diff --git a/contrib/chorus.toml b/contrib/chorus.toml index c233cbb..d285e55 100644 --- a/contrib/chorus.toml +++ b/contrib/chorus.toml @@ -110,6 +110,15 @@ key_pem_path = "/opt/chorus/etc/tls/privkey.pem" user_hex_keys = [] +# These are the public keys (hex format) of your relay's moderators. +# Moderators can moderate the relay using the following NIP PR: +# https://github.com/nostr-protocol/nips/pull/1325 +# +# Default is [] +# +moderator_hex_keys = [] + + # This is a boolean indicating whether or not chorus verifies incoming events. # # This setting only skips verification of events that are submitted by AUTHed and diff --git a/docs/CONFIG.md b/docs/CONFIG.md index 43e4098..9081bfe 100644 --- a/docs/CONFIG.md +++ b/docs/CONFIG.md @@ -103,6 +103,12 @@ These are the public keys (hex format) of your relay's authorized users. See [BE Default is `[]` +### moderator_hex_keys + +These are the public keys (hex format) of your relay's moderators. Moderators can moderate the relay using the [NIP 86: Relay Management API](https://github.com/nostr-protocol/nips/pull/1325) + +Default is `[]` + ### verify_events This is a boolean indicating whether or not chorus verifies incoming events. diff --git a/sample/sample.config.toml b/sample/sample.config.toml index 41bfe26..3893420 100644 --- a/sample/sample.config.toml +++ b/sample/sample.config.toml @@ -13,6 +13,9 @@ open_relay = false user_hex_keys = [ "ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49" ] +moderator_hex_keys = [ + "ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49" +] verify_events = true allow_scraping = false allow_scrape_if_limited_to = 100 diff --git a/src/config.rs b/src/config.rs index 946bf21..9edaea8 100644 --- a/src/config.rs +++ b/src/config.rs @@ -21,6 +21,7 @@ pub struct FriendlyConfig { pub public_key_hex: Option, pub open_relay: bool, pub user_hex_keys: Vec, + pub moderator_hex_keys: Vec, pub verify_events: bool, pub allow_scraping: bool, pub allow_scrape_if_limited_to: u32, @@ -53,6 +54,7 @@ impl Default for FriendlyConfig { public_key_hex: None, open_relay: false, user_hex_keys: vec![], + moderator_hex_keys: vec![], verify_events: true, allow_scraping: false, allow_scrape_if_limited_to: 100, @@ -87,6 +89,7 @@ impl FriendlyConfig { public_key_hex, open_relay, user_hex_keys, + moderator_hex_keys, verify_events, allow_scraping, allow_scrape_if_limited_to, @@ -113,6 +116,11 @@ impl FriendlyConfig { user_keys.push(Pubkey::read_hex(pkh.as_bytes())?); } + let mut moderator_keys: Vec = Vec::with_capacity(moderator_hex_keys.len()); + for pkh in moderator_hex_keys.iter() { + moderator_keys.push(Pubkey::read_hex(pkh.as_bytes())?); + } + let hostname = Host::parse(&hostname)?; let server_log_level = @@ -137,6 +145,8 @@ impl FriendlyConfig { open_relay, user_keys, user_hex_keys, + moderator_keys, + moderator_hex_keys, verify_events, allow_scraping, allow_scrape_if_limited_to, @@ -171,6 +181,8 @@ pub struct Config { pub open_relay: bool, pub user_keys: Vec, pub user_hex_keys: Vec, + pub moderator_keys: Vec, + pub moderator_hex_keys: Vec, pub verify_events: bool, pub allow_scraping: bool, pub allow_scrape_if_limited_to: u32, diff --git a/src/web/management/auth.rs b/src/web/management/auth.rs index db0aa6a..a2ff760 100644 --- a/src/web/management/auth.rs +++ b/src/web/management/auth.rs @@ -55,6 +55,16 @@ pub async fn check_auth(request: Request) -> Result { return s_err(&format!("Authorization event is invalid: {}", e)); } + // Nostr event must be signed by a moderator + if !GLOBALS + .config + .read() + .moderator_keys + .contains(&event.pubkey()) + { + return s_err("Authorization failed as user is not a moderator"); + } + // Event kind must be 27235 if event.kind().as_u16() != 27235 { return s_err("Authorization event not kind 27235");