laantungir/c-relay
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

v0.3.8 - safety push

Browse Source
This commit is contained in:
Your Name
2025-09-18 10:18:15 -04:00
parent 3210b9e752
commit 9f3b3dd773
7 changed files with 6385 additions and 1318 deletions
Download Patch File Download Diff File Expand all files Collapse all files

568
src/config.c
View File

@@ -14,8 +14,12 @@
// External database connection (from main.c)
extern sqlite3* g_db;
// Global configuration manager instance
config_manager_t g_config_manager = {0};
// Global unified configuration cache instance
unified_config_cache_t g_unified_cache = {
.cache_lock = PTHREAD_MUTEX_INITIALIZER,
.cache_valid = 0,
.cache_expires = 0
};
char g_database_path[512] = {0};
// ================================
@@ -78,6 +82,126 @@ static cJSON* g_pending_config_event = NULL;
// Temporary storage for relay private key during first-time setup
static char g_temp_relay_privkey[65] = {0};
// ================================
// UNIFIED CACHE MANAGEMENT FUNCTIONS
// ================================
// Get cache timeout from environment variable or default (similar to request_validator)
static int get_cache_timeout(void) {
char *no_cache = getenv("GINX_NO_CACHE");
char *cache_timeout = getenv("GINX_CACHE_TIMEOUT");
if (no_cache && strcmp(no_cache, "1") == 0) {
return 0; // No caching
}
if (cache_timeout) {
int timeout = atoi(cache_timeout);
return (timeout >= 0) ? timeout : 300; // Use provided value or default
}
return 300; // Default 5 minutes
}
// Force cache refresh - invalidates current cache
void force_config_cache_refresh(void) {
pthread_mutex_lock(&g_unified_cache.cache_lock);
g_unified_cache.cache_valid = 0;
g_unified_cache.cache_expires = 0;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
log_info("Configuration cache forcibly invalidated");
}
// Refresh unified cache from database
static int refresh_unified_cache_from_table(void) {
if (!g_db) {
log_error("Database not available for cache refresh");
return -1;
}
// Clear cache
memset(&g_unified_cache, 0, sizeof(g_unified_cache));
g_unified_cache.cache_lock = (pthread_mutex_t)PTHREAD_MUTEX_INITIALIZER;
// Load critical config values from table
const char* admin_pubkey = get_config_value_from_table("admin_pubkey");
if (admin_pubkey) {
strncpy(g_unified_cache.admin_pubkey, admin_pubkey, sizeof(g_unified_cache.admin_pubkey) - 1);
g_unified_cache.admin_pubkey[sizeof(g_unified_cache.admin_pubkey) - 1] = '\0';
}
const char* relay_pubkey = get_config_value_from_table("relay_pubkey");
if (relay_pubkey) {
strncpy(g_unified_cache.relay_pubkey, relay_pubkey, sizeof(g_unified_cache.relay_pubkey) - 1);
g_unified_cache.relay_pubkey[sizeof(g_unified_cache.relay_pubkey) - 1] = '\0';
}
// Load auth-related config
const char* auth_required = get_config_value_from_table("auth_required");
g_unified_cache.auth_required = (auth_required && strcmp(auth_required, "true") == 0) ? 1 : 0;
const char* admin_enabled = get_config_value_from_table("admin_enabled");
g_unified_cache.admin_enabled = (admin_enabled && strcmp(admin_enabled, "true") == 0) ? 1 : 0;
const char* max_file_size = get_config_value_from_table("max_file_size");
g_unified_cache.max_file_size = max_file_size ? atol(max_file_size) : 104857600; // 100MB default
const char* nip42_mode = get_config_value_from_table("nip42_mode");
if (nip42_mode) {
if (strcmp(nip42_mode, "disabled") == 0) {
g_unified_cache.nip42_mode = 0;
} else if (strcmp(nip42_mode, "required") == 0) {
g_unified_cache.nip42_mode = 2;
} else {
g_unified_cache.nip42_mode = 1; // Optional/enabled
}
} else {
g_unified_cache.nip42_mode = 1; // Default to optional/enabled
}
const char* challenge_timeout = get_config_value_from_table("nip42_challenge_timeout");
g_unified_cache.nip42_challenge_timeout = challenge_timeout ? atoi(challenge_timeout) : 600;
const char* time_tolerance = get_config_value_from_table("nip42_time_tolerance");
g_unified_cache.nip42_time_tolerance = time_tolerance ? atoi(time_tolerance) : 300;
// Set cache expiration
int cache_timeout = get_cache_timeout();
g_unified_cache.cache_expires = time(NULL) + cache_timeout;
g_unified_cache.cache_valid = 1;
log_info("Unified configuration cache refreshed from database");
return 0;
}
// Get admin pubkey from cache (with automatic refresh)
const char* get_admin_pubkey_cached(void) {
pthread_mutex_lock(&g_unified_cache.cache_lock);
// Check cache validity
if (!g_unified_cache.cache_valid || time(NULL) > g_unified_cache.cache_expires) {
refresh_unified_cache_from_table();
}
const char* result = g_unified_cache.admin_pubkey[0] ? g_unified_cache.admin_pubkey : NULL;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
return result;
}
// Get relay pubkey from cache (with automatic refresh)
const char* get_relay_pubkey_cached(void) {
pthread_mutex_lock(&g_unified_cache.cache_lock);
// Check cache validity
if (!g_unified_cache.cache_valid || time(NULL) > g_unified_cache.cache_expires) {
refresh_unified_cache_from_table();
}
const char* result = g_unified_cache.relay_pubkey[0] ? g_unified_cache.relay_pubkey : NULL;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
return result;
}
// ================================
// UTILITY FUNCTIONS
// ================================
@@ -254,15 +378,16 @@ cJSON* load_config_event_from_database(const char* relay_pubkey) {
sqlite3_stmt* stmt;
int rc;
// If we have admin pubkey, query by it; otherwise find the most recent kind 33334 event
if (strlen(g_config_manager.admin_pubkey) > 0) {
// Try to get admin pubkey from cache, otherwise find the most recent kind 33334 event
const char* admin_pubkey = get_admin_pubkey_cached();
if (admin_pubkey && strlen(admin_pubkey) > 0) {
sql = "SELECT id, pubkey, created_at, kind, content, sig, tags FROM events WHERE kind = 33334 AND pubkey = ? ORDER BY created_at DESC LIMIT 1";
rc = sqlite3_prepare_v2(g_db, sql, -1, &stmt, NULL);
if (rc != SQLITE_OK) {
log_error("Failed to prepare configuration event query");
return NULL;
}
sqlite3_bind_text(stmt, 1, g_config_manager.admin_pubkey, -1, SQLITE_STATIC);
sqlite3_bind_text(stmt, 1, admin_pubkey, -1, SQLITE_STATIC);
} else {
// During existing relay startup, we don't know the admin pubkey yet
// Look for any kind 33334 configuration event (should only be one per relay)
@@ -288,11 +413,8 @@ cJSON* load_config_event_from_database(const char* relay_pubkey) {
cJSON_AddStringToObject(event, "content", (const char*)sqlite3_column_text(stmt, 4));
cJSON_AddStringToObject(event, "sig", (const char*)sqlite3_column_text(stmt, 5));
// If we didn't have admin pubkey, store it now
if (strlen(g_config_manager.admin_pubkey) == 0) {
strncpy(g_config_manager.admin_pubkey, event_pubkey, sizeof(g_config_manager.admin_pubkey) - 1);
g_config_manager.admin_pubkey[sizeof(g_config_manager.admin_pubkey) - 1] = '\0';
}
// If we didn't have admin pubkey in cache, we should update the cache
// Note: This will be handled by the cache refresh mechanism automatically
// Parse tags JSON
const char* tags_str = (const char*)sqlite3_column_text(stmt, 6);
@@ -318,9 +440,28 @@ cJSON* load_config_event_from_database(const char* relay_pubkey) {
// ================================
const char* get_config_value(const char* key) {
static char buffer[CONFIG_VALUE_MAX_LENGTH];
if (!key) {
return NULL;
}
if (!key || !g_current_config) {
// Special fast path for frequently accessed keys via unified cache
if (strcmp(key, "admin_pubkey") == 0) {
return get_admin_pubkey_cached();
}
if (strcmp(key, "relay_pubkey") == 0) {
return get_relay_pubkey_cached();
}
// For other keys, try config table first
const char* table_value = get_config_value_from_table(key);
if (table_value) {
return table_value;
}
// Fallback to legacy event-based config for backward compatibility
// Use unified cache buffer instead of static buffer
if (!g_current_config) {
return NULL;
}
@@ -330,24 +471,30 @@ const char* get_config_value(const char* key) {
return NULL;
}
pthread_mutex_lock(&g_unified_cache.cache_lock);
cJSON* tag = NULL;
cJSON_ArrayForEach(tag, tags) {
if (cJSON_IsArray(tag) && cJSON_GetArraySize(tag) >= 2) {
cJSON* tag_key = cJSON_GetArrayItem(tag, 0);
cJSON* tag_value = cJSON_GetArrayItem(tag, 1);
if (tag_key && tag_value &&
if (tag_key && tag_value &&
cJSON_IsString(tag_key) && cJSON_IsString(tag_value)) {
if (strcmp(cJSON_GetStringValue(tag_key), key) == 0) {
strncpy(buffer, cJSON_GetStringValue(tag_value), sizeof(buffer) - 1);
buffer[sizeof(buffer) - 1] = '\0';
return buffer;
strncpy(g_unified_cache.temp_buffer, cJSON_GetStringValue(tag_value),
sizeof(g_unified_cache.temp_buffer) - 1);
g_unified_cache.temp_buffer[sizeof(g_unified_cache.temp_buffer) - 1] = '\0';
pthread_mutex_unlock(&g_unified_cache.cache_lock);
return g_unified_cache.temp_buffer;
}
}
}
}
pthread_mutex_unlock(&g_unified_cache.cache_lock);
return NULL;
}
@@ -491,14 +638,44 @@ int init_configuration_system(const char* config_dir_override, const char* confi
log_info("Initializing event-based configuration system...");
// Clear configuration manager state
memset(&g_config_manager, 0, sizeof(config_manager_t));
g_config_manager.db = g_db;
// Initialize unified cache with proper structure initialization
pthread_mutex_lock(&g_unified_cache.cache_lock);
// For now, set empty paths for compatibility
g_config_manager.config_file_path[0] = '\0';
// Clear the entire cache structure
memset(&g_unified_cache, 0, sizeof(g_unified_cache));
log_success("Event-based configuration system initialized");
// Reinitialize the mutex after memset
g_unified_cache.cache_lock = (pthread_mutex_t)PTHREAD_MUTEX_INITIALIZER;
// Initialize basic cache state
g_unified_cache.cache_valid = 0;
g_unified_cache.cache_expires = 0;
// Initialize relay_info structure with default values
