From 663576d69edc7144f545483c4f8220eeb39b0b77 Mon Sep 17 00:00:00 2001 From: Siphiwe -- npub1ms9ujlulcgtpqn2uzpvhplee9l5kjg8jgqhrwmgutg0n7xk43nqq07qa0v Date: Thu, 5 Feb 2026 09:48:17 +0200 Subject: [PATCH 1/2] chore: Add .chunks/ to gitignore --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 94188d6..c6a491a 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,6 @@ test-db-*/ # iOS keys directory ios_keys/ + +# Code indexing +.chunks/ From a870cf1a86823f7b131871aa6d218fb6e016f20a Mon Sep 17 00:00:00 2001 From: Siphiwe -- npub1ms9ujlulcgtpqn2uzpvhplee9l5kjg8jgqhrwmgutg0n7xk43nqq07qa0v Date: Thu, 5 Feb 2026 10:51:19 +0200 Subject: [PATCH 2/2] fix: Allow unauthenticated REQ queries when read access is set to all_users Remove early authentication gate in filter handler that blocked unauthenticated users before checking access control settings. The CanRead function already handles all_users mode correctly, so the empty pubkey check was preventing public relay access. --- lib/handlers/nostr/filter/filter.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/lib/handlers/nostr/filter/filter.go b/lib/handlers/nostr/filter/filter.go index 4bba450..a5a1428 100644 --- a/lib/handlers/nostr/filter/filter.go +++ b/lib/handlers/nostr/filter/filter.go @@ -184,12 +184,6 @@ func BuildFilterHandler(store stores.Store) func(read lib_nostr.KindReader, writ // Check read access permissions using the global access control system accessControl := websocket.GetAccessControl() if accessControl != nil { - // Only check access if we have a valid pubkey - if connPubkey == "" { - logging.Infof(ColorRed + "[ACCESS CONTROL] Read access denied: No authenticated user" + ColorReset) - write("NOTICE", "Read access denied: Authentication required") - return - } // Check if user has read access err := accessControl.CanRead(connPubkey)