Ignore aborted signatures when checking auth
This commit is contained in:
Jon Staab
@@ -74,6 +74,7 @@ import {Pool, AuthStatus, SocketStatus} from "@welshman/net"
|
|||||||
import {Router} from "@welshman/router"
|
import {Router} from "@welshman/router"
|
||||||
import {
|
import {
|
||||||
pubkey,
|
pubkey,
|
||||||
|
sign,
|
||||||
signer,
|
signer,
|
||||||
session,
|
session,
|
||||||
repository,
|
repository,
|
||||||
@@ -253,7 +254,7 @@ export const setInboxRelayPolicy = (url: string, enabled: boolean) => {
|
|||||||
export const canEnforceNip70 = async (url: string) => {
|
export const canEnforceNip70 = async (url: string) => {
|
||||||
const socket = Pool.get().get(url)
|
const socket = Pool.get().get(url)
|
||||||
|
|
||||||
await socket.auth.attemptAuth(e => signer.get()?.sign(e))
|
await socket.auth.attemptAuth(sign)
|
||||||
|
|
||||||
return socket.auth.status !== AuthStatus.None
|
return socket.auth.status !== AuthStatus.None
|
||||||
}
|
}
|
||||||
@@ -272,7 +273,7 @@ export const attemptRelayAccess = async (url: string, claim = "") => {
|
|||||||
return `Failed to connect`
|
return `Failed to connect`
|
||||||
}
|
}
|
||||||
|
|
||||||
await socket.auth.attemptAuth(e => signer.get()?.sign(e))
|
await socket.auth.attemptAuth(sign)
|
||||||
|
|
||||||
// Only raise an error if it's not a timeout.
|
// Only raise an error if it's not a timeout.
|
||||||
// If it is, odds are the problem is with our signer, not the relay
|
// If it is, odds are the problem is with our signer, not the relay
|
||||||
@@ -504,9 +505,7 @@ export const createAlert = async (params: CreateAlertParams): Promise<CreateAler
|
|||||||
}
|
}
|
||||||
|
|
||||||
// If we don't do this we'll get an event rejection
|
// If we don't do this we'll get an event rejection
|
||||||
await Pool.get()
|
await Pool.get().get(NOTIFIER_RELAY).auth.attemptAuth(sign)
|
||||||
.get(NOTIFIER_RELAY)
|
|
||||||
.auth.attemptAuth(e => signer.get()?.sign(e))
|
|
||||||
|
|
||||||
const thunk = await publishAlert(params as AlertParams)
|
const thunk = await publishAlert(params as AlertParams)
|
||||||
const error = await waitForThunkError(thunk)
|
const error = await waitForThunkError(thunk)
|
||||||
|
|||||||
+10
-4
@@ -114,6 +114,7 @@ import {
|
|||||||
userFollows,
|
userFollows,
|
||||||
ensurePlaintext,
|
ensurePlaintext,
|
||||||
thunks,
|
thunks,
|
||||||
|
sign,
|
||||||
signer,
|
signer,
|
||||||
makeOutboxLoader,
|
makeOutboxLoader,
|
||||||
appContext,
|
appContext,
|
||||||
@@ -961,12 +962,10 @@ export const deriveTimeout = (timeout: number) => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export const deriveRelayAuthError = (url: string, claim = "") => {
|
export const deriveRelayAuthError = (url: string, claim = "") => {
|
||||||
const $signer = signer.get()
|
|
||||||
const socket = Pool.get().get(url)
|
|
||||||
const stripPrefix = (m: string) => m.replace(/^\w+: /, "")
|
const stripPrefix = (m: string) => m.replace(/^\w+: /, "")
|
||||||
|
|
||||||
// Kick off the auth process
|
// Kick off the auth process
|
||||||
socket.auth.attemptAuth($signer.sign)
|
Pool.get().get(url).auth.attemptAuth(sign)
|
||||||
|
|
||||||
// Attempt to join the relay
|
// Attempt to join the relay
|
||||||
const thunk = publishThunk({
|
const thunk = publishThunk({
|
||||||
@@ -989,10 +988,17 @@ export const deriveRelayAuthError = (url: string, claim = "") => {
|
|||||||
|
|
||||||
if (error) {
|
if (error) {
|
||||||
const isIgnored = error.startsWith("mute: ")
|
const isIgnored = error.startsWith("mute: ")
|
||||||
|
const isAborted = error.includes("Signing was aborted")
|
||||||
const isEmptyInvite = !claim && error.includes("invite code")
|
const isEmptyInvite = !claim && error.includes("invite code")
|
||||||
const isStrictNip29Relay = error.includes("missing group (`h`) tag")
|
const isStrictNip29Relay = error.includes("missing group (`h`) tag")
|
||||||
|
|
||||||
if (!isStrictNip29Relay && !isIgnored && !isEmptyInvite && !isStrictNip29Relay) {
|
if (
|
||||||
|
!isStrictNip29Relay &&
|
||||||
|
!isIgnored &&
|
||||||
|
!isAborted &&
|
||||||
|
!isEmptyInvite &&
|
||||||
|
!isStrictNip29Relay
|
||||||
|
) {
|
||||||
return stripPrefix(error) || "join request rejected"
|
return stripPrefix(error) || "join request rejected"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
import {on, call, dissoc, assoc, uniq} from "@welshman/lib"
|
import {on, always, call, dissoc, assoc, uniq} from "@welshman/lib"
|
||||||
import type {StampedEvent} from "@welshman/util"
|
|
||||||
import type {Socket, RelayMessage, ClientMessage} from "@welshman/net"
|
import type {Socket, RelayMessage, ClientMessage} from "@welshman/net"
|
||||||
import {
|
import {
|
||||||
makeSocketPolicyAuth,
|
makeSocketPolicyAuth,
|
||||||
@@ -11,7 +10,7 @@ import {
|
|||||||
isClientEvent,
|
isClientEvent,
|
||||||
isClientClose,
|
isClientClose,
|
||||||
} from "@welshman/net"
|
} from "@welshman/net"
|
||||||
import {signer} from "@welshman/app"
|
import {sign} from "@welshman/app"
|
||||||
import {
|
import {
|
||||||
userSettingsValues,
|
userSettingsValues,
|
||||||
getSetting,
|
getSetting,
|
||||||
@@ -19,10 +18,7 @@ import {
|
|||||||
relaysMostlyRestricted,
|
relaysMostlyRestricted,
|
||||||
} from "@app/core/state"
|
} from "@app/core/state"
|
||||||
|
|
||||||
export const authPolicy = makeSocketPolicyAuth({
|
export const authPolicy = makeSocketPolicyAuth({sign, shouldAuth: always(true)})
|
||||||
sign: (event: StampedEvent) => signer.get()?.sign(event),
|
|
||||||
shouldAuth: (socket: Socket) => true,
|
|
||||||
})
|
|
||||||
|
|
||||||
export const trustPolicy = (socket: Socket) => {
|
export const trustPolicy = (socket: Socket) => {
|
||||||
const buffer: RelayMessage[] = []
|
const buffer: RelayMessage[] = []
|
||||||
|
|||||||
Reference in New Issue
Block a user