mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-12-23 08:55:52 -05:00
NIP71 restricted events by tag
This commit is contained in:
parent
c6cd655c1c
commit
813485c386
51
71.md
Normal file
51
71.md
Normal file
|
@ -0,0 +1,51 @@
|
|||
NIP-71
|
||||
======
|
||||
|
||||
Restricted Events
|
||||
-----------------------------------
|
||||
|
||||
`draft` `optional`
|
||||
|
||||
When the `"+"` tag is present, that means the event is "restricted".
|
||||
|
||||
A restricted event is an event which requires [NIP-42 Authentication of Clients to Relays](https://github.com/nostr-protocol/nips/blob/master/42.md) in order to request. These events can only be requested by:
|
||||
|
||||
- the author of the event
|
||||
- a user tagged in the event
|
||||
- a user who has [NIP-43 Delegated Authentication](https://github.com/nostr-protocol/nips/blob/master/43.md) from the author
|
||||
|
||||
## Use Cases
|
||||
|
||||
- limiting metadata leakage of private chats
|
||||
- limiting access to content to only paid subscribers
|
||||
- limiting metadata leakage of personal events (like a journal or private calendar)
|
||||
|
||||
## Requesting
|
||||
|
||||
In order to `REQ` for a restricted event, the filter MUST have (a) attibute `"restricted": true` to specify the filter is requesting restricted events AND
|
||||
(b) either `"authors"` attribute or `"#p"` attribute to establish the pubkey that authentication should be validated for.
|
||||
|
||||
If (b) is missing from the filter, the request is invalid and the relay should response with `CLOSED` message with prefix `"invalid"`.
|
||||
|
||||
If the filter does not contain the `"restricted": true` attribute, the relay MUST behave as if it does not store any restricted events. Specifically, the relay MUST NOT:
|
||||
|
||||
- respond with `CLOSED` and `"auth-required"` prefix
|
||||
- request authentication
|
||||
- return any restricted events
|
||||
|
||||
in response to a request. Even if there are restricted events that qualify for the filter, if the filter doesn't not have attribute `"restricted": true` the relay should behave as if those events are not stored on the relay.
|
||||
|
||||
## Access
|
||||
|
||||
A user has permission to request any restricted event for which they are the author by:
|
||||
|
||||
- authenticating as the author
|
||||
- authenticating with a delegated authentication token of mode 0-Login from the author
|
||||
|
||||
|
||||
A user has permission to request any restricted event in which their pubkey is tagged by:
|
||||
|
||||
- authenticating as the tagged pubkey
|
||||
- authenticating with a delegated authentication token of mode 0-Login from the tagged pubkey
|
||||
|
||||
A user has permission to request any restricted event they have been granted access to by the delegated authentication tokens of mode 1-Restricted Event Permission they authenticate with. The filter used MUST BE narrower in scope than the filter condition of the delegated authentication token.
|
Loading…
Reference in New Issue
Block a user