@nostrify/policies 0.36.2

package/README.md

@@ -0,0 +1,34 @@
+# Nostrify Policies
+
+Policies allow you to prevent spam on your relay (or in your client).
+
+Policies inspect one event at a time, which they either accept or reject. It's up to the application to decide how to handle the result.
+
+```ts
+import {
+  AntiDuplicationPolicy,
+  FiltersPolicy,
+  HellthreadPolicy,
+  KeywordPolicy,
+  PipePolicy,
+  PowPolicy,
+  RegexPolicy,
+} from '@nostrify/policies';
+
+const policy = new PipePolicy([
+  new FiltersPolicy([{ kinds: [0, 1, 3, 5, 7, 1984, 9734, 9735, 10002] }]),
+  new KeywordPolicy(['https://t.me/']),
+  new RegexPolicy(/(🟠|🔥|😳)ChtaGPT/i),
+  new PubkeyBanPolicy(['e810fafa1e89cdf80cced8e013938e87e21b699b24c8570537be92aec4b12c18']),
+  new HellthreadPolicy({ limit: 100 }),
+  new AntiDuplicationPolicy({ kv: await Deno.openKv(), expireIn: 60000, minLength: 50 }),
+]);
+
+const [_, eventId, ok, reason] = await policy.call(event);
+```
+
+Full documentation: https://nostrify.dev/policy
+
+## License
+
+MIT

package/ReadOnlyPolicy.test.ts

@@ -0,0 +1,19 @@
+import { assertEquals } from '@std/assert';
+import { finalizeEvent, generateSecretKey } from 'nostr-tools';
+
+import { ReadOnlyPolicy } from './ReadOnlyPolicy.ts';
+
+Deno.test('ReadOnlyPolicy', async () => {
+  const policy = new ReadOnlyPolicy();
+
+  const event = finalizeEvent(
+    { kind: 1, content: '', tags: [], created_at: 0 },
+    generateSecretKey(),
+  );
+
+  const [_, eventId, ok, reason] = await policy.call(event);
+
+  assertEquals(eventId, event.id);
+  assertEquals(reason, 'blocked: the relay is read-only');
+  assertEquals(ok, false);
+});

package/ReadOnlyPolicy.ts

@@ -0,0 +1,9 @@
+import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/** This policy rejects all messages. */
+export class ReadOnlyPolicy implements NPolicy {
+  // deno-lint-ignore require-await
+  async call(event: NostrEvent): Promise<NostrRelayOK> {
+    return ['OK', event.id, false, 'blocked: the relay is read-only'];
+  }
+}

package/RegexPolicy.test.ts

@@ -0,0 +1,17 @@
+import { assertEquals } from '@std/assert';
+import { finalizeEvent, generateSecretKey } from 'nostr-tools';
+
+import { RegexPolicy } from './RegexPolicy.ts';
+
+Deno.test('RegexPolicy', async () => {
+  const event = finalizeEvent(
+    { kind: 1, content: '🔥🔥🔥 https://t.me/spam 我想死', tags: [], created_at: 0 },
+    generateSecretKey(),
+  );
+
+  assertEquals((await new RegexPolicy(/https:\/\/t\.me\/\w+/i).call(event))[2], false);
+  assertEquals((await new RegexPolicy(/🔥{1,3}/).call(event))[2], false);
+  assertEquals((await new RegexPolicy(/🔥{4}/).call(event))[2], true);
+  assertEquals((await new RegexPolicy(/🔥$/).call(event))[2], true);
+  assertEquals((await new RegexPolicy(/^🔥/).call(event))[2], false);
+});

