khatru-pyramid/whitelist.go

package main

import (
	"encoding/json"
	"errors"
	"fmt"
	"os"

	"github.com/nbd-wtf/go-nostr"
)

type Whitelist map[string]string // { [user_pubkey]: [invited_by] }

func addToWhitelist(pubkey string, inviter string) error {
	if !isPublicKeyInWhitelist(inviter) {
		return fmt.Errorf("pubkey %s doesn't have permission to invite", inviter)
	}

	if !nostr.IsValidPublicKey(pubkey) {
		return fmt.Errorf("pubkey invalid: %s", pubkey)
	}

	if isPublicKeyInWhitelist(pubkey) {
		return fmt.Errorf("pubkey already in whitelist: %s", pubkey)
	}

	whitelist[pubkey] = inviter
	return saveWhitelist()
}

func isPublicKeyInWhitelist(pubkey string) bool {
	_, ok := whitelist[pubkey]
	return ok
}

func canInviteMore(pubkey string) bool {
	if pubkey == "" {
		return false
	}

	if pubkey == s.RelayPubkey {
		return true
	}

	if !isPublicKeyInWhitelist(pubkey) {
		return false
	}

	count := 0
	for _, inviter := range whitelist {
		if inviter == pubkey {
			count++
		}
		if count >= s.MaxInvitesPerPerson {
			return false
		}
	}
	return true
}

func isAncestorOf(ancestor string, target string) bool {
	parent, ok := whitelist[target]
	if !ok {
		// parent is not in whitelist, this means this is a top-level user and can
		// only be deleted by manually editing the users.json file
		return false
	}

	if parent == ancestor {
		// if the pubkey is the parent, that means it is an ancestor
		return true
	}

	// otherwise we climb one degree up and test with the parent of the target
	return isAncestorOf(ancestor, parent)
}

func removeFromWhitelist(target string, deleter string) error {
	// check if this user is a descendant of the user who issued the delete command
	if !isAncestorOf(deleter, target) {
		return fmt.Errorf("insufficient permissions to delete this")
	}

	// if we got here that means we have permission to delete the target
	delete(whitelist, target)

	// delete all people who were invited by the target
	removeDescendantsFromWhitelist(target)

	return saveWhitelist()
}

func removeDescendantsFromWhitelist(ancestor string) {
	for pubkey, inviter := range whitelist {
		if inviter == ancestor {
			delete(whitelist, pubkey)
			removeDescendantsFromWhitelist(pubkey)
		}
	}
}

func loadWhitelist() error {
	b, err := os.ReadFile(s.UserdataPath)
	if err != nil {
		// If the whitelist file does not exist, with RELAY_PUBKEY
		if errors.Is(err, os.ErrNotExist) {
			whitelist[s.RelayPubkey] = ""
			jsonBytes, err := json.Marshal(&whitelist)
			if err != nil {
				return err
			}
			if err := os.WriteFile(s.UserdataPath, jsonBytes, 0644); err != nil {
				return err
			}
			return nil
		} else {
			return err
		}
	}

	if err := json.Unmarshal(b, &whitelist); err != nil {
		return err
	}

	return nil
}

func saveWhitelist() error {
	jsonBytes, err := json.Marshal(whitelist)
	if err != nil {
		return err
	}

	if err := os.WriteFile(s.UserdataPath, jsonBytes, 0644); err != nil {
		return err
	}

	return nil
}
init 2023-09-06 20:49:18 +02:00			`package main`

			`import (`
			`"encoding/json"`
auto create users.json if it doesn't exist 2024-02-28 16:59:16 +01:00			`"errors"`
cookie-based nip-98-like login. 2023-10-28 21:40:54 -03:00			`"fmt"`
init 2023-09-06 20:49:18 +02:00			`"os"`

			`"github.com/nbd-wtf/go-nostr"`
			`)`

rework data model for invitations. 2023-10-29 13:45:46 -03:00			`type Whitelist map[string]string // { [user_pubkey]: [invited_by] }`
init 2023-09-06 20:49:18 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func addToWhitelist(pubkey string, inviter string) error {`
actually blocking writes from non-whitelisted people, fixes in eventstore and some other UI tweaks. 2023-11-02 16:08:53 -03:00			`if !isPublicKeyInWhitelist(inviter) {`
			`return fmt.Errorf("pubkey %s doesn't have permission to invite", inviter)`
init 2023-09-06 20:49:18 +02:00			`}`
actually blocking writes from non-whitelisted people, fixes in eventstore and some other UI tweaks. 2023-11-02 16:08:53 -03:00
limit number of invites per person. 2024-02-02 09:29:54 -03:00			`if !nostr.IsValidPublicKey(pubkey) {`
actually blocking writes from non-whitelisted people, fixes in eventstore and some other UI tweaks. 2023-11-02 16:08:53 -03:00			`return fmt.Errorf("pubkey invalid: %s", pubkey)`
			`}`

			`if isPublicKeyInWhitelist(pubkey) {`
			`return fmt.Errorf("pubkey already in whitelist: %s", pubkey)`
			`}`

