mirror of
https://github.com/mikedilger/chorus.git
synced 2026-04-03 06:41:16 +00:00
Require a moderator key for relay management
This commit is contained in:
parent
cb2bcc9b40
commit
a66a8a9534
@ -110,6 +110,15 @@ key_pem_path = "/opt/chorus/etc/tls/privkey.pem"
|
||||
user_hex_keys = []
|
||||
|
||||
|
||||
# These are the public keys (hex format) of your relay's moderators.
|
||||
# Moderators can moderate the relay using the following NIP PR:
|
||||
# https://github.com/nostr-protocol/nips/pull/1325
|
||||
#
|
||||
# Default is []
|
||||
#
|
||||
moderator_hex_keys = []
|
||||
|
||||
|
||||
# This is a boolean indicating whether or not chorus verifies incoming events.
|
||||
#
|
||||
# This setting only skips verification of events that are submitted by AUTHed and
|
||||
|
||||
@ -103,6 +103,12 @@ These are the public keys (hex format) of your relay's authorized users. See [BE
|
||||
|
||||
Default is `[]`
|
||||
|
||||
### moderator_hex_keys
|
||||
|
||||
These are the public keys (hex format) of your relay's moderators. Moderators can moderate the relay using the [NIP 86: Relay Management API](https://github.com/nostr-protocol/nips/pull/1325)
|
||||
|
||||
Default is `[]`
|
||||
|
||||
### verify_events
|
||||
|
||||
This is a boolean indicating whether or not chorus verifies incoming events.
|
||||
|
||||
@ -13,6 +13,9 @@ open_relay = false
|
||||
user_hex_keys = [
|
||||
"ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49"
|
||||
]
|
||||
moderator_hex_keys = [
|
||||
"ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49"
|
||||
]
|
||||
verify_events = true
|
||||
allow_scraping = false
|
||||
allow_scrape_if_limited_to = 100
|
||||
|
||||
@ -21,6 +21,7 @@ pub struct FriendlyConfig {
|
||||
pub public_key_hex: Option<String>,
|
||||
pub open_relay: bool,
|
||||
pub user_hex_keys: Vec<String>,
|
||||
pub moderator_hex_keys: Vec<String>,
|
||||
pub verify_events: bool,
|
||||
pub allow_scraping: bool,
|
||||
pub allow_scrape_if_limited_to: u32,
|
||||
@ -53,6 +54,7 @@ impl Default for FriendlyConfig {
|
||||
public_key_hex: None,
|
||||
open_relay: false,
|
||||
user_hex_keys: vec![],
|
||||
moderator_hex_keys: vec![],
|
||||
verify_events: true,
|
||||
allow_scraping: false,
|
||||
allow_scrape_if_limited_to: 100,
|
||||
@ -87,6 +89,7 @@ impl FriendlyConfig {
|
||||
public_key_hex,
|
||||
open_relay,
|
||||
user_hex_keys,
|
||||
moderator_hex_keys,
|
||||
verify_events,
|
||||
allow_scraping,
|
||||
allow_scrape_if_limited_to,
|
||||
@ -113,6 +116,11 @@ impl FriendlyConfig {
|
||||
user_keys.push(Pubkey::read_hex(pkh.as_bytes())?);
|
||||
}
|
||||
|
||||
let mut moderator_keys: Vec<Pubkey> = Vec::with_capacity(moderator_hex_keys.len());
|
||||
for pkh in moderator_hex_keys.iter() {
|
||||
moderator_keys.push(Pubkey::read_hex(pkh.as_bytes())?);
|
||||
}
|
||||
|
||||
let hostname = Host::parse(&hostname)?;
|
||||
|
||||
let server_log_level =
|
||||
@ -137,6 +145,8 @@ impl FriendlyConfig {
|
||||
open_relay,
|
||||
user_keys,
|
||||
user_hex_keys,
|
||||
moderator_keys,
|
||||
moderator_hex_keys,
|
||||
verify_events,
|
||||
allow_scraping,
|
||||
allow_scrape_if_limited_to,
|
||||
@ -171,6 +181,8 @@ pub struct Config {
|
||||
pub open_relay: bool,
|
||||
pub user_keys: Vec<Pubkey>,
|
||||
pub user_hex_keys: Vec<String>,
|
||||
pub moderator_keys: Vec<Pubkey>,
|
||||
pub moderator_hex_keys: Vec<String>,
|
||||
pub verify_events: bool,
|
||||
pub allow_scraping: bool,
|
||||
pub allow_scrape_if_limited_to: u32,
|
||||
|
||||
@ -55,6 +55,16 @@ pub async fn check_auth(request: Request<Incoming>) -> Result<Value, Error> {
|
||||
return s_err(&format!("Authorization event is invalid: {}", e));
|
||||
}
|
||||
|
||||
// Nostr event must be signed by a moderator
|
||||
if !GLOBALS
|
||||
.config
|
||||
.read()
|
||||
.moderator_keys
|
||||
.contains(&event.pubkey())
|
||||
{
|
||||
return s_err("Authorization failed as user is not a moderator");
|
||||
}
|
||||
|
||||
// Event kind must be 27235
|
||||
if event.kind().as_u16() != 27235 {
|
||||
return s_err("Authorization event not kind 27235");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user