coracle/caravel
1
1
Fork 2
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

refactor auth

Browse Source
This commit is contained in:
Jon Staab
2026-03-26 13:28:06 -07:00
parent 6d651e2722
commit 9f737a25cd
2 changed files with 250 additions and 322 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/spec/api.md
+14 -5
View File
@@ -134,18 +134,27 @@ Notes:
- Authorizes admin or invoice owner
- Return `data` is a single invoice struct from `repo.get_invoice`
# Utility functions
--- Utilities
## `extract_auth_pubkey(headers: &HeaderMap, method: &Method, uri: &Uri) -> Result<String>`
## `extract_auth_pubkey(&self, headers: &HeaderMap) -> Result<String>`
- Parses `Authorization` header
- Validates event kind and signature using `nostr_sdk`
- Validates event `u` and `method` tags against parameters
- Returns pubkey if header is valid
- Validates event `u` against `HOST` (not the request path. Non-standard, but correct)
- Does not validate `method` tag
- Returns pubkey if header all checks pass
Refer to https://github.com/nostr-protocol/nips/blob/master/98.md for details. Use `nostr_sdk` functionality where possible.
## `prepare_relay(relay: Relay) -> anyhow::Result<Relay>`
## `require_admin(&self, authorized_pubkey: &str)`
- Checks whether `authorized_pubkey` is in `self.admins`. If not, returns an forbidden error
## `require_admin_or_tenant(&self, authorized_pubkey: &str, tenant_pubkey: &str)`
- Checks whether `authorized_pubkey` is an admin or matches `tenant_pubkey`
## `prepare_relay(&self, relay: Relay) -> anyhow::Result<Relay>`
- Validate `subdomain`
- If `plan` is free and `blossom` is enabled, return `premium-feature`