Decompose handle-event.go into DDD domain services (v0.36.15)
Some checks failed
Go / build-and-release (push) Has been cancelled
Some checks failed
Go / build-and-release (push) Has been cancelled
Major refactoring of event handling into clean, testable domain services: - Add pkg/event/validation: JSON hex validation, signature verification, timestamp bounds, NIP-70 protected tag validation - Add pkg/event/authorization: Policy and ACL authorization decisions, auth challenge handling, access level determination - Add pkg/event/routing: Event router registry with ephemeral and delete handlers, kind-based dispatch - Add pkg/event/processing: Event persistence, delivery to subscribers, and post-save hooks (ACL reconfig, sync, relay groups) - Reduce handle-event.go from 783 to 296 lines (62% reduction) - Add comprehensive unit tests for all new domain services - Refactor database tests to use shared TestMain setup - Fix blossom URL test expectations (missing "/" separator) - Add go-memory-optimization skill and analysis documentation - Update DDD_ANALYSIS.md to reflect completed decomposition Files modified: - app/handle-event.go: Slim orchestrator using domain services - app/server.go: Service initialization and interface wrappers - app/handle-event-types.go: Shared types (OkHelper, result types) - pkg/event/validation/*: New validation service package - pkg/event/authorization/*: New authorization service package - pkg/event/routing/*: New routing service package - pkg/event/processing/*: New processing service package - pkg/database/*_test.go: Refactored to shared TestMain - pkg/blossom/http_test.go: Fixed URL format expectations 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
29
pkg/event/validation/protected.go
Normal file
29
pkg/event/validation/protected.go
Normal file
@@ -0,0 +1,29 @@
|
||||
package validation
|
||||
|
||||
import (
|
||||
"git.mleku.dev/mleku/nostr/encoders/event"
|
||||
"next.orly.dev/pkg/utils"
|
||||
)
|
||||
|
||||
// ValidateProtectedTagMatch checks NIP-70 protected tag requirements.
|
||||
// Events with the "-" tag can only be published by users authenticated
|
||||
// with the same pubkey as the event author.
|
||||
func ValidateProtectedTagMatch(ev *event.E, authedPubkey []byte) Result {
|
||||
// Check for protected tag (NIP-70)
|
||||
protectedTag := ev.Tags.GetFirst([]byte("-"))
|
||||
if protectedTag == nil {
|
||||
return OK() // No protected tag, validation passes
|
||||
}
|
||||
|
||||
// Event has protected tag - verify pubkey matches
|
||||
if !utils.FastEqual(authedPubkey, ev.Pubkey) {
|
||||
return Blocked("protected tag may only be published by user authed to the same pubkey")
|
||||
}
|
||||
|
||||
return OK()
|
||||
}
|
||||
|
||||
// HasProtectedTag checks if an event has the NIP-70 protected tag.
|
||||
func HasProtectedTag(ev *event.E) bool {
|
||||
return ev.Tags.GetFirst([]byte("-")) != nil
|
||||
}
|
||||
Reference in New Issue
Block a user