strncpy(g_unified_cache.relay_info.software, "https://git.laantungir.net/laantungir/c-relay.git",
sizeof(g_unified_cache.relay_info.software) - 1);
strncpy(g_unified_cache.relay_info.version, "0.2.0",
sizeof(g_unified_cache.relay_info.version) - 1);
// Initialize pow_config structure with defaults
g_unified_cache.pow_config.enabled = 1;
g_unified_cache.pow_config.min_pow_difficulty = 0;
g_unified_cache.pow_config.validation_flags = 1; // NOSTR_POW_VALIDATE_BASIC
g_unified_cache.pow_config.require_nonce_tag = 0;
g_unified_cache.pow_config.reject_lower_targets = 0;
g_unified_cache.pow_config.strict_format = 0;
g_unified_cache.pow_config.anti_spam_mode = 0;
// Initialize expiration_config structure with defaults
g_unified_cache.expiration_config.enabled = 1;
g_unified_cache.expiration_config.strict_mode = 1;
g_unified_cache.expiration_config.filter_responses = 1;
g_unified_cache.expiration_config.delete_expired = 0;
g_unified_cache.expiration_config.grace_period = 1;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
log_success("Event-based configuration system initialized with unified cache structures");
return 0;
}
@@ -515,8 +692,38 @@ void cleanup_configuration_system(void) {
g_pending_config_event = NULL;
}
memset(&g_config_manager, 0, sizeof(config_manager_t));
log_success("Configuration system cleaned up");
// Clear unified cache with proper cleanup of JSON objects
pthread_mutex_lock(&g_unified_cache.cache_lock);
// Clean up relay_info JSON objects if they exist
if (g_unified_cache.relay_info.supported_nips) {
cJSON_Delete(g_unified_cache.relay_info.supported_nips);
}
if (g_unified_cache.relay_info.limitation) {
cJSON_Delete(g_unified_cache.relay_info.limitation);
}
if (g_unified_cache.relay_info.retention) {
cJSON_Delete(g_unified_cache.relay_info.retention);
}
if (g_unified_cache.relay_info.relay_countries) {
cJSON_Delete(g_unified_cache.relay_info.relay_countries);
}
if (g_unified_cache.relay_info.language_tags) {
cJSON_Delete(g_unified_cache.relay_info.language_tags);
}
if (g_unified_cache.relay_info.tags) {
cJSON_Delete(g_unified_cache.relay_info.tags);
}
if (g_unified_cache.relay_info.fees) {
cJSON_Delete(g_unified_cache.relay_info.fees);
}
// Clear the entire cache structure
memset(&g_unified_cache, 0, sizeof(g_unified_cache));
g_unified_cache.cache_lock = (pthread_mutex_t)PTHREAD_MUTEX_INITIALIZER;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
log_success("Configuration system cleaned up with proper JSON cleanup");
}
int set_database_config(const char* key, const char* value, const char* changed_by) {
@@ -832,11 +1039,13 @@ int first_time_startup_sequence(const cli_options_t* cli_options) {
}
nostr_bytes_to_hex(relay_pubkey_bytes, 32, relay_pubkey);
// 3. Store keys in global config manager
strncpy(g_config_manager.admin_pubkey, admin_pubkey, sizeof(g_config_manager.admin_pubkey) - 1);
g_config_manager.admin_pubkey[sizeof(g_config_manager.admin_pubkey) - 1] = '\0';
strncpy(g_config_manager.relay_pubkey, relay_pubkey, sizeof(g_config_manager.relay_pubkey) - 1);
g_config_manager.relay_pubkey[sizeof(g_config_manager.relay_pubkey) - 1] = '\0';
// 3. Store keys in unified cache (will be added to database after init)
pthread_mutex_lock(&g_unified_cache.cache_lock);
strncpy(g_unified_cache.admin_pubkey, admin_pubkey, sizeof(g_unified_cache.admin_pubkey) - 1);
g_unified_cache.admin_pubkey[sizeof(g_unified_cache.admin_pubkey) - 1] = '\0';
strncpy(g_unified_cache.relay_pubkey, relay_pubkey, sizeof(g_unified_cache.relay_pubkey) - 1);
g_unified_cache.relay_pubkey[sizeof(g_unified_cache.relay_pubkey) - 1] = '\0';
pthread_mutex_unlock(&g_unified_cache.cache_lock);
// 4. Create database with relay pubkey name
if (create_database_with_relay_pubkey(relay_pubkey) != 0) {
@@ -904,8 +1113,11 @@ int startup_existing_relay(const char* relay_pubkey) {
log_info("Starting existing relay...");
printf(" Relay pubkey: %s\n", relay_pubkey);
// Store relay pubkey in global config manager
strncpy(g_config_manager.relay_pubkey, relay_pubkey, sizeof(g_config_manager.relay_pubkey) - 1);
// Store relay pubkey in unified cache
pthread_mutex_lock(&g_unified_cache.cache_lock);
strncpy(g_unified_cache.relay_pubkey, relay_pubkey, sizeof(g_unified_cache.relay_pubkey) - 1);
g_unified_cache.relay_pubkey[sizeof(g_unified_cache.relay_pubkey) - 1] = '\0';
pthread_mutex_unlock(&g_unified_cache.cache_lock);
// Set database path
char* db_name = get_database_name_from_relay_pubkey(relay_pubkey);
@@ -1408,8 +1620,9 @@ int process_configuration_event(const cJSON* event) {
// Verify it's from the admin
const char* event_pubkey = cJSON_GetStringValue(pubkey_obj);
if (strlen(g_config_manager.admin_pubkey) > 0) {
if (strcmp(event_pubkey, g_config_manager.admin_pubkey) != 0) {
const char* admin_pubkey = get_admin_pubkey_cached();
if (admin_pubkey && strlen(admin_pubkey) > 0) {
if (strcmp(event_pubkey, admin_pubkey) != 0) {
log_error("Configuration event not from authorized admin");
return -1;
}
@@ -1580,11 +1793,18 @@ int apply_configuration_from_event(const cJSON* event) {
// Update cached configuration
g_current_config = cJSON_Duplicate(event, 1);
// Extract admin pubkey if not already set
// Extract admin pubkey if not already in cache
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
if (pubkey_obj && strlen(g_config_manager.admin_pubkey) == 0) {
strncpy(g_config_manager.admin_pubkey, cJSON_GetStringValue(pubkey_obj),
sizeof(g_config_manager.admin_pubkey) - 1);
if (pubkey_obj) {
const char* event_pubkey = cJSON_GetStringValue(pubkey_obj);
const char* cached_admin_pubkey = get_admin_pubkey_cached();
if (!cached_admin_pubkey || strlen(cached_admin_pubkey) == 0) {
// Update cache with admin pubkey from event
pthread_mutex_lock(&g_unified_cache.cache_lock);
strncpy(g_unified_cache.admin_pubkey, event_pubkey, sizeof(g_unified_cache.admin_pubkey) - 1);
g_unified_cache.admin_pubkey[sizeof(g_unified_cache.admin_pubkey) - 1] = '\0';
pthread_mutex_unlock(&g_unified_cache.cache_lock);
}
}
// Apply runtime configuration changes
@@ -1651,15 +1871,17 @@ const char* get_config_value_from_table(const char* key) {
sqlite3_bind_text(stmt, 1, key, -1, SQLITE_STATIC);
static char config_value_buffer[CONFIG_VALUE_MAX_LENGTH];
const char* result = NULL;
if (sqlite3_step(stmt) == SQLITE_ROW) {
const char* value = (char*)sqlite3_column_text(stmt, 0);
if (value) {
strncpy(config_value_buffer, value, sizeof(config_value_buffer) - 1);
config_value_buffer[sizeof(config_value_buffer) - 1] = '\0';
result = config_value_buffer;
// Use unified cache buffer with thread safety
pthread_mutex_lock(&g_unified_cache.cache_lock);
strncpy(g_unified_cache.temp_buffer, value, sizeof(g_unified_cache.temp_buffer) - 1);
g_unified_cache.temp_buffer[sizeof(g_unified_cache.temp_buffer) - 1] = '\0';
result = g_unified_cache.temp_buffer;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
}
}
@@ -1783,6 +2005,52 @@ int populate_default_config_values(void) {
return 0;
}
// Add dynamically generated pubkeys to config table
int add_pubkeys_to_config_table(void) {
if (!g_db) {
log_error("Database not available for pubkey storage");
return -1;
}
log_info("Adding dynamically generated pubkeys to config table...");
// Get the pubkeys directly from unified cache (not through cached accessors to avoid circular dependency)
pthread_mutex_lock(&g_unified_cache.cache_lock);
const char* admin_pubkey = g_unified_cache.admin_pubkey[0] ? g_unified_cache.admin_pubkey : NULL;
const char* relay_pubkey = g_unified_cache.relay_pubkey[0] ? g_unified_cache.relay_pubkey : NULL;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
if (!admin_pubkey || strlen(admin_pubkey) != 64) {
log_error("Admin pubkey not available or invalid for config table storage");
return -1;
}
if (!relay_pubkey || strlen(relay_pubkey) != 64) {
log_error("Relay pubkey not available or invalid for config table storage");
return -1;
}
// Store admin pubkey in config table
if (set_config_value_in_table("admin_pubkey", admin_pubkey, "string",
"Administrator public key", "authentication", 0) != 0) {
log_error("Failed to store admin_pubkey in config table");
return -1;
}
// Store relay pubkey in config table
if (set_config_value_in_table("relay_pubkey", relay_pubkey, "string",
"Relay public key", "relay", 0) != 0) {
log_error("Failed to store relay_pubkey in config table");
return -1;
}
log_success("Dynamically generated pubkeys added to config table");
printf(" Admin pubkey: %s\n", admin_pubkey);
printf(" Relay pubkey: %s\n", relay_pubkey);
return 0;
}
// ================================
// ADMIN EVENT PROCESSING FUNCTIONS
// ================================
@@ -2028,17 +2296,24 @@ int remove_auth_rule_from_config(const char* rule_type, const char* pattern_type
// Invalidate configuration cache
void invalidate_config_cache(void) {
// For now, just log that cache was invalidated
// In a full implementation, this would clear any cached config values
log_info("Configuration cache invalidated");
pthread_mutex_lock(&g_unified_cache.cache_lock);
g_unified_cache.cache_valid = 0;
g_unified_cache.cache_expires = 0;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
log_info("Unified configuration cache invalidated");
}
// Reload configuration from table
int reload_config_from_table(void) {
// For now, just log that config was reloaded
// In a full implementation, this would reload all cached values from the table
log_info("Configuration reloaded from table");
return 0;
// Trigger a cache refresh by calling the refresh function directly
int result = refresh_unified_cache_from_table();
if (result == 0) {
log_info("Configuration reloaded from table");
} else {
log_error("Failed to reload configuration from table");
}
return result;
}
