-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nip 05 whitelist #22
base: master
Are you sure you want to change the base?
Nip 05 whitelist #22
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I love this idea, its a lot simpler and cleaner of a whitelist then whats exists now
} | ||
|
||
try { | ||
const response = await axios.get(`https://${config.whitelist.domain}/.well-known/nostr.json`); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
axios and be easily replaced here with the built-in fetch
method
const response = await fetch(`https://${config.whitelist.domain}/.well-known/nostr.json`).then(res => res.json())
enabled: true, | ||
domain: "", | ||
errorMessage: "You are not authorized to upload.", | ||
fetchDelay: 3600, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could be renamed to something more intuitive like refreshIntervale
@@ -92,6 +98,12 @@ const defaultConfig: Config = { | |||
media: { enabled: false, requireAuth: true, requirePubkeyInRule: false }, | |||
list: { requireAuth: false, allowListOthers: false }, | |||
tor: { enabled: false, proxy: "" }, | |||
whitelist: { | |||
enabled: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
enabled: true, | |
enabled: false, |
Should default to false
@@ -65,6 +65,12 @@ export type Config = { | |||
enabled: boolean; | |||
proxy: string; | |||
}; | |||
whitelist: { | |||
enabled: boolean; | |||
domain: string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
domain: string; | |
nip05Domain?: string; | |
pubkeys?: string[]; |
I would add a manual list of pubkeys in case someone wants a short hard-coded list. and I would rename domain
to something like nip04Domian
to make it clear what its fetching
return whitelistCache; | ||
} | ||
|
||
export function isWhitelisted(pubkey: string): boolean { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would convert this method to async
and make it dynamically fetch / refresh the whitelist when needed. that way the API endpoints themselves do not need to think about getting the whitelist
|
||
await fetchWhitelist(); // Ensure the whitelist is up-to-date | ||
|
||
if (config.whitelist.enabled && pubkey && !isWhitelisted(pubkey)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code should be moved to the checkUpload
method ( in the "check auth" block ) so it applies to both the
/uploadand
/media` endpoint
It also wont have to check if ctx.state.auth
exists then ( there are some configurations that allow uploads without auth )
Pull Request: Add NIP-05 Whitelist Feature
Overview
This pull request introduces a new feature to the Blossom-server: the NIP-05 whitelist option. This feature allows server administrators to restrict uploads to only those users whose public keys are listed in a specified NIP-05 domain.
Key Changes
Whitelist Configuration: Added a new configuration section in
config.example.yml
for the whitelist feature.enabled
: Boolean to enable or disable the whitelist feature.domain
: The domain from which to fetch the whitelist, compliant with NIP-05.errorMessage
: Customizable error message for non-whitelisted users.fetchDelay
: Time interval in seconds between whitelist fetches.Code Updates:
src/whitelist.ts
to handle fetching and caching of the whitelist.src/api/upload.ts
to check if a user is whitelisted before allowing uploads.src/config.ts
to include the whitelist configuration in theConfig
type and default configuration.Pull Request: Add NIP-05 Whitelist Feature
Configuration Example
To enable and configure the whitelist feature, update your
config.yml
as follows:Key Changes
Whitelist Configuration: Added a new configuration section in
config.example.yml
for the whitelist feature.enabled
: Boolean to enable or disable the whitelist feature.domain
: The domain from which to fetch the whitelist, compliant with NIP-05.errorMessage
: Customizable error message for non-whitelisted users.fetchDelay
: Time interval in seconds between whitelist fetches.Code Updates:
src/whitelist.ts
to handle fetching and caching of the whitelist.src/api/upload.ts
to check if a user is whitelisted before allowing uploads.src/config.ts
to include the whitelist configuration in theConfig
type and default configuration.