Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 6mo ago

#orly #devstr #progressreport

almost completed the auth functionality based on designating pubkeys as owners

there is a spider that fetches the latest versions of the follow list of the owners, and populates the lists

depending on whether the relay is public readable, it has checks for privileged events and when auth is required only authed users whose pubkey appears in a privileged event can see these, un-authed and other users will have these events filtered out of their query results.

tomorrow, first task will be augmenting it with the use of owner mute lists to designate a block list, which will exclude white listed users. since they can just not auth if it's public readable anyway, this is all that the block list will do - prevent them from writing, even if they are followed by one of the whitelisted users. sorry, not sorry, but owner should have the ability to do this, since complaints to them from other whitelisted users would require some kind of action more than just "so, just mute them". if the relay is not public readable, ie, a private group relay, then they will also not be able to read if they auth, or not.

i am going to need to write a proper test rig for this, to really be sure i have it all correct, gonna do that tomorrow. it will disable the spider list and populate the list directly and then run queries from various other generated users whose events will be published, such as DMs to each other and such, and make sure that privileged events get filtered out according to their right to see the events.

this will be the next minor version bump.

i was going to do an extra feature with HTTP API and nip-98 auth to designate these lists manually but i think i'll leave that until after i reinstate the http API at all, and really, i need to make a simple web UI to do this kind of management. and honestly, i kinda don't see the point. doing a second way of controlling this is redundant since if you are not wanting your npub to be a designated owner, you can write scripts to control a designated owner and create these list events and publish them from your own whitelisted account. this is to cover the case of people like nostr:npub1l5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqstegx9z who dislikes follow lists, she can just make a script to create them. it's a simple interface, and a manual allow/blocklist feature would just be redundantly repeating the same feature, for no reason.

Reply to this note

Please Login to reply.

Discussion

No replies yet.