nostr-rs-relay/src/conn.rs at master · scsibug/nostr-rs-relay · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
//! Client connection state
use std::collections::HashMap;

use tracing::{debug, trace};
use uuid::Uuid;

use crate::close::Close;
use crate::conn::Nip42AuthState::{AuthPubkey, Challenge, NoAuth};
use crate::error::Error;
use crate::error::Result;
use crate::event::Event;
use crate::subscription::Subscription;
use crate::utils::{host_str, unix_time};

/// A subscription identifier has a maximum length
const MAX_SUBSCRIPTION_ID_LEN: usize = 256;

/// NIP-42 authentication state
pub enum Nip42AuthState {
    /// The client is not authenticated yet
    NoAuth,
    /// The AUTH challenge sent
    Challenge(String),
    /// The client is authenticated
    AuthPubkey(String),
}

/// State for a client connection
pub struct ClientConn {
    /// Client IP (either from socket, or configured proxy header
    client_ip_addr: String,
    /// Unique client identifier generated at connection time
    client_id: Uuid,
    /// The current set of active client subscriptions
    subscriptions: HashMap<String, Subscription>,
    /// Per-connection maximum concurrent subscriptions
    max_subs: usize,
    /// NIP-42 AUTH
    auth: Nip42AuthState,
}

impl Default for ClientConn {
    fn default() -> Self {
        Self::new("unknown".to_owned())
    }
}

impl ClientConn {
    /// Create a new, empty connection state.
    #[must_use]
    pub fn new(client_ip_addr: String) -> Self {
        let client_id = Uuid::new_v4();
        ClientConn {
            client_ip_addr,
            client_id,
            subscriptions: HashMap::new(),
            max_subs: 32,
            auth: NoAuth,
        }
    }

    #[must_use]
    pub fn subscriptions(&self) -> &HashMap<String, Subscription> {
        &self.subscriptions
    }

    /// Check if the given subscription already exists
    #[must_use]
    pub fn has_subscription(&self, sub: &Subscription) -> bool {
        self.subscriptions.values().any(|x| x == sub)
    }

    /// Get a short prefix of the client's unique identifier, suitable
    /// for logging.
    #[must_use]
    pub fn get_client_prefix(&self) -> String {
        self.client_id.to_string().chars().take(8).collect()
    }

    #[must_use]
    pub fn ip(&self) -> &str {
        &self.client_ip_addr
    }

    #[must_use]
    pub fn auth_pubkey(&self) -> Option<&String> {
        match &self.auth {
            AuthPubkey(pubkey) => Some(pubkey),
            _ => None,
        }
    }

    #[must_use]
    pub fn auth_challenge(&self) -> Option<&String> {
        match &self.auth {
            Challenge(pubkey) => Some(pubkey),
            _ => None,
        }
    }

    /// Add a new subscription for this connection.
    /// # Errors
    ///
    /// Will return `Err` if the client has too many subscriptions, or
    /// if the provided name is excessively long.
    pub fn subscribe(&mut self, s: Subscription) -> Result<()> {
        let k = s.get_id();
        let sub_id_len = k.len();
        // prevent arbitrarily long subscription identifiers from
        // being used.
        if sub_id_len > MAX_SUBSCRIPTION_ID_LEN {
            debug!(
                "ignoring sub request with excessive length: ({})",
                sub_id_len
            );
            return Err(Error::SubIdMaxLengthError);
        }
        // check if an existing subscription exists, and replace if so
        if self.subscriptions.contains_key(&k) {
            self.subscriptions.remove(&k);
            self.subscriptions.insert(k, s.clone());
            trace!(
                "replaced existing subscription (cid: {}, sub: {:?})",
                self.get_client_prefix(),
                s.get_id()
            );
            return Ok(());
        }

        // check if there is room for another subscription.
        if self.subscriptions.len() >= self.max_subs {
            return Err(Error::SubMaxExceededError);
        }
        // add subscription
        self.subscriptions.insert(k, s);
        trace!(
            "registered new subscription, currently have {} active subs (cid: {})",
            self.subscriptions.len(),
            self.get_client_prefix(),
        );
        Ok(())
    }

    /// Remove the subscription for this connection.
    pub fn unsubscribe(&mut self, c: &Close) {
        // TODO: return notice if subscription did not exist.
        self.subscriptions.remove(&c.id);
        trace!(
            "removed subscription, currently have {} active subs (cid: {})",
            self.subscriptions.len(),
            self.get_client_prefix(),
        );
    }

    pub fn generate_auth_challenge(&mut self) {
        self.auth = Challenge(Uuid::new_v4().to_string());
    }

    pub fn authenticate(&mut self, event: &Event, relay_url: &str) -> Result<()> {
        match &self.auth {
            Challenge(_) => (),
            AuthPubkey(_) => {
                // already authenticated
                return Ok(());
            }
            NoAuth => {
                // unexpected AUTH request
                return Err(Error::AuthFailure);
            }
        }
        match event.validate() {
            Ok(_) => {
                if event.kind != 22242 {
                    return Err(Error::AuthFailure);
                }

                let curr_time = unix_time();
                let past_cutoff = curr_time - 600; // 10 minutes
                let future_cutoff = curr_time + 600; // 10 minutes
                if event.created_at < past_cutoff || event.created_at > future_cutoff {
                    return Err(Error::AuthFailure);
                }

                let mut challenge: Option<&str> = None;
                let mut relay: Option<&str> = None;

                for tag in &event.tags {
                    if tag.len() == 2 && tag.first() == Some(&"challenge".into()) {
                        challenge = tag.get(1).map(|x| x.as_str());
                    }
                    if tag.len() == 2 && tag.first() == Some(&"relay".into()) {
                        relay = tag.get(1).map(|x| x.as_str());
                    }
                }

                match (challenge, &self.auth) {
                    (Some(received_challenge), Challenge(sent_challenge)) => {
                        if received_challenge != sent_challenge {
                            return Err(Error::AuthFailure);
                        }
                    }
                    (_, _) => {
                        return Err(Error::AuthFailure);
                    }
                }

                match (relay.and_then(host_str), host_str(relay_url)) {
                    (Some(received_relay), Some(our_relay)) => {
                        if received_relay != our_relay {
                            return Err(Error::AuthFailure);
                        }
                    }
                    (_, _) => {
                        return Err(Error::AuthFailure);
                    }
                }

                self.auth = AuthPubkey(event.pubkey.clone());
                trace!(
                    "authenticated pubkey {} (cid: {})",
                    event.pubkey.chars().take(8).collect::<String>(),
                    self.get_client_prefix()
                );
                Ok(())
            }
            Err(_) => Err(Error::AuthFailure),
        }
    }
}