access.mx raw
1 // Package access provides the canonical access control logic for the relay.
2 // Both the server (parent domain) and broadcast worker (child domain) import
3 // this package, eliminating canSeeEvent/bcastCanSee duplication.
4 package access
5
6 import (
7 "bytes"
8
9 "smesh.lol/pkg/nostr/event"
10 "smesh.lol/pkg/nostr/kind"
11 )
12
13 // IsMLS reports whether k is an MLS event kind (443, 444, 445) or
14 // a gift-wrap (1059) carrying MLS Welcomes.
15 func IsMLS(k uint16) bool {
16 return k == kind.MLSKeyPackage.K ||
17 k == kind.MLSWelcome.K ||
18 k == kind.MLSGroupEvent.K ||
19 k == kind.GiftWrap.K
20 }
21
22 // CanSee reports whether a connection with the given auth state may receive ev.
23 //
24 // authed: connection has completed NIP-42 auth.
25 // authedPubkey: the authed pubkey (32 bytes binary). Nil if not authed.
26 // nip70: relay enforces NIP-70 protected-tag filtering.
27 // marmotOpen: relay exempts MLS kinds from privilege checks.
28 func CanSee(authed bool, authedPubkey []byte, ev *event.E, nip70, marmotOpen bool) bool {
29 if kind.IsPrivileged(ev.Kind) {
30 if marmotOpen && IsMLS(ev.Kind) {
31 // MLS kinds exempt from privilege requirement
32 } else if !authed {
33 return false
34 }
35 }
36 // NIP-70: events tagged "-" only delivered to the event's own author.
37 if nip70 && ev.Tags != nil && ev.Tags.GetFirst([]byte("-")) != nil {
38 if !authed || !bytes.Equal(authedPubkey, ev.Pubkey) {
39 return false
40 }
41 }
42 return true
43 }
44
45 // WriteExempt reports whether an event kind is exempt from auth-to-write
46 // requirements. Exemptions: NIP-46 connect events (if enabled) and MLS
47 // kinds (if marmotOpen).
48 func WriteExempt(evKind uint16, nip46BypassAuth, marmotOpen bool) bool {
49 if nip46BypassAuth && evKind == kind.NostrConnect.K {
50 return true
51 }
52 if marmotOpen && IsMLS(evKind) {
53 return true
54 }
55 return false
56 }
57