Filter out privileged events for non-admin users, refactor IsPrivileged logic, and improve event handling with additional checks and utilities.
This commit is contained in:
@@ -12,11 +12,14 @@ import (
|
|||||||
"encoders.orly/envelopes/reqenvelope"
|
"encoders.orly/envelopes/reqenvelope"
|
||||||
"encoders.orly/event"
|
"encoders.orly/event"
|
||||||
"encoders.orly/filter"
|
"encoders.orly/filter"
|
||||||
|
"encoders.orly/hex"
|
||||||
|
"encoders.orly/kind"
|
||||||
"encoders.orly/reason"
|
"encoders.orly/reason"
|
||||||
"encoders.orly/tag"
|
"encoders.orly/tag"
|
||||||
"github.com/dgraph-io/badger/v4"
|
"github.com/dgraph-io/badger/v4"
|
||||||
"lol.mleku.dev/chk"
|
"lol.mleku.dev/chk"
|
||||||
"lol.mleku.dev/log"
|
"lol.mleku.dev/log"
|
||||||
|
utils "utils.orly"
|
||||||
"utils.orly/normalize"
|
"utils.orly/normalize"
|
||||||
"utils.orly/pointers"
|
"utils.orly/pointers"
|
||||||
)
|
)
|
||||||
@@ -68,8 +71,48 @@ func (l *Listener) HandleReq(msg []byte) (
|
|||||||
err = nil
|
err = nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// todo: filter out privileged events from the results if the user is not
|
var tmp event.S
|
||||||
// authed or authed to a non-privileged pubkey.
|
privCheck:
|
||||||
|
for _, ev := range events {
|
||||||
|
if kind.IsPrivileged(ev.Kind) &&
|
||||||
|
accessLevel != "admin" { // admins can see all events
|
||||||
|
log.I.F("checking privileged event %s", ev.ID)
|
||||||
|
pk := l.authedPubkey.Load()
|
||||||
|
if pk == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if utils.FastEqual(ev.Pubkey, pk) {
|
||||||
|
log.I.F(
|
||||||
|
"privileged event %s is for logged in pubkey %0x", ev.ID,
|
||||||
|
pk,
|
||||||
|
)
|
||||||
|
tmp = append(tmp, ev)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
pTags := ev.Tags.GetAll([]byte("p"))
|
||||||
|
for _, pTag := range pTags {
|
||||||
|
var pt []byte
|
||||||
|
if pt, err = hex.Dec(string(pTag.Value())); chk.E(err) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if utils.FastEqual(pt, pk) {
|
||||||
|
log.I.F(
|
||||||
|
"privileged event %s is for logged in pubkey %0x",
|
||||||
|
ev.ID, pk,
|
||||||
|
)
|
||||||
|
tmp = append(tmp, ev)
|
||||||
|
continue privCheck
|
||||||
|
}
|
||||||
|
}
|
||||||
|
log.W.F(
|
||||||
|
"privileged event %s does not contain the logged in pubkey %0x",
|
||||||
|
ev.ID, pk,
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
tmp = append(tmp, ev)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
events = tmp
|
||||||
seen := make(map[string]struct{})
|
seen := make(map[string]struct{})
|
||||||
for _, ev := range events {
|
for _, ev := range events {
|
||||||
// track the IDs we've sent
|
// track the IDs we've sent
|
||||||
|
|||||||
@@ -78,9 +78,9 @@ var Privileged = []*K{
|
|||||||
|
|
||||||
// IsPrivileged returns true if the type is the kind of message nobody else than
|
// IsPrivileged returns true if the type is the kind of message nobody else than
|
||||||
// the pubkeys in the event and p tags of the event are party to.
|
// the pubkeys in the event and p tags of the event are party to.
|
||||||
func (k *K) IsPrivileged() (is bool) {
|
func IsPrivileged(k uint16) (is bool) {
|
||||||
for i := range Privileged {
|
for i := range Privileged {
|
||||||
if k.Equal(Privileged[i].K) {
|
if k == Privileged[i].K {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -142,7 +142,7 @@ func (k *S) Unmarshal(b []byte) (r []byte, err error) {
|
|||||||
// be privacy protected).
|
// be privacy protected).
|
||||||
func (k *S) IsPrivileged() (priv bool) {
|
func (k *S) IsPrivileged() (priv bool) {
|
||||||
for i := range k.K {
|
for i := range k.K {
|
||||||
if k.K[i].IsPrivileged() {
|
if IsPrivileged(k.K[i].K) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user