chore: enforce max/min created_at deviation

2025-03-29 11:12:20 +01:00 · 2022-09-20 20:49:45 +00:00 · 2022-09-20 20:49:45 +00:00 · dd6850f3b2
commit dd6850f3b2
parent 6cf2b8cddf
2 changed files with 30 additions and 0 deletions
--- a/src/handlers/event-message-handler.ts
+++ b/src/handlers/event-message-handler.ts
@ -5,6 +5,8 @@ import { Event } from '../@types/event'
 import { Factory } from '../@types/base'
 import { IncomingEventMessage } from '../@types/messages'
 import { IWebSocketAdapter } from '../@types/adapters'
+import { Settings } from '../utils/settings'
+import { WebSocketAdapterEvent } from '../constants/adapter'

 export class EventMessageHandler implements IMessageHandler {
  public constructor(
@ -14,6 +16,14 @@ export class EventMessageHandler implements IMessageHandler {

  public async handleMessage(message: IncomingEventMessage): Promise<void> {
    const [, event] = message
+
+    const reason = this.canAcceptEvent(event)
+    if (reason) {
+      this.webSocket.emit(WebSocketAdapterEvent.Message, `Event rejected: ${reason}`)
+      console.error(`Event ${event.id} rejected. Reason: ${reason}`)
+      return
+    }
+
    console.log('Received event:', event)
    if (!await isEventSignatureValid(event) || !isEventIdValid(event)) {
      console.warn(`Event ${event.id} from ${event.pubkey} with signature ${event.sig} is not valid`)
@ -42,4 +52,20 @@ export class EventMessageHandler implements IMessageHandler {
      console.error('Error handling message:', message, error)
    }
  }
+
+  private canAcceptEvent(event: Event): string | undefined {
+    const now = Math.floor(Date.now()/1000)
+    const limits = Settings.limits.event
+    if (limits.createdAt.maxPositiveDelta > 0) {
+      if (event.created_at > now + limits.createdAt.maxPositiveDelta) {
+        return `created_at is more than ${limits.createdAt.maxPositiveDelta} seconds in the future`
+      }
+    }
+
+    if (limits.createdAt.maxNegativeDelta > 0) {
+      if (event.created_at < now - limits.createdAt.maxNegativeDelta) {
+        return `created_at is more than ${limits.createdAt.maxNegativeDelta} seconds in the past`
+      }
+    }
+  }
 }
--- a/src/utils/settings.ts
+++ b/src/utils/settings.ts
@ -36,6 +36,10 @@ const getDefaultSettings = (): ISettings => ({
        whitelist: [],
        blacklist: [],
      },
+      createdAt: {
+        maxPositiveDelta: 900, // +15 min
+        maxNegativeDelta: 31536000, // -1 year
+      },
    },
    client: {
      subscription: {