mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fixed and unified privilege checks across ACLs
Some checks failed
Go / build-and-release (push) Has been cancelled
Details

Browse Source
This commit is contained in:
mleku
2025-11-19 13:05:21 +00:00
parent f89f41b8c4
commit a79beee179
4 changed files with 56 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
app/handle-req.go
View File

@@ -24,6 +24,7 @@ import (
"next.orly.dev/pkg/encoders/kind"
"next.orly.dev/pkg/encoders/reason"
"next.orly.dev/pkg/encoders/tag"
"next.orly.dev/pkg/policy"
"next.orly.dev/pkg/protocol/nip43"
"next.orly.dev/pkg/utils"
"next.orly.dev/pkg/utils/normalize"
@@ -360,59 +361,23 @@ func (l *Listener) HandleReq(msg []byte) (err error) {
},
)
pk := l.authedPubkey.Load()
if pk == nil {
// Not authenticated - cannot see privileged events
// Use centralized IsPartyInvolved function for consistent privilege checking
if policy.IsPartyInvolved(ev, pk) {
log.T.C(
func() string {
return fmt.Sprintf(
"privileged event %s denied - not authenticated",
ev.ID,
)
},
)
continue
}
// Check if user is authorized to see this privileged event
authorized := false
if utils.FastEqual(ev.Pubkey, pk) {
authorized = true
log.T.C(
func() string {
return fmt.Sprintf(
"privileged event %s is for logged in pubkey %0x",
"privileged event %s allowed for logged in pubkey %0x",
ev.ID, pk,
)
},
)
} else {
// Check p tags
pTags := ev.Tags.GetAll([]byte("p"))
for _, pTag := range pTags {
var pt []byte
if pt, err = hexenc.Dec(string(pTag.Value())); chk.E(err) {
continue
}
if utils.FastEqual(pt, pk) {
authorized = true
log.T.C(
func() string {
return fmt.Sprintf(
"privileged event %s is for logged in pubkey %0x",
ev.ID, pk,
)
},
)
break
}
}
}
if authorized {
tmp = append(tmp, ev)
} else {
log.T.C(
func() string {
return fmt.Sprintf(
"privileged event %s does not contain the logged in pubkey %0x",
"privileged event %s denied for pubkey %0x (not authenticated or not a party involved)",
ev.ID, pk,
)
},

33
app/publisher.go
View File

@@ -15,6 +15,7 @@ import (
"next.orly.dev/pkg/encoders/kind"
"next.orly.dev/pkg/interfaces/publisher"
"next.orly.dev/pkg/interfaces/typer"
"next.orly.dev/pkg/policy"
"next.orly.dev/pkg/protocol/publish"
"next.orly.dev/pkg/utils"
)
@@ -183,36 +184,12 @@ func (p *P) Deliver(ev *event.E) {
// either the event pubkey or appears in any 'p' tag of the event.
// Only check authentication if AuthRequired is true (ACL is active)
if kind.IsPrivileged(ev.Kind) && d.sub.AuthRequired {
if len(d.sub.AuthedPubkey) == 0 {
// Not authenticated - cannot see privileged events
log.D.F(
"subscription delivery DENIED for privileged event %s to %s (not authenticated)",
hex.Enc(ev.ID), d.sub.remote,
)
continue
}
pk := d.sub.AuthedPubkey
allowed := false
// Direct author match
if utils.FastEqual(ev.Pubkey, pk) {
allowed = true
} else if ev.Tags != nil {
for _, pTag := range ev.Tags.GetAll([]byte("p")) {
// pTag.Value() returns []byte hex string; decode to bytes
dec, derr := hex.Dec(string(pTag.Value()))
if derr != nil {
continue
}
if utils.FastEqual(dec, pk) {
allowed = true
break
}
}
}
if !allowed {
// Use centralized IsPartyInvolved function for consistent privilege checking
if !policy.IsPartyInvolved(ev, pk) {
log.D.F(
"subscription delivery DENIED for privileged event %s to %s (auth mismatch)",
"subscription delivery DENIED for privileged event %s to %s (not authenticated or not a party involved)",
hex.Enc(ev.ID), d.sub.remote,
)
// Skip delivery for this subscriber