// ================================
@@ -2101,8 +2376,11 @@ int is_config_table_ready(void) {
int initialize_config_system_with_migration(void) {
log_info("Initializing configuration system with migration support...");
// Initialize config manager
memset(&g_config_manager, 0, sizeof(g_config_manager));
// Initialize unified cache and migration status
pthread_mutex_lock(&g_unified_cache.cache_lock);
g_unified_cache.cache_valid = 0;
g_unified_cache.cache_expires = 0;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
memset(&g_migration_status, 0, sizeof(g_migration_status));
// For new installations, config table should already exist from embedded schema
@@ -2254,7 +2532,8 @@ int migrate_config_from_events_to_table(void) {
log_info("Migrating configuration from events to config table...");
// Load the most recent configuration event from database
cJSON* config_event = load_config_event_from_database(g_config_manager.relay_pubkey);
const char* relay_pubkey = get_relay_pubkey_cached();
cJSON* config_event = load_config_event_from_database(relay_pubkey);
if (!config_event) {
log_info("No existing configuration event found - migration not needed");
return 0;
@@ -2382,4 +2661,191 @@ int process_startup_config_event_with_fallback(const cJSON* event) {
log_error("Startup configuration processing failed even after populating defaults");
return -1;
}
// ================================
// DYNAMIC EVENT GENERATION FROM CONFIG TABLE
// ================================
// Generate synthetic kind 33334 configuration event from current config table data
cJSON* generate_config_event_from_table(void) {
if (!g_db) {
log_error("Database not available for config event generation");
return NULL;
}
log_info("Generating synthetic kind 33334 event from config table...");
// Get relay pubkey for event generation
const char* relay_pubkey = get_config_value("relay_pubkey");
if (!relay_pubkey || strlen(relay_pubkey) != 64) {
// Try to get from unified cache
relay_pubkey = get_relay_pubkey_cached();
if (!relay_pubkey || strlen(relay_pubkey) != 64) {
log_error("Relay pubkey not available for config event generation");
return NULL;
}
}
// Create the event structure
cJSON* event = cJSON_CreateObject();
if (!event) {
log_error("Failed to create config event object");
return NULL;
}
// Set basic event fields - we'll generate a synthetic event
cJSON_AddStringToObject(event, "id", "synthetic_config_event_id");
cJSON_AddStringToObject(event, "pubkey", relay_pubkey); // Use relay pubkey as event author
cJSON_AddNumberToObject(event, "created_at", (double)time(NULL));
cJSON_AddNumberToObject(event, "kind", 33334);
cJSON_AddStringToObject(event, "content", "C Nostr Relay Configuration");
cJSON_AddStringToObject(event, "sig", "synthetic_signature");
// Create tags array from config table
cJSON* tags = cJSON_CreateArray();
if (!tags) {
log_error("Failed to create tags array for config event");
cJSON_Delete(event);
return NULL;
}
// Add d tag with relay pubkey (addressable event identifier)
cJSON* d_tag = cJSON_CreateArray();
cJSON_AddItemToArray(d_tag, cJSON_CreateString("d"));
cJSON_AddItemToArray(d_tag, cJSON_CreateString(relay_pubkey));
cJSON_AddItemToArray(tags, d_tag);
// Query all configuration values from the config table
const char* sql = "SELECT key, value FROM config ORDER BY key";
sqlite3_stmt* stmt;
int rc = sqlite3_prepare_v2(g_db, sql, -1, &stmt, NULL);
if (rc != SQLITE_OK) {
log_error("Failed to prepare config query for event generation");
cJSON_Delete(tags);
cJSON_Delete(event);
return NULL;
}
int config_items_added = 0;
// Add each config item as a tag
while (sqlite3_step(stmt) == SQLITE_ROW) {
const char* key = (const char*)sqlite3_column_text(stmt, 0);
const char* value = (const char*)sqlite3_column_text(stmt, 1);
if (key && value) {
cJSON* config_tag = cJSON_CreateArray();
cJSON_AddItemToArray(config_tag, cJSON_CreateString(key));
cJSON_AddItemToArray(config_tag, cJSON_CreateString(value));
cJSON_AddItemToArray(tags, config_tag);
config_items_added++;
}
}
sqlite3_finalize(stmt);
if (config_items_added == 0) {
log_warning("No configuration items found in config table for event generation");
cJSON_Delete(tags);
cJSON_Delete(event);
return NULL;
}
// Add tags to event
cJSON_AddItemToObject(event, "tags", tags);
char success_msg[256];
snprintf(success_msg, sizeof(success_msg),
"Generated synthetic kind 33334 event with %d configuration items", config_items_added);
log_success(success_msg);
return event;
}
// Check if a REQ filter requests kind 33334 events
int req_filter_requests_config_events(const cJSON* filter) {
if (!filter || !cJSON_IsObject(filter)) {
return 0;
}
cJSON* kinds = cJSON_GetObjectItem(filter, "kinds");
if (!kinds || !cJSON_IsArray(kinds)) {
return 0;
}
// Check if kinds array contains 33334
cJSON* kind_item = NULL;
cJSON_ArrayForEach(kind_item, kinds) {
if (cJSON_IsNumber(kind_item) && (int)cJSON_GetNumberValue(kind_item) == 33334) {
return 1;
}
}
return 0;
}
// Generate synthetic config event data for subscription (callback approach)
cJSON* generate_synthetic_config_event_for_subscription(const char* sub_id, const cJSON* filters) {
if (!sub_id || !filters) {
return NULL;
}
// Check if any filter requests kind 33334
int requests_config = 0;
if (cJSON_IsArray(filters)) {
cJSON* filter = NULL;
cJSON_ArrayForEach(filter, filters) {
if (req_filter_requests_config_events(filter)) {
requests_config = 1;
break;
}
}
} else if (cJSON_IsObject(filters)) {
requests_config = req_filter_requests_config_events(filters);
}
if (!requests_config) {
// No config events requested
return NULL;
}
log_info("Generating synthetic kind 33334 event for subscription");
// Generate synthetic config event from table
cJSON* config_event = generate_config_event_from_table();
if (!config_event) {
log_error("Failed to generate synthetic config event");
return NULL;
}
// Create EVENT message for the subscription
cJSON* event_msg = cJSON_CreateArray();
cJSON_AddItemToArray(event_msg, cJSON_CreateString("EVENT"));
cJSON_AddItemToArray(event_msg, cJSON_CreateString(sub_id));
cJSON_AddItemToArray(event_msg, config_event);
log_success("Generated synthetic kind 33334 configuration event message");
return event_msg;
}
/**
* Generate a synthetic kind 33334 configuration event from config table data
* This allows WebSocket clients to fetch configuration via REQ messages
* Returns JSON string that must be freed by caller
*/
char* generate_config_event_json(void) {
// Use the existing cJSON function and convert to string
cJSON* event = generate_config_event_from_table();
if (!event) {
return NULL;
}
// Convert to JSON string
char* json_string = cJSON_Print(event);
cJSON_Delete(event);
return json_string;
}

86
src/config.h
View File

@@ -4,6 +4,7 @@
#include <sqlite3.h>
#include <cjson/cJSON.h>
#include <time.h>
#include <pthread.h>
// Configuration constants
#define CONFIG_VALUE_MAX_LENGTH 1024
@@ -23,14 +24,71 @@
// Database path for event-based config
extern char g_database_path[512];
// Configuration manager structure
// Unified configuration cache structure (consolidates all caching systems)
typedef struct {
sqlite3* db;
char relay_pubkey[65];
// Critical keys (frequently accessed)
char admin_pubkey[65];
time_t last_config_check;
char config_file_path[512]; // Temporary for compatibility
} config_manager_t;
char relay_pubkey[65];
// Auth config (from request_validator)
int auth_required;
long max_file_size;
int admin_enabled;
int nip42_mode;
int nip42_challenge_timeout;
int nip42_time_tolerance;
// Static buffer for config values (replaces static buffers in get_config_value functions)
char temp_buffer[CONFIG_VALUE_MAX_LENGTH];
// NIP-11 relay information (migrated from g_relay_info in main.c)
struct {
char name[RELAY_NAME_MAX_LENGTH];
char description[RELAY_DESCRIPTION_MAX_LENGTH];
char banner[RELAY_URL_MAX_LENGTH];
char icon[RELAY_URL_MAX_LENGTH];
char pubkey[RELAY_PUBKEY_MAX_LENGTH];
char contact[RELAY_CONTACT_MAX_LENGTH];
char software[RELAY_URL_MAX_LENGTH];
char version[64];
char privacy_policy[RELAY_URL_MAX_LENGTH];
char terms_of_service[RELAY_URL_MAX_LENGTH];
cJSON* supported_nips;
cJSON* limitation;
cJSON* retention;
cJSON* relay_countries;
cJSON* language_tags;
cJSON* tags;
char posting_policy[RELAY_URL_MAX_LENGTH];
cJSON* fees;
char payments_url[RELAY_URL_MAX_LENGTH];
} relay_info;
// NIP-13 PoW configuration (migrated from g_pow_config in main.c)
struct {
int enabled;
int min_pow_difficulty;
int validation_flags;
int require_nonce_tag;
int reject_lower_targets;
int strict_format;
int anti_spam_mode;
} pow_config;
// NIP-40 Expiration configuration (migrated from g_expiration_config in main.c)
struct {
int enabled;
int strict_mode;
int filter_responses;
int delete_expired;
long grace_period;
} expiration_config;
// Cache management
time_t cache_expires;
int cache_valid;
pthread_mutex_t cache_lock;
} unified_config_cache_t;
// Command line options structure for first-time startup
typedef struct {
@@ -39,8 +97,8 @@ typedef struct {
char relay_privkey_override[65]; // Empty string = not set, 64-char hex = override
} cli_options_t;
// Global configuration manager
extern config_manager_t g_config_manager;
// Global unified configuration cache
extern unified_config_cache_t g_unified_cache;
// Core configuration functions (temporary compatibility)
int init_configuration_system(const char* config_dir_override, const char* config_file_override);
@@ -100,6 +158,7 @@ int set_config_value_in_table(const char* key, const char* value, const char* da
const char* description, const char* category, int requires_restart);
int update_config_in_table(const char* key, const char* value);
int populate_default_config_values(void);
int add_pubkeys_to_config_table(void);
