1 files changed, 31 insertions, 1 deletions
diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs
index 9819e37..c2de1df 100644
--- a/src/nostr/builder.rs
+++ b/src/nostr/builder.rs
@@ -56,7 +56,13 @@ impl Nip34WritePolicy {
        purgatory: std::sync::Arc<crate::purgatory::Purgatory>,
        config: crate::config::Config,
    ) -> Self {
-        let ctx = PolicyContext::new(&config.domain, database, git_data_path, purgatory);
+        let ctx = PolicyContext::new(
+            &config.domain,
+            database,
+            git_data_path,
+            purgatory,
+            config.clone(),
+        );
        Self {
            announcement_policy: AnnouncementPolicy::new(ctx.clone(), config.clone()),
            state_policy: StatePolicy::new(ctx.clone()),
@@ -66,6 +72,19 @@ impl Nip34WritePolicy {
        }
    }
+    /// Check if an event author is blacklisted
+    ///
+    /// Returns Some(reason) if blacklisted, None if not blacklisted.
+    fn check_event_blacklist(&self, event: &Event) -> Option<String> {
+        let event_blacklist = self.ctx.config.event_blacklist_config();
+        if !event_blacklist.enabled() {
+            return None;
+        }
+        let npub = event.pubkey.to_bech32().ok()?;
+        event_blacklist.check(&npub)
+    }
    /// Get a reference to the purgatory for read-only access
    pub fn purgatory(&self) -> &std::sync::Arc<crate::purgatory::Purgatory> {
        &self.ctx.purgatory
@@ -474,6 +493,17 @@ impl WritePolicy for Nip34WritePolicy {
        addr: &'a SocketAddr,
    ) -> BoxedFuture<'a, WritePolicyResult> {
        Box::pin(async move {
+            // Check event blacklist FIRST - it overrides everything
+            if let Some(reason) = self.check_event_blacklist(event) {
+                tracing::debug!(
+                    event_id = %event.id.to_bech32().unwrap_or_else(|_| event.id.to_hex()),
+                    author = %event.pubkey.to_hex(),
+                    reason = %reason,
+                    "Rejected event from blacklisted author"
+                );
+                return WritePolicyResult::reject(reason);
+            }
            // Detect if this is a synced event (from proactive sync) vs user-submitted
            // Sync uses localhost:0 as a dummy address
            let is_synced = addr.ip().is_loopback() && addr.port() == 0;

diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs index 9819e37..c2de1df 100644 --- a/src/nostr/builder.rs +++ b/src/nostr/builder.rs
@@ -56,7 +56,13 @@ impl Nip34WritePolicy {
56	purgatory: std::sync::Arc<crate::purgatory::Purgatory>,	56	purgatory: std::sync::Arc<crate::purgatory::Purgatory>,
57	config: crate::config::Config,	57	config: crate::config::Config,
58	) -> Self {	58	) -> Self {
59	let ctx = PolicyContext::new(&config.domain, database, git_data_path, purgatory);	59	let ctx = PolicyContext::new(
		60	&config.domain,
		61	database,
		62	git_data_path,
		63	purgatory,
		64	config.clone(),
		65	);
60	Self {	66	Self {
61	announcement_policy: AnnouncementPolicy::new(ctx.clone(), config.clone()),	67	announcement_policy: AnnouncementPolicy::new(ctx.clone(), config.clone()),
62	state_policy: StatePolicy::new(ctx.clone()),	68	state_policy: StatePolicy::new(ctx.clone()),
@@ -66,6 +72,19 @@ impl Nip34WritePolicy {
66	}	72	}
67	}	73	}
68		74
		75	/// Check if an event author is blacklisted
		76	///
		77	/// Returns Some(reason) if blacklisted, None if not blacklisted.
		78	fn check_event_blacklist(&self, event: &Event) -> Option<String> {
		79	let event_blacklist = self.ctx.config.event_blacklist_config();
		80	if !event_blacklist.enabled() {
		81	return None;
		82	}
		83
		84	let npub = event.pubkey.to_bech32().ok()?;
		85	event_blacklist.check(&npub)
		86	}
		87
69	/// Get a reference to the purgatory for read-only access	88	/// Get a reference to the purgatory for read-only access
70	pub fn purgatory(&self) -> &std::sync::Arc<crate::purgatory::Purgatory> {	89	pub fn purgatory(&self) -> &std::sync::Arc<crate::purgatory::Purgatory> {
71	&self.ctx.purgatory	90	&self.ctx.purgatory
@@ -474,6 +493,17 @@ impl WritePolicy for Nip34WritePolicy {
474	addr: &'a SocketAddr,	493	addr: &'a SocketAddr,
475	) -> BoxedFuture<'a, WritePolicyResult> {	494	) -> BoxedFuture<'a, WritePolicyResult> {
476	Box::pin(async move {	495	Box::pin(async move {
		496	// Check event blacklist FIRST - it overrides everything
		497	if let Some(reason) = self.check_event_blacklist(event) {
		498	tracing::debug!(
		499	event_id = %event.id.to_bech32().unwrap_or_else(\|_\| event.id.to_hex()),
		500	author = %event.pubkey.to_hex(),
		501	reason = %reason,
		502	"Rejected event from blacklisted author"
		503	);
		504	return WritePolicyResult::reject(reason);
		505	}
		506
477	// Detect if this is a synced event (from proactive sync) vs user-submitted	507	// Detect if this is a synced event (from proactive sync) vs user-submitted
478	// Sync uses localhost:0 as a dummy address	508	// Sync uses localhost:0 as a dummy address
479	let is_synced = addr.ip().is_loopback() && addr.port() == 0;	509	let is_synced = addr.ip().is_loopback() && addr.port() == 0;