acl

package
v0.58.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: Unlicense Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultDailyLimit     = 50
	DefaultIPDailyLimit   = 500 // Max events per IP per day (flood protection)
	DefaultFirstBanHours  = 1
	DefaultSecondBanHours = 168 // 1 week
	CuratingConfigKind    = 30078
	CuratingConfigDTag    = "curating-config"
)

Default values for curating mode

Variables

View Source 
var Registry = &S{}

Functions

func HasDriver added in v0.55.4 

func HasDriver(name string) bool

HasDriver returns true if the named driver is registered.

func ListDrivers added in v0.55.4 

func ListDrivers() []string

ListDrivers returns a sorted list of registered driver names.

func RegisterDriver added in v0.55.4 

func RegisterDriver(name, description string, factory DriverFactory)

RegisterDriver registers an ACL driver with the given name and factory. This is typically called from init() in the driver package.

Types

type A 

type A struct{ S }

type Curating added in v0.47.0 

type Curating struct {
	// Ctx holds the context for the ACL.
	// Deprecated: Use Context() method instead of accessing directly.
	Ctx context.Context
	// contains filtered or unexported fields
}

Curating implements the curating ACL mode with three-tier publisher classification: - Trusted: Unlimited publishing - Blacklisted: Cannot publish - Unclassified: Rate-limited publishing (default 50/day)

func (*Curating) BlacklistPubkey added in v0.47.0 

func (c *Curating) BlacklistPubkey(pubkeyHex, reason string) error

BlacklistPubkey adds a pubkey to the blacklist

func (*Curating) CheckPolicy added in v0.47.0 

func (c *Curating) CheckPolicy(ev *event.E) (allowed bool, err error)

CheckPolicy implements the PolicyChecker interface for event-level filtering

func (*Curating) Configure added in v0.47.0 

func (c *Curating) Configure(cfg ...any) (err error)

func (*Curating) Context added in v0.56.5 

func (c *Curating) Context() context.Context

Context returns the ACL context.

func (*Curating) FilterVisibleEvents added in v0.47.0 

func (c *Curating) FilterVisibleEvents(events []*event.E, accessLevel string) []*event.E

FilterVisibleEvents filters a list of events, removing those from blacklisted pubkeys. Returns only events visible to the given access level.

func (*Curating) GetACLInfo added in v0.47.0 

func (c *Curating) GetACLInfo() (name, description, documentation string)

func (*Curating) GetAccessLevel added in v0.47.0 

func (c *Curating) GetAccessLevel(pub []byte, address string) (level string)

func (*Curating) GetConfig added in v0.47.0 

func (c *Curating) GetConfig() (database.CuratingConfig, error)

GetConfig returns the current configuration

func (*Curating) GetCuratingACL added in v0.47.0 

func (c *Curating) GetCuratingACL() *database.CuratingACL

GetCuratingACL returns the database ACL instance for direct access

func (*Curating) IsBlacklisted added in v0.47.0 

func (c *Curating) IsBlacklisted(pubkeyHex string) bool

IsBlacklisted checks if a pubkey is blacklisted

func (*Curating) IsConfigured added in v0.47.0 

func (c *Curating) IsConfigured() (bool, error)

IsConfigured returns true if the relay has been configured

func (*Curating) IsEventVisible added in v0.47.0 

func (c *Curating) IsEventVisible(ev *event.E, accessLevel string) bool

IsEventVisible checks if an event should be visible to the given access level. Events from blacklisted pubkeys are only visible to admin/owner.

func (*Curating) IsTrusted added in v0.47.0 

func (c *Curating) IsTrusted(pubkeyHex string) bool

IsTrusted checks if a pubkey is trusted

func (*Curating) ProcessConfigEvent added in v0.47.0 

func (c *Curating) ProcessConfigEvent(ev *event.E) error

ProcessConfigEvent processes a kind 30078 event to extract curating configuration

func (*Curating) RateLimitCheck added in v0.47.0 

func (c *Curating) RateLimitCheck(pubkeyHex, ip string) (allowed bool, message string, err error)

RateLimitCheck checks if an unclassified user can publish and handles IP tracking This is called separately when we have access to the IP address

func (*Curating) RefreshCaches added in v0.47.0 

func (c *Curating) RefreshCaches() error

RefreshCaches refreshes all in-memory caches from the database

func (*Curating) Syncer added in v0.47.0 

func (c *Curating) Syncer()

func (*Curating) TrustPubkey added in v0.47.0 

func (c *Curating) TrustPubkey(pubkeyHex, note string) error

TrustPubkey adds a pubkey to the trusted list

func (*Curating) Type added in v0.47.0 

func (c *Curating) Type() string

func (*Curating) UnblacklistPubkey added in v0.47.0 

func (c *Curating) UnblacklistPubkey(pubkeyHex string) error

UnblacklistPubkey removes a pubkey from the blacklist

func (*Curating) UntrustPubkey added in v0.47.0 

func (c *Curating) UntrustPubkey(pubkeyHex string) error

UntrustPubkey removes a pubkey from the trusted list

type DriverConfig added in v0.55.4 

type DriverConfig struct {
	// Common settings
	LogLevel        string
	Owners          []string
	Admins          []string
	BootstrapRelays []string
	RelayAddresses  []string

