nostr-rs-relay icon indicating copy to clipboard operation
nostr-rs-relay copied to clipboard

Published 20 hours ago verified publisher icon scsibug

nip05: content length missing or exceeded limits for account

Open aidik opened this issue 1 year ago • 2 comments

When going through the logs of my 0.8.8 version nostr-rs-relay I noticed that there are some strange NIP-05 messages:

Jul 27 07:45:46 nostrbox nostr-rs-relay[19526]: Jul 27 07:45:46.356  INFO nostr_rs_relay::nip05: got metadata event for ("[email protected]","6bc58cf5")
Jul 27 07:45:46 nostrbox nostr-rs-relay[19526]: Jul 27 07:45:46.743  INFO nostr_rs_relay::nip05: content length missing or exceeded limits for account: "[email protected]"
Jul 27 07:45:46 nostrbox nostr-rs-relay[19526]: Jul 27 07:45:46.743  INFO nostr_rs_relay::nip05: checked name "[email protected]", result: Unknown, in: 386.092198ms

I then tried manually sending Dave's metadata (kind 0) using the WS extension in Chrome and got the same results in the logs.

Here is the payload I sent:

["EVENT",{"content":"{\"name\":\"BigDave\",\"username\":\"BigDave\",\"display_name\":\"Big Dave\",\"displayName\":\"Big Dave\",\"picture\":\"https://cdn.nostr.build/i/fbe305da7c09fc1c8b6a598da01b3ea0a4b4b98b4cdc0eaa4a5a324aa10ab04e.jpg\",\"banner\":\"https://pbs.twimg.com/profile_banners/1458866524043808782/1687524031/1080x360\",\"website\":\"\",\"about\":\"Irish guy ☘️ who loves Memes , gaming and money. \\nUncensored and free 👍☘️\",\"nip05\":\"[email protected]\",\"lud16\":\"lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhgun9dej8jumsv95kuv3h8g50nh\",\"lud06\":\"\"}","created_at":1690235259,"id":"a03ed677abe0564c0873918c76a1a70e2b7c2743be1954f9ff4bb3542ffe44c7","kind":0,"pubkey":"6bc58cf504fdfe8ab6ae4f0bd0ae5cf2b0ad859519ad9bc9691cb4a04d46cebf","sig":"83e9779e6d4f6f7cf243acb3a9d0309463ac72d5b90f99e08729da8fa181ffe1396bf6a9cc63073b1e6d1c28e3980826e3155ab4dc5116db8f397b0e5ca9dfde","tags":[]}]

It is not longer than the 64 KB currently set in config.toml. When I checked https://webtr.io/.well-known/nostr.json?name=BigDave I got back:

{
    "names": {
        "BigDave": "6bc58cf504fdfe8ab6ae4f0bd0ae5cf2b0ad859519ad9bc9691cb4a04d46cebf"
    }
}

So I believe he should have been correctly verified.

This issue might be connected with #130

aidik avatar Jul 27 '23 11:07 aidik

Yep, something going on here, thanks for the test case. Need to dig in and figure why this doesn't work...

scsibug avatar Jul 29 '23 13:07 scsibug

Most likely scenario is that the server isn't providing a content-length, and I prevented the NIP-05 verifier from pulling arbitrarily large files (since those get buffered straight into memory, and could cause memory exhaustion of the relay).

I'm not even sure the content-length is enough, since I have not verified if Hyper verifies the length.

We probably need to use something like Limited (https://docs.rs/http-body/0.4.5/http_body/struct.Limited.html) to enforce a limit here, but that's just a TODO.

scsibug avatar Sep 04 '23 15:09 scsibug