fix(relay): require signed Ed25519 auth on DELETE /relay/inbox/{id}
Previously the endpoint accepted an unauthenticated DELETE with just
?pub=X — anyone who knew (or enumerated) a pub could wipe that pub's
entire inbox, a trivial griefing vector. Now the handler requires a
JSON body with {ed25519_pub, sig, ts} where sig signs
"inbox-delete:<envID>:<pub>:<ts>" under the Ed25519 privkey. The
server then looks up the identity on-chain and verifies that the
registered X25519 public key matches the ?pub= query — closing the
gap between "I can sign" and "my identity owns this mailbox."
Timestamp window: ±300s to prevent replay of captured DELETEs.
Wires RelayConfig.ResolveX25519 via chain.Identity() in cmd/node/main.go.
When ResolveX25519 is nil the endpoint returns 503 (feature unavailable)
rather than silently allowing anonymous deletes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
vsecoder
@@ -920,6 +920,13 @@ func main() {
|
||||
ContactRequests: func(pubKey string) ([]blockchain.ContactInfo, error) {
|
||||
return chain.ContactRequests(pubKey)
|
||||
},
|
||||
ResolveX25519: func(ed25519PubHex string) string {
|
||||
info, err := chain.Identity(ed25519PubHex)
|
||||
if err != nil || info == nil {
|
||||
return ""
|
||||
}
|
||||
return info.X25519PubKey
|
||||
},
|
||||
}
|
||||
|
||||
go func() {
|
||||
|
||||
Reference in New Issue
Block a user