	// Follows-specific settings
	FollowListFrequency     string
	FollowsThrottleEnabled  bool
	FollowsThrottlePerEvent string
	FollowsThrottleMaxDelay string
}

DriverConfig holds configuration for ACL drivers.

type DriverFactory added in v0.55.4 

type DriverFactory func(ctx context.Context, db database.Database, cfg *DriverConfig) (I, error)

DriverFactory is the signature for ACL driver factory functions.

func GetDriver added in v0.55.4 

func GetDriver(name string) DriverFactory

GetDriver returns the factory for the named driver, or nil if not found.

type DriverInfo added in v0.55.4 

type DriverInfo struct {
	Name        string
	Description string
	Factory     DriverFactory
}

DriverInfo contains metadata about a registered ACL driver.

func ListDriversWithInfo added in v0.55.4 

func ListDriversWithInfo() []*DriverInfo

ListDriversWithInfo returns information about all registered drivers.

type Follows 

type Follows struct {
	// Ctx holds the context for the ACL.
	// Deprecated: Use Context() method instead of accessing directly.
	Ctx context.Context
	// contains filtered or unexported fields
}

func (*Follows) AddFollow added in v0.8.0 

func (f *Follows) AddFollow(pub []byte)

AddFollow appends a pubkey to the in-memory follows list if not already present and signals the syncer to refresh subscriptions.

func (*Follows) AdminRelays added in v0.17.14 

func (f *Follows) AdminRelays() []string

AdminRelays returns the admin relay URLs

func (*Follows) Configure 

func (f *Follows) Configure(cfg ...any) (err error)

func (*Follows) Context added in v0.56.5 

func (f *Follows) Context() context.Context

Context returns the ACL context.

func (*Follows) GetACLInfo 

func (f *Follows) GetACLInfo() (name, description, documentation string)

func (*Follows) GetAccessLevel 

func (f *Follows) GetAccessLevel(pub []byte, address string) (level string)

func (*Follows) GetFollowedPubkeys added in v0.6.0 

func (f *Follows) GetFollowedPubkeys() [][]byte

GetFollowedPubkeys returns a copy of the followed pubkeys list

func (*Follows) GetThrottleDelay added in v0.48.10 

func (f *Follows) GetThrottleDelay(pubkey []byte, ip string) time.Duration

GetThrottleDelay returns the progressive throttle delay for this event. Returns 0 if throttle is disabled or if the user is exempt (owner/admin/followed).

func (*Follows) SetFollowListUpdateCallback added in v0.29.0 

func (f *Follows) SetFollowListUpdateCallback(callback func())

SetFollowListUpdateCallback sets a callback to be called when the follow list is updated

func (*Follows) Syncer 

func (f *Follows) Syncer()

func (*Follows) Type 

func (f *Follows) Type() string

type I added in v0.55.4 

type I interface {
	Configure(cfg ...any) (err error)
	GetAccessLevel(pub []byte, address string) (level string)
	GetACLInfo() (name, description, documentation string)
	Syncer()
	Type() string
}

I is the ACL interface that drivers must implement. This is re-exported from the interfaces package for convenience.

func NewFromDriver added in v0.55.4 

func NewFromDriver(ctx context.Context, driverName string, db database.Database, cfg *DriverConfig) (I, error)

NewFromDriver creates an ACL using the named driver. Returns an error if the driver is not registered.

type Managed added in v0.17.0 

type Managed struct {
	// Ctx holds the context for the ACL.
	// Deprecated: Use Context() method instead of accessing directly.
	Ctx context.Context
	// contains filtered or unexported fields
}

func (*Managed) CheckPolicy added in v0.17.0 

func (m *Managed) CheckPolicy(ev *event.E) (allowed bool, err error)

func (*Managed) Configure added in v0.17.0 

func (m *Managed) Configure(cfg ...any) (err error)

func (*Managed) Context added in v0.56.5 

func (m *Managed) Context() context.Context

Context returns the ACL context.

func (*Managed) GetACLInfo added in v0.17.0 

func (m *Managed) GetACLInfo() (name, description, documentation string)

func (*Managed) GetAccessLevel added in v0.17.0 

func (m *Managed) GetAccessLevel(pub []byte, address string) (level string)

func (*Managed) GetManagedACL added in v0.17.0 

func (m *Managed) GetManagedACL() *database.ManagedACL

GetManagedACL returns the managed ACL database instance

func (*Managed) IsIPBlocked added in v0.17.0 

func (m *Managed) IsIPBlocked(ip string) bool

IsIPBlocked checks if an IP address is blocked

func (*Managed) Syncer added in v0.17.0 

func (m *Managed) Syncer()

func (*Managed) Type added in v0.17.0 

func (m *Managed) Type() string

func (*Managed) UpdatePeerAdmins added in v0.24.1 

func (m *Managed) UpdatePeerAdmins(peerPubkeys [][]byte)