// Admin event processing functions
int process_admin_event_in_config(cJSON* event, char* error_message, size_t error_size);
@@ -112,7 +171,10 @@ int add_auth_rule_from_config(const char* rule_type, const char* pattern_type,
int remove_auth_rule_from_config(const char* rule_type, const char* pattern_type,
const char* pattern_value);
// Configuration cache management
// Unified configuration cache management
void force_config_cache_refresh(void);
const char* get_admin_pubkey_cached(void);
const char* get_relay_pubkey_cached(void);
void invalidate_config_cache(void);
int reload_config_from_table(void);
@@ -129,4 +191,10 @@ int populate_config_table_from_event(const cJSON* event);
int process_startup_config_event(const cJSON* event);
int process_startup_config_event_with_fallback(const cJSON* event);
// Dynamic event generation functions for WebSocket configuration fetching
cJSON* generate_config_event_from_table(void);
int req_filter_requests_config_events(const cJSON* filter);
cJSON* generate_synthetic_config_event_for_subscription(const char* sub_id, const cJSON* filters);
char* generate_config_event_json(void);
#endif /* CONFIG_H */

509
src/main.c
View File

@@ -68,8 +68,8 @@ struct relay_info {
char payments_url[RELAY_URL_MAX_LENGTH];
};
// Global relay information instance
static struct relay_info g_relay_info = {0};
// Global relay information instance moved to unified cache
// static struct relay_info g_relay_info = {0}; // REMOVED - now in g_unified_cache.relay_info
// NIP-13 PoW configuration structure
struct pow_config {
@@ -698,7 +698,12 @@ int broadcast_event_to_subscriptions(cJSON* event) {
}
// Check if event is expired and should not be broadcast (NIP-40)
if (g_expiration_config.enabled && g_expiration_config.filter_responses) {
pthread_mutex_lock(&g_unified_cache.cache_lock);
int expiration_enabled = g_unified_cache.expiration_config.enabled;
int filter_responses = g_unified_cache.expiration_config.filter_responses;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
if (expiration_enabled && filter_responses) {
time_t current_time = time(NULL);
if (is_event_expired(event, current_time)) {
char debug_msg[256];
@@ -1480,131 +1485,147 @@ int mark_event_as_deleted(const char* event_id, const char* deletion_event_id, c
// Initialize relay information using configuration system
void init_relay_info() {
// Load relay information from configuration system
// Get all config values first (without holding mutex to avoid deadlock)
const char* relay_name = get_config_value("relay_name");
if (relay_name) {
strncpy(g_relay_info.name, relay_name, sizeof(g_relay_info.name) - 1);
} else {
strncpy(g_relay_info.name, "C Nostr Relay", sizeof(g_relay_info.name) - 1);
}
const char* relay_description = get_config_value("relay_description");
if (relay_description) {
strncpy(g_relay_info.description, relay_description, sizeof(g_relay_info.description) - 1);
} else {
strncpy(g_relay_info.description, "A high-performance Nostr relay implemented in C with SQLite storage", sizeof(g_relay_info.description) - 1);
}
const char* relay_software = get_config_value("relay_software");
if (relay_software) {
strncpy(g_relay_info.software, relay_software, sizeof(g_relay_info.software) - 1);
} else {
strncpy(g_relay_info.software, "https://git.laantungir.net/laantungir/c-relay.git", sizeof(g_relay_info.software) - 1);
}
const char* relay_version = get_config_value("relay_version");
if (relay_version) {
strncpy(g_relay_info.version, relay_version, sizeof(g_relay_info.version) - 1);
} else {
strncpy(g_relay_info.version, "0.2.0", sizeof(g_relay_info.version) - 1);
}
// Load optional fields
const char* relay_contact = get_config_value("relay_contact");
if (relay_contact) {
strncpy(g_relay_info.contact, relay_contact, sizeof(g_relay_info.contact) - 1);
const char* relay_pubkey = get_config_value("relay_pubkey");
// Get config values for limitations
int max_message_length = get_config_int("max_message_length", 16384);
int max_subscriptions_per_client = get_config_int("max_subscriptions_per_client", 20);
int max_limit = get_config_int("max_limit", 5000);
int max_event_tags = get_config_int("max_event_tags", 100);
int max_content_length = get_config_int("max_content_length", 8196);
int default_limit = get_config_int("default_limit", 500);
int admin_enabled = get_config_bool("admin_enabled", 0);
pthread_mutex_lock(&g_unified_cache.cache_lock);
// Update relay information fields
if (relay_name) {
strncpy(g_unified_cache.relay_info.name, relay_name, sizeof(g_unified_cache.relay_info.name) - 1);
} else {
strncpy(g_unified_cache.relay_info.name, "C Nostr Relay", sizeof(g_unified_cache.relay_info.name) - 1);
}
if (relay_description) {
strncpy(g_unified_cache.relay_info.description, relay_description, sizeof(g_unified_cache.relay_info.description) - 1);
} else {
strncpy(g_unified_cache.relay_info.description, "A high-performance Nostr relay implemented in C with SQLite storage", sizeof(g_unified_cache.relay_info.description) - 1);
}
if (relay_software) {
strncpy(g_unified_cache.relay_info.software, relay_software, sizeof(g_unified_cache.relay_info.software) - 1);
} else {
strncpy(g_unified_cache.relay_info.software, "https://git.laantungir.net/laantungir/c-relay.git", sizeof(g_unified_cache.relay_info.software) - 1);
}
if (relay_version) {
strncpy(g_unified_cache.relay_info.version, relay_version, sizeof(g_unified_cache.relay_info.version) - 1);
} else {
strncpy(g_unified_cache.relay_info.version, "0.2.0", sizeof(g_unified_cache.relay_info.version) - 1);
}
if (relay_contact) {
strncpy(g_unified_cache.relay_info.contact, relay_contact, sizeof(g_unified_cache.relay_info.contact) - 1);
}
const char* relay_pubkey = get_config_value("relay_pubkey");
if (relay_pubkey) {
strncpy(g_relay_info.pubkey, relay_pubkey, sizeof(g_relay_info.pubkey) - 1);
strncpy(g_unified_cache.relay_info.pubkey, relay_pubkey, sizeof(g_unified_cache.relay_info.pubkey) - 1);
}
// Initialize supported NIPs array
g_relay_info.supported_nips = cJSON_CreateArray();
if (g_relay_info.supported_nips) {
cJSON_AddItemToArray(g_relay_info.supported_nips, cJSON_CreateNumber(1)); // NIP-01: Basic protocol
cJSON_AddItemToArray(g_relay_info.supported_nips, cJSON_CreateNumber(9)); // NIP-09: Event deletion
cJSON_AddItemToArray(g_relay_info.supported_nips, cJSON_CreateNumber(11)); // NIP-11: Relay information
cJSON_AddItemToArray(g_relay_info.supported_nips, cJSON_CreateNumber(13)); // NIP-13: Proof of Work
cJSON_AddItemToArray(g_relay_info.supported_nips, cJSON_CreateNumber(15)); // NIP-15: EOSE
cJSON_AddItemToArray(g_relay_info.supported_nips, cJSON_CreateNumber(20)); // NIP-20: Command results
cJSON_AddItemToArray(g_relay_info.supported_nips, cJSON_CreateNumber(40)); // NIP-40: Expiration Timestamp
cJSON_AddItemToArray(g_relay_info.supported_nips, cJSON_CreateNumber(42)); // NIP-42: Authentication
g_unified_cache.relay_info.supported_nips = cJSON_CreateArray();
if (g_unified_cache.relay_info.supported_nips) {
cJSON_AddItemToArray(g_unified_cache.relay_info.supported_nips, cJSON_CreateNumber(1)); // NIP-01: Basic protocol
cJSON_AddItemToArray(g_unified_cache.relay_info.supported_nips, cJSON_CreateNumber(9)); // NIP-09: Event deletion
cJSON_AddItemToArray(g_unified_cache.relay_info.supported_nips, cJSON_CreateNumber(11)); // NIP-11: Relay information
cJSON_AddItemToArray(g_unified_cache.relay_info.supported_nips, cJSON_CreateNumber(13)); // NIP-13: Proof of Work
cJSON_AddItemToArray(g_unified_cache.relay_info.supported_nips, cJSON_CreateNumber(15)); // NIP-15: EOSE
cJSON_AddItemToArray(g_unified_cache.relay_info.supported_nips, cJSON_CreateNumber(20)); // NIP-20: Command results
cJSON_AddItemToArray(g_unified_cache.relay_info.supported_nips, cJSON_CreateNumber(40)); // NIP-40: Expiration Timestamp
cJSON_AddItemToArray(g_unified_cache.relay_info.supported_nips, cJSON_CreateNumber(42)); // NIP-42: Authentication
}
// Initialize server limitations using configuration
g_relay_info.limitation = cJSON_CreateObject();
if (g_relay_info.limitation) {
cJSON_AddNumberToObject(g_relay_info.limitation, "max_message_length", get_config_int("max_message_length", 16384));
cJSON_AddNumberToObject(g_relay_info.limitation, "max_subscriptions", get_config_int("max_subscriptions_per_client", 20));
cJSON_AddNumberToObject(g_relay_info.limitation, "max_limit", get_config_int("max_limit", 5000));
cJSON_AddNumberToObject(g_relay_info.limitation, "max_subid_length", SUBSCRIPTION_ID_MAX_LENGTH);
cJSON_AddNumberToObject(g_relay_info.limitation, "max_event_tags", get_config_int("max_event_tags", 100));
cJSON_AddNumberToObject(g_relay_info.limitation, "max_content_length", get_config_int("max_content_length", 8196));
cJSON_AddNumberToObject(g_relay_info.limitation, "min_pow_difficulty", g_pow_config.min_pow_difficulty);
cJSON_AddBoolToObject(g_relay_info.limitation, "auth_required", get_config_bool("admin_enabled", 0) ? cJSON_True : cJSON_False);
cJSON_AddBoolToObject(g_relay_info.limitation, "payment_required", cJSON_False);
cJSON_AddBoolToObject(g_relay_info.limitation, "restricted_writes", cJSON_False);
cJSON_AddNumberToObject(g_relay_info.limitation, "created_at_lower_limit", 0);
cJSON_AddNumberToObject(g_relay_info.limitation, "created_at_upper_limit", 2147483647);
cJSON_AddNumberToObject(g_relay_info.limitation, "default_limit", get_config_int("default_limit", 500));
g_unified_cache.relay_info.limitation = cJSON_CreateObject();
if (g_unified_cache.relay_info.limitation) {
