mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Implement privileged event filtering and add comprehensive tests
Some checks failed
Go / build (push) Has been cancelled
Details
Go / release (push) Has been cancelled
Details

Browse Source 
- Refactored the HandleReq function to improve the handling of privileged events, ensuring that only authorized users can access them based on their authentication status and associated tags.
- Introduced a new test suite for privileged event filtering, covering various scenarios including authorized access, unauthorized access, and edge cases with malformed tags.
- Enhanced the publisher logic to deny delivery of privileged events to unauthenticated subscribers.
- Bumped version to v0.17.18.
This commit is contained in:
mleku
2025-10-24 19:53:34 +01:00
parent bc8a557f07
commit 28ab665285
4 changed files with 557 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/publisher.go
View File

@@ -194,7 +194,14 @@ func (p *P) Deliver(ev *event.E) {
for _, d := range deliveries {
// If the event is privileged, enforce that the subscriber's authed pubkey matches
// either the event pubkey or appears in any 'p' tag of the event.
if kind.IsPrivileged(ev.Kind) && len(d.sub.AuthedPubkey) > 0 {
if kind.IsPrivileged(ev.Kind) {
if len(d.sub.AuthedPubkey) == 0 {
// Not authenticated - cannot see privileged events
log.D.F("subscription delivery DENIED for privileged event %s to %s (not authenticated)",
hex.Enc(ev.ID), d.sub.remote)
continue
}
pk := d.sub.AuthedPubkey
allowed := false
// Direct author match