v0.7.11 - Got api back working after switching to static build
This commit is contained in:
Your Name
@@ -298,11 +298,9 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
|
||||
cJSON* kind_obj = cJSON_GetObjectItem(event_obj, "kind");
|
||||
int event_kind = kind_obj && cJSON_IsNumber(kind_obj) ? (int)cJSON_GetNumberValue(kind_obj) : -1;
|
||||
|
||||
// Extract pubkey and event ID for debugging
|
||||
// Extract pubkey for debugging
|
||||
cJSON* pubkey_obj = cJSON_GetObjectItem(event_obj, "pubkey");
|
||||
cJSON* id_obj = cJSON_GetObjectItem(event_obj, "id");
|
||||
const char* event_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : "unknown";
|
||||
const char* event_id = id_obj ? cJSON_GetStringValue(id_obj) : "unknown";
|
||||
|
||||
// Check if NIP-42 authentication is required for this event kind or globally
|
||||
int auth_required = is_nip42_auth_globally_required() || is_nip42_auth_required_for_kind(event_kind);
|
||||
@@ -332,6 +330,16 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
|
||||
}
|
||||
}
|
||||
|
||||
// Special case: allow kind 23456 admin events from authorized admin to bypass auth
|
||||
if (event_kind == 23456 && event_pubkey) {
|
||||
const char* admin_pubkey = get_admin_pubkey_cached();
|
||||
if (admin_pubkey && strcmp(event_pubkey, admin_pubkey) == 0) {
|
||||
bypass_auth = 1;
|
||||
} else {
|
||||
log_info("DEBUG: Kind 23456 event but pubkey mismatch or no admin pubkey");
|
||||
}
|
||||
}
|
||||
|
||||
if (pss && auth_required && !pss->authenticated && !bypass_auth) {
|
||||
if (!pss->auth_challenge_sent) {
|
||||
send_nip42_auth_challenge(wsi, pss);
|
||||
@@ -352,50 +360,6 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Check blacklist/whitelist rules regardless of NIP-42 auth settings
|
||||
// Blacklist should always be enforced
|
||||
if (event_pubkey) {
|
||||
// Forward declaration for auth rules checking function
|
||||
extern int check_database_auth_rules(const char *pubkey, const char *operation, const char *resource_hash);
|
||||
|
||||
int auth_rules_result = check_database_auth_rules(event_pubkey, "event", NULL);
|
||||
if (auth_rules_result != 0) { // 0 = NOSTR_SUCCESS, non-zero = blocked
|
||||
char auth_rules_msg[256];
|
||||
if (auth_rules_result == -101) { // NOSTR_ERROR_AUTH_REQUIRED
|
||||
snprintf(auth_rules_msg, sizeof(auth_rules_msg),
|
||||
"blocked: pubkey not authorized (blacklist/whitelist violation)");
|
||||
} else {
|
||||
snprintf(auth_rules_msg, sizeof(auth_rules_msg),
|
||||
"blocked: authorization check failed (error %d)", auth_rules_result);
|
||||
}
|
||||
send_notice_message(wsi, auth_rules_msg);
|
||||
log_warning("Event rejected: blacklist/whitelist violation");
|
||||
|
||||
// Send OK response with false status
|
||||
cJSON* response = cJSON_CreateArray();
|
||||
cJSON_AddItemToArray(response, cJSON_CreateString("OK"));
|
||||
cJSON_AddItemToArray(response, cJSON_CreateString(event_id));
|
||||
cJSON_AddItemToArray(response, cJSON_CreateBool(0)); // false = rejected
|
||||
cJSON_AddItemToArray(response, cJSON_CreateString(auth_rules_msg));
|
||||
|
||||
char *response_str = cJSON_Print(response);
|
||||
if (response_str) {
|
||||
size_t response_len = strlen(response_str);
|
||||
unsigned char *buf = malloc(LWS_PRE + response_len);
|
||||
if (buf) {
|
||||
memcpy(buf + LWS_PRE, response_str, response_len);
|
||||
lws_write(wsi, buf + LWS_PRE, response_len, LWS_WRITE_TEXT);
|
||||
free(buf);
|
||||
}
|
||||
free(response_str);
|
||||
}
|
||||
cJSON_Delete(response);
|
||||
|
||||
cJSON_Delete(json);
|
||||
free(message);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Handle EVENT message
|
||||
@@ -430,6 +394,7 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
|
||||
size_t event_json_len = strlen(event_json_str);
|
||||
int validation_result = nostr_validate_unified_request(event_json_str, event_json_len);
|
||||
|
||||
|
||||
// Map validation result to old result format (0 = success, -1 = failure)
|
||||
int result = (validation_result == NOSTR_SUCCESS) ? 0 : -1;
|
||||
|
||||
@@ -679,9 +644,6 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
|
||||
}
|
||||
} else if (strcmp(msg_type, "REQ") == 0) {
|
||||
// Log the full REQ message for debugging
|
||||
char debug_msg[2048];
|
||||
snprintf(debug_msg, sizeof(debug_msg), "Received REQ message: %s", message);
|
||||
log_info(debug_msg);
|
||||
|
||||
// Check NIP-42 authentication for REQ subscriptions if required
|
||||
if (pss && pss->nip42_auth_required_subscriptions && !pss->authenticated) {
|
||||
|
||||
Reference in New Issue
Block a user