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "max_message_length", max_message_length);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "max_subscriptions", max_subscriptions_per_client);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "max_limit", max_limit);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "max_subid_length", SUBSCRIPTION_ID_MAX_LENGTH);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "max_event_tags", max_event_tags);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "max_content_length", max_content_length);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "min_pow_difficulty", g_unified_cache.pow_config.min_pow_difficulty);
cJSON_AddBoolToObject(g_unified_cache.relay_info.limitation, "auth_required", admin_enabled ? cJSON_True : cJSON_False);
cJSON_AddBoolToObject(g_unified_cache.relay_info.limitation, "payment_required", cJSON_False);
cJSON_AddBoolToObject(g_unified_cache.relay_info.limitation, "restricted_writes", cJSON_False);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "created_at_lower_limit", 0);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "created_at_upper_limit", 2147483647);
cJSON_AddNumberToObject(g_unified_cache.relay_info.limitation, "default_limit", default_limit);
}
// Initialize empty retention policies (can be configured later)
g_relay_info.retention = cJSON_CreateArray();
g_unified_cache.relay_info.retention = cJSON_CreateArray();
// Initialize language tags - set to global for now
g_relay_info.language_tags = cJSON_CreateArray();
if (g_relay_info.language_tags) {
cJSON_AddItemToArray(g_relay_info.language_tags, cJSON_CreateString("*"));
g_unified_cache.relay_info.language_tags = cJSON_CreateArray();
if (g_unified_cache.relay_info.language_tags) {
cJSON_AddItemToArray(g_unified_cache.relay_info.language_tags, cJSON_CreateString("*"));
}
// Initialize relay countries - set to global for now
g_relay_info.relay_countries = cJSON_CreateArray();
if (g_relay_info.relay_countries) {
cJSON_AddItemToArray(g_relay_info.relay_countries, cJSON_CreateString("*"));
g_unified_cache.relay_info.relay_countries = cJSON_CreateArray();
if (g_unified_cache.relay_info.relay_countries) {
cJSON_AddItemToArray(g_unified_cache.relay_info.relay_countries, cJSON_CreateString("*"));
}
// Initialize content tags as empty array
g_relay_info.tags = cJSON_CreateArray();
g_unified_cache.relay_info.tags = cJSON_CreateArray();
// Initialize fees as empty object (no payment required by default)
g_relay_info.fees = cJSON_CreateObject();
g_unified_cache.relay_info.fees = cJSON_CreateObject();
pthread_mutex_unlock(&g_unified_cache.cache_lock);
log_success("Relay information initialized with default values");
}
// Clean up relay information JSON objects
void cleanup_relay_info() {
if (g_relay_info.supported_nips) {
cJSON_Delete(g_relay_info.supported_nips);
g_relay_info.supported_nips = NULL;
pthread_mutex_lock(&g_unified_cache.cache_lock);
if (g_unified_cache.relay_info.supported_nips) {
cJSON_Delete(g_unified_cache.relay_info.supported_nips);
g_unified_cache.relay_info.supported_nips = NULL;
}
if (g_relay_info.limitation) {
cJSON_Delete(g_relay_info.limitation);
g_relay_info.limitation = NULL;
if (g_unified_cache.relay_info.limitation) {
cJSON_Delete(g_unified_cache.relay_info.limitation);
g_unified_cache.relay_info.limitation = NULL;
}
if (g_relay_info.retention) {
cJSON_Delete(g_relay_info.retention);
g_relay_info.retention = NULL;
if (g_unified_cache.relay_info.retention) {
cJSON_Delete(g_unified_cache.relay_info.retention);
g_unified_cache.relay_info.retention = NULL;
}
if (g_relay_info.language_tags) {
cJSON_Delete(g_relay_info.language_tags);
g_relay_info.language_tags = NULL;
if (g_unified_cache.relay_info.language_tags) {
cJSON_Delete(g_unified_cache.relay_info.language_tags);
g_unified_cache.relay_info.language_tags = NULL;
}
if (g_relay_info.relay_countries) {
cJSON_Delete(g_relay_info.relay_countries);
g_relay_info.relay_countries = NULL;
if (g_unified_cache.relay_info.relay_countries) {
cJSON_Delete(g_unified_cache.relay_info.relay_countries);
g_unified_cache.relay_info.relay_countries = NULL;
}
if (g_relay_info.tags) {
cJSON_Delete(g_relay_info.tags);
g_relay_info.tags = NULL;
if (g_unified_cache.relay_info.tags) {
cJSON_Delete(g_unified_cache.relay_info.tags);
g_unified_cache.relay_info.tags = NULL;
}
if (g_relay_info.fees) {
cJSON_Delete(g_relay_info.fees);
g_relay_info.fees = NULL;
if (g_unified_cache.relay_info.fees) {
cJSON_Delete(g_unified_cache.relay_info.fees);
g_unified_cache.relay_info.fees = NULL;
}
pthread_mutex_unlock(&g_unified_cache.cache_lock);
}
// Generate NIP-11 compliant JSON document
@@ -1615,79 +1636,83 @@ cJSON* generate_relay_info_json() {
return NULL;
}
pthread_mutex_lock(&g_unified_cache.cache_lock);
// Add basic relay information
if (strlen(g_relay_info.name) > 0) {
cJSON_AddStringToObject(info, "name", g_relay_info.name);
if (strlen(g_unified_cache.relay_info.name) > 0) {
cJSON_AddStringToObject(info, "name", g_unified_cache.relay_info.name);
}
if (strlen(g_relay_info.description) > 0) {
cJSON_AddStringToObject(info, "description", g_relay_info.description);
if (strlen(g_unified_cache.relay_info.description) > 0) {
cJSON_AddStringToObject(info, "description", g_unified_cache.relay_info.description);
}
if (strlen(g_relay_info.banner) > 0) {
cJSON_AddStringToObject(info, "banner", g_relay_info.banner);
if (strlen(g_unified_cache.relay_info.banner) > 0) {
cJSON_AddStringToObject(info, "banner", g_unified_cache.relay_info.banner);
}
if (strlen(g_relay_info.icon) > 0) {
cJSON_AddStringToObject(info, "icon", g_relay_info.icon);
if (strlen(g_unified_cache.relay_info.icon) > 0) {
cJSON_AddStringToObject(info, "icon", g_unified_cache.relay_info.icon);
}
if (strlen(g_relay_info.pubkey) > 0) {
cJSON_AddStringToObject(info, "pubkey", g_relay_info.pubkey);
if (strlen(g_unified_cache.relay_info.pubkey) > 0) {
cJSON_AddStringToObject(info, "pubkey", g_unified_cache.relay_info.pubkey);
}
if (strlen(g_relay_info.contact) > 0) {
cJSON_AddStringToObject(info, "contact", g_relay_info.contact);
if (strlen(g_unified_cache.relay_info.contact) > 0) {
cJSON_AddStringToObject(info, "contact", g_unified_cache.relay_info.contact);
}
// Add supported NIPs
if (g_relay_info.supported_nips) {
cJSON_AddItemToObject(info, "supported_nips", cJSON_Duplicate(g_relay_info.supported_nips, 1));
if (g_unified_cache.relay_info.supported_nips) {
cJSON_AddItemToObject(info, "supported_nips", cJSON_Duplicate(g_unified_cache.relay_info.supported_nips, 1));
}
// Add software information
if (strlen(g_relay_info.software) > 0) {
cJSON_AddStringToObject(info, "software", g_relay_info.software);
if (strlen(g_unified_cache.relay_info.software) > 0) {
cJSON_AddStringToObject(info, "software", g_unified_cache.relay_info.software);
}
if (strlen(g_relay_info.version) > 0) {
cJSON_AddStringToObject(info, "version", g_relay_info.version);
if (strlen(g_unified_cache.relay_info.version) > 0) {
cJSON_AddStringToObject(info, "version", g_unified_cache.relay_info.version);
}
// Add policies
if (strlen(g_relay_info.privacy_policy) > 0) {
cJSON_AddStringToObject(info, "privacy_policy", g_relay_info.privacy_policy);
if (strlen(g_unified_cache.relay_info.privacy_policy) > 0) {
cJSON_AddStringToObject(info, "privacy_policy", g_unified_cache.relay_info.privacy_policy);
}
if (strlen(g_relay_info.terms_of_service) > 0) {
cJSON_AddStringToObject(info, "terms_of_service", g_relay_info.terms_of_service);
if (strlen(g_unified_cache.relay_info.terms_of_service) > 0) {
cJSON_AddStringToObject(info, "terms_of_service", g_unified_cache.relay_info.terms_of_service);
}
if (strlen(g_relay_info.posting_policy) > 0) {
cJSON_AddStringToObject(info, "posting_policy", g_relay_info.posting_policy);
if (strlen(g_unified_cache.relay_info.posting_policy) > 0) {
cJSON_AddStringToObject(info, "posting_policy", g_unified_cache.relay_info.posting_policy);
}
// Add server limitations
if (g_relay_info.limitation) {
cJSON_AddItemToObject(info, "limitation", cJSON_Duplicate(g_relay_info.limitation, 1));
if (g_unified_cache.relay_info.limitation) {
cJSON_AddItemToObject(info, "limitation", cJSON_Duplicate(g_unified_cache.relay_info.limitation, 1));
}
// Add retention policies if configured
if (g_relay_info.retention && cJSON_GetArraySize(g_relay_info.retention) > 0) {
cJSON_AddItemToObject(info, "retention", cJSON_Duplicate(g_relay_info.retention, 1));
if (g_unified_cache.relay_info.retention && cJSON_GetArraySize(g_unified_cache.relay_info.retention) > 0) {
cJSON_AddItemToObject(info, "retention", cJSON_Duplicate(g_unified_cache.relay_info.retention, 1));
}
// Add geographical and language information
if (g_relay_info.relay_countries) {
cJSON_AddItemToObject(info, "relay_countries", cJSON_Duplicate(g_relay_info.relay_countries, 1));
if (g_unified_cache.relay_info.relay_countries) {
cJSON_AddItemToObject(info, "relay_countries", cJSON_Duplicate(g_unified_cache.relay_info.relay_countries, 1));
}
if (g_relay_info.language_tags) {
cJSON_AddItemToObject(info, "language_tags", cJSON_Duplicate(g_relay_info.language_tags, 1));
if (g_unified_cache.relay_info.language_tags) {
cJSON_AddItemToObject(info, "language_tags", cJSON_Duplicate(g_unified_cache.relay_info.language_tags, 1));
}
if (g_relay_info.tags && cJSON_GetArraySize(g_relay_info.tags) > 0) {
cJSON_AddItemToObject(info, "tags", cJSON_Duplicate(g_relay_info.tags, 1));
if (g_unified_cache.relay_info.tags && cJSON_GetArraySize(g_unified_cache.relay_info.tags) > 0) {
cJSON_AddItemToObject(info, "tags", cJSON_Duplicate(g_unified_cache.relay_info.tags, 1));
}
// Add payment information if configured
if (strlen(g_relay_info.payments_url) > 0) {
cJSON_AddStringToObject(info, "payments_url", g_relay_info.payments_url);
if (strlen(g_unified_cache.relay_info.payments_url) > 0) {
cJSON_AddStringToObject(info, "payments_url", g_unified_cache.relay_info.payments_url);
}
if (g_relay_info.fees && cJSON_GetObjectItem(g_relay_info.fees, "admission")) {
