floonet-rs: whitelist the marketplace kind set
Test and build / test_floonet-rs (push) Has been cancelled

Extend the default-deny admission whitelist from the Goblin-wallet-only
kinds to the union with Magick Market so one relay serves both apps, matching
floonet-strfry. Adds 1 note, 7 reaction, 14/16/17 order+receipt (Gamma),
1111 comment, 10000 mute/blacklist, 24133 remote signing, 30000/30003
NIP-51 sets, 30078 app data, 30402/30405/30406 listing/collection/shipping,
31990 handler info. Keeps the Goblin base including 13 seal and 27235
NIP-98. DEFAULT_ALLOWED_KINDS, config.toml, and tests updated together.
This commit is contained in:
2ro
2026-07-02 22:19:36 -04:00
parent 9fa97ebb5c
commit 8a97fc0394
3 changed files with 45 additions and 21 deletions
+21 -9
View File
@@ -84,17 +84,29 @@ subscriptions_per_min = 30
# THE KEYSTONE: default-deny event kind whitelist. The relay accepts
# ONLY these kinds and rejects everything else. Removing the line
# entirely keeps this exact built-in set (never allow-all); an empty
# list denies everything.
# list denies everything. The set is the union of the two apps this
# relay serves (Goblin wallet + Magick Market marketplace).
#
# 0 profile metadata
# 3 contacts
# 5 delete (NIP-09)
# 13 seal
# Goblin wallet:
# 0 profile metadata 10002 relay list (NIP-65)
# 3 contacts 10050 DM relays (NIP-17)
# 5 delete (NIP-09) 27235 HTTP auth (NIP-98, name authority)
# 13 seal (NIP-59)
# 1059 gift wrap (NIP-59)
# 10002 relay list (NIP-65)
# 10050 DM relays (NIP-17)
# 27235 HTTP auth (NIP-98, used by the name authority)
event_kind_allowlist = [0, 3, 5, 13, 1059, 10002, 10050, 27235]
#
# Magick Market marketplace:
# 1 text note (NIP-01) 30000 people set (NIP-51)
# 7 reaction (NIP-25) 30003 bookmark set (NIP-51)
# 14 order chat (Gamma) 30078 app data: cart/prefs (NIP-78)
# 16 order status (Gamma) 30402 product listing (NIP-99)
# 17 payment receipt (Gamma) 30405 product collection (Gamma)
# 1111 comment (NIP-22) 30406 shipping option (Gamma)
# 10000 mute/blacklist (NIP-51) 31990 handler info (NIP-89)
# 24133 remote signing (NIP-46)
event_kind_allowlist = [
0, 1, 3, 5, 7, 13, 14, 16, 17, 1059, 1111, 10000, 10002, 10050, 24133,
27235, 30000, 30003, 30078, 30402, 30405, 30406, 31990,
]
# Rejects imprecise requests (kind-only or author-only scrapes).
limit_scrapers = false
+21 -9
View File
@@ -16,11 +16,23 @@ use crate::config::Settings;
use crate::event::Event;
/// The Floonet default kind whitelist, applied when the operator has not
/// configured `event_kind_allowlist` explicitly. Kinds:
/// 0 profile metadata, 3 contacts, 5 delete (NIP-09), 13 seal,
/// 1059 gift wrap (NIP-59), 10002 relay list (NIP-65),
/// 10050 DM relays (NIP-17), 27235 NIP-98 HTTP auth.
pub const DEFAULT_ALLOWED_KINDS: [u64; 8] = [0, 3, 5, 13, 1059, 10002, 10050, 27235];
/// configured `event_kind_allowlist` explicitly. It is the union of the two
/// apps this relay serves (default-deny for everything else).
///
/// Goblin wallet: 0 profile, 3 contacts, 5 delete (NIP-09), 13 seal (NIP-59),
/// 1059 gift wrap (NIP-59), 10002 relay list (NIP-65), 10050 DM relays
/// (NIP-17), 27235 NIP-98 HTTP auth (name authority).
///
/// Magick Market: 1 text note, 7 reaction (NIP-25), 14 order chat, 16 order
/// status, 17 payment receipt (Gamma), 1111 comment (NIP-22), 10000
/// mute/blacklist, 30000 people set, 30003 bookmark set (NIP-51), 30078 app
/// data (NIP-78), 30402 product listing (NIP-99), 30405 product collection,
/// 30406 shipping option (Gamma), 31990 handler info (NIP-89), 24133 remote
/// signing (NIP-46).
pub const DEFAULT_ALLOWED_KINDS: [u64; 23] = [
0, 1, 3, 5, 7, 13, 14, 16, 17, 1059, 1111, 10000, 10002, 10050, 24133,
27235, 30000, 30003, 30078, 30402, 30405, 30406, 31990,
];
/// Outcome of an admission check.
#[derive(Debug, Clone, PartialEq, Eq)]
@@ -186,8 +198,8 @@ mod tests {
#[test]
fn default_whitelist_rejects_disallowed_kinds() {
let admission = Admission::from_settings(&floonet_settings());
// kind 1 (short text note) and other common kinds are NOT accepted.
for kind in [1u64, 4, 6, 7, 42, 1984, 9735, 30023] {
// Common kinds outside the two-app whitelist are NOT accepted.
for kind in [4u64, 6, 42, 1984, 9735, 25910, 30017, 30018, 30023] {
match admission.check(&event_of_kind(kind), None) {
Decision::Deny { auth_required, .. } => {
assert!(!auth_required, "kind rejection is not an auth issue");
@@ -203,7 +215,7 @@ mod tests {
settings.limits.event_kind_allowlist = None;
let admission = Admission::from_settings(&settings);
assert_eq!(admission.check(&event_of_kind(1059), None), Decision::Allow);
assert_ne!(admission.check(&event_of_kind(1), None), Decision::Allow);
assert_ne!(admission.check(&event_of_kind(30023), None), Decision::Allow);
}
#[test]
@@ -272,7 +284,7 @@ mod tests {
settings.authorization.nip42_auth = true;
settings.authorization.require_auth_to_write = true;
let admission = Admission::from_settings(&settings);
match admission.check(&event_of_kind(1), None) {
match admission.check(&event_of_kind(30023), None) {
Decision::Deny { auth_required, .. } => {
assert!(!auth_required, "disallowed kind must not leak auth hints");
}
+3 -3
View File
@@ -66,13 +66,13 @@ async fn whitelist_accepts_allowed_kind_and_rejects_disallowed() -> Result<()> {
let relay = common::start_relay()?;
common::wait_for_healthy_relay(&relay).await?;
// Kind 1 (short text note) is NOT in the Floonet whitelist: rejected.
let (msg, id) = signed_event(1, "hello world");
// Kind 30023 (long-form article) is NOT in the Floonet whitelist: rejected.
let (msg, id) = signed_event(30023, "hello world");
let ok = publish_and_get_ok(relay.port, &msg, &id).await?;
assert_eq!(
ok.get(2).and_then(Value::as_bool),
Some(false),
"kind 1 must be rejected: {ok}"
"kind 30023 must be rejected: {ok}"
);
let reason = ok.get(3).and_then(Value::as_str).unwrap_or_default();
assert!(