refactor framework interface, simplify basic and whitelisted, bring expensive on and rewrite it.

2026-06-08 13:49:41 +02:00 · 2022-07-24 16:55:59 -03:00
parent 84f7d34840
commit aa96fa0a21
28 changed files with 743 additions and 369 deletions
--- a/storage/postgresql/delete.go
+++ b/storage/postgresql/delete.go
@@ -0,0 +1,6 @@
+package postgresql
+
+func (b PostgresBackend) DeleteEvent(id string, pubkey string) error {
+	_, err := b.DB.Exec("DELETE FROM events WHERE id = $1 AND pubkey = $2")
+	return err
+}
--- a/storage/postgresql/init.go
+++ b/storage/postgresql/init.go
@@ -0,0 +1,45 @@
+package postgresql
+
+import (
+	"github.com/fiatjaf/relayer"
+	"github.com/jmoiron/sqlx"
+	"github.com/jmoiron/sqlx/reflectx"
+)
+
+func (b *PostgresBackend) Init() error {
+	db, err := sqlx.Connect("postgres", b.DatabaseURL)
+	if err != nil {
+		return err
+	}
+
+	db.Mapper = reflectx.NewMapperFunc("json", sqlx.NameMapper)
+	b.DB = db
+
+	_, err = b.DB.Exec(`
+CREATE FUNCTION tags_to_tagvalues(jsonb) RETURNS text[]
+    AS 'SELECT array_agg(t->>1) FROM (SELECT jsonb_array_elements($1) AS t)s WHERE length(array_agg(t->>0)) = 1;'
+    LANGUAGE SQL
+    IMMUTABLE
+    RETURNS NULL ON NULL INPUT;
+
+CREATE TABLE IF NOT EXISTS event (
+  id text NOT NULL,
+  pubkey text NOT NULL,
+  created_at integer NOT NULL,
+  kind integer NOT NULL,
+  tags jsonb NOT NULL,
+  content text NOT NULL,
+  sig text NOT NULL,
+
+  tagvalues text[] GENERATED ALWAYS AS (tags_to_tagvalues(tags)) STORED
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS ididx ON event USING btree (id text_pattern_ops);
+CREATE INDEX IF NOT EXISTS pubkeyprefix ON event USING btree (pubkey text_pattern_ops);
+CREATE INDEX IF NOT EXISTS timeidx ON event (created_at);
+CREATE INDEX IF NOT EXISTS kindidx ON event (kind);
+CREATE INDEX IF NOT EXISTS arbitrarytagvalues ON event USING gin (tagvalues);
+    `)
+	relayer.Log.Print(err)
+	return nil
+}
--- a/storage/postgresql/postgresql.go
+++ b/storage/postgresql/postgresql.go
@@ -0,0 +1,10 @@
+package postgresql
+
+import (
+	"github.com/jmoiron/sqlx"
+)
+
+type PostgresBackend struct {
+	*sqlx.DB
+	DatabaseURL string
+}
--- a/storage/postgresql/query.go
+++ b/storage/postgresql/query.go
@@ -0,0 +1,160 @@
+package postgresql
+
+import (
+	"database/sql"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/fiatjaf/go-nostr"
+	"github.com/fiatjaf/relayer"
+)
+
+func (b PostgresBackend) QueryEvents(filter *nostr.Filter) (events []nostr.Event, err error) {
+	var conditions []string
+	var params []any
+
+	if filter == nil {
+		err = errors.New("filter cannot be null")
+		return
+	}
+
+	if filter.IDs != nil {
+		if len(filter.IDs) > 500 {
+			// too many ids, fail everything
+			return
+		}
+
+		likeids := make([]string, 0, len(filter.IDs))
+		for _, id := range filter.IDs {
+			// to prevent sql attack here we will check if
+			// these ids are valid 32byte hex
+			parsed, err := hex.DecodeString(id)
+			if err != nil || len(parsed) <= 32 {
+				continue
+			}
+			likeids = append(likeids, fmt.Sprintf("id LIKE '%x%%'", parsed))
+		}
+		if len(likeids) == 0 {
+			// ids being [] mean you won't get anything
+			return
+		}
+		conditions = append(conditions, "("+strings.Join(likeids, " OR ")+")")
+	}
+
+	if filter.Authors != nil {
+		if len(filter.Authors) > 500 {
+			// too many authors, fail everything
+			return
+		}
+
+		likekeys := make([]string, 0, len(filter.Authors))
+		for _, key := range filter.Authors {
+			// to prevent sql attack here we will check if
+			// these keys are valid 32byte hex
+			parsed, err := hex.DecodeString(key)
+			if err != nil || len(parsed) != 32 {
+				continue
+			}
+			likekeys = append(likekeys, fmt.Sprintf("pubkey LIKE '%x%%'", parsed))
+		}
+		if len(likekeys) == 0 {
+			// authors being [] mean you won't get anything
+			return
+		}
+		conditions = append(conditions, "("+strings.Join(likekeys, " OR ")+")")
+	}
+
+	if filter.Kinds != nil {
+		if len(filter.Kinds) > 10 {
+			// too many kinds, fail everything
+			return
+		}
+
+		if len(filter.Kinds) == 0 {
+			// kinds being [] mean you won't get anything
+			return
+		}
+		// no sql injection issues since these are ints
+		inkinds := make([]string, len(filter.Kinds))
+		for i, kind := range filter.Kinds {
+			inkinds[i] = strconv.Itoa(kind)
+		}
+		conditions = append(conditions, `kind IN (`+strings.Join(inkinds, ",")+`)`)
+	}
+
+	tagQuery := make([]string, 0, 1)
+	for _, values := range filter.Tags {
+		if len(values) == 0 {
+			// any tag set to [] is wrong
+			return
+		}
+
+		// add these tags to the query
+		tagQuery = append(tagQuery, values...)