cJSON_AddItemToObject(info, "fees", cJSON_Duplicate(g_relay_info.fees, 1));
if (g_unified_cache.relay_info.fees && cJSON_GetObjectItem(g_unified_cache.relay_info.fees, "admission")) {
cJSON_AddItemToObject(info, "fees", cJSON_Duplicate(g_unified_cache.relay_info.fees, 1));
}
pthread_mutex_unlock(&g_unified_cache.cache_lock);
return info;
}
@@ -1865,34 +1890,40 @@ int handle_nip11_http_request(struct lws* wsi, const char* accept_header) {
void init_pow_config() {
log_info("Initializing NIP-13 Proof of Work configuration");
// Load PoW settings from configuration system
g_pow_config.enabled = get_config_bool("pow_enabled", 1);
g_pow_config.min_pow_difficulty = get_config_int("pow_min_difficulty", 0);
// Get PoW mode from configuration
// Get all config values first (without holding mutex to avoid deadlock)
int pow_enabled = get_config_bool("pow_enabled", 1);
int pow_min_difficulty = get_config_int("pow_min_difficulty", 0);
const char* pow_mode = get_config_value("pow_mode");
pthread_mutex_lock(&g_unified_cache.cache_lock);
// Load PoW settings from configuration system
g_unified_cache.pow_config.enabled = pow_enabled;
g_unified_cache.pow_config.min_pow_difficulty = pow_min_difficulty;
// Configure PoW mode
if (pow_mode) {
if (strcmp(pow_mode, "strict") == 0) {
g_pow_config.validation_flags = NOSTR_POW_VALIDATE_ANTI_SPAM | NOSTR_POW_STRICT_FORMAT;
g_pow_config.require_nonce_tag = 1;
g_pow_config.reject_lower_targets = 1;
g_pow_config.strict_format = 1;
g_pow_config.anti_spam_mode = 1;
g_unified_cache.pow_config.validation_flags = NOSTR_POW_VALIDATE_ANTI_SPAM | NOSTR_POW_STRICT_FORMAT;
g_unified_cache.pow_config.require_nonce_tag = 1;
g_unified_cache.pow_config.reject_lower_targets = 1;
g_unified_cache.pow_config.strict_format = 1;
g_unified_cache.pow_config.anti_spam_mode = 1;
log_info("PoW configured in strict anti-spam mode");
} else if (strcmp(pow_mode, "full") == 0) {
g_pow_config.validation_flags = NOSTR_POW_VALIDATE_FULL;
g_pow_config.require_nonce_tag = 1;
g_unified_cache.pow_config.validation_flags = NOSTR_POW_VALIDATE_FULL;
g_unified_cache.pow_config.require_nonce_tag = 1;
log_info("PoW configured in full validation mode");
} else if (strcmp(pow_mode, "basic") == 0) {
g_pow_config.validation_flags = NOSTR_POW_VALIDATE_BASIC;
g_unified_cache.pow_config.validation_flags = NOSTR_POW_VALIDATE_BASIC;
log_info("PoW configured in basic validation mode");
} else if (strcmp(pow_mode, "disabled") == 0) {
g_pow_config.enabled = 0;
g_unified_cache.pow_config.enabled = 0;
log_info("PoW validation disabled via configuration");
}
} else {
// Default to basic mode
g_pow_config.validation_flags = NOSTR_POW_VALIDATE_BASIC;
g_unified_cache.pow_config.validation_flags = NOSTR_POW_VALIDATE_BASIC;
log_info("PoW configured in basic validation mode (default)");
}
@@ -1900,17 +1931,25 @@ void init_pow_config() {
char config_msg[512];
snprintf(config_msg, sizeof(config_msg),
"PoW Configuration: enabled=%s, min_difficulty=%d, validation_flags=0x%x, mode=%s",
g_pow_config.enabled ? "true" : "false",
g_pow_config.min_pow_difficulty,
g_pow_config.validation_flags,
g_pow_config.anti_spam_mode ? "anti-spam" :
(g_pow_config.validation_flags & NOSTR_POW_VALIDATE_FULL) ? "full" : "basic");
g_unified_cache.pow_config.enabled ? "true" : "false",
g_unified_cache.pow_config.min_pow_difficulty,
g_unified_cache.pow_config.validation_flags,
g_unified_cache.pow_config.anti_spam_mode ? "anti-spam" :
(g_unified_cache.pow_config.validation_flags & NOSTR_POW_VALIDATE_FULL) ? "full" : "basic");
log_info(config_msg);
pthread_mutex_unlock(&g_unified_cache.cache_lock);
}
// Validate event Proof of Work according to NIP-13
int validate_event_pow(cJSON* event, char* error_message, size_t error_size) {
if (!g_pow_config.enabled) {
pthread_mutex_lock(&g_unified_cache.cache_lock);
int enabled = g_unified_cache.pow_config.enabled;
int min_pow_difficulty = g_unified_cache.pow_config.min_pow_difficulty;
int validation_flags = g_unified_cache.pow_config.validation_flags;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
if (!enabled) {
return 0; // PoW validation disabled
}
@@ -1921,7 +1960,7 @@ int validate_event_pow(cJSON* event, char* error_message, size_t error_size) {
// If min_pow_difficulty is 0, only validate events that have nonce tags
// This allows events without PoW when difficulty requirement is 0
if (g_pow_config.min_pow_difficulty == 0) {
if (min_pow_difficulty == 0) {
cJSON* tags = cJSON_GetObjectItem(event, "tags");
int has_nonce_tag = 0;
@@ -1949,8 +1988,8 @@ int validate_event_pow(cJSON* event, char* error_message, size_t error_size) {
// Perform PoW validation using nostr_core_lib
nostr_pow_result_t pow_result;
int validation_result = nostr_validate_pow(event, g_pow_config.min_pow_difficulty,
g_pow_config.validation_flags, &pow_result);
int validation_result = nostr_validate_pow(event, min_pow_difficulty,
validation_flags, &pow_result);
if (validation_result != NOSTR_SUCCESS) {
// Handle specific error cases with appropriate messages
@@ -1958,12 +1997,12 @@ int validate_event_pow(cJSON* event, char* error_message, size_t error_size) {
case NOSTR_ERROR_NIP13_INSUFFICIENT:
snprintf(error_message, error_size,
"pow: insufficient difficulty: %d < %d",
pow_result.actual_difficulty, g_pow_config.min_pow_difficulty);
pow_result.actual_difficulty, min_pow_difficulty);
log_warning("Event rejected: insufficient PoW difficulty");
break;
case NOSTR_ERROR_NIP13_NO_NONCE_TAG:
// This should not happen with min_difficulty=0 after our check above
if (g_pow_config.min_pow_difficulty > 0) {
if (min_pow_difficulty > 0) {
snprintf(error_message, error_size, "pow: missing required nonce tag");
log_warning("Event rejected: missing nonce tag");
} else {
@@ -1977,7 +2016,7 @@ int validate_event_pow(cJSON* event, char* error_message, size_t error_size) {
case NOSTR_ERROR_NIP13_TARGET_MISMATCH:
snprintf(error_message, error_size,
"pow: committed target (%d) lower than minimum (%d)",
pow_result.committed_target, g_pow_config.min_pow_difficulty);
pow_result.committed_target, min_pow_difficulty);
log_warning("Event rejected: committed target too low (anti-spam protection)");
break;
case NOSTR_ERROR_NIP13_CALCULATION:
@@ -1997,7 +2036,7 @@ int validate_event_pow(cJSON* event, char* error_message, size_t error_size) {
}
// Log successful PoW validation (only if minimum difficulty is required)
if (g_pow_config.min_pow_difficulty > 0 || pow_result.has_nonce_tag) {
if (min_pow_difficulty > 0 || pow_result.has_nonce_tag) {
char debug_msg[256];
snprintf(debug_msg, sizeof(debug_msg),
"PoW validated: difficulty=%d, target=%d, nonce=%llu%s",
@@ -2021,28 +2060,39 @@ int validate_event_pow(cJSON* event, char* error_message, size_t error_size) {
void init_expiration_config() {
log_info("Initializing NIP-40 Expiration Timestamp configuration");
// Get all config values first (without holding mutex to avoid deadlock)
int expiration_enabled = get_config_bool("expiration_enabled", 1);
int expiration_strict = get_config_bool("expiration_strict", 1);
int expiration_filter = get_config_bool("expiration_filter", 1);
int expiration_delete = get_config_bool("expiration_delete", 0);
long expiration_grace_period = get_config_int("expiration_grace_period", 1);
pthread_mutex_lock(&g_unified_cache.cache_lock);
// Load expiration settings from configuration system
g_expiration_config.enabled = get_config_bool("expiration_enabled", 1);
g_expiration_config.strict_mode = get_config_bool("expiration_strict", 1);
g_expiration_config.filter_responses = get_config_bool("expiration_filter", 1);
g_expiration_config.delete_expired = get_config_bool("expiration_delete", 0);
g_expiration_config.grace_period = get_config_int("expiration_grace_period", 1);
g_unified_cache.expiration_config.enabled = expiration_enabled;
g_unified_cache.expiration_config.strict_mode = expiration_strict;
g_unified_cache.expiration_config.filter_responses = expiration_filter;
g_unified_cache.expiration_config.delete_expired = expiration_delete;
g_unified_cache.expiration_config.grace_period = expiration_grace_period;
// Validate grace period bounds
if (g_expiration_config.grace_period < 0 || g_expiration_config.grace_period > 86400) {
if (g_unified_cache.expiration_config.grace_period < 0 || g_unified_cache.expiration_config.grace_period > 86400) {
log_warning("Invalid grace period, using default of 300 seconds");
g_expiration_config.grace_period = 300;
g_unified_cache.expiration_config.grace_period = 300;
}
// Log final configuration
char config_msg[512];
snprintf(config_msg, sizeof(config_msg),
"Expiration Configuration: enabled=%s, strict_mode=%s, filter_responses=%s, grace_period=%ld seconds",
g_expiration_config.enabled ? "true" : "false",
g_expiration_config.strict_mode ? "true" : "false",
g_expiration_config.filter_responses ? "true" : "false",
g_expiration_config.grace_period);
g_unified_cache.expiration_config.enabled ? "true" : "false",
g_unified_cache.expiration_config.strict_mode ? "true" : "false",
g_unified_cache.expiration_config.filter_responses ? "true" : "false",
g_unified_cache.expiration_config.grace_period);
log_info(config_msg);
pthread_mutex_unlock(&g_unified_cache.cache_lock);
}
// Extract expiration timestamp from event tags
@@ -2112,12 +2162,22 @@ int is_event_expired(cJSON* event, time_t current_time) {
}
// Check if current time exceeds expiration + grace period
return (current_time > (expiration_ts + g_expiration_config.grace_period));
pthread_mutex_lock(&g_unified_cache.cache_lock);
long grace_period = g_unified_cache.expiration_config.grace_period;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
return (current_time > (expiration_ts + grace_period));
}
// Validate event expiration according to NIP-40
