khatru: replace useless ApplySaneDefaults() with a set of pluggable "strict" defaults.

khatru/policies/events.go

@@ -66,6 +66,16 @@ func PreventLargeTags(maxTagValueLen int) func(context.Context, nostr.Event) (bo
 	}
 }
 
+// PreventLargeContent rejects events with content too large
+func PreventLargeContent(maxContent int) func(context.Context, nostr.Event) (bool, string) {
+	return func(ctx context.Context, event nostr.Event) (reject bool, msg string) {
+		if len(event.Content) > maxContent {
+			return true, "content is too big"
+		}
+		return false, ""
+	}
+}
+
 // RestrictToSpecifiedKinds returns a function that can be used as a RejectFilter that will reject
 // any events with kinds different than the specified ones.
 func RestrictToSpecifiedKinds(allowEphemeral bool, kinds ...nostr.Kind) func(context.Context, nostr.Event) (bool, string) {

khatru/policies/ratelimits.go

@@ -14,7 +14,7 @@ func EventIPRateLimiter(tokensPerInterval int, interval time.Duration, maxTokens
 
 	return func(ctx context.Context, _ nostr.Event) (reject bool, msg string) {
 		ip := khatru.GetIP(ctx)
-		if ip == "" {
+		if ip == "127.0.0.1" {
 			return false, ""
 		}
 		return rl(ip), "rate-limited: slow down, please"
@@ -25,6 +25,10 @@ func EventPubKeyRateLimiter(tokensPerInterval int, interval time.Duration, maxTo
 	rl := startRateLimitSystem[string](tokensPerInterval, interval, maxTokens)
 
 	return func(ctx context.Context, evt nostr.Event) (reject bool, msg string) {
+		ip := khatru.GetIP(ctx)
+		if ip == "127.0.0.1" {
+			return false, ""
+		}
 		return rl(evt.PubKey.Hex()), "rate-limited: slow down, please"
 	}
 }
@@ -45,6 +49,10 @@ func FilterIPRateLimiter(tokensPerInterval int, interval time.Duration, maxToken
 	rl := startRateLimitSystem[string](tokensPerInterval, interval, maxTokens)
 
 	return func(ctx context.Context, _ nostr.Filter) (reject bool, msg string) {
-		return rl(khatru.GetIP(ctx)), "rate-limited: there is a bug in the client, no one should be making so many requests"
+		ip := khatru.GetIP(ctx)
+		if ip == "127.0.0.1" {
+			return false, ""
+		}
+		return rl(ip), "rate-limited: there is a bug in the client, no one should be making so many requests"
 	}
 }

khatru/policies/sane_defaults.go

@@ -1,21 +0,0 @@
-package policies
-
-import (
-	"time"
-
-	"fiatjaf.com/nostr/khatru"
-)
-
-func ApplySaneDefaults(relay *khatru.Relay) {
-	relay.OnEvent = SeqEvent(
-		RejectEventsWithBase64Media,
-		EventIPRateLimiter(2, time.Minute*3, 10),
-	)
-
-	relay.OnRequest = SeqRequest(
-		NoComplexFilters,
-		FilterIPRateLimiter(20, time.Minute, 100),
-	)
-
-	relay.RejectConnection = ConnectionRateLimiter(1, time.Minute*5, 100)
-}

khatru/policies/strict_defaults.go

@@ -0,0 +1,24 @@
+package policies
+
+import (
+	"time"
+
+	"fiatjaf.com/nostr"
+)
+
+var EventRejectionStrictDefaults = SeqEvent(
+	RejectEventsWithBase64Media,
+	PreventLargeTags(100),
+	PreventTooManyIndexableTags(12, []nostr.Kind{3}, nil),
+	PreventTooManyIndexableTags(1200, nil, []nostr.Kind{3}),
+	PreventLargeContent(5000),
+	EventIPRateLimiter(2, time.Minute*3, 10),
+)
+
+var RequestRejectionStrictDefaults = SeqRequest(
+	NoComplexFilters,
+	NoSearchQueries,
+	FilterIPRateLimiter(20, time.Minute, 100),
+)
+
+var ConnectionRejectionStrictDefaults = ConnectionRateLimiter(1, time.Minute*5, 100)