Merge pull request #9936 from f321x/nwc_incoming_event_filtering

plugin: nwc: improve filtering of expired requests
2025-06-10 18:32:13 +00:00
parent 47e76b25b1 52e8675dd1
commit 448cbc7869
3 changed files with 13 additions and 5 deletions
--- a/contrib/deterministic-build/requirements.txt
+++ b/contrib/deterministic-build/requirements.txt
@@ -16,8 +16,8 @@ certifi==2025.4.26 \
    --hash=sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6
 dnspython==2.4.2 \
    --hash=sha256:8dcfae8c7460a2f84b4072e26f1c9f4101ca20c071649cb7c34e8b6a93d58984
-electrum-aionostr==0.0.10 \
-    --hash=sha256:494dd0c260f2957cd6f011a1224e2d0fd021bd94c1e44badfe01d3a3d42fb3af
+electrum-aionostr==0.0.11 \
+    --hash=sha256:0eeb1d01e55d4bab2c116268965a0b2c11490659e969fd864c453104558bcf81
 electrum-ecc==0.0.5 \
    --hash=sha256:f733b8596a0f7b25c8371d08af61ef79c7b871d5b40f05a5b95d2d05eb2fb7d2
 frozenlist==1.6.0 \
--- a/contrib/requirements/requirements.txt
+++ b/contrib/requirements/requirements.txt
@@ -7,7 +7,7 @@ aiohttp_socks>=0.9.2
 certifi
 jsonpatch
 electrum_ecc>=0.0.4,<0.1
-electrum_aionostr>=0.0.8,<0.1
+electrum_aionostr>=0.0.11,<0.1

 # - upper limit to avoid needing hatchling at build-time :/
 #   (however newer versions should work at runtime)
--- a/electrum/plugins/nwc/nwcserver.py
+++ b/electrum/plugins/nwc/nwcserver.py
@@ -270,7 +270,7 @@ class NWCServer(Logger, EventListener):
        query = {
            "authors": list(self.connections.keys()),  # the pubkeys of the client connections
            "kinds": [self.REQUEST_EVENT_KIND],
-            "limit": 0,
+            "limit": 0,  # requests only new events after creating this subscription
            "since": int(time.time())
        }
        async for event in self.manager.get_events(query, single_event=False, only_stored=False):
@@ -291,8 +291,16 @@ class NWCServer(Logger, EventListener):
                await self.send_error(event, "NOT_IMPLEMENTED")
                continue

-            if event.created_at < int(time.time()) - 15:
+            # if the request has an explicitly set expiration tag, ignore it if it is expired
+            # otherwise ignore requests older than 30 sec to not handle requests the user may
+            # already expect to have timed out
+            if event.expires_at() is not None:
+                if event.is_expired():
+                    self.logger.debug(f"expired nwc request event: {event.content}")
+                    continue
+            elif event.created_at < int(time.time()) - 30:
                self.logger.debug(f"old nwc request event: {event.content}")
+                await self.send_error(event, "OTHER", f"not handling too old request")
                continue

            # decrypt the requests content