nostr/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2024-11-10 06:09:08 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

NIP71 restricted events by tag

Browse Source
This commit is contained in:
monlovesmango 2024-02-24 22:17:31 -06:00
parent c6cd655c1c
commit 813485c386
1 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
71.md Normal file
View File

@ -0,0 +1,51 @@
NIP-71
======
Restricted Events
-----------------------------------
`draft` `optional`
When the `"+"` tag is present, that means the event is "restricted".
A restricted event is an event which requires [NIP-42 Authentication of Clients to Relays](https://github.com/nostr-protocol/nips/blob/master/42.md) in order to request. These events can only be requested by:
- the author of the event
- a user tagged in the event
- a user who has [NIP-43 Delegated Authentication](https://github.com/nostr-protocol/nips/blob/master/43.md) from the author
## Use Cases
- limiting metadata leakage of private chats
- limiting access to content to only paid subscribers
- limiting metadata leakage of personal events (like a journal or private calendar)
## Requesting
In order to `REQ` for a restricted event, the filter MUST have (a) attibute `"restricted": true` to specify the filter is requesting restricted events AND
(b) either `"authors"` attribute or `"#p"` attribute to establish the pubkey that authentication should be validated for.
If (b) is missing from the filter, the request is invalid and the relay should response with `CLOSED` message with prefix `"invalid"`.
If the filter does not contain the `"restricted": true` attribute, the relay MUST behave as if it does not store any restricted events. Specifically, the relay MUST NOT:
- respond with `CLOSED` and `"auth-required"` prefix
- request authentication
- return any restricted events
in response to a request. Even if there are restricted events that qualify for the filter, if the filter doesn't not have attribute `"restricted": true` the relay should behave as if those events are not stored on the relay.
## Access
A user has permission to request any restricted event for which they are the author by:
- authenticating as the author
- authenticating with a delegated authentication token of mode 0-Login from the author
A user has permission to request any restricted event in which their pubkey is tagged by:
- authenticating as the tagged pubkey
- authenticating with a delegated authentication token of mode 0-Login from the tagged pubkey
A user has permission to request any restricted event they have been granted access to by the delegated authentication tokens of mode 1-Restricted Event Permission they authenticate with. The filter used MUST BE narrower in scope than the filter condition of the delegated authentication token.