Nip 05 whitelist #22
Nip 05 whitelist #22
Conversation
| } | ||
|
|
||
| try { | ||
| const response = await axios.get(`https://${config.whitelist.domain}/.well-known/nostr.json`); |
There was a problem hiding this comment.
axios and be easily replaced here with the built-in fetch method
const response = await fetch(`https://${config.whitelist.domain}/.well-known/nostr.json`).then(res => res.json())| enabled: true, | ||
| domain: "", | ||
| errorMessage: "You are not authorized to upload.", | ||
| fetchDelay: 3600, |
There was a problem hiding this comment.
could be renamed to something more intuitive like refreshIntervale
| @@ -92,6 +98,12 @@ const defaultConfig: Config = { | |||
| media: { enabled: false, requireAuth: true, requirePubkeyInRule: false }, | |||
| list: { requireAuth: false, allowListOthers: false }, | |||
| tor: { enabled: false, proxy: "" }, | |||
| whitelist: { | |||
| enabled: true, | |||
There was a problem hiding this comment.
| enabled: true, | |
| enabled: false, |
Should default to false
| @@ -65,6 +65,12 @@ export type Config = { | |||
| enabled: boolean; | |||
| proxy: string; | |||
| }; | |||
| whitelist: { | |||
| enabled: boolean; | |||
| domain: string; | |||
There was a problem hiding this comment.
| domain: string; | |
| nip05Domain?: string; | |
| pubkeys?: string[]; |
I would add a manual list of pubkeys in case someone wants a short hard-coded list. and I would rename domain to something like nip04Domian to make it clear what its fetching
| return whitelistCache; | ||
| } | ||
|
|
||
| export function isWhitelisted(pubkey: string): boolean { |
There was a problem hiding this comment.
I would convert this method to async and make it dynamically fetch / refresh the whitelist when needed. that way the API endpoints themselves do not need to think about getting the whitelist
|
|
||
| await fetchWhitelist(); // Ensure the whitelist is up-to-date | ||
|
|
||
| if (config.whitelist.enabled && pubkey && !isWhitelisted(pubkey)) { |
There was a problem hiding this comment.
This code should be moved to the checkUpload method ( in the "check auth" block ) so it applies to both the /uploadand/media` endpoint
It also wont have to check if ctx.state.auth exists then ( there are some configurations that allow uploads without auth )
Pull Request: Add NIP-05 Whitelist Feature
Overview
This pull request introduces a new feature to the Blossom-server: the NIP-05 whitelist option. This feature allows server administrators to restrict uploads to only those users whose public keys are listed in a specified NIP-05 domain.
Key Changes
Whitelist Configuration: Added a new configuration section in
config.example.ymlfor the whitelist feature.enabled: Boolean to enable or disable the whitelist feature.domain: The domain from which to fetch the whitelist, compliant with NIP-05.errorMessage: Customizable error message for non-whitelisted users.fetchDelay: Time interval in seconds between whitelist fetches.Code Updates:
src/whitelist.tsto handle fetching and caching of the whitelist.src/api/upload.tsto check if a user is whitelisted before allowing uploads.src/config.tsto include the whitelist configuration in theConfigtype and default configuration.Pull Request: Add NIP-05 Whitelist Feature
Configuration Example
To enable and configure the whitelist feature, update your
config.ymlas follows:Key Changes
Whitelist Configuration: Added a new configuration section in
config.example.ymlfor the whitelist feature.enabled: Boolean to enable or disable the whitelist feature.domain: The domain from which to fetch the whitelist, compliant with NIP-05.errorMessage: Customizable error message for non-whitelisted users.fetchDelay: Time interval in seconds between whitelist fetches.Code Updates:
src/whitelist.tsto handle fetching and caching of the whitelist.src/api/upload.tsto check if a user is whitelisted before allowing uploads.src/config.tsto include the whitelist configuration in theConfigtype and default configuration.