khatru-pyramid/whitelist.go

package main

import (
	"encoding/json"
	"fmt"
	"os"

	"github.com/nbd-wtf/go-nostr"
)

const WHITELIST_FILE = "users.json"

type Whitelist map[string]string // { [user_pubkey]: [invited_by] }

func addToWhitelist(pubkey string, inviter string) error {
	if !isPublicKeyInWhitelist(inviter) {
		return fmt.Errorf("pubkey %s doesn't have permission to invite", inviter)
	}

	if !nostr.IsValidPublicKeyHex(pubkey) {
		return fmt.Errorf("pubkey invalid: %s", pubkey)
	}

	if isPublicKeyInWhitelist(pubkey) {
		return fmt.Errorf("pubkey already in whitelist: %s", pubkey)
	}

	whitelist[pubkey] = inviter
	return saveWhitelist()
}

func isPublicKeyInWhitelist(pubkey string) bool {
	_, ok := whitelist[pubkey]
	return ok
}

func isAncestorOf(ancestor string, target string) bool {
	parent, ok := whitelist[target]
	if !ok {
		// parent is not in whitelist, this means this is a top-level user and can
		// only be deleted by manually editing the users.json file
		return false
	}

	if parent == ancestor {
		// if the pubkey is the parent, that means it is an ancestor
		return true
	}

	// otherwise we climb one degree up and test with the parent of the target
	return isAncestorOf(ancestor, parent)
}

func removeFromWhitelist(target string, deleter string) error {
	// check if this user is a descendant of the user who issued the delete command
	if !isAncestorOf(deleter, target) {
		return fmt.Errorf("insufficient permissions to delete this")
	}

	// if we got here that means we have permission to delete the target
	delete(whitelist, target)

	// delete all people who were invited by the target
	removeDescendantsFromWhitelist(target)

	return saveWhitelist()
}

func removeDescendantsFromWhitelist(ancestor string) {
	for pubkey, inviter := range whitelist {
		if inviter == ancestor {
			delete(whitelist, pubkey)
			removeDescendantsFromWhitelist(pubkey)
		}
	}
}

func loadWhitelist() error {
	b, err := os.ReadFile(WHITELIST_FILE)
	if err != nil {
		return err
	}

	if err := json.Unmarshal(b, &whitelist); err != nil {
		return err
	}

	return nil
}

func saveWhitelist() error {
	jsonBytes, err := json.Marshal(whitelist)
	if err != nil {
		return err
	}

	if err := os.WriteFile(WHITELIST_FILE, jsonBytes, 0644); err != nil {
		return err
	}

	return nil
}
init 2023-09-06 20:49:18 +02:00			`package main`

			`import (`
			`"encoding/json"`
cookie-based nip-98-like login. 2023-10-28 21:40:54 -03:00			`"fmt"`
init 2023-09-06 20:49:18 +02:00			`"os"`

			`"github.com/nbd-wtf/go-nostr"`
			`)`

rework data model for invitations. 2023-10-29 13:45:46 -03:00			`const WHITELIST_FILE = "users.json"`
init 2023-09-06 20:49:18 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`type Whitelist map[string]string // { [user_pubkey]: [invited_by] }`
init 2023-09-06 20:49:18 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func addToWhitelist(pubkey string, inviter string) error {`
actually blocking writes from non-whitelisted people, fixes in eventstore and some other UI tweaks. 2023-11-02 16:08:53 -03:00			`if !isPublicKeyInWhitelist(inviter) {`
			`return fmt.Errorf("pubkey %s doesn't have permission to invite", inviter)`
init 2023-09-06 20:49:18 +02:00			`}`
actually blocking writes from non-whitelisted people, fixes in eventstore and some other UI tweaks. 2023-11-02 16:08:53 -03:00
			`if !nostr.IsValidPublicKeyHex(pubkey) {`
			`return fmt.Errorf("pubkey invalid: %s", pubkey)`
			`}`

			`if isPublicKeyInWhitelist(pubkey) {`
			`return fmt.Errorf("pubkey already in whitelist: %s", pubkey)`
			`}`

			`whitelist[pubkey] = inviter`
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`return saveWhitelist()`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func isPublicKeyInWhitelist(pubkey string) bool {`
			`_, ok := whitelist[pubkey]`
			`return ok`
			`}`
init 2023-09-06 20:49:18 +02:00
fix isAncestorOf() and remove button. 2023-11-02 21:08:57 -03:00			`func isAncestorOf(ancestor string, target string) bool {`
			`parent, ok := whitelist[target]`
			`if !ok {`
			`// parent is not in whitelist, this means this is a top-level user and can`
			`// only be deleted by manually editing the users.json file`
			`return false`
making everything almost work again. 2023-10-28 20:21:15 -03:00			`}`
fix isAncestorOf() and remove button. 2023-11-02 21:08:57 -03:00
			`if parent == ancestor {`
			`// if the pubkey is the parent, that means it is an ancestor`
			`return true`
			`}`

			`// otherwise we climb one degree up and test with the parent of the target`
			`return isAncestorOf(ancestor, parent)`
making everything almost work again. 2023-10-28 20:21:15 -03:00			`}`

rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func removeFromWhitelist(target string, deleter string) error {`
			`// check if this user is a descendant of the user who issued the delete command`
			`if !isAncestorOf(deleter, target) {`
			`return fmt.Errorf("insufficient permissions to delete this")`
cookie-based nip-98-like login. 2023-10-28 21:40:54 -03:00			`}`
making everything almost work again. 2023-10-28 20:21:15 -03:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`// if we got here that means we have permission to delete the target`
			`delete(whitelist, target)`

			`// delete all people who were invited by the target`
			`removeDescendantsFromWhitelist(target)`

making everything almost work again. 2023-10-28 20:21:15 -03:00			`return saveWhitelist()`
			`}`

rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func removeDescendantsFromWhitelist(ancestor string) {`
			`for pubkey, inviter := range whitelist {`
			`if inviter == ancestor {`
			`delete(whitelist, pubkey)`
			`removeDescendantsFromWhitelist(pubkey)`
			`}`
init 2023-09-06 20:49:18 +02:00			`}`
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`func loadWhitelist() error {`
			`b, err := os.ReadFile(WHITELIST_FILE)`
init 2023-09-06 20:49:18 +02:00			`if err != nil {`
			`return err`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`if err := json.Unmarshal(b, &whitelist); err != nil {`
init 2023-09-06 20:49:18 +02:00			`return err`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
init 2023-09-06 20:49:18 +02:00			`return nil`
			`}`

use go templating instead of svelte client 2023-10-11 00:19:33 +02:00			`func saveWhitelist() error {`
init 2023-09-06 20:49:18 +02:00			`jsonBytes, err := json.Marshal(whitelist)`
			`if err != nil {`
			`return err`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
rework data model for invitations. 2023-10-29 13:45:46 -03:00			`if err := os.WriteFile(WHITELIST_FILE, jsonBytes, 0644); err != nil {`
init 2023-09-06 20:49:18 +02:00			`return err`
			`}`
use go templating instead of svelte client 2023-10-11 00:19:33 +02:00
init 2023-09-06 20:49:18 +02:00			`return nil`
			`}`