example.py

"""

When these validators are enabled:
* any pubkey in pubkey_whitelist can post
* any other pubkey can post, as long as someone in the whitelist is tagged
* only events from pubkeys in the whitelist can be read by clients
* authenticated pubkeys in the whitelist can view/post


Configuration file:

pubkey_whitelist: 
    - c7da62153485ecfb1b65792c79ce3fe6fce6ed7d8ef536cb121d7a0c732e92df

output_validator: example.whitelist_output_validator

storage:
    sqlalchemy.url: sqlite+aiosqlite:///nostr.sqlite3
    validators:
        - nostr_relay.validators.is_signed
        - example.is_whitelisted_or_tagged

authentication:
    enabled: true
    relay_urls:
        - ws://127.0.0.1:6969


"""


from nostr_relay.errors import StorageError


def is_whitelisted_or_tagged(event, config):
    """
    check that event is tagged with a configurable list of users
    """
    if event.pubkey not in config.pubkey_whitelist:
        found, match = event.has_tag("p", config.pubkey_whitelist)
        if not (found and match):
            raise StorageError(f"rejected: {event.pubkey} not allowed")


def whitelist_output_validator(event, context):
    """
    output only events that are in the Config.pubkey_whitelist
    authenticated users in the whitelist can see everything

    (output validators should return booleans rather than raise exceptions)
    """
    whitelist = context["config"].pubkey_whitelist
    auth_token = context["auth_token"]
    return (event.pubkey in whitelist) or (auth_token.get("pubkey") in whitelist)