Do not serve banned events (they aren't deleted, we have to check)

2026-05-03 06:51:42 +00:00 · 2025-02-25 09:46:08 +13:00 · 2025-02-25 09:46:08 +13:00 · 0fd74d83a8
commit 0fd74d83a8
parent 97c040b01c
1 changed files with 11 additions and 3 deletions
--- a/src/nostr.rs
+++ b/src/nostr.rs
@ -794,8 +794,9 @@ pub fn screen_outgoing_event(
    event_flags: &EventFlags,
    authorized_user: bool,
 ) -> ScreenResult {
-    // Forbid if it is a private event (DM or GiftWrap) and theey are neither the recipient
+    // Deny if it is a private event (DM or GiftWrap) and theey are neither the recipient
    // nor the author
+    // (even for authorized users)
    if event.kind() == Kind::from(4) || event.kind() == Kind::from(1059) {
        if event_flags.tags_current_user || event_flags.author_is_current_user {
            return ScreenResult::Match;
@ -804,12 +805,19 @@ pub fn screen_outgoing_event(
        }
    }

-    // Forbid (and delete) if it has an expired expiration tag
+    // Deny (and delete) if it has an expired expiration tag
+    // (even for authorized users)
    if matches!(event.is_expired(), Ok(true)) {
        let _ = GLOBALS.store.get().unwrap().remove_event(event.id());
        return ScreenResult::Mismatch;
    }

+    // Deny if it is marked approved:false
+    // (even for authorized users)
+    if let Ok(Some(false)) = crate::get_event_approval(GLOBALS.store.get().unwrap(), event.id()) {
+        return ScreenResult::Match;
+    }
+
    // Allow if an open relay
    if GLOBALS.config.read().open_relay {
        return ScreenResult::Match;
@ -832,7 +840,7 @@ pub fn screen_outgoing_event(
        return ScreenResult::Match;
    }

-    // Everybody can see events from our authorized users
+    // Allow if author is one of our authorized users
    if event_flags.author_is_an_authorized_user {
        return ScreenResult::Match;
    }