReadFile(filename)
    if err != nil {
@ -33,6 +36,30 @@ func LoadConfig(filename string) (*configTypes.ServerConfig, error) {
    return cfg, nil
 }

+// LoadWhitelistConfig loads the whitelist configuration from whitelist.yml
+func LoadWhitelistConfig(filename string) (*configTypes.WhitelistConfig, error) {
+    data, err := os.ReadFile(filename)
+    if err != nil {
+        return nil, err
+    }
+
+    var config configTypes.WhitelistConfig
+    err = yaml.Unmarshal(data, &config)
+    if err != nil {
+        return nil, err
+    }
+
+    whitelistOnce.Do(func() {
+        whitelistCfg = &config
+    })
+
+    return whitelistCfg, nil
+}
+
 func GetConfig() *configTypes.ServerConfig {
    return cfg
 }
+
+func GetWhitelistConfig() *configTypes.WhitelistConfig {
+    return whitelistCfg
+}
--- a/config/types/serverConfig.go
+++ b/config/types/serverConfig.go
@ -14,9 +14,6 @@ type ServerConfig struct {
 		MaxSubscriptionsPerClient int    `yaml:"max_subscriptions_per_client"` // Maximum number of subscriptions per client
 	} `yaml:"server"`
 	RateLimit      RateLimitConfig  `yaml:"rate_limit"`
-	PubkeyWhitelist PubkeyWhitelistConfig `yaml:"pubkey_whitelist"`
-	KindWhitelist   KindWhitelistConfig   `yaml:"kind_whitelist"`
-	DomainWhitelist DomainWhitelistConfig `yaml:"domain_whitelist"`
 	Blacklist      BlacklistConfig  `yaml:"blacklist"`
 	ResourceLimits ResourceLimits   `yaml:"resource_limits"`
 	Auth           AuthConfig       `yaml:"auth"`
--- a/config/types/whitelistConfig.go
+++ b/config/types/whitelistConfig.go
@ -0,0 +1,19 @@
+package config
+
+type WhitelistConfig struct {
+	PubkeyWhitelist struct {
+		Enabled bool     `yaml:"enabled"`
+		Pubkeys []string `yaml:"pubkeys"`
+		Npubs   []string `yaml:"npubs"`
+	} `yaml:"pubkey_whitelist"`
+
+	KindWhitelist struct {
+		Enabled bool     `yaml:"enabled"`
+		Kinds   []string `yaml:"kinds"`
+	} `yaml:"kind_whitelist"`
+
+	DomainWhitelist struct {
+		Enabled bool     `yaml:"enabled"`
+		Domains []string `yaml:"domains"`
+	} `yaml:"domain_whitelist"`
+}
--- a/config/types/whitelistDomainConfig.go
+++ b/config/types/whitelistDomainConfig.go
@ -1,6 +0,0 @@
-package config
-
-type DomainWhitelistConfig struct {
-	Enabled bool     `yaml:"enabled"`
-	Domains []string `yaml:"domains"`
-}
--- a/config/types/whitelistKindConfig.go
+++ b/config/types/whitelistKindConfig.go
@ -1,6 +0,0 @@
-package config
-
-type KindWhitelistConfig struct {
-	Enabled bool     `yaml:"enabled"`
-	Kinds   []string `yaml:"kinds"`
-}
--- a/config/types/whitelistPubkeyConfig.go
+++ b/config/types/whitelistPubkeyConfig.go
@ -1,7 +0,0 @@
-package config
-
-type PubkeyWhitelistConfig struct {
-	Enabled bool     `yaml:"enabled"`
-	Pubkeys []string `yaml:"pubkeys"`
-	Npubs   []string `yaml:"npubs"`
-}
--- a/main.go
+++ b/main.go
@ -22,28 +22,32 @@ import (

 func main() {
    utils.EnsureFileExists("config.yml", "app/static/examples/config.example.yml")
+    utils.EnsureFileExists("whitelist.yml", "app/static/examples/whitelist.example.yml")
    utils.EnsureFileExists("relay_metadata.json", "app/static/examples/relay_metadata.example.json")

    restartChan := make(chan struct{})
-	go config.WatchConfigFile("config.yml", restartChan) // Critical goroutine
+    go config.WatchConfigFile("config.yml", restartChan)

    signalChan := make(chan os.Signal, 1)
    signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)

    var wg sync.WaitGroup
    for {
-		wg.Add(1) // Add to WaitGroup for the server goroutine
+        wg.Add(1)

        cfg, err := config.LoadConfig("config.yml")
        if err != nil {
            log.Fatal("Error loading config: ", err)
        }

