From f102c205f84ba4a2bacf0d9dd00eac4930d04ee7 Mon Sep 17 00:00:00 2001
From: mleku <me@mleku.dev>
Date: Sun, 7 Sep 2025 20:51:32 +0100
Subject: [PATCH] Filter out privileged events for non-admin users, refactor
 `IsPrivileged` logic, and improve event handling with additional checks and
 utilities.

---
 app/handle-req.go          | 47 ++++++++++++++++++++++++++++++++++++--
 pkg/encoders/kind/kind.go  |  4 ++--
 pkg/encoders/kind/kinds.go |  2 +-
 3 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/app/handle-req.go b/app/handle-req.go
index d9ae83f..0eb508b 100644
--- a/app/handle-req.go
+++ b/app/handle-req.go
@@ -12,11 +12,14 @@ import (
 	"encoders.orly/envelopes/reqenvelope"
 	"encoders.orly/event"
 	"encoders.orly/filter"
+	"encoders.orly/hex"
+	"encoders.orly/kind"
 	"encoders.orly/reason"
 	"encoders.orly/tag"
 	"github.com/dgraph-io/badger/v4"
 	"lol.mleku.dev/chk"
 	"lol.mleku.dev/log"
+	utils "utils.orly"
 	"utils.orly/normalize"
 	"utils.orly/pointers"
 )
@@ -68,8 +71,48 @@ func (l *Listener) HandleReq(msg []byte) (
 			err = nil
 		}
 	}
-	// todo: filter out privileged events from the results if the user is not
-	//  authed or authed to a non-privileged pubkey.
+	var tmp event.S
+privCheck:
+	for _, ev := range events {
+		if kind.IsPrivileged(ev.Kind) &&
+			accessLevel != "admin" { // admins can see all events
+			log.I.F("checking privileged event %s", ev.ID)
+			pk := l.authedPubkey.Load()
+			if pk == nil {
+				continue
+			}
+			if utils.FastEqual(ev.Pubkey, pk) {
+				log.I.F(
+					"privileged event %s is for logged in pubkey %0x", ev.ID,
+					pk,
+				)
+				tmp = append(tmp, ev)
+				continue
+			}
+			pTags := ev.Tags.GetAll([]byte("p"))
+			for _, pTag := range pTags {
+				var pt []byte
+				if pt, err = hex.Dec(string(pTag.Value())); chk.E(err) {
+					continue
+				}
+				if utils.FastEqual(pt, pk) {
+					log.I.F(
+						"privileged event %s is for logged in pubkey %0x",
+						ev.ID, pk,
+					)
+					tmp = append(tmp, ev)
+					continue privCheck
+				}
+			}
+			log.W.F(
+				"privileged event %s does not contain the logged in pubkey %0x",
+				ev.ID, pk,
+			)
+		} else {
+			tmp = append(tmp, ev)
+		}
+	}
+	events = tmp
 	seen := make(map[string]struct{})
 	for _, ev := range events {
 		// track the IDs we've sent
diff --git a/pkg/encoders/kind/kind.go b/pkg/encoders/kind/kind.go
index 3f52722..d456003 100644
--- a/pkg/encoders/kind/kind.go
+++ b/pkg/encoders/kind/kind.go
@@ -78,9 +78,9 @@ var Privileged = []*K{
 
 // IsPrivileged returns true if the type is the kind of message nobody else than
 // the pubkeys in the event and p tags of the event are party to.
-func (k *K) IsPrivileged() (is bool) {
+func IsPrivileged(k uint16) (is bool) {
 	for i := range Privileged {
-		if k.Equal(Privileged[i].K) {
+		if k == Privileged[i].K {
 			return true
 		}
 	}
diff --git a/pkg/encoders/kind/kinds.go b/pkg/encoders/kind/kinds.go
index 756eb73..33c7cd5 100644
--- a/pkg/encoders/kind/kinds.go
+++ b/pkg/encoders/kind/kinds.go
@@ -142,7 +142,7 @@ func (k *S) Unmarshal(b []byte) (r []byte, err error) {
 // be privacy protected).
 func (k *S) IsPrivileged() (priv bool) {
 	for i := range k.K {
-		if k.K[i].IsPrivileged() {
+		if IsPrivileged(k.K[i].K) {
 			return true
 		}
 	}