package/RegexPolicy.ts

@@ -0,0 +1,22 @@
+import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/**
+ * Reject events whose content matches the regex.
+ *
+ * ```ts
+ * // Ban events matching a regex.
+ * new RegexPolicy(/(🟠|🔥|😳)ChtaGPT/i);
+ * ```
+ */
+export class RegexPolicy implements NPolicy {
+  constructor(private regex: RegExp) {}
+
+  // deno-lint-ignore require-await
+  async call({ id, content }: NostrEvent): Promise<NostrRelayOK> {
+    if (this.regex.test(content)) {
+      return ['OK', id, false, 'blocked: text matches a banned expression'];
+    }
+
+    return ['OK', id, true, ''];
+  }
+}

package/ReplyBotPolicy.test.ts

@@ -0,0 +1,50 @@
+import { assertEquals } from '@std/assert';
+import { genEvent, MockRelay } from '@nostrify/nostrify/test';
+import { generateSecretKey, getPublicKey } from 'nostr-tools';
+
+import { ReplyBotPolicy } from './ReplyBotPolicy.ts';
+
+Deno.test('ReplyBotPolicy blocks replies within the same second', async () => {
+  const store = new MockRelay();
+  const policy = new ReplyBotPolicy({ store });
+
+  const event = genEvent({ kind: 1, created_at: 0 });
+  const reply = genEvent({ kind: 1, created_at: 1, tags: [['e', event.id]] });
+
+  await store.event(event);
+
+  const [, , ok] = await policy.call(reply);
+
+  assertEquals(ok, false);
+});
+
+Deno.test('ReplyBotPolicy allows replies after 1 second', async () => {
+  const store = new MockRelay();
+  const policy = new ReplyBotPolicy({ store });
+
+  const event = genEvent({ kind: 1, created_at: 0 });
+  const reply = genEvent({ kind: 1, created_at: 2, tags: [['e', event.id]] });
+
+  await store.event(event);
+
+  const [, , ok] = await policy.call(reply);
+
+  assertEquals(ok, true);
+});
+
+Deno.test('ReplyBotPolicy allows replies within the same second from users who are tagged', async () => {
+  const store = new MockRelay();
+  const policy = new ReplyBotPolicy({ store });
+
+  const sk = generateSecretKey();
+  const pubkey = getPublicKey(sk);
+
+  const event = genEvent({ kind: 1, created_at: 0, tags: [['p', pubkey]] });
+  const reply = genEvent({ kind: 1, created_at: 1, tags: [['e', event.id]] }, sk);
+
+  await store.event(event);
+
+  const [, , ok] = await policy.call(reply);
+
+  assertEquals(ok, true);
+});

package/ReplyBotPolicy.ts

@@ -0,0 +1,59 @@
+import { NostrEvent, NostrRelayOK, NPolicy, NStore } from '@nostrify/types';
+
+/** Options for the ReplyBotPolicy. */
+export interface ReplyBotPolicyOpts {
+  /** The store to use for fetching events. */
+  store: NStore;
+  /** The minimum time in seconds between two posts. */
+  threshold?: number;
+  /** The kinds of events to apply the policy to. */
+  kinds?: number[];
+}
+
+/** Block events that reply too quickly to another event. */
+export class ReplyBotPolicy implements NPolicy {
+  constructor(private opts: ReplyBotPolicyOpts) {}
+
+  async call(event: NostrEvent, signal?: AbortSignal): Promise<NostrRelayOK> {
+    const { store, threshold = 1, kinds = [1] } = this.opts;
+
+    if (kinds.includes(event.kind)) {
+      const [, replyToId] = ReplyBotPolicy.findReplyTag(event.tags) ?? [];
+
+      if (replyToId) {
+        const [prevEvent] = await store.query([{ ids: [replyToId] }], { signal });
+
+        if (prevEvent) {
+          const diff = event.created_at - prevEvent.created_at;
+          const pTag = prevEvent.tags.find(([name, value]) => name === 'p' && value === event.pubkey);
+
+          if (diff <= threshold && !pTag) {
+            return ['OK', event.id, false, 'rate-limited: replied too quickly'];
+          }
+        }
+      }
+    }
+
+    return ['OK', event.id, true, ''];
+  }
+
+  /** Tag is a NIP-10 root tag. */
+  private static isRootTag(tag: string[]): tag is ['e', string, string, 'root', ...string[]] {
+    return tag[0] === 'e' && tag[3] === 'root';
+  }
+
+  /** Tag is a NIP-10 reply tag. */
+  private static isReplyTag(tag: string[]): tag is ['e', string, string, 'reply', ...string[]] {
+    return tag[0] === 'e' && tag[3] === 'reply';
+  }
+
+  /** Tag is an "e" tag without a NIP-10 marker. */
+  private static isLegacyReplyTag(tag: string[]): tag is ['e', string, string] {
+    return tag[0] === 'e' && !tag[3];
+  }
+
+  /** Get the "e" tag for the event being replied to, first according to the NIPs then falling back to the legacy way. */
+  private static findReplyTag(tags: string[][]): ['e', ...string[]] | undefined {
+    return tags.find(this.isReplyTag) || tags.find(this.isRootTag) || tags.findLast(this.isLegacyReplyTag);
+  }
+}

