silberengel
/
next.orly.dev
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

self-detection elides self url at startup, handles multiple DNS pointers

main
mleku 2 months ago
parent
1522bfab2e
commit
a03af8e05a
No known key found for this signature in database
4 changed files with 218 additions and 89 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 71
      pkg/spider/spider.go
  2. 109
      pkg/sync/cluster.go
  3. 79
      pkg/sync/manager.go
  4. 2
      pkg/version/version

71
pkg/spider/spider.go
Unescape View File

@ -7,16 +7,18 @@ import (
"sync" "sync"
"time" "time"
"lol.mleku.dev/chk" "git.mleku.dev/mleku/nostr/crypto/keys"
"lol.mleku.dev/errorf"
"lol.mleku.dev/log"
"next.orly.dev/pkg/database"
"git.mleku.dev/mleku/nostr/encoders/filter" "git.mleku.dev/mleku/nostr/encoders/filter"
"git.mleku.dev/mleku/nostr/encoders/hex" "git.mleku.dev/mleku/nostr/encoders/hex"
"git.mleku.dev/mleku/nostr/encoders/tag" "git.mleku.dev/mleku/nostr/encoders/tag"
"git.mleku.dev/mleku/nostr/encoders/timestamp" "git.mleku.dev/mleku/nostr/encoders/timestamp"
"next.orly.dev/pkg/interfaces/publisher"
"git.mleku.dev/mleku/nostr/ws" "git.mleku.dev/mleku/nostr/ws"
"lol.mleku.dev/chk"
"lol.mleku.dev/errorf"
"lol.mleku.dev/log"
"next.orly.dev/pkg/database"
"next.orly.dev/pkg/interfaces/publisher"
dsync "next.orly.dev/pkg/sync"
) )
const ( const (
@ -55,6 +57,8 @@ type Spider struct {
// Configuration // Configuration
adminRelays []string adminRelays []string
followList [][]byte followList [][]byte
relayIdentityPubkey string // Our relay's identity pubkey (hex)
selfURLs map[string]bool // URLs discovered to be ourselves (for fast lookups)
// State management // State management
mu sync.RWMutex mu sync.RWMutex
@ -129,12 +133,22 @@ func New(ctx context.Context, db *database.D, pub publisher.I, mode string) (s *
} }
ctx, cancel := context.WithCancel(ctx) ctx, cancel := context.WithCancel(ctx)
// Get relay identity pubkey for self-detection
var relayPubkey string
if skb, err := db.GetRelayIdentitySecret(); err == nil && len(skb) == 32 {
pk, _ := keys.SecretBytesToPubKeyHex(skb)
relayPubkey = pk
}
s = &Spider{ s = &Spider{
ctx: ctx, ctx: ctx,
cancel: cancel, cancel: cancel,
db: db, db: db,
pub: pub, pub: pub,
mode: mode, mode: mode,
relayIdentityPubkey: relayPubkey,
selfURLs: make(map[string]bool),
connections: make(map[string]*RelayConnection), connections: make(map[string]*RelayConnection),
followListUpdated: make(chan struct{}, 1), followListUpdated: make(chan struct{}, 1),
} }
@ -254,9 +268,15 @@ func (s *Spider) updateConnections() {
return return
} }
// Update connections for current admin relays // Update connections for current admin relays (filtering out self)
currentRelays := make(map[string]bool) currentRelays := make(map[string]bool)
for _, url := range adminRelays { for _, url := range adminRelays {
// Check if this relay URL is ourselves
if s.isSelfRelay(url) {
log.D.F("spider: skipping self-relay: %s", url)
continue
}
currentRelays[url] = true currentRelays[url] = true
if conn, exists := s.connections[url]; exists { if conn, exists := s.connections[url]; exists {
@ -804,3 +824,42 @@ func (rc *RelayConnection) close() {
rc.cancel() rc.cancel()
} }
// isSelfRelay checks if a relay URL is actually ourselves by comparing NIP-11 pubkeys
func (s *Spider) isSelfRelay(relayURL string) bool {
// If we don't have a relay identity pubkey, can't compare
if s.relayIdentityPubkey == "" {
return false
}
s.mu.RLock()
// Fast path: check if we already know this URL is ours
if s.selfURLs[relayURL] {
s.mu.RUnlock()
log.D.F("spider: skipping self-relay (known URL): %s", relayURL)
return true
}
s.mu.RUnlock()
// Slow path: check via NIP-11 pubkey
nip11Cache := dsync.NewNIP11Cache(30 * time.Minute)
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
peerPubkey, err := nip11Cache.GetPubkey(ctx, relayURL)
if err != nil {
log.D.F("spider: couldn't fetch NIP-11 for %s: %v", relayURL, err)
return false
}
if peerPubkey == s.relayIdentityPubkey {
log.I.F("spider: discovered self-relay: %s (pubkey: %s)", relayURL, s.relayIdentityPubkey)
// Cache this URL as ours for future fast lookups
s.mu.Lock()
s.selfURLs[relayURL] = true
s.mu.Unlock()
return true
}
return false
}

