Pay to relay creating tons of invoices

[davidhrinaldo]

I flipped pay_to_relay on yesterday and almost immediately noticed that it was sending hundreds of DMs and creating a ton of invoices. The people it was DMing are not subscribed to my relay and I believe it was only emitting the messages to my relay so I don't think I was actually spamming anyone.

The DMs were an annoyance so I turned the them off with direct_message = false but I'm still getting hundreds of invoices created on my node. Is there a way to only have nostr-rs create an invoice when someone uses the /join form?

[davidhrinaldo]

Here's my config.toml

[info]
relay_url = "wss://nostr.dvdt.dev/"
name = "dvdt.dev relay"
description = "dvdt.dev Nostr Relay"
pubkey = "74a58d4a97e7d524b01a6820553d718e7bcaf192c8eb9ed9392ad22399bb1aa7"
contact = "mailto:[email protected]"

[diagnostics]

[database]

[grpc]

[network]
address = "0.0.0.0"
port = 8080

[options]

[limits]
messages_per_sec = 5
subscriptions_per_min = 10

[authorization]

[verified_users]
mode = "enabled"
domain_whitelist = ["dvdt.dev"]
verify_expiration = "1 week"

[pay_to_relay]
enabled = true
admission_cost = 1000
node_url = "<redacted>"
api_secret = "<redacted>"
terms_message = "<removed for readability>"
sign_ups = true
secret_key = "<redacted>"
direct_message = false

[thesimplekid]

I flipped pay_to_relay on yesterday and almost immediately noticed that it was sending hundreds of DMs and creating a ton of invoices. The people it was DMing are not subscribed to my relay and I believe it was only emitting the messages to my relay so I don't think I was actually spamming anyone.

You're right that if they are not subscribed they will not get the DMs as it does not publish the events to any other relays. Are you seeing events from these pubkeys being posted to your relay, this is when it creates the invoice and DMs it to them?

The DMs were an annoyance so I turned the them off with direct_message = false but I'm still getting hundreds of invoices created on my node. Is there a way to only have nostr-rs create an invoice when someone uses the /join form?

I think this is the better way to do it. Initially the though was it is more convenient to be able to sign up to a relay just by adding it to your relay list in your chosen nostr client, receive a DM and pay the invoice. However, in the current implementation it seems its more of a mechanism for spam then a convenience as you're not the first person to report this issue.

This shouldn't be too difficult of a change, I should be able to find some time over the next week to submit a PR.

[thesimplekid]

Using #173 and with the default of direct_message to false should fix this.

[davidhrinaldo]

Looks reasonable to me but I have not had a chance to test yet. I run nostr-rs in docker so need to build a container.

I'm going to try this out in the next day or so.

[davidhrinaldo]

Hey @thesimplekid, sorry it's taken me a while to get this tested. Had some issues with my node and had to rebuild.

I've built this and tried it out and I'm still getting invoices created in LNBits. I've got these relevant configs set:

...
[pay_to_relay]
enabled = true
sign_ups = true
direct_message = false
...

To be sure, I repulled the remove-dms branch and rebuilt the image and same outcome.

[thesimplekid]

Its possible a bot is sending requests to the /join endpoint creating the events and its not getting created by those publishing events to the relay. I'll have to take a look at what is being logged so we can tell for sure.

[thesimplekid]

In thesimplekid@9736ecd I added a debug log statement where it will log the pubkey of the user it is creating the invoice for if its from the /join endpoint. I think this is what is happening as when I publish events from unknown pubkeys invoices are not created. Unfortunately there isn't a way to stop this without adding some sort of captcha to the page.

[stefanoskapa]

Same here. Even after setting direct_message=false, the requests keep comming from /join. I'm looking into integrating a captcha