From 7ac9e6290b6ea0147ed483533f702ff7ba7b9de6 Mon Sep 17 00:00:00 2001 From: fiatjaf Date: Thu, 28 Aug 2025 17:18:22 -0300 Subject: [PATCH] khatru: replace useless ApplySaneDefaults() with a set of pluggable "strict" defaults. --- khatru/policies/events.go | 10 ++++++++++ khatru/policies/ratelimits.go | 12 ++++++++++-- khatru/policies/sane_defaults.go | 21 --------------------- khatru/policies/strict_defaults.go | 24 ++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 23 deletions(-) delete mode 100644 khatru/policies/sane_defaults.go create mode 100644 khatru/policies/strict_defaults.go diff --git a/khatru/policies/events.go b/khatru/policies/events.go index 61ca21f..72d758d 100644 --- a/khatru/policies/events.go +++ b/khatru/policies/events.go @@ -66,6 +66,16 @@ func PreventLargeTags(maxTagValueLen int) func(context.Context, nostr.Event) (bo } } +// PreventLargeContent rejects events with content too large +func PreventLargeContent(maxContent int) func(context.Context, nostr.Event) (bool, string) { + return func(ctx context.Context, event nostr.Event) (reject bool, msg string) { + if len(event.Content) > maxContent { + return true, "content is too big" + } + return false, "" + } +} + // RestrictToSpecifiedKinds returns a function that can be used as a RejectFilter that will reject // any events with kinds different than the specified ones. func RestrictToSpecifiedKinds(allowEphemeral bool, kinds ...nostr.Kind) func(context.Context, nostr.Event) (bool, string) { diff --git a/khatru/policies/ratelimits.go b/khatru/policies/ratelimits.go index 766d4c9..6c806a7 100644 --- a/khatru/policies/ratelimits.go +++ b/khatru/policies/ratelimits.go @@ -14,7 +14,7 @@ func EventIPRateLimiter(tokensPerInterval int, interval time.Duration, maxTokens return func(ctx context.Context, _ nostr.Event) (reject bool, msg string) { ip := khatru.GetIP(ctx) - if ip == "" { + if ip == "127.0.0.1" { return false, "" } return rl(ip), "rate-limited: slow down, please" @@ -25,6 +25,10 @@ func EventPubKeyRateLimiter(tokensPerInterval int, interval time.Duration, maxTo rl := startRateLimitSystem[string](tokensPerInterval, interval, maxTokens) return func(ctx context.Context, evt nostr.Event) (reject bool, msg string) { + ip := khatru.GetIP(ctx) + if ip == "127.0.0.1" { + return false, "" + } return rl(evt.PubKey.Hex()), "rate-limited: slow down, please" } } @@ -45,6 +49,10 @@ func FilterIPRateLimiter(tokensPerInterval int, interval time.Duration, maxToken rl := startRateLimitSystem[string](tokensPerInterval, interval, maxTokens) return func(ctx context.Context, _ nostr.Filter) (reject bool, msg string) { - return rl(khatru.GetIP(ctx)), "rate-limited: there is a bug in the client, no one should be making so many requests" + ip := khatru.GetIP(ctx) + if ip == "127.0.0.1" { + return false, "" + } + return rl(ip), "rate-limited: there is a bug in the client, no one should be making so many requests" } } diff --git a/khatru/policies/sane_defaults.go b/khatru/policies/sane_defaults.go deleted file mode 100644 index ec0309b..0000000 --- a/khatru/policies/sane_defaults.go +++ /dev/null @@ -1,21 +0,0 @@ -package policies - -import ( - "time" - - "fiatjaf.com/nostr/khatru" -) - -func ApplySaneDefaults(relay *khatru.Relay) { - relay.OnEvent = SeqEvent( - RejectEventsWithBase64Media, - EventIPRateLimiter(2, time.Minute*3, 10), - ) - - relay.OnRequest = SeqRequest( - NoComplexFilters, - FilterIPRateLimiter(20, time.Minute, 100), - ) - - relay.RejectConnection = ConnectionRateLimiter(1, time.Minute*5, 100) -} diff --git a/khatru/policies/strict_defaults.go b/khatru/policies/strict_defaults.go new file mode 100644 index 0000000..2073ecd --- /dev/null +++ b/khatru/policies/strict_defaults.go @@ -0,0 +1,24 @@ +package policies + +import ( + "time" + + "fiatjaf.com/nostr" +) + +var EventRejectionStrictDefaults = SeqEvent( + RejectEventsWithBase64Media, + PreventLargeTags(100), + PreventTooManyIndexableTags(12, []nostr.Kind{3}, nil), + PreventTooManyIndexableTags(1200, nil, []nostr.Kind{3}), + PreventLargeContent(5000), + EventIPRateLimiter(2, time.Minute*3, 10), +) + +var RequestRejectionStrictDefaults = SeqRequest( + NoComplexFilters, + NoSearchQueries, + FilterIPRateLimiter(20, time.Minute, 100), +) + +var ConnectionRejectionStrictDefaults = ConnectionRateLimiter(1, time.Minute*5, 100)