109
pkg/sync/cluster.go
Unescape View File

@ -25,6 +25,7 @@ type ClusterManager struct {
db *database.D db *database.D
adminNpubs []string adminNpubs []string
relayIdentityPubkey string // Our relay's identity pubkey (hex) relayIdentityPubkey string // Our relay's identity pubkey (hex)
selfURLs map[string]bool // URLs discovered to be ourselves (for fast lookups)
members map[string]*ClusterMember // keyed by relay URL members map[string]*ClusterMember // keyed by relay URL
membersMux sync.RWMutex membersMux sync.RWMutex
pollTicker *time.Ticker pollTicker *time.Ticker
@ -78,6 +79,7 @@ func NewClusterManager(ctx context.Context, db *database.D, adminNpubs []string,
db: db, db: db,
adminNpubs: adminNpubs, adminNpubs: adminNpubs,
relayIdentityPubkey: relayPubkey, relayIdentityPubkey: relayPubkey,
selfURLs: make(map[string]bool),
members: make(map[string]*ClusterMember), members: make(map[string]*ClusterMember),
pollDone: make(chan struct{}), pollDone: make(chan struct{}),
propagatePrivilegedEvents: propagatePrivilegedEvents, propagatePrivilegedEvents: propagatePrivilegedEvents,
@ -265,17 +267,36 @@ func (cm *ClusterManager) UpdateMembership(relayURLs []string) {
} }
} }
// Add new members // Add new members (filter out self once at this point)
for _, url := range relayURLs { for _, url := range relayURLs {
// Skip if this is our own relay (check via NIP-11 pubkey) // Skip if already exists
if cm.isSelfRelay(url) { if _, exists := cm.members[url]; exists {
log.D.F("skipping cluster member (self): %s (pubkey matches our relay identity)", url)
continue continue
} }
if _, exists := cm.members[url]; !exists { // Fast path: check if we already know this URL is ours
// For simplicity, assume HTTP and WebSocket URLs are the same if cm.selfURLs[url] {
// In practice, you'd need to parse these properly log.I.F("removed self from cluster members (known URL): %s", url)
continue
}
// Slow path: check via NIP-11 pubkey
if cm.relayIdentityPubkey != "" {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
peerPubkey, err := cm.nip11Cache.GetPubkey(ctx, url)
cancel()
if err != nil {
log.D.F("couldn't fetch NIP-11 for %s, adding to cluster anyway: %v", url, err)
} else if peerPubkey == cm.relayIdentityPubkey {
log.I.F("removed self from cluster members (discovered): %s (pubkey: %s)", url, cm.relayIdentityPubkey)
// Cache this URL as ours for future fast lookups
cm.selfURLs[url] = true
continue
}
}
// Add member
member := &ClusterMember{ member := &ClusterMember{
HTTPURL: url, HTTPURL: url,
WebSocketURL: url, // TODO: Convert to WebSocket URL WebSocketURL: url, // TODO: Convert to WebSocket URL
@ -285,26 +306,6 @@ func (cm *ClusterManager) UpdateMembership(relayURLs []string) {
cm.members[url] = member cm.members[url] = member
log.I.F("added cluster member: %s", url) log.I.F("added cluster member: %s", url)
} }
}
}
// isSelfRelay checks if a relay URL is actually ourselves by comparing NIP-11 pubkeys
func (cm *ClusterManager) isSelfRelay(relayURL string) bool {
// If we don't have a relay identity pubkey, can't compare
if cm.relayIdentityPubkey == "" {
return false
}
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
peerPubkey, err := cm.nip11Cache.GetPubkey(ctx, relayURL)
if err != nil {
log.D.F("couldn't fetch NIP-11 for %s to check if self: %v", relayURL, err)
return false
}
return peerPubkey == cm.relayIdentityPubkey
} }
// HandleMembershipEvent processes a cluster membership event (Kind 39108) // HandleMembershipEvent processes a cluster membership event (Kind 39108)
@ -352,19 +353,38 @@ func (cm *ClusterManager) HandleLatestSerial(w http.ResponseWriter, r *http.Requ