package/SizePolicy.test.ts

@@ -0,0 +1,21 @@
+import { assertEquals } from '@std/assert';
+import { finalizeEvent, generateSecretKey } from 'nostr-tools';
+
+import { SizePolicy } from './SizePolicy.ts';
+
+Deno.test('SizePolicy', async () => {
+  const policy = new SizePolicy();
+
+  const event = finalizeEvent(
+    { kind: 1, content: 'yolo'.repeat(100), tags: [], created_at: 0 },
+    generateSecretKey(),
+  );
+
+  const bigEvent = finalizeEvent(
+    { kind: 1, content: 'yolo'.repeat(2500), tags: [], created_at: 0 },
+    generateSecretKey(),
+  );
+
+  assertEquals((await policy.call(event))[2], true);
+  assertEquals((await policy.call(bigEvent))[2], false);
+});

package/SizePolicy.ts

@@ -0,0 +1,35 @@
+import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/** Policy options for `SizePolicy`. */
+interface SizePolicyOpts {
+  /** Maximum size of the message content in bytes. Default: 8192 (8KB) */
+  maxBytes?: number;
+}
+
+/**
+ * Reject events larger than a specified size in bytes.
+ *
+ * ```ts
+ * // Reject events larger than the default size (8KB) .
+ * new SizePolicy();
+ * // Reject events larger than a custom size (15KB).
+ * new SizePolicy({ maxBytes: 15 * 1024 });
+ * ```
+ */
+export class SizePolicy implements NPolicy {
+  constructor(private opts: SizePolicyOpts = {}) {}
+
+  // deno-lint-ignore require-await
+  async call(event: NostrEvent): Promise<NostrRelayOK> {
+    const { maxBytes = 8 * 1024 } = this.opts;
+
+    const json = JSON.stringify(event);
+    const size = new TextEncoder().encode(json).length;
+
+    if (size > maxBytes) {
+      return ['OK', event.id, false, `blocked: event is too large`];
+    }
+
+    return ['OK', event.id, true, ''];
+  }
+}

package/WhitelistPolicy.test.ts

@@ -0,0 +1,17 @@
+import { assertEquals } from '@std/assert';
+import { finalizeEvent, generateSecretKey } from 'nostr-tools';
+
+import { WhitelistPolicy } from './WhitelistPolicy.ts';
+
+Deno.test('WhitelistPolicy', async () => {
+  const [event1, event2, event3] = new Array(3).fill(0).map(() => {
+    return finalizeEvent(
+      { kind: 1, content: '', tags: [], created_at: 0 },
+      generateSecretKey(),
+    );
+  });
+
+  assertEquals((await new WhitelistPolicy([]).call(event1))[2], false);
+  assertEquals((await new WhitelistPolicy([event2.pubkey, event1.pubkey]).call(event3))[2], false);
+  assertEquals((await new WhitelistPolicy([event2.pubkey, event1.pubkey]).call(event2))[2], true);
+});