UpdatePeerAdmins updates the list of peer relay identity pubkeys that have admin access

type None 

type None struct {
	// contains filtered or unexported fields
}

func (None) CheckPolicy added in v0.16.0 

func (n None) CheckPolicy(ev *event.E) (allowed bool, err error)

func (*None) Configure 

func (n *None) Configure(cfg ...any) (err error)

func (None) GetACLInfo 

func (n None) GetACLInfo() (name, description, documentation string)

func (*None) GetAccessLevel 

func (n *None) GetAccessLevel(pub []byte, address string) (level string)

func (None) Syncer 

func (n None) Syncer()

func (None) Type 

func (n None) Type() string

type ProgressiveThrottle added in v0.48.10 

type ProgressiveThrottle struct {
	// contains filtered or unexported fields
}

ProgressiveThrottle implements linear delay with time decay. Each event adds perEvent delay, and delay decays at 1:1 ratio with elapsed time. This creates a natural rate limit that averages to 1 event per perEvent interval.

func NewProgressiveThrottle added in v0.48.10 

func NewProgressiveThrottle(perEvent, maxDelay time.Duration) *ProgressiveThrottle

NewProgressiveThrottle creates a new throttle with the given parameters. perEvent is the delay added per event (e.g., 200ms). maxDelay is the maximum accumulated delay cap (e.g., 60s).

func (*ProgressiveThrottle) Cleanup added in v0.48.10 

func (pt *ProgressiveThrottle) Cleanup()

Cleanup removes entries that have fully decayed (no remaining delay). This should be called periodically to prevent unbounded memory growth.

func (*ProgressiveThrottle) GetDelay added in v0.48.10 

func (pt *ProgressiveThrottle) GetDelay(ip, pubkeyHex string) time.Duration

GetDelay returns accumulated delay for this identity and updates state. It tracks both IP and pubkey independently and returns the maximum of both. This prevents evasion via different pubkeys from same IP or vice versa.

func (*ProgressiveThrottle) Stats added in v0.48.10 

func (pt *ProgressiveThrottle) Stats() (ipCount, pubkeyCount int)

Stats returns the current number of tracked IPs and pubkeys (for monitoring)

type S 

type S struct {
	// contains filtered or unexported fields
}

func (*S) ACLs added in v0.56.8 

func (s *S) ACLs() []acliface.I

ACLs returns the registered ACL implementations for iteration. Prefer using GetActiveACL() or GetACLByType() when possible.

func (*S) AddFollow added in v0.8.0 

func (s *S) AddFollow(pub []byte)

AddFollow forwards a pubkey to the active ACL if it supports dynamic follows

func (*S) CheckPolicy added in v0.17.0 

func (s *S) CheckPolicy(ev *event.E) (allowed bool, err error)

CheckPolicy checks if an event is allowed by the active ACL policy

func (*S) Configure 

func (s *S) Configure(cfg ...any) (err error)

func (*S) GetACLByType added in v0.56.5 

func (s *S) GetACLByType(typ string) acliface.I

GetACLByType returns the ACL implementation with the given type name, or nil if not found.

func (*S) GetACLInfo 

func (s *S) GetACLInfo() (name, description, documentation string)

func (*S) GetAccessLevel 

func (s *S) GetAccessLevel(pub []byte, address string) (level string)

func (*S) GetActiveACL added in v0.56.5 

func (s *S) GetActiveACL() acliface.I

GetActiveACL returns the currently active ACL implementation, or nil if none is active.

func (*S) GetMode added in v0.56.5 

func (s *S) GetMode() string

GetMode returns the currently active ACL mode name.

func (*S) IsRegistered added in v0.56.5 

func (s *S) IsRegistered(typ string) bool

IsRegistered returns true if an ACL with the given type is registered.

func (*S) ListRegisteredACLs added in v0.56.5 

func (s *S) ListRegisteredACLs() []string

ListRegisteredACLs returns the type names of all registered ACL implementations.

func (*S) Register 

func (s *S) Register(i acliface.I)

func (*S) RegisterAndActivate added in v0.54.0 

func (s *S) RegisterAndActivate(i acliface.I)

RegisterAndActivate registers an ACL implementation and sets it as the active one. This is used for gRPC clients where the mode is determined by the remote server.

func (*S) SetMode added in v0.34.3 

func (s *S) SetMode(m string)

SetMode sets the active ACL mode and syncs it to the mode package for packages that need to check the mode without importing acl (to avoid cycles).

func (*S) Syncer 

func (s *S) Syncer()

func (*S) Type 

func (s *S) Type() (typ string)

type ThrottleState added in v0.48.10 

type ThrottleState struct {
	AccumulatedDelay time.Duration
	LastEventTime    time.Time
}

ThrottleState tracks accumulated delay for an identity (IP or pubkey)

Source Files

View all Source files

Directories

Path Synopsis
Package grpc provides a gRPC client that implements the acl.I interface.
 Package grpc provides a gRPC client that implements the acl.I interface.
Package server provides a shared gRPC ACL server implementation.
 Package server provides a shared gRPC ACL server implementation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.