} }
// Check if request is from ourselves by examining the Referer or Origin header // Check if request is from ourselves by examining the Referer or Origin header
// Note: Self-members are already filtered out, but this catches edge cases
origin := r.Header.Get("Origin") origin := r.Header.Get("Origin")
referer := r.Header.Get("Referer") referer := r.Header.Get("Referer")
if origin != "" && cm.isSelfRelay(origin) { if cm.relayIdentityPubkey != "" && (origin != "" || referer != "") {
log.D.F("rejecting cluster latest request from self (origin: %s)", origin) checkURL := origin
if checkURL == "" {
checkURL = referer
}
// Fast path: check known self-URLs
if cm.selfURLs[checkURL] {
log.D.F("rejecting cluster latest request from self (known URL): %s", checkURL)
http.Error(w, "Cannot sync with self", http.StatusBadRequest) http.Error(w, "Cannot sync with self", http.StatusBadRequest)
return return
} }
if referer != "" && cm.isSelfRelay(referer) {
log.D.F("rejecting cluster latest request from self (referer: %s)", referer) // Slow path: verify via NIP-11
ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
peerPubkey, err := cm.nip11Cache.GetPubkey(ctx, checkURL)
cancel()
if err == nil && peerPubkey == cm.relayIdentityPubkey {
log.D.F("rejecting cluster latest request from self (discovered): %s", checkURL)
// Cache for future fast lookups
cm.membersMux.Lock()
cm.selfURLs[checkURL] = true
cm.membersMux.Unlock()
http.Error(w, "Cannot sync with self", http.StatusBadRequest) http.Error(w, "Cannot sync with self", http.StatusBadRequest)
return return
} }
}
// Get the latest serial from database by querying for the highest serial // Get the latest serial from database by querying for the highest serial
latestSerial, err := cm.getLatestSerialFromDB() latestSerial, err := cm.getLatestSerialFromDB()
@ -390,19 +410,38 @@ func (cm *ClusterManager) HandleEventsRange(w http.ResponseWriter, r *http.Reque
} }
// Check if request is from ourselves by examining the Referer or Origin header // Check if request is from ourselves by examining the Referer or Origin header
// Note: Self-members are already filtered out, but this catches edge cases
origin := r.Header.Get("Origin") origin := r.Header.Get("Origin")
referer := r.Header.Get("Referer") referer := r.Header.Get("Referer")
if origin != "" && cm.isSelfRelay(origin) { if cm.relayIdentityPubkey != "" && (origin != "" || referer != "") {
log.D.F("rejecting cluster events request from self (origin: %s)", origin) checkURL := origin
if checkURL == "" {
checkURL = referer
}
// Fast path: check known self-URLs
if cm.selfURLs[checkURL] {
log.D.F("rejecting cluster events request from self (known URL): %s", checkURL)
http.Error(w, "Cannot sync with self", http.StatusBadRequest) http.Error(w, "Cannot sync with self", http.StatusBadRequest)
return return
} }
if referer != "" && cm.isSelfRelay(referer) {
log.D.F("rejecting cluster events request from self (referer: %s)", referer) // Slow path: verify via NIP-11
ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
peerPubkey, err := cm.nip11Cache.GetPubkey(ctx, checkURL)
cancel()
if err == nil && peerPubkey == cm.relayIdentityPubkey {
log.D.F("rejecting cluster events request from self (discovered): %s", checkURL)
// Cache for future fast lookups
cm.membersMux.Lock()
cm.selfURLs[checkURL] = true
cm.membersMux.Unlock()
http.Error(w, "Cannot sync with self", http.StatusBadRequest) http.Error(w, "Cannot sync with self", http.StatusBadRequest)
return return
} }
}
// Parse query parameters // Parse query parameters
fromStr := r.URL.Query().Get("from") fromStr := r.URL.Query().Get("from")

