deny connections for banned keys

cmd/server/main.go

@@ -229,6 +229,7 @@ func runroomsrv() error {
 	// create the shs+muxrpc server
 	roomsrv, err := mksrv.New(
 		db.Members,
+		db.DeniedKeys,
 		db.Aliases,
 		db.AuthWithSSB,
 		bridge,

roomdb/interface.go

@@ -94,7 +94,7 @@ type DeniedKeysService interface {
 	// HasFeed returns true if a feed is on the list.
 	HasFeed(context.Context, refs.FeedRef) bool
 
-	// HasFeed returns true if a feed is on the list.
+	// HasID returns true if a member id is on the list.
 	HasID(context.Context, int64) bool
 
 	// GetByID returns the list entry for that ID or an error

roomsrv/init_network.go

@@ -40,6 +40,11 @@ func (s *Server) initNetwork() error {
 			}
 		}
 
+		// if feed is in the deny list, deny their connection
+		if s.DeniedKeys.HasFeed(s.rootCtx, *remote) {
+			return nil, fmt.Errorf("this key has been banned")
+		}
+
 		// for community + open modes, allow all connections
 		return &s.public, nil
 	}

roomsrv/server.go

@@ -65,8 +65,9 @@ type Server struct {
 
 	StateManager *roomstate.Manager
 
-	Members roomdb.MembersService
+	Members    roomdb.MembersService
-	Aliases roomdb.AliasesService
+	DeniedKeys roomdb.DeniedKeysService
+	Aliases    roomdb.AliasesService
 
 	authWithSSB       roomdb.AuthWithSSBService
 	authWithSSBBridge *signinwithssb.SignalBridge
@@ -79,6 +80,7 @@ func (s Server) Whoami() refs.FeedRef {
 
 func New(
 	membersdb roomdb.MembersService,
+	deniedkeysdb roomdb.DeniedKeysService,
 	aliasdb roomdb.AliasesService,
 	awsdb roomdb.AuthWithSSBService,
 	bridge *signinwithssb.SignalBridge,
@@ -90,6 +92,7 @@ func New(
 	s.authorizer = membersdb
 
 	s.Members = membersdb
+	s.DeniedKeys = deniedkeysdb
 	s.Aliases = aliasdb
 	s.Config = config