NIP-04 and NIP-59 support via screening

2026-03-04 06:36:27 +00:00 · 2024-02-19 11:21:25 +13:00 · 2024-02-19 11:21:25 +13:00 · 733de827d6
commit 733de827d6
parent 87f8624075
2 changed files with 37 additions and 14 deletions
--- a/src/nostr.rs
+++ b/src/nostr.rs
@ -82,6 +82,15 @@ impl WebSocketService {

        let authorized_user = self.authorized_user().await;

+        // NOTE on private events (DMs, GiftWraps)
+        // Most relays check if you are seeking them, and of which pubkey, and if you are
+        // not AUTHed as that pubkey you get a 'auth-required', or if you are AUTHed as
+        // a different pubkey you get a 'restricted'.
+        // We take a different tack. You can ask for these events, and we even load them,
+        // but then we filter them out in screen_outgoing_event() and don't send events they
+        // aren't supposed to see. This prevents sending errors and having them ask again. It
+        // is also faster as we don't have to do any filter analysis at this point in the code.
+
        // Serve events matching subscription
        {
            let mut events: Vec<Event> = Vec::new();
@ -99,10 +108,16 @@ impl WebSocketService {
                        .user_keys
                        .contains(&event.pubkey());

+                    let authored_by_requester = match self.user {
+                        None => false,
+                        Some(pk) => event.pubkey() == pk,
+                    };
+
                    if screen_outgoing_event(
                        &event,
                        authorized_user,
                        authored_by_an_authorized_user,
+                        authored_by_requester,
                    ) {
                        events.push(event);
                    }
@ -367,17 +382,8 @@ fn screen_outgoing_event(
    event: &Event<'_>,
    authorized_user: bool,
    authored_by_an_authorized_user: bool,
+    authored_by_requester: bool,
 ) -> bool {
-    // Allow if authorized_user is asking
-    if authorized_user {
-        return true;
-    }
-
-    // Everybody can see events from our authorized users
-    if authored_by_an_authorized_user {
-        return true;
-    }
-
    // Allow Relay Lists
    if event.kind() == Kind(10002) {
        return true;
@ -388,6 +394,23 @@ fn screen_outgoing_event(
        return true;
    }

+    // Forbid if it is a private event (DM or GiftWrap) and the author isn't them
+    if event.kind() == Kind(4) || event.kind() == Kind(1059) {
+        if !authored_by_requester {
+            return false;
+        }
+    }
+
+    // Allow if an authorized_user is asking
+    if authorized_user {
+        return true;
+    }
+
+    // Everybody can see events from our authorized users
+    if authored_by_an_authorized_user {
+        return true;
+    }
+
    // Do not allow the rest
    false
 }
--- a/src/web.rs
+++ b/src/web.rs
@ -35,21 +35,21 @@ pub async fn serve_nip11(peer: SocketAddr) -> Result<Response<Body>, Error> {
 fn build_rid(config: &Config) -> String {
    let mut rid: String = String::with_capacity(255);

-    const SUPPORTED_NIPS: [u8; 4] = [
+    const SUPPORTED_NIPS: [u8; 6] = [
        1,  // nostr
+        4,  // DMs
        11, // relay information document
        42, // AUTH
+        59, // GiftWrap
        65, // Relay List Metadata
    ];
-    const _UNSUPPORTED_NIPS: [u8; 10] = [
-        4,  // DM
+    const _UNSUPPORTED_NIPS: [u8; 8] = [
        9,  // Event Deletion
        26, // Delegated Event Signing
        28, // Public Chat
        40, // Expiration Timestamp
        45, // Counting results
        50, // SEARCH
-        59, // GiftWrap
        94, // File Metadata
        96, // HTTP File Storage Integration
    ];