+
+		if len(tagQuery) > 10 {
+			// too many tags, fail everything
+			return
+		}
+	}
+
+	if len(tagQuery) > 0 {
+		arrayBuild := make([]string, len(tagQuery))
+		for i, tagValue := range tagQuery {
+			arrayBuild[i] = "?"
+			params = append(params, tagValue)
+		}
+
+		// we use a very bad implementation in which we only check the tag values and
+		// ignore the tag names
+		conditions = append(conditions,
+			"tagvalues && ARRAY["+strings.Join(arrayBuild, ",")+"]")
+	}
+
+	if filter.Since != nil {
+		conditions = append(conditions, "created_at > ?")
+		params = append(params, filter.Since.Unix())
+	}
+	if filter.Until != nil {
+		conditions = append(conditions, "created_at < ?")
+		params = append(params, filter.Until.Unix())
+	}
+
+	if len(conditions) == 0 {
+		// fallback
+		conditions = append(conditions, "true")
+	}
+
+	query := b.DB.Rebind(`SELECT
+      id, pubkey, created_at, kind, tags, content, sig
+    FROM event WHERE ` +
+		strings.Join(conditions, " AND ") +
+		" ORDER BY created_at LIMIT 100")
+
+	rows, err := b.DB.Query(query, params...)
+	if err != nil && err != sql.ErrNoRows {
+		relayer.Log.Warn().Err(err).
+			Interface("filter", filter).
+			Str("query", query).
+			Msg("failed to fetch events")
+		return nil, fmt.Errorf("failed to fetch events: %w", err)
+	}
+
+	for rows.Next() {
+		var evt nostr.Event
+		var timestamp int64
+		err := rows.Scan(&evt.ID, &evt.PubKey, &timestamp,
+			&evt.Kind, &evt.Tags, &evt.Content, &evt.Sig)
+		if err != nil {
+			return nil, fmt.Errorf("failed to scan row: %w", err)
+		}
+		evt.CreatedAt = time.Unix(timestamp, 0)
+		events = append(events, evt)
+	}
+
+	return events, nil
+}
--- a/storage/postgresql/save.go
+++ b/storage/postgresql/save.go
@@ -0,0 +1,45 @@
+package postgresql
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/fiatjaf/go-nostr"
+)
+
+func (b *PostgresBackend) SaveEvent(evt *nostr.Event) error {
+	// react to different kinds of events
+	if evt.Kind == nostr.KindSetMetadata || evt.Kind == nostr.KindContactList || (10000 <= evt.Kind && evt.Kind < 20000) {
+		// delete past events from this user
+		b.DB.Exec(`DELETE FROM event WHERE pubkey = $1 AND kind = $2`, evt.PubKey, evt.Kind)
+	} else if evt.Kind == nostr.KindRecommendServer {
+		// delete past recommend_server events equal to this one
+		b.DB.Exec(`DELETE FROM event WHERE pubkey = $1 AND kind = $2 AND content = $3`,
+			evt.PubKey, evt.Kind, evt.Content)
+	}
+
+	// insert
+	tagsj, _ := json.Marshal(evt.Tags)
+	_, err := b.DB.Exec(`
+        INSERT INTO event (id, pubkey, created_at, kind, tags, content, sig)
+        VALUES ($1, $2, $3, $4, $5, $6, $7)
+    `, evt.ID, evt.PubKey, evt.CreatedAt.Unix(), evt.Kind, tagsj, evt.Content, evt.Sig)
+	if err != nil {
+		if strings.Index(err.Error(), "UNIQUE") != -1 {
+			// already exists
+			return nil
+		}
+
+		return fmt.Errorf("failed to save event %s: %w", evt.ID, err)
+	}
+
+	// delete ephemeral events after a minute
+	go func() {
+		time.Sleep(75 * time.Second)
+		b.DB.Exec("DELETE FROM event WHERE id = $1", evt.ID)
+	}()
+
+	return nil
+}