Implement policy system with comprehensive testing and configuration
Some checks failed
Go / build (push) Has been cancelled
Some checks failed
Go / build (push) Has been cancelled
- Introduced a new policy system for event processing, allowing fine-grained control over event storage and retrieval based on various criteria. - Added support for policy configuration via JSON files, including whitelists, blacklists, and custom scripts. - Implemented a test suite for the policy system, ensuring 100% test coverage of core functionality and edge cases. - Created benchmark tests to evaluate policy performance under various conditions. - Updated event handling to integrate policy checks for both read and write access. - Enhanced documentation with examples and usage instructions for the policy system. - Bumped version to v0.16.0.
This commit is contained in:
@@ -240,6 +240,27 @@ privCheck:
|
||||
}
|
||||
}
|
||||
events = tmp
|
||||
|
||||
// Apply policy filtering for read access if policy is enabled
|
||||
if l.policyManager != nil && l.policyManager.Manager != nil && l.policyManager.Manager.IsEnabled() {
|
||||
var policyFilteredEvents event.S
|
||||
for _, ev := range events {
|
||||
allowed, policyErr := l.policyManager.CheckPolicy("read", ev, l.authedPubkey.Load(), l.remote)
|
||||
if chk.E(policyErr) {
|
||||
log.E.F("policy check failed for read: %v", policyErr)
|
||||
// Default to allow on policy error
|
||||
policyFilteredEvents = append(policyFilteredEvents, ev)
|
||||
continue
|
||||
}
|
||||
|
||||
if allowed {
|
||||
policyFilteredEvents = append(policyFilteredEvents, ev)
|
||||
} else {
|
||||
log.D.F("policy filtered out event %0x for read access", ev.ID)
|
||||
}
|
||||
}
|
||||
events = policyFilteredEvents
|
||||
}
|
||||
seen := make(map[string]struct{})
|
||||
for _, ev := range events {
|
||||
log.T.C(
|
||||
|
||||
Reference in New Issue
Block a user