Râu Cao
c2c3ebc2e1
This will look up nostr pubkeys in the LDAP directory to allow or deny publishing notes to the relay.
47 lines
1.4 KiB
TypeScript
47 lines
1.4 KiB
TypeScript
import type { Policy } from 'https://gitlab.com/soapbox-pub/strfry-policies/-/raw/develop/mod.ts';
|
|
import { Client } from 'npm:ldapts';
|
|
import { load } from "https://deno.land/std@0.224.0/dotenv/mod.ts";
|
|
|
|
const env = await load({ export: true });
|
|
const url = Deno.env.get("LDAP_URL");
|
|
const bindDN = Deno.env.get("LDAP_BIND_DN");
|
|
const password = Deno.env.get("LDAP_PASSWORD");
|
|
const searchDN = Deno.env.get("LDAP_SEARCH_DN");
|
|
|
|
const ldapPolicy: Policy<void> = async (msg) => {
|
|
const client = new Client({ url });
|
|
const { pubkey, kind, tags } = msg.event;
|
|
let out = { id: msg.event.id }
|
|
|
|
try {
|
|
await client.bind(bindDN, password);
|
|
|
|
const { searchEntries } = await client.search(searchDN, {
|
|
filter: `(nostrKey=${pubkey})`,
|
|
attributes: ['nostrKey']
|
|
});
|
|
|
|
const memberKey = searchEntries[0]?.nostrKey;
|
|
|
|
const accepted = (memberKey === pubkey);
|
|
// TODO if kind is 9735, check that "description" tag contains valid 9734 event,
|
|
// signed by memberKey and with "p" tag being the same as pubkey (receipt sender)
|
|
|
|
if (accepted) {
|
|
out['action'] = 'accept';
|
|
out['msg'] = '';
|
|
} else {
|
|
out['action'] = 'reject';
|
|
out['msg'] = 'Only members can publish notes on this relay';
|
|
}
|
|
} catch (ex) {
|
|
out['action'] = 'reject';
|
|
out['msg'] = 'Auth service temporarily unavailable';
|
|
} finally {
|
|
await client.unbind();
|
|
return out;
|
|
}
|
|
};
|
|
|
|
export default ldapPolicy;
|