coracle/zooid
1
2
Fork 3
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent crashing in QueryStored, add nginx config

Browse Source
This commit is contained in:
Jon Staab
2025-10-01 06:57:22 -07:00
parent 012f04569c
commit 14da64638c
5 changed files with 70 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+1 -1
View File
@@ -9,7 +9,7 @@ RUN go mod download
COPY zooid zooid COPY zooid zooid
COPY cmd cmd COPY cmd cmd
RUN CGO_ENABLED=0 GOOS=linux go build -o bin/zooid cmd/relay/main.go RUN CGO_ENABLED=1 GOOS=linux go build -o bin/zooid cmd/relay/main.go
FROM gcr.io/distroless/base-debian12 AS run FROM gcr.io/distroless/base-debian12 AS run
README.md
+11 -3
View File
@@ -113,7 +113,7 @@ adduser zooid
# Install system dependencies # Install system dependencies
sudo apt update sudo apt update
sudo apt install git apt install nginx git certbot python3-certbot-nginx sqlite3 gcc
# Install go and add it to path # Install go and add it to path
wget -qO- https://go.dev/dl/go1.25.1.linux-amd64.tar.gz | sudo tar -C /usr/local -xzf - wget -qO- https://go.dev/dl/go1.25.1.linux-amd64.tar.gz | sudo tar -C /usr/local -xzf -
@@ -124,7 +124,7 @@ su --login zooid
# Clone the repository and build # Clone the repository and build
git clone https://github.com/coracle-social/zooid.git ~/zooid && cd zooid git clone https://github.com/coracle-social/zooid.git ~/zooid && cd zooid
go build -o bin/zooid cmd/relay/main.go CGO_ENABLED=1 go build -o bin/zooid cmd/relay/main.go
# Back to root # Back to root
exit exit
@@ -136,7 +136,15 @@ cp /home/zooid/zooid/zooid.service /etc/systemd/system/zooid.service
systemctl enable zooid systemctl enable zooid
service zooid start service zooid start
# Next, optionally set up a reverse proxy and create a config file for each virtual relay # Set up nginx - be sure to edit the server_name to your domain
cp /home/zooid/zooid/nginx.conf /etc/nginx/sites-available/zooid.conf
ln -s /etc/nginx/sites-{available,enabled}/zooid.conf
# Set up a SSL certificate - you'll need to verify and renew this manually
certbot --nginx -d '*.yourdomain.com'
# Enable the site and restart nginx
service nginx restart
``` ```
## Deploying via container ## Deploying via container
justfile
+1 -1
View File
@@ -2,7 +2,7 @@ run:
go run cmd/relay/main.go go run cmd/relay/main.go
build: build:
go build -o bin/zooid cmd/relay/main.go CGO_ENABLED=1 go build -o bin/zooid cmd/relay/main.go
test: test:
go test -v ./... go test -v ./...
nginx.conf
+13
View File
@@ -0,0 +1,13 @@
server {
listen 80;
server_name *.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:3334;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
zooid/instance.go
+44 -36
View File
@@ -405,52 +405,60 @@ func (instance *Instance) OnRequest(ctx context.Context, filter nostr.Filter) (r
func (instance *Instance) QueryStored(ctx context.Context, filter nostr.Filter) iter.Seq[nostr.Event] { func (instance *Instance) QueryStored(ctx context.Context, filter nostr.Filter) iter.Seq[nostr.Event] {
return func(yield func(nostr.Event) bool) { return func(yield func(nostr.Event) bool) {
pubkey, ok := khatru.GetAuthed(ctx) if khatru.IsInternalCall(ctx) {
for event := range instance.Events.QueryEvents(filter, 0) {
if !yield(event) {
return
}
}
} else {
pubkey, isAuthed := khatru.GetAuthed(ctx)
if !ok { if !isAuthed {
log.Fatal("Unauthenticated user was allowed to query events") log.Panic("Unauthorized user was allowed to query events")
} }
stripSignature := func(event nostr.Event) nostr.Event { stripSignature := func(event nostr.Event) nostr.Event {
if instance.Config.Policy.StripSignatures && !instance.Config.IsAdmin(pubkey) { if instance.Config.Policy.StripSignatures && !instance.Config.IsAdmin(pubkey) {
var zeroSig [64]byte var zeroSig [64]byte
event.Sig = zeroSig event.Sig = zeroSig
} }
return event return event
} }
if slices.Contains(filter.Kinds, AUTH_INVITE) && instance.Config.CanInvite(pubkey) { if slices.Contains(filter.Kinds, AUTH_INVITE) && instance.Config.CanInvite(pubkey) {
if !yield(stripSignature(instance.GenerateInviteEvent(pubkey))) { if !yield(stripSignature(instance.GenerateInviteEvent(pubkey))) {
return return
} }
} }
for event := range instance.Events.QueryEvents(filter, 1000) { for event := range instance.Events.QueryEvents(filter, 1000) {
// We save some ephemeral events for bookkeeping, don't return them // We save some ephemeral events for bookkeeping, don't return them
if event.Kind.IsEphemeral() { if event.Kind.IsEphemeral() {
continue continue
} }
h := GetGroupIDFromEvent(event) h := GetGroupIDFromEvent(event)
if h != "" { if h != "" {
if !instance.Config.Groups.Enabled { if !instance.Config.Groups.Enabled {
continue continue
} }
if !instance.HasGroupAccess(h, pubkey) { if !instance.HasGroupAccess(h, pubkey) {
continue continue
} }
} }
if !instance.Config.Groups.Enabled && slices.Contains(nip29.MetadataEventKinds, event.Kind) { if !instance.Config.Groups.Enabled && slices.Contains(nip29.MetadataEventKinds, event.Kind) {
continue continue
} }
if !yield(event) { if !yield(event) {
return return
} }
}
} }
} }
} }