acl.mx raw

   1  // Package acl provides access control checkers for the relay.
   2  // Each checker decides whether a pubkey may write or read.
   3  package acl
   4  
   5  import "bytes"
   6  
   7  // Checker determines whether a pubkey is allowed to act.
   8  type Checker interface {
   9  	AllowWrite(pubkey []byte, kind uint16) bool
  10  	AllowRead(pubkey []byte) bool
  11  }
  12  
  13  // Open allows everything — unrestricted relay.
  14  type Open struct{}
  15  
  16  func (Open) AllowWrite([]byte, uint16) bool { return true }
  17  func (Open) AllowRead([]byte) bool          { return true }
  18  
  19  // Whitelist allows only explicitly listed pubkeys to write.
  20  type Whitelist struct {
  21  	Pubkeys [][]byte // 32-byte raw pubkeys
  22  }
  23  
  24  func (w *Whitelist) AllowWrite(pubkey []byte, _ uint16) bool {
  25  	for _, pk := range w.Pubkeys {
  26  		if bytes.Equal(pk, pubkey) {
  27  			return true
  28  		}
  29  	}
  30  	return false
  31  }
  32  
  33  func (*Whitelist) AllowRead([]byte) bool { return true }
  34  
  35  // ReadOnly rejects all writes.
  36  type ReadOnly struct{}
  37  
  38  func (ReadOnly) AllowWrite([]byte, uint16) bool { return false }
  39  func (ReadOnly) AllowRead([]byte) bool          { return true }
  40