Add strfry policies and members-only LDAP policy
This will look up nostr pubkeys in the LDAP directory to allow or deny publishing notes to the relay.
This commit is contained in:
46
extras/strfry/ldap-policy.ts
Normal file
46
extras/strfry/ldap-policy.ts
Normal file
@@ -0,0 +1,46 @@
|
||||
import type { Policy } from 'https://gitlab.com/soapbox-pub/strfry-policies/-/raw/develop/mod.ts';
|
||||
import { Client } from 'npm:ldapts';
|
||||
import { load } from "https://deno.land/std@0.224.0/dotenv/mod.ts";
|
||||
|
||||
const env = await load({ export: true });
|
||||
const url = Deno.env.get("LDAP_URL");
|
||||
const bindDN = Deno.env.get("LDAP_BIND_DN");
|
||||
const password = Deno.env.get("LDAP_PASSWORD");
|
||||
const searchDN = Deno.env.get("LDAP_SEARCH_DN");
|
||||
|
||||
const ldapPolicy: Policy<void> = async (msg) => {
|
||||
const client = new Client({ url });
|
||||
const { pubkey, kind, tags } = msg.event;
|
||||
let out = { id: msg.event.id }
|
||||
|
||||
try {
|
||||
await client.bind(bindDN, password);
|
||||
|
||||
const { searchEntries } = await client.search(searchDN, {
|
||||
filter: `(nostrKey=${pubkey})`,
|
||||
attributes: ['nostrKey']
|
||||
});
|
||||
|
||||
const memberKey = searchEntries[0]?.nostrKey;
|
||||
|
||||
const accepted = (memberKey === pubkey);
|
||||
// TODO if kind is 9735, check that "description" tag contains valid 9734 event,
|
||||
// signed by memberKey and with "p" tag being the same as pubkey (receipt sender)
|
||||
|
||||
if (accepted) {
|
||||
out['action'] = 'accept';
|
||||
out['msg'] = '';
|
||||
} else {
|
||||
out['action'] = 'reject';
|
||||
out['msg'] = 'Only members can publish notes on this relay';
|
||||
}
|
||||
} catch (ex) {
|
||||
out['action'] = 'reject';
|
||||
out['msg'] = 'Auth service temporarily unavailable';
|
||||
} finally {
|
||||
await client.unbind();
|
||||
return out;
|
||||
}
|
||||
};
|
||||
|
||||
export default ldapPolicy;
|
||||
23
extras/strfry/strfry-policy.ts
Executable file
23
extras/strfry/strfry-policy.ts
Executable file
@@ -0,0 +1,23 @@
|
||||
#!/bin/sh
|
||||
//bin/true; exec deno run -A "$0" "$@"
|
||||
import {
|
||||
antiDuplicationPolicy,
|
||||
hellthreadPolicy,
|
||||
pipeline,
|
||||
rateLimitPolicy,
|
||||
readStdin,
|
||||
writeStdout,
|
||||
} from 'https://gitlab.com/soapbox-pub/strfry-policies/-/raw/develop/mod.ts';
|
||||
|
||||
import ldapPolicy from './ldap-policy.ts';
|
||||
|
||||
for await (const msg of readStdin()) {
|
||||
const result = await pipeline(msg, [
|
||||
[hellthreadPolicy, { limit: 10 }],
|
||||
[antiDuplicationPolicy, { ttl: 60000, minLength: 50 }],
|
||||
[rateLimitPolicy, { whitelist: ['127.0.0.1'] }],
|
||||
[ldapPolicy],
|
||||
]);
|
||||
|
||||
writeStdout(result);
|
||||
}
|
||||
Reference in New Issue
Block a user