Râu Cao
2a675fd135
Deployments will differ in production. The policy itself just needs the configs, but should not care where credentials are fetched from.
47 lines
1.3 KiB
TypeScript
47 lines
1.3 KiB
TypeScript
import type { Policy } from 'https://gitlab.com/soapbox-pub/strfry-policies/-/raw/develop/mod.ts';
|
|
import { Client } from 'npm:ldapts';
|
|
|
|
interface LdapConfig {
|
|
url: string;
|
|
bindDN: string;
|
|
password: string;
|
|
searchDN: string;
|
|
}
|
|
|
|
const ldapPolicy: Policy<LdapConfig> = async (msg, opts) => {
|
|
const client = new Client({ url: opts.url });
|
|
const { pubkey, kind, tags } = msg.event;
|
|
let out = { id: msg.event.id }
|
|
|
|
try {
|
|
await client.bind(opts.bindDN, opts.password);
|
|
|
|
const { searchEntries } = await client.search(opts.searchDN, {
|
|
filter: `(nostrKey=${pubkey})`,
|
|
attributes: ['nostrKey']
|
|
});
|
|
|
|
const memberKey = searchEntries[0]?.nostrKey;
|
|
|
|
const accepted = (memberKey === pubkey);
|
|
// TODO if kind is 9735, check that "description" tag contains valid 9734 event,
|
|
// signed by memberKey and with "p" tag being the same as pubkey (receipt sender)
|
|
|
|
if (accepted) {
|
|
out['action'] = 'accept';
|
|
out['msg'] = '';
|
|
} else {
|
|
out['action'] = 'reject';
|
|
out['msg'] = 'Only members can publish notes on this relay';
|
|
}
|
|
} catch (ex) {
|
|
out['action'] = 'reject';
|
|
out['msg'] = 'Auth service temporarily unavailable';
|
|
} finally {
|
|
await client.unbind();
|
|
return out;
|
|
}
|
|
};
|
|
|
|
export default ldapPolicy;
|