79
pkg/sync/manager.go
Unescape View File

@ -26,6 +26,7 @@ type Manager struct {
nodeID string nodeID string
relayURL string relayURL string
peers []string peers []string
selfURLs map[string]bool // URLs discovered to be ourselves (for fast lookups)
currentSerial uint64 currentSerial uint64
peerSerials map[string]uint64 // peer URL -> latest serial seen peerSerials map[string]uint64 // peer URL -> latest serial seen
relayGroupMgr *RelayGroupManager relayGroupMgr *RelayGroupManager
@ -72,6 +73,7 @@ func NewManager(ctx context.Context, db *database.D, nodeID, relayURL string, pe
nodeID: nodeID, nodeID: nodeID,
relayURL: relayURL, relayURL: relayURL,
peers: peers, peers: peers,
selfURLs: make(map[string]bool),
currentSerial: 0, currentSerial: 0,
peerSerials: make(map[string]uint64), peerSerials: make(map[string]uint64),
relayGroupMgr: relayGroupMgr, relayGroupMgr: relayGroupMgr,
@ -79,6 +81,44 @@ func NewManager(ctx context.Context, db *database.D, nodeID, relayURL string, pe
policyManager: policyManager, policyManager: policyManager,
} }
// Add our configured relay URL to self-URLs cache if provided
if m.relayURL != "" {
m.selfURLs[m.relayURL] = true
}
// Remove self from peer list once at startup if we have a nodeID
if m.nodeID != "" {
filteredPeers := make([]string, 0, len(m.peers))
for _, peerURL := range m.peers {
// Fast path: check if we already know this URL is ours
if m.selfURLs[peerURL] {
log.I.F("removed self from sync peer list (known URL): %s", peerURL)
continue
}
// Slow path: check via NIP-11 pubkey
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
peerPubkey, err := m.nip11Cache.GetPubkey(ctx, peerURL)
cancel()
if err != nil {
log.D.F("couldn't fetch NIP-11 for %s, keeping in peer list: %v", peerURL, err)
filteredPeers = append(filteredPeers, peerURL)
continue
}
if peerPubkey == m.nodeID {
log.I.F("removed self from sync peer list (discovered): %s (pubkey: %s)", peerURL, m.nodeID)
// Cache this URL as ours for future fast lookups
m.selfURLs[peerURL] = true
continue
}
filteredPeers = append(filteredPeers, peerURL)
}
m.peers = filteredPeers
}
// Start sync routine // Start sync routine
go m.syncRoutine() go m.syncRoutine()
@ -173,36 +213,13 @@ func (m *Manager) syncRoutine() {
// syncWithPeersSequentially syncs with all configured peers one at a time // syncWithPeersSequentially syncs with all configured peers one at a time
func (m *Manager) syncWithPeersSequentially() { func (m *Manager) syncWithPeersSequentially() {
for _, peerURL := range m.peers { for _, peerURL := range m.peers {
// Check if this peer is ourselves via NIP-11 pubkey // Self-peers are already filtered out during initialization/update
if m.isSelfPeer(peerURL) {
log.D.F("skipping sync with self: %s (pubkey matches our relay identity)", peerURL)
continue
}
m.syncWithPeer(peerURL) m.syncWithPeer(peerURL)
// Small delay between peers to avoid overwhelming // Small delay between peers to avoid overwhelming
time.Sleep(100 * time.Millisecond) time.Sleep(100 * time.Millisecond)
} }
} }
// isSelfPeer checks if a peer URL is actually ourselves by comparing NIP-11 pubkeys
func (m *Manager) isSelfPeer(peerURL string) bool {
// If we don't have a nodeID, can't compare
if m.nodeID == "" {
return false
}
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
peerPubkey, err := m.nip11Cache.GetPubkey(ctx, peerURL)
if err != nil {
log.D.F("couldn't fetch NIP-11 for %s to check if self: %v", peerURL, err)
return false
}
return peerPubkey == m.nodeID
}
// syncWithPeer syncs with a specific peer // syncWithPeer syncs with a specific peer
func (m *Manager) syncWithPeer(peerURL string) { func (m *Manager) syncWithPeer(peerURL string) {
// Get the peer's current serial // Get the peer's current serial
@ -417,6 +434,13 @@ func (m *Manager) HandleCurrentRequest(w http.ResponseWriter, r *http.Request) {
// Reject requests from ourselves (same nodeID) // Reject requests from ourselves (same nodeID)
if req.NodeID != "" && req.NodeID == m.nodeID { if req.NodeID != "" && req.NodeID == m.nodeID {
log.D.F("rejecting sync current request from self (nodeID: %s)", req.NodeID) log.D.F("rejecting sync current request from self (nodeID: %s)", req.NodeID)
// Cache the requesting relay URL as ours for future fast lookups
if req.RelayURL != "" {
m.mutex.Lock()
m.selfURLs[req.RelayURL] = true
m.mutex.Unlock()
log.D.F("cached self-URL from inbound request: %s", req.RelayURL)
}
http.Error(w, "Cannot sync with self", http.StatusBadRequest) http.Error(w, "Cannot sync with self", http.StatusBadRequest)
return return
} }
@ -447,6 +471,13 @@ func (m *Manager) HandleEventIDsRequest(w http.ResponseWriter, r *http.Request)
// Reject requests from ourselves (same nodeID) // Reject requests from ourselves (same nodeID)
if req.NodeID != "" && req.NodeID == m.nodeID { if req.NodeID != "" && req.NodeID == m.nodeID {
log.D.F("rejecting sync event-ids request from self (nodeID: %s)", req.NodeID) log.D.F("rejecting sync event-ids request from self (nodeID: %s)", req.NodeID)
// Cache the requesting relay URL as ours for future fast lookups
if req.RelayURL != "" {
m.mutex.Lock()
m.selfURLs[req.RelayURL] = true
m.mutex.Unlock()
log.D.F("cached self-URL from inbound request: %s", req.RelayURL)
}
http.Error(w, "Cannot sync with self", http.StatusBadRequest) http.Error(w, "Cannot sync with self", http.StatusBadRequest)
return return
} }

2
pkg/version/version
Unescape View File

@ -1 +1 @@
v0.29.18 v0.29.19
Write Preview
Loading…
Cancel
Save