hints: prevent malicious timestamp hints to bork calculations.

2025-03-17 21:32:56 +01:00 · 2024-11-28 21:29:47 -03:00 · 2024-11-28 21:29:47 -03:00 · 9df2fc8d7b
commit 9df2fc8d7b
parent 2519cab5ae
2 changed files with 11 additions and 3 deletions
--- a/sdk/hints/memory/db.go
+++ b/sdk/hints/memory/db.go
@ -27,6 +27,10 @@ func NewHintDB() *HintDB {
 }

 func (db *HintDB) Save(pubkey string, relay string, key hints.HintKey, ts nostr.Timestamp) {
+	if now := nostr.Now(); ts > now {
+		ts = now
+	}
+
 	relayIndex := slices.Index(db.RelayBySerial, relay)
 	if relayIndex == -1 {
 		relayIndex = len(db.RelayBySerial)
--- a/sdk/hints/sqlite/db.go
+++ b/sdk/hints/sqlite/db.go
@ -87,11 +87,15 @@ func (sh SQLiteHints) TopN(pubkey string, n int) []string {
 	return res
 }

-func (sh SQLiteHints) Save(pubkey string, relay string, key hints.HintKey, score nostr.Timestamp) {
-	_, err := sh.saves[key].Exec(pubkey, relay, score, score)
+func (sh SQLiteHints) Save(pubkey string, relay string, key hints.HintKey, ts nostr.Timestamp) {
+	if now := nostr.Now(); ts > now {
+		ts = now
+	}
+
+	_, err := sh.saves[key].Exec(pubkey, relay, ts, ts)
 	if err != nil {
 		nostr.InfoLogger.Printf("[sdk/hints/sqlite] unexpected error on insert for %s, %s, %d: %s\n",
-			pubkey, relay, score, err)
+			pubkey, relay, ts, err)
 	}
 }