mirror
/
nostr
kopia lustrzana https://github.com/nostr-protocol/nostr
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

SSE endpoint with POST and a binary body with 16-byte key prefixes.

sse-post-key-prefixes
fiatjaf 2020-11-18 08:36:28 -03:00
rodzic ba1a8f69a1
commit 3b9298a308
2 zmienionych plików z 31 dodań i 13 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

42
relay/listener.go
Wyświetl plik

@ -13,6 +13,8 @@ import (
"gopkg.in/antage/eventsource.v1"
)
const BYTES_PER_KEY = 16
var sessions = make(map[string]*eventsource.EventSource)
var backsessions = make(map[*eventsource.EventSource]string)
var slock = sync.Mutex{}
@ -47,9 +49,6 @@ func listenUpdates(w http.ResponseWriter, r *http.Request) {
}
}
// will return past items then track changes from these keys:
keys, _ := r.URL.Query()["key"]
es = eventsource.New(
&eventsource.Settings{
Timeout: time.Second * 5,
@ -88,21 +87,40 @@ func listenUpdates(w http.ResponseWriter, r *http.Request) {
es.ServeHTTP(w, r)
// past events
inkeys := make([]string, 0, len(keys))
for _, key := range keys {
// to prevent sql attack here we will check if these keys are valid 32-byte hex
parsed, err := hex.DecodeString(key)
if err != nil || len(parsed) != 32 {
continue
// grab keys from which we will return items and track new events:
defer r.Body.Close()
var nkeys = make([]byte, 1)
_, err = r.Body.Read(nkeys)
if err != nil {
log.Warn().Err(err).Msg("failed to read number of keys")
w.WriteHeader(400)
return
}
keys := make([]string, int(nkeys[0]))
for k := 0; k < int(nkeys[0]); k++ {
var key = make([]byte, BYTES_PER_KEY)
_, err = r.Body.Read(key)
if err != nil {
log.Warn().Err(err).Msg("failed to read key")
w.WriteHeader(400)
return
}
inkeys = append(inkeys, fmt.Sprintf("'%x'", parsed))
keys[k] = hex.EncodeToString(key)
}
// past events
likekeys := make([]string, len(keys))
for k, key := range keys {
// this is not an sql attack because we know we are using hex keys only
likekeys[k] = fmt.Sprintf("pubkey LIKE '%x%%'", key)
}
var lastUpdates []Event
err := db.Select(&lastUpdates, `
SELECT *, (SELECT count(*) FROM event AS r WHERE r.ref = event.id) AS rel
FROM event
WHERE pubkey IN (`+strings.Join(inkeys, ",")+`)
WHERE `+strings.Join(likekeys, " OR ")+`
ORDER BY created_at DESC
LIMIT 50
`)

2
relay/main.go
Wyświetl plik

@ -38,7 +38,7 @@ func main() {
}
router.Path("/query_users").Methods("GET").HandlerFunc(queryUsers)
router.Path("/listen_updates").Methods("GET").HandlerFunc(listenUpdates)
router.Path("/listen_updates").Methods("POST").HandlerFunc(listenUpdates)
router.Path("/save_update").Methods("POST").HandlerFunc(saveUpdate)
router.Path("/request_user").Methods("POST").HandlerFunc(requestUser)
router.Path("/request_note").Methods("POST").HandlerFunc(requestNote)