fully working implicit auth with owners set

also now returning correct machine prefix for ok,false on mute list matches for add event
mleku · Dec 6, 2024 · 85eb4cf · 85eb4cf
1 parent 1081455
commit 85eb4cf
Show file tree

Hide file tree

Showing 8 changed files with 56 additions and 37 deletions.
diff --git a/cmd/realy/app/implementation.go b/cmd/realy/app/implementation.go
@@ -60,11 +60,17 @@ func (r *Relay) Init() (err er) {
 		}
 		return fmt.Sprintf("%v", ownerIds)
 	})
+	r.ZeroLists()
+	r.CheckOwnerLists(context.Bg())
+	return nil
+}
+
+func (r *Relay) ZeroLists() {
 	r.Followed = make(map[st]struct{})
 	r.OwnersFollowed = make(map[st]struct{})
+	r.OwnersFollowLists = r.OwnersFollowLists[:0]
 	r.Muted = make(map[st]struct{})
-	r.CheckOwnerLists(context.Bg())
-	return nil
+	r.OwnersMuteLists = r.OwnersMuteLists[:0]
 }
 
 func (r *Relay) AcceptEvent(c cx, evt *event.T, hr *http.Request, origin st,
@@ -92,11 +98,7 @@ func (r *Relay) AcceptEvent(c cx, evt *event.T, hr *http.Request, origin st,
 			for o := range r.OwnersFollowed {
 				if equals(by(o), evt.PubKey) {
 					return true, "", func() {
-						r.Followed = make(map[st]struct{})
-						r.OwnersFollowed = make(map[st]struct{})
-						r.OwnersFollowLists = r.OwnersFollowLists[:0]
-						r.Muted = make(map[st]struct{})
-						r.OwnersMuteLists = r.OwnersMuteLists[:0]
+						r.ZeroLists()
 						r.CheckOwnerLists(context.Bg())
 					}
 				}
@@ -107,11 +109,7 @@ func (r *Relay) AcceptEvent(c cx, evt *event.T, hr *http.Request, origin st,
 			for _, o := range r.Owners {
 				if equals(o, evt.PubKey) {
 					return true, "", func() {
-						r.Followed = make(map[st]struct{})
-						r.OwnersFollowed = make(map[st]struct{})
-						r.OwnersFollowLists = r.OwnersFollowLists[:0]
-						r.Muted = make(map[st]struct{})
-						r.OwnersMuteLists = r.OwnersMuteLists[:0]
+						r.ZeroLists()
 						r.CheckOwnerLists(context.Bg())
 					}
 				}
@@ -128,7 +126,7 @@ func (r *Relay) AcceptEvent(c cx, evt *event.T, hr *http.Request, origin st,
 					tt := tag.New(append(r.OwnersFollowLists, r.OwnersMuteLists...)...)
 					if evt.Tags.ContainsAny(by("e"), tt) {
 						return false,
-							"cannot delete owner's follow, owners's follows follow or mute events",
+							"cannot delete owner's follow, owners' follows follow or mute events",
 							nil
 					}
 					// next, check all a tags present are not follow/mute lists of the owners
@@ -173,7 +171,7 @@ func (r *Relay) AcceptEvent(c cx, evt *event.T, hr *http.Request, origin st,
 			// they come from a pubkey that is on the follow list.
 			for pk := range r.Muted {
 				if equals(evt.PubKey, by(pk)) {
-					return false, "rejecting event with pubkey " + st(evt.PubKey) +
+					return false, "rejecting event with pubkey " + hex.Enc(evt.PubKey) +
 						" because on owner mute list", nil
 				}
 			}
@@ -201,6 +199,7 @@ func (r *Relay) AcceptReq(c cx, hr *http.Request, id by, ff *filters.T,
 	authedPubkey by) (allowed *filters.T, ok bo) {
 	// if the authenticator is enabled we require auth to process requests
 	if !r.AuthEnabled() {
+		allowed = ff
 		ok = true
 		return
 	}
@@ -356,12 +355,12 @@ func (r *Relay) CheckOwnerLists(c cx) {
 	}
 }
 
-func (r *Relay) AuthEnabled() bo { return r.C.AuthRequired }
+func (r *Relay) AuthEnabled() bo { return r.AuthRequired || len(r.Owners) > 0 }
 
 // ServiceUrl returns the address of the relay to send back in auth responses.
 // If auth is disabled this returns an empty string.
 func (r *Relay) ServiceUrl(req *http.Request) (s st) {
-	if !r.C.AuthRequired {
+	if !r.AuthEnabled() {
 		return
 	}
 	host := req.Header.Get("X-Forwarded-Host")

diff --git a/number/list.go b/number/list.go
@@ -4,6 +4,10 @@ import "fmt"
 
 type List []no
 
+func (l List) Len() int           { return len(l) }
+func (l List) Less(i, j int) bool { return l[i] < l[j] }
+func (l List) Swap(i, j int)      { l[i], l[j] = l[j], l[i] }
+
 // HasNumber returns true if the list contains a given number
 func (l List) HasNumber(n no) (idx no, has bo) {
 	for idx = range l {

