Skip to content

Commit

Permalink
validation: add max post size (#108)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ice-dionysos
ice-dionysos authored Feb 7, 2025
1 parent 79eb62f commit 8a99a21
Show file tree
Hide file tree
Showing 8 changed files with 49 additions and 10 deletions.
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,15 +120,15 @@ require (
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/arch v0.14.0 // indirect
golang.org/x/crypto v0.32.0 // indirect
golang.org/x/exp v0.0.0-20250128182459-e0ece0dbea4c // indirect
golang.org/x/exp v0.0.0-20250207012021-f9890c6ad9f3 // indirect
golang.org/x/image v0.24.0 // indirect
golang.org/x/mod v0.23.0 // indirect
golang.org/x/sync v0.11.0 // indirect
golang.org/x/sys v0.30.0 // indirect
golang.org/x/term v0.29.0 // indirect
golang.org/x/text v0.22.0 // indirect
golang.org/x/tools v0.29.0 // indirect
google.golang.org/protobuf v1.36.4 // indirect
google.golang.org/protobuf v1.36.5 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
8 changes: 4 additions & 4 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -401,8 +401,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
golang.org/x/exp v0.0.0-20250128182459-e0ece0dbea4c h1:KL/ZBHXgKGVmuZBZ01Lt57yE5ws8ZPSkkihmEyq7FXc=
golang.org/x/exp v0.0.0-20250128182459-e0ece0dbea4c/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU=
golang.org/x/exp v0.0.0-20250207012021-f9890c6ad9f3 h1:qNgPs5exUA+G0C96DrPwNrvLSj7GT/9D+3WMWUcUg34=
golang.org/x/exp v0.0.0-20250207012021-f9890c6ad9f3/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU=
golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
golang.org/x/image v0.24.0 h1:AN7zRgVsbvmTfNyqIbbOraYL8mSwcKncEj8ofjgzcMQ=
Expand Down Expand Up @@ -534,8 +534,8 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down
3 changes: 3 additions & 0 deletions server/ws/.testdata/application.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

validation:
max-wrapped-event-expiration: 720h
max-content-sizes:
30023: 65535
30175: 65535

server:
ws:
Expand Down
3 changes: 3 additions & 0 deletions subzero_ion_connect.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

validation:
max-wrapped-event-expiration: 720h
max-content-sizes:
30023: 65535
30175: 65535

server:
relay-url: &self "wss://example.com"
Expand Down
3 changes: 3 additions & 0 deletions validation/.testdata/application.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

validation:
max-wrapped-event-expiration: 720h
max-content-sizes:
30023: 65535
30175: 65535

database:
query:
Expand Down
10 changes: 10 additions & 0 deletions validation/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
type (
config struct {
MaxWrappedEventExpiration time.Duration `yaml:"max-wrapped-event-expiration"`
MaxContentSizes map[int]int `yaml:"max-content-sizes"` // Kind -> size (bytes).
}
)

Expand All @@ -21,3 +22,12 @@ var (
func init() {
globalConfig = cfg.MustGet[config]()
}

func (c *config) MaxContentSizeOf(kind int) int {
if c != nil {
if size, ok := c.MaxContentSizes[kind]; ok {
return size
}
}
return 0
}
17 changes: 17 additions & 0 deletions validation/config_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
// SPDX-License-Identifier: ice License 1.0

package validation

import (
"testing"

"github.com/nbd-wtf/go-nostr"
"github.com/stretchr/testify/require"
)

func TestGlobalMaxPostSizeOf(t *testing.T) {
t.Parallel()

require.Equal(t, 0, globalConfig.MaxContentSizeOf(0))
require.Equal(t, 0xffff, globalConfig.MaxContentSizeOf(nostr.KindArticle))
}
11 changes: 7 additions & 4 deletions validation/validate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,9 @@ func Validate(ctx context.Context, e *model.Event) error {
if err := validateEventTags(e); err != nil {
return errors.Wrapf(err, "event: %+v", e)
}
if actualSize, maxSize := len(e.Content), globalConfig.MaxContentSizeOf(e.Kind); maxSize > 0 && actualSize > maxSize {
return errors.Wrapf(ErrWrongEventParams, "content is too long %d, max is %d", actualSize, maxSize)
}
switch e.Kind {
case nostr.KindProfileMetadata:
return validateKindProfileMetadataEvent(e)
Expand Down Expand Up @@ -496,9 +499,9 @@ func Validate(ctx context.Context, e *model.Event) error {
return validateKindProfileBadgesEvent(e)
case nostr.KindBadgeDefinition:
return validateKindBadgeDefinitionEvent(e)
case nostr.KindArticle, nostr.KindDraftArticle:
if e.Content == "" {
return errors.Wrap(ErrWrongEventParams, "nip-23: this kind should have text markdown content")
case nostr.KindArticle, nostr.KindDraftArticle, model.CustomIONKindEditableTextNote:
if len(e.Content) < 1 {
return errors.Wrap(ErrWrongEventParams, "content is empty or too short")
}
if err := validatePostCommunityEvent(ctx, e); err != nil {
return err
Expand All @@ -515,7 +518,7 @@ func Validate(ctx context.Context, e *model.Event) error {
case model.CustomIONKindCommunityBanUser:
return validateCustomIONKindCommunityBanUserEvent(ctx, e)
default:
if e.Kind >= 6000 && e.Kind <= 6999 {
if e.IsJobResponse() {
return validateKindJobResult(e)
}
}
Expand Down

0 comments on commit 8a99a21

Please sign in to comment.