v0.7.7 - Prevent sql attacks and rate limiting on subscriptions

2025-10-10 15:44:10 -04:00
parent 00a8f16262
commit 6709e229b3
11 changed files with 746 additions and 152 deletions
--- a/build_static.sh
+++ b/build_static.sh
@@ -95,16 +95,43 @@ else
    echo "Installing additional static libraries..."
    sudo apt install -y libcap-dev libuv1-dev libev-dev
    
+    # Build SQLite with JSON1 extension if not available
+    echo "Building SQLite with JSON1 extension..."
+    SQLITE_BUILD_DIR="/tmp/sqlite-build-$$"
+    mkdir -p "$SQLITE_BUILD_DIR"
+    cd "$SQLITE_BUILD_DIR"
+    
+    wget https://www.sqlite.org/2024/sqlite-autoconf-3460000.tar.gz
+    tar xzf sqlite-autoconf-3460000.tar.gz
+    cd sqlite-autoconf-3460000
+    
+    ./configure \
+        --enable-static \
+        --disable-shared \
+        --enable-json1 \
+        --enable-fts5 \
+        --prefix="$SQLITE_BUILD_DIR/install" \
+        CFLAGS="-DSQLITE_ENABLE_JSON1=1 -DSQLITE_ENABLE_FTS5=1"
+    
+    make && make install
+    
+    # Return to project directory
+    cd "$SCRIPT_DIR"
+    
    # Try building with regular gcc and static linking
    echo "Compiling with gcc -static..."
    
    # Use the same approach as the regular Makefile but with static linking
    gcc -static -O2 -Wall -Wextra -std=c99 -g \
        -I. -Inostr_core_lib -Inostr_core_lib/nostr_core -Inostr_core_lib/cjson -Inostr_core_lib/nostr_websocket \
+        -I"$SQLITE_BUILD_DIR/install/include" \
        src/main.c src/config.c src/dm_admin.c src/request_validator.c src/nip009.c src/nip011.c src/nip013.c src/nip040.c src/nip042.c src/websockets.c src/subscriptions.c src/api.c src/embedded_web_content.c \
        -o "$BUILD_DIR/c_relay_static_x86_64" \
        nostr_core_lib/libnostr_core_x64.a \
-        -lsqlite3 -lwebsockets -lz -ldl -lpthread -lm -L/usr/local/lib -lsecp256k1 -lssl -lcrypto -L/usr/local/lib -lcurl -lcap -luv_a -lev
+        "$SQLITE_BUILD_DIR/install/lib/libsqlite3.a" -lwebsockets -lz -ldl -lpthread -lm -L/usr/local/lib -lsecp256k1 -lssl -lcrypto -L/usr/local/lib -lcurl -lcap -luv_a -lev
+    
+    # Clean up SQLite build directory
+    rm -rf "$SQLITE_BUILD_DIR"
    
    if [ $? -eq 0 ]; then
        echo "x86_64 static binary created: $BUILD_DIR/c_relay_static_x86_64"