laantungir/ginxsom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

I think nip42 is FINALLY working.

Browse Source
This commit is contained in:
Your Name
2025-09-10 07:58:57 -04:00
parent a3c8918491
commit 30473100b8
20 changed files with 2846 additions and 2194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/admin_api.c
View File

@@ -176,32 +176,15 @@ int authenticate_admin_request(const char* auth_header) {
return 0; // No auth header
}
// Use unified request validation system for admin operations
nostr_request_t request = {
.operation = "admin",
.auth_header = auth_header,
.event = NULL,
.resource_hash = NULL,
.mime_type = NULL,
.file_size = 0,
.client_ip = getenv("REMOTE_ADDR"),
.app_context = NULL
};
// NOTE: Authentication now handled by centralized validation system in main.c
// This function is kept for compatibility but should receive validation results
// from the centralized system rather than performing duplicate validation
nostr_request_result_t result;
int auth_result = nostr_validate_request(&request, &result);
// TODO: Modify to accept validation results from centralized system
// For now, assume validation was successful if we reach here
// and extract pubkey from global context or parameters
if (auth_result != NOSTR_SUCCESS || !result.valid) {
return 0; // Authentication failed
}
// Extract pubkey from validation result and verify admin status
const char* event_pubkey = result.pubkey[0] ? result.pubkey : NULL;
if (!event_pubkey) {
return 0; // No pubkey available
}
return verify_admin_pubkey(event_pubkey);
return 0; // Temporarily disabled - needs integration with centralized system
}
int verify_admin_pubkey(const char* event_pubkey) {

54
src/bud04.c
View File

@@ -373,53 +373,15 @@ void handle_mirror_request(void) {
const char* auth_header = getenv("HTTP_AUTHORIZATION");
const char* expected_hash = NULL;
const char* uploader_pubkey = NULL;
static char pubkey_buffer[256];
if (auth_header) {
// Use unified request validation system
nostr_request_t request = {
.operation = "upload",
.auth_header = auth_header,
.event = NULL,
.resource_hash = NULL,
.mime_type = NULL,
.file_size = 0,
.client_ip = getenv("REMOTE_ADDR"),
.app_context = NULL
};
nostr_request_result_t result;
int auth_result = nostr_validate_request(&request, &result);
if (auth_result != NOSTR_SUCCESS || !result.valid) {
const char* error_type = "authentication_failed";
const char* message = "Invalid authentication";
const char* details = result.reason[0] ? result.reason : "The provided authorization is invalid";
// Provide more specific error messages based on the reason
if (strstr(result.reason, "whitelist")) {
error_type = "pubkey_not_whitelisted";
message = "Public key not authorized";
} else if (strstr(result.reason, "blacklist")) {
error_type = "access_denied";
message = "Access denied by policy";
}
send_error_response(401, error_type, message, details);
log_request("PUT", "/mirror", "auth_failed", 401);
return;
}
// Extract uploader pubkey from validation result
if (result.pubkey[0]) {
strncpy(pubkey_buffer, result.pubkey, sizeof(pubkey_buffer)-1);
pubkey_buffer[sizeof(pubkey_buffer)-1] = '\0';
uploader_pubkey = pubkey_buffer;
}
// For mirror operations, we don't need to extract the expected hash here
// The unified validation system handles hash validation internally
// We just need the pubkey for metadata storage
// NOTE: Authorization validation now handled by centralized validation system in main.c
// This handler receives pre-validated requests, so if we reach here with auth_header,
// the authentication was already successful
// TODO: Extract uploader pubkey from centralized validation results
// For now, set a placeholder until integration is complete
uploader_pubkey = "authenticated_user";
}
// Download the blob

42
src/bud06.c
View File

@@ -216,45 +216,9 @@ void handle_head_upload_request(void) {
const char* auth_status = "none";
if (auth_header) {
// Validate authorization if provided
nostr_request_t request = {
.operation = "upload",
.auth_header = auth_header,
.event = NULL,
.resource_hash = sha256,
.mime_type = content_type,
.file_size = content_length,
.client_ip = getenv("REMOTE_ADDR"),
.app_context = NULL
};
nostr_request_result_t result;
int auth_result = nostr_validate_request(&request, &result);
if (auth_result != NOSTR_SUCCESS || !result.valid) {
const char* error_type = "authentication_failed";
const char* message = "Invalid or expired authentication";
const char* details = result.reason[0] ? result.reason : "Authentication validation failed";
// Provide more specific error messages based on the reason
if (strstr(result.reason, "whitelist")) {
error_type = "pubkey_not_whitelisted";
message = "Public key not authorized";
details = result.reason;
} else if (strstr(result.reason, "blacklist")) {
error_type = "access_denied";
message = "Access denied by policy";
details = result.reason;
} else if (strstr(result.reason, "size")) {
error_type = "file_too_large";
message = "File size exceeds policy limits";
details = result.reason;
}
send_upload_error_response(401, error_type, message, details);
log_request("HEAD", "/upload", "auth_failed", 401);
return;
}
// NOTE: Authorization validation now handled by centralized validation system in main.c
// This handler receives pre-validated requests, so if we reach here with auth_header,
// the authentication was already successful
auth_status = "authenticated";
}

27
src/ginxsom.h
View File

@@ -77,6 +77,21 @@ typedef struct {
void* app_context; // Application context (unused, for compatibility)
} nostr_request_t;
// Extended request structure for unified API
typedef struct {
const char* operation; // Operation type ("upload", "delete", "list", "publish", "admin")
const char* auth_header; // Raw authorization header (optional)
cJSON* event; // Parsed NOSTR event for validation (optional)
const char* resource_hash; // Resource hash (SHA-256, optional)
const char* mime_type; // MIME type (optional)
long file_size; // File size (optional)
const char* request_url; // Request URL for NIP-42 relay URL validation (optional)
const char* challenge_id; // Challenge ID for NIP-42 verification (optional)
int nip42_enabled; // Whether NIP-42 authentication is enabled
const char* client_ip; // Client IP address (optional)
void* app_context; // Application context (unused, for compatibility)
} nostr_unified_request_t;
typedef struct {
int valid; // 0 = invalid/denied, 1 = valid/allowed
int error_code; // NOSTR_SUCCESS or specific error code
@@ -98,13 +113,19 @@ int nostr_sha256(const unsigned char* data, size_t len, unsigned char* hash);
void nostr_bytes_to_hex(const unsigned char* bytes, size_t len, char* hex_out);
int nostr_crypto_init(void);
int nostr_validate_request(const nostr_request_t* request, nostr_request_result_t* result);
int nostr_request_validator_init(const char* db_path, const char* app_name);
// Unified API function (main entry point)
int nostr_validate_unified_request(const nostr_unified_request_t* request, nostr_request_result_t* result);
int ginxsom_request_validator_init(const char* db_path, const char* app_name);
int nostr_auth_rules_enabled(void);
void nostr_request_validator_cleanup(void);
void ginxsom_request_validator_cleanup(void);
void nostr_request_validator_force_cache_refresh(void);
int nostr_request_validator_generate_nip42_challenge(void* challenge_struct, const char* client_ip);
// New NIP-42 challenge management functions
int nostr_generate_nip42_challenge(char* challenge_out, size_t challenge_size, const char* client_ip);
const char* nostr_request_validator_get_last_violation_type(void);
void nostr_request_validator_clear_violation(void);
// Upload handling
void handle_upload_request(void);

2672
src/main.c
View File

File diff suppressed because it is too large Load Diff

1934
src/request_validator.c
View File

File diff suppressed because it is too large Load Diff