-		// Start event purging in the background
+        _, err = config.LoadWhitelistConfig("whitelist.yml")
+        if err != nil {
+            log.Fatal("Error loading whitelist config: ", err)
+        }
+
        go mongo.ScheduleEventPurging(cfg)

-		config.SetResourceLimit(&cfg.ResourceLimits) // Apply limits once before starting the server
-
+        config.SetResourceLimit(&cfg.ResourceLimits)
        client, err := mongo.InitDB(cfg)
        if err != nil {
            log.Fatal("Error initializing database: ", err)
@ -51,7 +55,6 @@ func main() {

        config.SetRateLimit(cfg)
        config.SetSizeLimit(cfg)
-
        config.ClearTemporaryBans()

        err = utils.LoadRelayMetadataJSON()
@ -60,22 +63,19 @@ func main() {
        }

        mux := setupRoutes()
-
-		// Start the server
        server := startServer(cfg, mux, &wg)

        select {
        case <-restartChan:
            log.Println("Restarting server...")
-			server.Close() // Stop the current server instance
-			wg.Wait()      // Wait for the server goroutine to finish
+            server.Close()
+            wg.Wait()
            time.Sleep(3 * time.Second)
-
        case <-signalChan:
            log.Println("Shutting down server...")
-			server.Close()             // Stop the server
-			mongo.DisconnectDB(client) // Disconnect from MongoDB
-			wg.Wait()                  // Wait for all goroutines to finish
+            server.Close()
+            mongo.DisconnectDB(client)
+            wg.Wait()
            return
        }
    }
--- a/server/db/mongo/purgeEvents.go
+++ b/server/db/mongo/purgeEvents.go
@ -2,6 +2,7 @@ package mongo

 import (
 	"context"
+	"grain/config"
 	types "grain/config/types"
 	"grain/server/utils"
 	"log"
@ -10,6 +11,7 @@ import (
 	"go.mongodb.org/mongo-driver/bson"
 )

+// PurgeOldEvents removes old events based on the configuration and a list of whitelisted pubkeys.
 func PurgeOldEvents(cfg *types.EventPurgeConfig, whitelist []string) {
 	if !cfg.Enabled {
 		return
@ -21,10 +23,12 @@ func PurgeOldEvents(cfg *types.EventPurgeConfig, whitelist []string) {
 	// Calculate the cutoff time
 	cutoff := time.Now().AddDate(0, 0, -cfg.KeepDurationDays).Unix()

+	// Create the filter for purging old events
 	filter := bson.M{
 		"created_at": bson.M{"$lt": cutoff}, // Filter older events
 	}

+	// Exclude whitelisted pubkeys if specified in the config
 	if cfg.ExcludeWhitelisted && len(whitelist) > 0 {
 		filter["pubkey"] = bson.M{"$nin": whitelist} // Exclude whitelisted pubkeys
 	}
@ -52,7 +56,6 @@ func PurgeOldEvents(cfg *types.EventPurgeConfig, whitelist []string) {
 	}
 }

-// Example of a periodic purging task
 // ScheduleEventPurging runs the event purging at a configurable interval.
 func ScheduleEventPurging(cfg *types.ServerConfig) {
 	// Use the purge interval from the configuration
@ -61,22 +64,33 @@ func ScheduleEventPurging(cfg *types.ServerConfig) {
 	defer ticker.Stop()

 	for range ticker.C {
-		whitelist := getWhitelistedPubKeys(cfg)
+		// Fetch the whitelisted pubkeys without passing cfg directly
+		whitelist := getWhitelistedPubKeys()
 		PurgeOldEvents(&cfg.EventPurge, whitelist)
+		log.Printf("Purged old events, keeping whitelisted pubkeys: %v", whitelist)
 	}
 }