int validate_event_expiration(cJSON* event, char* error_message, size_t error_size) {
if (!g_expiration_config.enabled) {
pthread_mutex_lock(&g_unified_cache.cache_lock);
int enabled = g_unified_cache.expiration_config.enabled;
int strict_mode = g_unified_cache.expiration_config.strict_mode;
long grace_period = g_unified_cache.expiration_config.grace_period;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
if (!enabled) {
return 0; // Expiration validation disabled
}
@@ -2129,13 +2189,13 @@ int validate_event_expiration(cJSON* event, char* error_message, size_t error_si
// Check if event is expired
time_t current_time = time(NULL);
if (is_event_expired(event, current_time)) {
if (g_expiration_config.strict_mode) {
if (strict_mode) {
cJSON* tags = cJSON_GetObjectItem(event, "tags");
long expiration_ts = extract_expiration_timestamp(tags);
snprintf(error_message, error_size,
"invalid: event expired (expiration=%ld, current=%ld, grace=%ld)",
expiration_ts, (long)current_time, g_expiration_config.grace_period);
expiration_ts, (long)current_time, grace_period);
log_warning("Event rejected: expired timestamp");
return -1;
} else {
@@ -2631,6 +2691,54 @@ int handle_req_message(const char* sub_id, cJSON* filters, struct lws *wsi, stru
return 0;
}
// Check for kind 33334 configuration event requests BEFORE creating subscription
int config_events_sent = 0;
int has_config_request = 0;
// Check if any filter requests kind 33334 (configuration events)
for (int i = 0; i < cJSON_GetArraySize(filters); i++) {
cJSON* filter = cJSON_GetArrayItem(filters, i);
if (filter && cJSON_IsObject(filter)) {
if (req_filter_requests_config_events(filter)) {
has_config_request = 1;
// Generate synthetic config event for this subscription
cJSON* filters_array = cJSON_CreateArray();
cJSON_AddItemToArray(filters_array, cJSON_Duplicate(filter, 1));
cJSON* event_msg = generate_synthetic_config_event_for_subscription(sub_id, filters_array);
if (event_msg) {
char* msg_str = cJSON_Print(event_msg);
if (msg_str) {
size_t msg_len = strlen(msg_str);
unsigned char* buf = malloc(LWS_PRE + msg_len);
if (buf) {
memcpy(buf + LWS_PRE, msg_str, msg_len);
lws_write(wsi, buf + LWS_PRE, msg_len, LWS_WRITE_TEXT);
config_events_sent++;
free(buf);
}
free(msg_str);
}
cJSON_Delete(event_msg);
}
cJSON_Delete(filters_array);
char debug_msg[256];
snprintf(debug_msg, sizeof(debug_msg),
"Generated %d synthetic config events for subscription %s",
config_events_sent, sub_id);
log_info(debug_msg);
break; // Only generate once per subscription
}
}
}
// If only config events were requested, we can return early after sending EOSE
// But still create the subscription for future config updates
// Check session subscription limits
if (pss && pss->subscription_count >= g_subscription_manager.max_subscriptions_per_client) {
log_error("Maximum subscriptions per client exceeded");
@@ -2654,14 +2762,14 @@ int handle_req_message(const char* sub_id, cJSON* filters, struct lws *wsi, stru
}
cJSON_Delete(closed_msg);
return 0;
return has_config_request ? config_events_sent : 0;
}
// Create persistent subscription
subscription_t* subscription = create_subscription(sub_id, wsi, filters, pss ? pss->client_ip : "unknown");
if (!subscription) {
log_error("Failed to create subscription");
return 0;
return has_config_request ? config_events_sent : 0;
}
// Add to global manager
@@ -2688,7 +2796,7 @@ int handle_req_message(const char* sub_id, cJSON* filters, struct lws *wsi, stru
}
cJSON_Delete(closed_msg);
return 0;
return has_config_request ? config_events_sent : 0;
}
// Add to session's subscription list (if session data available)
@@ -2700,7 +2808,7 @@ int handle_req_message(const char* sub_id, cJSON* filters, struct lws *wsi, stru
pthread_mutex_unlock(&pss->session_lock);
}
int events_sent = 0;
int events_sent = config_events_sent; // Start with synthetic config events
// Process each filter in the array
for (int i = 0; i < cJSON_GetArraySize(filters); i++) {
@@ -2847,7 +2955,12 @@ int handle_req_message(const char* sub_id, cJSON* filters, struct lws *wsi, stru
cJSON_AddItemToObject(event, "tags", tags);
// Check expiration filtering (NIP-40) at application level
if (g_expiration_config.enabled && g_expiration_config.filter_responses) {
pthread_mutex_lock(&g_unified_cache.cache_lock);
int expiration_enabled = g_unified_cache.expiration_config.enabled;
int filter_responses = g_unified_cache.expiration_config.filter_responses;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
if (expiration_enabled && filter_responses) {
time_t current_time = time(NULL);
if (is_event_expired(event, current_time)) {
// Skip this expired event
@@ -2958,8 +3071,13 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
// Get real client IP address
char client_ip[CLIENT_IP_MAX_LENGTH];
lws_get_peer_simple(wsi, client_ip, sizeof(client_ip));
strncpy(pss->client_ip, client_ip, CLIENT_IP_MAX_LENGTH - 1);
pss->client_ip[CLIENT_IP_MAX_LENGTH - 1] = '\0';
// Ensure client_ip is null-terminated and copy safely
client_ip[CLIENT_IP_MAX_LENGTH - 1] = '\0';
size_t ip_len = strlen(client_ip);
size_t copy_len = (ip_len < CLIENT_IP_MAX_LENGTH - 1) ? ip_len : CLIENT_IP_MAX_LENGTH - 1;
memcpy(pss->client_ip, client_ip, copy_len);
pss->client_ip[copy_len] = '\0';
// Initialize NIP-42 authentication state
pss->authenticated = 0;
@@ -3109,7 +3227,10 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
if (process_admin_event_in_config(event, admin_error, sizeof(admin_error)) != 0) {
log_error("Failed to process admin event through admin API");
result = -1;
strncpy(error_message, admin_error, sizeof(error_message) - 1);
size_t error_len = strlen(admin_error);
size_t copy_len = (error_len < sizeof(error_message) - 1) ? error_len : sizeof(error_message) - 1;
memcpy(error_message, admin_error, copy_len);
error_message[copy_len] = '\0';
} else {
log_success("Admin event processed successfully through admin API");
// Admin events are processed by the admin API, not broadcast to subscriptions
@@ -3684,10 +3805,29 @@ int main(int argc, char* argv[]) {
return 1;
}
// Systematically add pubkeys to config table
if (add_pubkeys_to_config_table() != 0) {
log_warning("Failed to add pubkeys to config table systematically");
} else {
log_success("Pubkeys added to config table systematically");
}
// Retry storing the configuration event now that database is initialized
if (retry_store_initial_config_event() != 0) {
log_warning("Failed to store initial configuration event after database init");
}
// Now store the pubkeys in config table since database is available
const char* admin_pubkey = get_admin_pubkey_cached();
const char* relay_pubkey_from_cache = get_relay_pubkey_cached();
if (admin_pubkey && strlen(admin_pubkey) == 64) {
set_config_value_in_table("admin_pubkey", admin_pubkey, "string", "Administrator public key", "authentication", 0);
log_success("Admin pubkey stored in config table for first-time startup");
}
if (relay_pubkey_from_cache && strlen(relay_pubkey_from_cache) == 64) {
set_config_value_in_table("relay_pubkey", relay_pubkey_from_cache, "string", "Relay public key", "relay", 0);
log_success("Relay pubkey stored in config table for first-time startup");
}
} else {
log_info("Existing relay detected");
@@ -3757,6 +3897,21 @@ int main(int argc, char* argv[]) {
log_warning("Failed to apply configuration from database");
} else {
log_success("Configuration loaded from database");
// Extract admin pubkey from the config event and store in config table for unified cache access
cJSON* pubkey_obj = cJSON_GetObjectItem(config_event, "pubkey");
const char* admin_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : NULL;
// Store both admin and relay pubkeys in config table for unified cache
if (admin_pubkey && strlen(admin_pubkey) == 64) {
set_config_value_in_table("admin_pubkey", admin_pubkey, "string", "Administrator public key", "authentication", 0);
log_info("Admin pubkey stored in config table for existing relay");
}
if (relay_pubkey && strlen(relay_pubkey) == 64) {
set_config_value_in_table("relay_pubkey", relay_pubkey, "string", "Relay public key", "relay", 0);
log_info("Relay pubkey stored in config table for existing relay");
}
}
cJSON_Delete(config_event);
} else {

210
src/request_validator.c
View File

@@ -132,24 +132,11 @@ typedef struct {
int time_tolerance_seconds;
} nip42_challenge_manager_t;
// Cached configuration structure
typedef struct {
int auth_required; // Whether authentication is required
long max_file_size; // Maximum file size in bytes
int admin_enabled; // Whether admin interface is enabled
char admin_pubkey[65]; // Admin public key
int nip42_mode; // NIP-42 authentication mode
int nip42_challenge_timeout; // NIP-42 challenge timeout in seconds
int nip42_time_tolerance; // NIP-42 time tolerance in seconds
time_t cache_expires; // When cache expires
int cache_valid; // Whether cache is valid
} auth_config_cache_t;
//=============================================================================
// GLOBAL STATE
//=============================================================================
static auth_config_cache_t g_auth_cache = {0};
// No longer using local auth cache - using unified cache from config.c
static nip42_challenge_manager_t g_challenge_manager = {0};
static int g_validator_initialized = 0;
@@ -222,15 +209,15 @@ int ginxsom_request_validator_init(const char *db_path, const char *app_name) {
return result;
}
// Initialize NIP-42 challenge manager
// Initialize NIP-42 challenge manager using unified config
memset(&g_challenge_manager, 0, sizeof(g_challenge_manager));
g_challenge_manager.timeout_seconds =
g_auth_cache.nip42_challenge_timeout > 0
? g_auth_cache.nip42_challenge_timeout
: 600;
