fix policy to require auth and ignore all reqs before valid auth is made

2025-11-21 20:19:24 +00:00
parent fb65282702
commit b67f7dc900
9 changed files with 43 additions and 47 deletions
--- a/pkg/policy/policy.go
+++ b/pkg/policy/policy.go
@@ -900,12 +900,6 @@ func (p *P) CheckPolicy(
 		return false, fmt.Errorf("event cannot be nil")
 	}

-	// CRITICAL SECURITY: Reject all unauthenticated access
-	// No authentication = no access, regardless of policy rules
-	if len(loggedInPubkey) == 0 {
-		return false, nil // Silently reject unauthenticated users
-	}
-
 	// First check global rule filter (applies to all events)
 	if !p.checkGlobalRulePolicy(access, ev, loggedInPubkey) {
 		return false, nil