			`whitelist[pubkey] = inviter`
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`return saveWhitelist()`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func isPublicKeyInWhitelist(pubkey string) bool {`
			`_, ok := whitelist[pubkey]`
			`return ok`
			`}`
init 2023-09-06 20:49:18 +02:00
fix login issue, speedup page with jsdelivr and <nostr-name>, canInviteMore() function. 2025-04-05 09:56:41 -03:00			`func canInviteMore(pubkey string) bool {`
			`if pubkey == "" {`
			`return false`
			`}`

			`if pubkey == s.RelayPubkey {`
			`return true`
			`}`

			`if !isPublicKeyInWhitelist(pubkey) {`
			`return false`
			`}`

limit number of invites per person. 2024-02-02 09:29:54 -03:00			`count := 0`
			`for _, inviter := range whitelist {`
fix login issue, speedup page with jsdelivr and <nostr-name>, canInviteMore() function. 2025-04-05 09:56:41 -03:00			`if inviter == pubkey {`
limit number of invites per person. 2024-02-02 09:29:54 -03:00			`count++`
			`}`
fix login issue, speedup page with jsdelivr and <nostr-name>, canInviteMore() function. 2025-04-05 09:56:41 -03:00			`if count >= s.MaxInvitesPerPerson {`
			`return false`
limit number of invites per person. 2024-02-02 09:29:54 -03:00			`}`
			`}`
fix login issue, speedup page with jsdelivr and <nostr-name>, canInviteMore() function. 2025-04-05 09:56:41 -03:00			`return true`
limit number of invites per person. 2024-02-02 09:29:54 -03:00			`}`

fix isAncestorOf() and remove button. 2023-11-02 21:08:57 -03:00			`func isAncestorOf(ancestor string, target string) bool {`
			`parent, ok := whitelist[target]`
			`if !ok {`
			`// parent is not in whitelist, this means this is a top-level user and can`
			`// only be deleted by manually editing the users.json file`
			`return false`
making everything almost work again. 2023-10-28 20:21:15 -03:00			`}`
fix isAncestorOf() and remove button. 2023-11-02 21:08:57 -03:00
			`if parent == ancestor {`
			`// if the pubkey is the parent, that means it is an ancestor`
			`return true`
			`}`

			`// otherwise we climb one degree up and test with the parent of the target`
			`return isAncestorOf(ancestor, parent)`
making everything almost work again. 2023-10-28 20:21:15 -03:00			`}`

rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func removeFromWhitelist(target string, deleter string) error {`
			`// check if this user is a descendant of the user who issued the delete command`
			`if !isAncestorOf(deleter, target) {`
			`return fmt.Errorf("insufficient permissions to delete this")`
cookie-based nip-98-like login. 2023-10-28 21:40:54 -03:00			`}`
making everything almost work again. 2023-10-28 20:21:15 -03:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`// if we got here that means we have permission to delete the target`
			`delete(whitelist, target)`

			`// delete all people who were invited by the target`
			`removeDescendantsFromWhitelist(target)`

making everything almost work again. 2023-10-28 20:21:15 -03:00			`return saveWhitelist()`
			`}`

rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func removeDescendantsFromWhitelist(ancestor string) {`
			`for pubkey, inviter := range whitelist {`
			`if inviter == ancestor {`
			`delete(whitelist, pubkey)`
			`removeDescendantsFromWhitelist(pubkey)`
			`}`
init 2023-09-06 20:49:18 +02:00			`}`
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func loadWhitelist() error {`
add userdata path to envconfig and expand example.env 2024-02-12 18:40:52 +01:00			`b, err := os.ReadFile(s.UserdataPath)`
init 2023-09-06 20:49:18 +02:00			`if err != nil {`
auto create users.json if it doesn't exist 2024-02-28 16:59:16 +01:00			`// If the whitelist file does not exist, with RELAY_PUBKEY`
			`if errors.Is(err, os.ErrNotExist) {`
			`whitelist[s.RelayPubkey] = ""`
			`jsonBytes, err := json.Marshal(&whitelist)`
			`if err != nil {`
			`return err`
			`}`
			`if err := os.WriteFile(s.UserdataPath, jsonBytes, 0644); err != nil {`
			`return err`
			`}`
			`return nil`
			`} else {`
			`return err`
			`}`
init 2023-09-06 20:49:18 +02:00			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`if err := json.Unmarshal(b, &whitelist); err != nil {`
init 2023-09-06 20:49:18 +02:00			`return err`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
init 2023-09-06 20:49:18 +02:00			`return nil`
			`}`

use go templating instead of svelte client 2023-10-11 00:19:33 +02:00			`func saveWhitelist() error {`
init 2023-09-06 20:49:18 +02:00			`jsonBytes, err := json.Marshal(whitelist)`
			`if err != nil {`
			`return err`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
add userdata path to envconfig and expand example.env 2024-02-12 18:40:52 +01:00			`if err := os.WriteFile(s.UserdataPath, jsonBytes, 0644); err != nil {`
init 2023-09-06 20:49:18 +02:00			`return err`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
init 2023-09-06 20:49:18 +02:00			`return nil`
			`}`