diff --git a/realy/handleAdmin.go b/realy/handleAdmin.go
@@ -90,6 +90,10 @@ func (s *Server) handleAdmin(w http.ResponseWriter, r *http.Request) {
 		sto := s.relay.Storage(context.Bg())
 		read := io.LimitReader(r.Body, r.ContentLength)
 		sto.Import(read)
+		if realy, ok := s.relay.(*app.Relay); ok {
+			realy.ZeroLists()
+			realy.CheckOwnerLists(context.Bg())
+		}
 	case strings.HasPrefix(r.URL.Path, "/shutdown"):
 		if ok := s.auth(r); !ok {
 			s.unauthorized(w)

diff --git a/realy/handleCount.go b/realy/handleCount.go
@@ -19,7 +19,7 @@ func (s *Server) handleCount(c context.T, ws *web.Socket, req by, store store.I)
 		return normalize.Restricted.F("this relay does not support NIP-45")
 	}
 	if ws.AuthRequested() && len(ws.Authed()) == 0 {
-		return
+		return by("awaiting auth for count")
 	}
 	var err er
 	var rem by

diff --git a/realy/handleEvent.go b/realy/handleEvent.go
@@ -2,6 +2,7 @@ package realy
 
 import (
 	"bytes"
+	"strings"
 
 	"realy.lol/envelopes/authenvelope"
 	"realy.lol/envelopes/eventenvelope"
@@ -21,6 +22,9 @@ import (
 
 func (s *Server) handleEvent(c cx, ws *web.Socket, req by, sto store.I) (msg by) {
 	log.T.F("handleEvent %s %s", ws.RealRemote(), req)
+	if ws.AuthRequested() && len(ws.Authed()) == 0 {
+		return by("awaiting auth for event")
+	}
 	var err er
 	var ok bo
 	var rem by
@@ -35,27 +39,33 @@ func (s *Server) handleEvent(c cx, ws *web.Socket, req by, sto store.I) (msg by)
 	accept, notice, after := s.relay.AcceptEvent(c, env.T, ws.Req(), ws.RealRemote(),
 		by(ws.Authed()))
 	if !accept {
-		var auther relay.Authenticator
-		if auther, ok = s.relay.(relay.Authenticator); ok && auther.AuthEnabled() {
-			if !ws.AuthRequested() {
-				if err = okenvelope.NewFrom(env.ID, false,
-					normalize.AuthRequired.F("auth required for request processing")).Write(ws); chk.T(err) {
-				}
-				log.T.F("requesting auth from client %s", ws.RealRemote())
-				if err = authenvelope.NewChallengeWith(ws.Challenge()).Write(ws); chk.T(err) {
+		if strings.Contains(notice, "mute") {
+			if err = okenvelope.NewFrom(env.ID, false,
+				normalize.Blocked.F(notice)).Write(ws); chk.T(err) {
+			}
+		} else {
+			var auther relay.Authenticator
+			if auther, ok = s.relay.(relay.Authenticator); ok && auther.AuthEnabled() {
+				if !ws.AuthRequested() {
+					if err = okenvelope.NewFrom(env.ID, false,
+						normalize.AuthRequired.F("auth required for request processing")).Write(ws); chk.T(err) {
+					}
+					log.T.F("requesting auth from client %s", ws.RealRemote())
+					if err = authenvelope.NewChallengeWith(ws.Challenge()).Write(ws); chk.T(err) {
+						return
+					}
+					ws.RequestAuth()
 					return
-				}
-				ws.RequestAuth()
-				return
-			} else {
-				if err = okenvelope.NewFrom(env.ID, false,
-					normalize.AuthRequired.F("auth required for storing events")).Write(ws); chk.T(err) {
-				}
-				log.T.F("requesting auth again from client %s", ws.RealRemote())
-				if err = authenvelope.NewChallengeWith(ws.Challenge()).Write(ws); chk.T(err) {
+				} else {
+					if err = okenvelope.NewFrom(env.ID, false,
+						normalize.AuthRequired.F("auth required for storing events")).Write(ws); chk.T(err) {
+					}
+					log.T.F("requesting auth again from client %s", ws.RealRemote())
+					if err = authenvelope.NewChallengeWith(ws.Challenge()).Write(ws); chk.T(err) {
+						return
+					}
 					return
 				}
-				return
 			}
 		}
 		if err = okenvelope.NewFrom(env.ID, false,

diff --git a/realy/handleReq.go b/realy/handleReq.go
@@ -25,7 +25,7 @@ import (
 
 func (s *Server) handleReq(c cx, ws *web.Socket, req by, sto store.I) (r by) {
 	if ws.AuthRequested() && len(ws.Authed()) == 0 {
-		return
+		return by("awaiting auth for req")
 	}
 	var err er
 	var rem by

diff --git a/realy/version b/realy/version
@@ -1 +1 @@
-v1.2.37
+v1.2.39
diff --git a/relayinfo/types.go b/relayinfo/types.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"os"
+	"sort"
 	"sync"
 
 	"realy.lol/kinds"
@@ -22,6 +23,7 @@ func GetList(items ...NIP) (n number.List) {
 	for _, item := range items {
 		n = append(n, item.N())
 	}
+	sort.Sort(n)
 	return
 }