-// Fetch whitelisted pubkeys from both the config and any additional domains.
-func getWhitelistedPubKeys(cfg *types.ServerConfig) []string {
-	whitelistedPubkeys := cfg.PubkeyWhitelist.Pubkeys
+// Fetch whitelisted pubkeys from both the whitelist config and any additional domains.
+func getWhitelistedPubKeys() []string {
+	// Get the whitelist configuration
+	whitelistCfg := config.GetWhitelistConfig()
+	if whitelistCfg == nil {
+		log.Println("whitelistCfg is nil, returning an empty list of whitelisted pubkeys.")
+		return []string{}
+	}
+
+	// Start with the statically defined pubkeys
+	whitelistedPubkeys := whitelistCfg.PubkeyWhitelist.Pubkeys

 	// Fetch pubkeys from domains if domain whitelist is enabled
-	if cfg.DomainWhitelist.Enabled {
-		domains := cfg.DomainWhitelist.Domains
+	if whitelistCfg.DomainWhitelist.Enabled {
+		domains := whitelistCfg.DomainWhitelist.Domains
 		pubkeys, err := utils.FetchPubkeysFromDomains(domains)
 		if err != nil {
 			log.Printf("Error fetching pubkeys from domains: %v", err)
-			return whitelistedPubkeys // Return existing whitelisted pubkeys in case of error
+			// Return the existing statically whitelisted pubkeys in case of an error
+			return whitelistedPubkeys
 		}
 		// Append fetched pubkeys from domains to the whitelisted pubkeys
 		whitelistedPubkeys = append(whitelistedPubkeys, pubkeys...)
--- a/server/handlers/event.go
+++ b/server/handlers/event.go
@ -68,37 +68,41 @@ func HandleEvent(ws *websocket.Conn, message []interface{}) {
 }

 func handleBlacklistAndWhitelist(ws *websocket.Conn, evt nostr.Event) bool {
-	if config.GetConfig().DomainWhitelist.Enabled {
-		domains := config.GetConfig().DomainWhitelist.Domains
+    whitelistCfg := config.GetWhitelistConfig()
+
+    // If domain whitelisting is enabled, dynamically fetch pubkeys from domains
+    if whitelistCfg.DomainWhitelist.Enabled {
+        domains := whitelistCfg.DomainWhitelist.Domains
        pubkeys, err := utils.FetchPubkeysFromDomains(domains)
        if err != nil {
            fmt.Println("Error fetching pubkeys from domains:", err)
            response.SendNotice(ws, "", "Error fetching pubkeys from domains")
            return false
        }
-		for _, pubkey := range pubkeys {
-			config.GetConfig().PubkeyWhitelist.Pubkeys = append(config.GetConfig().PubkeyWhitelist.Pubkeys, pubkey)
-		}
+        // Update the whitelisted pubkeys dynamically
+        whitelistCfg.PubkeyWhitelist.Pubkeys = append(whitelistCfg.PubkeyWhitelist.Pubkeys, pubkeys...)
    }

+    // Check if the event's pubkey or content is blacklisted
    if blacklisted, msg := config.CheckBlacklist(evt.PubKey, evt.Content); blacklisted {
        response.SendOK(ws, evt.ID, false, msg)
        return false
    }

-	if config.GetConfig().KindWhitelist.Enabled && !config.IsKindWhitelisted(evt.Kind) {
+    // Check if the event's kind is whitelisted
+    if whitelistCfg.KindWhitelist.Enabled && !config.IsKindWhitelisted(evt.Kind) {
        response.SendOK(ws, evt.ID, false, "not allowed: event kind is not whitelisted")
        return false
    }

-	if config.GetConfig().PubkeyWhitelist.Enabled && !config.IsPubKeyWhitelisted(evt.PubKey) {
+    // Check if the event's pubkey is whitelisted
+    if whitelistCfg.PubkeyWhitelist.Enabled && !config.IsPubKeyWhitelisted(evt.PubKey) {
        response.SendOK(ws, evt.ID, false, "not allowed: pubkey or npub is not whitelisted")
        return false
    }

    return true
 }
-
 func handleRateAndSizeLimits(ws *websocket.Conn, evt nostr.Event, eventSize int) bool {
 	rateLimiter := config.GetRateLimiter()
 	sizeLimiter := config.GetSizeLimiter()