Refactor event handling and policy script error management

- Removed redundant log statement in HandleEvent for cleaner output. - Enhanced policy script handling to check for script existence before execution, improving error handling and fallback logic. - Updated error messages to provide clearer feedback when policy scripts are missing or fail to start. - Bumped version to v0.21.2 to reflect these changes.
2 months ago · e56b3f0083
3 changed files with 17 additions and 27 deletions
--- a/app/handle-event.go
+++ b/app/handle-event.go
@ -37,7 +37,6 @@ func (l *Listener) HandleEvent(msg []byte) (err error) {
 		}
 	}()
 	log.I.F("HandleEvent: continuing with event processing...")
 	if len(msg) > 0 {
 		log.I.F("extra '%s'", msg)
 	}
--- a/pkg/policy/policy.go
+++ b/pkg/policy/policy.go
@ -10,7 +10,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
 	"sync"
 	"time"
@ -285,16 +284,18 @@ func (p *P) CheckPolicy(access string, ev *event.E, loggedInPubkey []byte, ipAdd
 	// Check if script is present and enabled
 	if rule.Script != "" && p.Manager != nil {
 		if p.Manager.IsEnabled() {
-			return p.checkScriptPolicy(access, ev, rule.Script, loggedInPubkey, ipAddress)
+			// Check if script file exists before trying to use it
-		}
+			if _, err := os.Stat(p.Manager.GetScriptPath()); err == nil {
-		// Script is configured but policy is disabled - use default policy if rule has no other restrictions
+				// Script exists, try to use it
-		hasOtherRestrictions := len(rule.WriteAllow) > 0 || len(rule.WriteDeny) > 0 || len(rule.ReadAllow) > 0 || len(rule.ReadDeny) > 0 ||
+				allowed, err := p.checkScriptPolicy(access, ev, rule.Script, loggedInPubkey, ipAddress)
-			rule.SizeLimit != nil || rule.ContentLimit != nil || len(rule.MustHaveTags) > 0 ||
+				if err == nil {
-			rule.MaxExpiry != nil || rule.Privileged || rule.RateLimit != nil ||
+					// Script ran successfully, return its decision
-			rule.MaxAgeOfEvent != nil || rule.MaxAgeEventInFuture != nil
+					return allowed, nil
-		if !hasOtherRestrictions {
+				}
-			// No other restrictions, use default policy
+				// Script failed, fall through to apply other criteria
-			return p.getDefaultPolicyAction(), nil
+				log.W.F("policy script check failed for kind %d: %v, applying other criteria", ev.Kind, err)
 			}
 			// Script doesn't exist or failed, fall through to apply other criteria
 		}
 	}
@ -481,24 +482,14 @@ func (p *P) checkScriptPolicy(access string, ev *event.E, scriptPath string, log
 	if !p.Manager.IsRunning() {
 		// Check if script file exists
 		if _, err := os.Stat(p.Manager.GetScriptPath()); os.IsNotExist(err) {
-			// Script doesn't exist, this is a fatal error
+			// Script doesn't exist, return error so caller can fall back to other criteria
-			buf := make([]byte, 1024*1024)
+			return false, fmt.Errorf("policy script does not exist at %s", p.Manager.GetScriptPath())
 			n := runtime.Stack(buf, true)
 			log.E.F("policy script does not exist at %s", p.Manager.GetScriptPath())
 			fmt.Fprintf(os.Stderr, "FATAL: Policy script required but not found at %s\n", p.Manager.GetScriptPath())
 			fmt.Fprintf(os.Stderr, "Stack trace:\n%s\n", buf[:n])
 			os.Exit(1)
 		}
 		// Try to start the policy and wait for it
 		if err := p.Manager.ensureRunning(); err != nil {
-			// Startup failed, this is a fatal error
+			// Startup failed, return error so caller can fall back to other criteria
-			buf := make([]byte, 1024*1024)
+			return false, fmt.Errorf("failed to start policy script: %v", err)
 			n := runtime.Stack(buf, true)
 			log.E.F("failed to start policy script: %v", err)
 			fmt.Fprintf(os.Stderr, "FATAL: Failed to start policy script: %v\n", err)
 			fmt.Fprintf(os.Stderr, "Stack trace:\n%s\n", buf[:n])
 			os.Exit(1)
 		}
 	}
--- a/pkg/version/version
+++ b/pkg/version/version
@ -1 +1 @@
-v0.21.1
+v0.21.2