Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nip 05 whitelist #22

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Conversation

Michilis
Copy link

Pull Request: Add NIP-05 Whitelist Feature

Overview

This pull request introduces a new feature to the Blossom-server: the NIP-05 whitelist option. This feature allows server administrators to restrict uploads to only those users whose public keys are listed in a specified NIP-05 domain.

Key Changes

  • Whitelist Configuration: Added a new configuration section in config.example.yml for the whitelist feature.

    • enabled: Boolean to enable or disable the whitelist feature.
    • domain: The domain from which to fetch the whitelist, compliant with NIP-05.
    • errorMessage: Customizable error message for non-whitelisted users.
    • fetchDelay: Time interval in seconds between whitelist fetches.
  • Code Updates:

    • Updated src/whitelist.ts to handle fetching and caching of the whitelist.
    • Modified src/api/upload.ts to check if a user is whitelisted before allowing uploads.
    • Updated src/config.ts to include the whitelist configuration in the Config type and default configuration.

Pull Request: Add NIP-05 Whitelist Feature

Configuration Example

To enable and configure the whitelist feature, update your config.yml as follows:

whitelist:
  enabled: true
  domain: "example.com"
  errorMessage: "You are not authorized to upload."
  fetchDelay: 3600

Key Changes

  • Whitelist Configuration: Added a new configuration section in config.example.yml for the whitelist feature.

    • enabled: Boolean to enable or disable the whitelist feature.
    • domain: The domain from which to fetch the whitelist, compliant with NIP-05.
    • errorMessage: Customizable error message for non-whitelisted users.
    • fetchDelay: Time interval in seconds between whitelist fetches.
  • Code Updates:

    • Updated src/whitelist.ts to handle fetching and caching of the whitelist.
    • Modified src/api/upload.ts to check if a user is whitelisted before allowing uploads.
    • Updated src/config.ts to include the whitelist configuration in the Config type and default configuration.

Copy link
Owner

@hzrd149 hzrd149 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love this idea, its a lot simpler and cleaner of a whitelist then whats exists now

}

try {
const response = await axios.get(`https://${config.whitelist.domain}/.well-known/nostr.json`);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

axios and be easily replaced here with the built-in fetch method

const response  = await fetch(`https://${config.whitelist.domain}/.well-known/nostr.json`).then(res => res.json())

enabled: true,
domain: "",
errorMessage: "You are not authorized to upload.",
fetchDelay: 3600,
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could be renamed to something more intuitive like refreshIntervale

@@ -92,6 +98,12 @@ const defaultConfig: Config = {
media: { enabled: false, requireAuth: true, requirePubkeyInRule: false },
list: { requireAuth: false, allowListOthers: false },
tor: { enabled: false, proxy: "" },
whitelist: {
enabled: true,
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
enabled: true,
enabled: false,

Should default to false

@@ -65,6 +65,12 @@ export type Config = {
enabled: boolean;
proxy: string;
};
whitelist: {
enabled: boolean;
domain: string;
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
domain: string;
nip05Domain?: string;
pubkeys?: string[];

I would add a manual list of pubkeys in case someone wants a short hard-coded list. and I would rename domain to something like nip04Domian to make it clear what its fetching

return whitelistCache;
}

export function isWhitelisted(pubkey: string): boolean {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would convert this method to async and make it dynamically fetch / refresh the whitelist when needed. that way the API endpoints themselves do not need to think about getting the whitelist


await fetchWhitelist(); // Ensure the whitelist is up-to-date

if (config.whitelist.enabled && pubkey && !isWhitelisted(pubkey)) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code should be moved to the checkUpload method ( in the "check auth" block ) so it applies to both the /uploadand/media` endpoint

It also wont have to check if ctx.state.auth exists then ( there are some configurations that allow uploads without auth )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants