mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-09-20 14:55:49 -04:00
51 lines
2.4 KiB
Markdown
51 lines
2.4 KiB
Markdown
NIP-71
|
|
======
|
|
|
|
Restricted Events
|
|
-----------------------------------
|
|
|
|
`draft` `optional`
|
|
|
|
When the `"+"` tag is present, that means the event is "restricted".
|
|
|
|
A restricted event is an event which requires [NIP-42 Authentication of Clients to Relays](https://github.com/nostr-protocol/nips/blob/master/42.md) in order to request. These events can only be requested by:
|
|
|
|
- the author of the event
|
|
- a user tagged in the event
|
|
- a user who has [NIP-43 Delegated Authentication](https://github.com/nostr-protocol/nips/blob/master/43.md) from the author
|
|
|
|
## Use Cases
|
|
|
|
- limiting metadata leakage of private chats
|
|
- limiting access to content to only paid subscribers
|
|
- limiting metadata leakage of personal events (like a journal or private calendar)
|
|
|
|
## Requesting
|
|
|
|
In order to `REQ` for a restricted event, the filter MUST have (a) attibute `"restricted": true` to specify the filter is requesting restricted events AND
|
|
(b) either `"authors"` attribute or `"#p"` attribute to establish the pubkey that authentication should be validated for.
|
|
|
|
If (b) is missing from the filter, the request is invalid and the relay should response with `CLOSED` message with prefix `"invalid"`.
|
|
|
|
If the filter does not contain the `"restricted": true` attribute, the relay MUST behave as if it does not store any restricted events. Specifically, the relay MUST NOT:
|
|
|
|
- respond with `CLOSED` and `"auth-required"` prefix
|
|
- request authentication
|
|
- return any restricted events
|
|
|
|
in response to a request. Even if there are restricted events that qualify for the filter, if the filter doesn't not have attribute `"restricted": true` the relay should behave as if those events are not stored on the relay.
|
|
|
|
## Access
|
|
|
|
A user has permission to request any restricted event for which they are the author by:
|
|
|
|
- authenticating as the author
|
|
- authenticating with a delegated authentication token of mode 0-Login from the author
|
|
|
|
|
|
A user has permission to request any restricted event in which their pubkey is tagged by:
|
|
|
|
- authenticating as the tagged pubkey
|
|
- authenticating with a delegated authentication token of mode 0-Login from the tagged pubkey
|
|
|
|
A user has permission to request any restricted event they have been granted access to by the delegated authentication tokens of mode 1-Restricted Event Permission they authenticate with. The filter used MUST BE narrower in scope than the filter condition of the delegated authentication token. |