Auth issues Fix
This commit is contained in:
parent
b470e0041d
commit
be9cd52ac6
@ -162,6 +162,7 @@ func main() {
|
||||
logger,
|
||||
keyPassword, // Use the same password for simplicity
|
||||
24*time.Hour, // Token duration
|
||||
cfg.AllowedNpub, // Pass the allowed npub from config
|
||||
)
|
||||
|
||||
// Initialize bot service
|
||||
|
||||
@ -41,10 +41,11 @@ type Service struct {
|
||||
logger *zap.Logger
|
||||
secretKey []byte
|
||||
tokenDuration time.Duration
|
||||
allowedNpub string // Add allowed npub for whitelisting
|
||||
}
|
||||
|
||||
// NewService creates a new authentication service
|
||||
func NewService(db *db.DB, logger *zap.Logger, secretKey string, tokenDuration time.Duration) *Service {
|
||||
func NewService(db *db.DB, logger *zap.Logger, secretKey string, tokenDuration time.Duration, allowedNpub string) *Service {
|
||||
// If no secret key is provided, generate a secure random one
|
||||
decodedKey := []byte(secretKey)
|
||||
if secretKey == "" {
|
||||
@ -55,28 +56,37 @@ func NewService(db *db.DB, logger *zap.Logger, secretKey string, tokenDuration t
|
||||
}
|
||||
decodedKey = key
|
||||
}
|
||||
|
||||
|
||||
return &Service{
|
||||
db: db,
|
||||
logger: logger,
|
||||
secretKey: decodedKey,
|
||||
tokenDuration: tokenDuration,
|
||||
allowedNpub: allowedNpub,
|
||||
}
|
||||
}
|
||||
|
||||
// Login handles user login with a Nostr signature
|
||||
func (s *Service) Login(pubkey, signature, eventJSON string) (string, error) {
|
||||
// Check if there's a whitelist and enforce it
|
||||
if s.allowedNpub != "" && s.allowedNpub != pubkey {
|
||||
s.logger.Warn("Login attempt from non-whitelisted pubkey",
|
||||
zap.String("attempt_pubkey", pubkey),
|
||||
zap.String("allowed_npub", s.allowedNpub))
|
||||
return "", errors.New("unauthorized: only the configured npub is allowed to log in")
|
||||
}
|
||||
|
||||
// Parse the event
|
||||
var event nostr.Event
|
||||
if err := json.Unmarshal([]byte(eventJSON), &event); err != nil {
|
||||
return "", fmt.Errorf("failed to parse event: %w", err)
|
||||
}
|
||||
|
||||
|
||||
// Verify the event
|
||||
if event.PubKey != pubkey {
|
||||
return "", errors.New("pubkey mismatch in event")
|
||||
}
|
||||
|
||||
|
||||
// Verify the signature
|
||||
ok, err := event.CheckSignature()
|
||||
if err != nil {
|
||||
@ -85,20 +95,20 @@ func (s *Service) Login(pubkey, signature, eventJSON string) (string, error) {
|
||||
if !ok {
|
||||
return "", ErrInvalidSignature
|
||||
}
|
||||
|
||||
|
||||
// Check if the event was created recently
|
||||
now := time.Now()
|
||||
eventTime := time.Unix(int64(event.CreatedAt), 0)
|
||||
if now.Sub(eventTime) > 5*time.Minute || eventTime.After(now.Add(5*time.Minute)) {
|
||||
return "", errors.New("event timestamp is too far from current time")
|
||||
}
|
||||
|
||||
|
||||
// Generate a token
|
||||
token, err := s.createToken(pubkey)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to create token: %w", err)
|
||||
}
|
||||
|
||||
|
||||
return token, nil
|
||||
}
|
||||
|
||||
|
||||
@ -52,7 +52,7 @@ type Config struct {
|
||||
Write bool `mapstructure:"write"`
|
||||
} `mapstructure:"relays"`
|
||||
|
||||
AllowedNpub string `mapstructure:"allowed_npub"` // NEW
|
||||
AllowedNpub string `mapstructure:"allowed_npub"` // Set this to restrict login to a specific Nostr pubkey
|
||||
}
|
||||
|
||||
// LoadConfig loads the configuration from file or environment variables
|
||||
@ -79,7 +79,7 @@ func LoadConfig(configPath string) (*Config, error) {
|
||||
{"url": "wss://freelay.sovbit.host", "read": true, "write": true},
|
||||
})
|
||||
|
||||
v.SetDefault("allowed_npub", "")
|
||||
v.SetDefault("allowed_npub", "") // Empty string means no restriction
|
||||
|
||||
// Setup config file search
|
||||
if configPath != "" {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user