g_challenge_manager.time_tolerance_seconds =
g_auth_cache.nip42_time_tolerance > 0 ? g_auth_cache.nip42_time_tolerance
: 300;
const char* nip42_timeout = get_config_value("nip42_challenge_timeout");
g_challenge_manager.timeout_seconds = nip42_timeout ? atoi(nip42_timeout) : 600;
const char* nip42_tolerance = get_config_value("nip42_time_tolerance");
g_challenge_manager.time_tolerance_seconds = nip42_tolerance ? atoi(nip42_tolerance) : 300;
g_challenge_manager.last_cleanup = time(NULL);
g_validator_initialized = 1;
@@ -243,12 +230,15 @@ int ginxsom_request_validator_init(const char *db_path, const char *app_name) {
* Check if authentication rules are enabled
*/
int nostr_auth_rules_enabled(void) {
// Reload config if cache expired
if (!g_auth_cache.cache_valid || time(NULL) > g_auth_cache.cache_expires) {
reload_auth_config();
// Use unified cache from config.c
const char* auth_enabled = get_config_value("auth_enabled");
if (auth_enabled && strcmp(auth_enabled, "true") == 0) {
return 1;
}
return g_auth_cache.auth_required;
// Also check legacy key
const char* auth_rules_enabled = get_config_value("auth_rules_enabled");
return (auth_rules_enabled && strcmp(auth_rules_enabled, "true") == 0) ? 1 : 0;
}
///////////////////////////////////////////////////////////////////////////////////////
@@ -306,14 +296,12 @@ int nostr_validate_unified_request(const char* json_string, size_t json_length)
int event_kind = (int)cJSON_GetNumberValue(kind);
// 5. Reload config if needed
if (!g_auth_cache.cache_valid || time(NULL) > g_auth_cache.cache_expires) {
reload_auth_config();
}
// 5. Check configuration using unified cache
int auth_required = nostr_auth_rules_enabled();
char config_msg[256];
sprintf(config_msg, "VALIDATOR_DEBUG: STEP 5 PASSED - Event kind: %d, auth_required: %d\n",
event_kind, g_auth_cache.auth_required);
event_kind, auth_required);
validator_debug_log(config_msg);
/////////////////////////////////////////////////////////////////////
@@ -352,7 +340,9 @@ int nostr_validate_unified_request(const char* json_string, size_t json_length)
if (event_kind == 22242) {
validator_debug_log("VALIDATOR_DEBUG: STEP 8 - Processing NIP-42 challenge response\n");
if (g_auth_cache.nip42_mode == 0) {
// Check NIP-42 mode using unified cache
const char* nip42_enabled = get_config_value("nip42_auth_enabled");
if (nip42_enabled && strcmp(nip42_enabled, "false") == 0) {
validator_debug_log("VALIDATOR_DEBUG: STEP 8 FAILED - NIP-42 is disabled\n");
cJSON_Delete(event);
return NOSTR_ERROR_NIP42_DISABLED;
@@ -370,7 +360,7 @@ int nostr_validate_unified_request(const char* json_string, size_t json_length)
/////////////////////////////////////////////////////////////////////
// 9. Check if authentication rules are enabled
if (!g_auth_cache.auth_required) {
if (!auth_required) {
validator_debug_log("VALIDATOR_DEBUG: STEP 9 - Authentication disabled, skipping database auth rules\n");
} else {
// 10. Check database authentication rules (only if auth enabled)
@@ -404,17 +394,23 @@ int nostr_validate_unified_request(const char* json_string, size_t json_length)
/////////////////////////////////////////////////////////////////////
// 11. NIP-13 Proof of Work validation
if (g_pow_config.enabled && g_pow_config.min_pow_difficulty > 0) {
pthread_mutex_lock(&g_unified_cache.cache_lock);
int pow_enabled = g_unified_cache.pow_config.enabled;
int pow_min_difficulty = g_unified_cache.pow_config.min_pow_difficulty;
int pow_validation_flags = g_unified_cache.pow_config.validation_flags;
pthread_mutex_unlock(&g_unified_cache.cache_lock);
if (pow_enabled && pow_min_difficulty > 0) {
validator_debug_log("VALIDATOR_DEBUG: STEP 11 - Validating NIP-13 Proof of Work\n");
nostr_pow_result_t pow_result;
int pow_validation_result = nostr_validate_pow(event, g_pow_config.min_pow_difficulty,
g_pow_config.validation_flags, &pow_result);
int pow_validation_result = nostr_validate_pow(event, pow_min_difficulty,
pow_validation_flags, &pow_result);
if (pow_validation_result != NOSTR_SUCCESS) {
char pow_msg[256];
sprintf(pow_msg, "VALIDATOR_DEBUG: STEP 11 FAILED - PoW validation failed (error=%d, difficulty=%d/%d)\n",
pow_validation_result, pow_result.actual_difficulty, g_pow_config.min_pow_difficulty);
pow_validation_result, pow_result.actual_difficulty, pow_min_difficulty);
validator_debug_log(pow_msg);
cJSON_Delete(event);
return pow_validation_result;
@@ -553,7 +549,6 @@ void nostr_request_validator_clear_violation(void) {
*/
void ginxsom_request_validator_cleanup(void) {
g_validator_initialized = 0;
memset(&g_auth_cache, 0, sizeof(g_auth_cache));
nostr_request_validator_clear_violation();
}
@@ -573,145 +568,22 @@ void nostr_request_result_free_file_data(nostr_request_result_t *result) {
// HELPER FUNCTIONS
//=============================================================================
/**
* Get cache timeout from environment variable or default
*/
static int get_cache_timeout(void) {
char *no_cache = getenv("GINX_NO_CACHE");
char *cache_timeout = getenv("GINX_CACHE_TIMEOUT");
if (no_cache && strcmp(no_cache, "1") == 0) {
return 0; // No caching
}
if (cache_timeout) {
int timeout = atoi(cache_timeout);
return (timeout >= 0) ? timeout : 300; // Use provided value or default
}
return 300; // Default 5 minutes
}
/**
* Force cache refresh - invalidates current cache
* Force cache refresh - use unified cache system
*/
void nostr_request_validator_force_cache_refresh(void) {
g_auth_cache.cache_valid = 0;
g_auth_cache.cache_expires = 0;
validator_debug_log("VALIDATOR: Cache forcibly invalidated\n");
// Use unified cache refresh from config.c
force_config_cache_refresh();
validator_debug_log("VALIDATOR: Cache forcibly invalidated via unified cache\n");
}
/**
* Reload authentication configuration from unified config table
* This function is no longer needed - configuration is handled by unified cache
*/
static int reload_auth_config(void) {
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
int rc;
// Clear cache
memset(&g_auth_cache, 0, sizeof(g_auth_cache));
// Open database using global database path
if (strlen(g_database_path) == 0) {
validator_debug_log("VALIDATOR: No database path available\n");
// Use defaults
g_auth_cache.auth_required = 0;
g_auth_cache.max_file_size = 104857600; // 100MB
g_auth_cache.admin_enabled = 0;
g_auth_cache.nip42_mode = 1; // Optional
int cache_timeout = get_cache_timeout();
g_auth_cache.cache_expires = time(NULL) + cache_timeout;
g_auth_cache.cache_valid = 1;
return NOSTR_SUCCESS;
}
rc = sqlite3_open_v2(g_database_path, &db, SQLITE_OPEN_READONLY, NULL);
if (rc != SQLITE_OK) {
validator_debug_log("VALIDATOR: Could not open database\n");
// Use defaults
g_auth_cache.auth_required = 0;
g_auth_cache.max_file_size = 104857600; // 100MB
g_auth_cache.admin_enabled = 0;
g_auth_cache.nip42_mode = 1; // Optional
int cache_timeout = get_cache_timeout();
g_auth_cache.cache_expires = time(NULL) + cache_timeout;
g_auth_cache.cache_valid = 1;
return NOSTR_SUCCESS;
}
// Load configuration values from unified config table
const char *config_sql =
"SELECT key, value FROM config WHERE key IN ('require_auth', "
"'auth_rules_enabled', 'max_file_size', 'admin_enabled', 'admin_pubkey', "
"'nip42_require_auth', 'nip42_challenge_timeout', "
"'nip42_time_tolerance')";
rc = sqlite3_prepare_v2(db, config_sql, -1, &stmt, NULL);
if (rc == SQLITE_OK) {
while (sqlite3_step(stmt) == SQLITE_ROW) {
const char *key = (const char *)sqlite3_column_text(stmt, 0);
const char *value = (const char *)sqlite3_column_text(stmt, 1);
if (!key || !value)
continue;
if (strcmp(key, "require_auth") == 0) {
g_auth_cache.auth_required = (strcmp(value, "true") == 0) ? 1 : 0;
} else if (strcmp(key, "auth_rules_enabled") == 0) {
// Override auth_required with auth_rules_enabled if present (higher
// priority)
g_auth_cache.auth_required = (strcmp(value, "true") == 0) ? 1 : 0;
} else if (strcmp(key, "max_file_size") == 0) {
g_auth_cache.max_file_size = atol(value);
} else if (strcmp(key, "admin_enabled") == 0) {
g_auth_cache.admin_enabled = (strcmp(value, "true") == 0) ? 1 : 0;
} else if (strcmp(key, "admin_pubkey") == 0) {
strncpy(g_auth_cache.admin_pubkey, value,
sizeof(g_auth_cache.admin_pubkey) - 1);
} else if (strcmp(key, "nip42_require_auth") == 0) {
if (strcmp(value, "false") == 0) {
g_auth_cache.nip42_mode = 0; // Disabled
} else if (strcmp(value, "required") == 0) {
g_auth_cache.nip42_mode = 2; // Required
} else if (strcmp(value, "true") == 0) {
g_auth_cache.nip42_mode = 1; // Optional/Enabled
} else {
g_auth_cache.nip42_mode = 1; // Default to Optional/Enabled
}
} else if (strcmp(key, "nip42_challenge_timeout") == 0) {
g_auth_cache.nip42_challenge_timeout = atoi(value);
} else if (strcmp(key, "nip42_time_tolerance") == 0) {
g_auth_cache.nip42_time_tolerance = atoi(value);
}
}
sqlite3_finalize(stmt);
}
sqlite3_close(db);
// Set cache expiration with environment variable support
int cache_timeout = get_cache_timeout();
g_auth_cache.cache_expires = time(NULL) + cache_timeout;
g_auth_cache.cache_valid = 1;
// Set defaults for missing values
if (g_auth_cache.max_file_size == 0) {
g_auth_cache.max_file_size = 104857600; // 100MB
}
// Debug logging
fprintf(stderr,
"VALIDATOR: Configuration loaded from unified config table - "
"auth_required: %d, max_file_size: %ld, nip42_mode: %d, "
"cache_timeout: %d\n",
g_auth_cache.auth_required, g_auth_cache.max_file_size,
g_auth_cache.nip42_mode, cache_timeout);
fprintf(stderr,
"VALIDATOR: NIP-42 mode details - nip42_mode=%d (0=disabled, "
"1=optional/enabled, 2=required)\n",
g_auth_cache.nip42_mode);
// Configuration is now handled by the unified cache in config.c
validator_debug_log("VALIDATOR: Using unified cache system for configuration\n");
return NOSTR_SUCCESS;
}