package/WhitelistPolicy.ts

@@ -0,0 +1,32 @@
+import { NostrEvent, NostrRelayInfo, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/**
+ * Allows only the listed pubkeys to post. All other events are rejected.
+ *
+ * ```ts
+ * // Only the given pubkey may post.
+ * new WhitelistPolicy(['e810fafa1e89cdf80cced8e013938e87e21b699b24c8570537be92aec4b12c18']);
+ * ```
+ */
+export class WhitelistPolicy implements NPolicy {
+  constructor(private pubkeys: Iterable<string>) {}
+
+  // deno-lint-ignore require-await
+  async call({ id, pubkey }: NostrEvent): Promise<NostrRelayOK> {
+    for (const p of this.pubkeys) {
+      if (p === pubkey) {
+        return ['OK', id, true, ''];
+      }
+    }
+
+    return ['OK', id, false, 'blocked: only certain pubkeys are allowed to post'];
+  }
+
+  get info(): NostrRelayInfo {
+    return {
+      limitation: {
+        restricted_writes: true,
+      },
+    };
+  }
+}

package/WoTPolicy.test.ts

@@ -0,0 +1,35 @@
+import { ErrorRelay, genEvent, MockRelay } from '@nostrify/nostrify/test';
+import { assert, assertFalse } from '@std/assert';
+import { generateSecretKey, getPublicKey } from 'nostr-tools';
+
+import { WoTPolicy } from './WoTPolicy.ts';
+
+function keygen(): { pubkey: string; seckey: Uint8Array } {
+  const seckey = generateSecretKey();
+  const pubkey = getPublicKey(seckey);
+  return { pubkey, seckey };
+}
+
+Deno.test('WoTPolicy', async () => {
+  const store = new MockRelay();
+  const [alex, patrick, fiatjaf, replyguy] = [keygen(), keygen(), keygen(), keygen()];
+
+  await store.event(genEvent({ kind: 3, tags: [['p', patrick.pubkey]] }, alex.seckey));
+  await store.event(genEvent({ kind: 3, tags: [['p', fiatjaf.pubkey]] }, patrick.seckey));
+  await store.event(genEvent({ kind: 3, tags: [['p', patrick.pubkey]] }, fiatjaf.seckey));
+
+  const policy = new WoTPolicy({ store, pubkeys: [alex.pubkey], depth: 2 });
+
+  assert((await policy.call(genEvent({}, alex.seckey)))[2]);
+  assert((await policy.call(genEvent({}, patrick.seckey)))[2]);
+  assert((await policy.call(genEvent({}, fiatjaf.seckey)))[2]);
+  assertFalse((await policy.call(genEvent({}, replyguy.seckey)))[2]);
+});
+
+Deno.test('WoTPolicy constructor with error store', () => {
+  const store = new ErrorRelay();
+  const alex = keygen();
+
+  // Ensure this doesn't result in an unhandled promise rejection.
+  new WoTPolicy({ store, pubkeys: [alex.pubkey], depth: 1 });
+});

package/WoTPolicy.ts

@@ -0,0 +1,61 @@
+import { NostrEvent, NostrRelayOK, NPolicy, NStore } from '@nostrify/types';
+
+/** Options for the `WoTPolicy`. */
+interface WoTPolicyOpts {
+  /** Store to get kind 3 follow lists from. */
+  store: NStore;
+  /** Initial set of trusted pubkeys to query follow lists for. */
+  pubkeys: Iterable<string>;
+  /**
+   * How many levels of follow lists to query.
+   * `0` will just whitelist the given `pubkeys` without checking their follow lists.
+   * `1` will query their follows,
+   * `2` will query their follows follows, etc.
+   */
+  depth: number;
+}
+
+/** Whitelist pubkeys the given user follows, people those users follow, etc. up to `depth`. */
+export class WoTPolicy implements NPolicy {
+  private pubkeys: Promise<Set<string>> | undefined;
+
+  constructor(private opts: WoTPolicyOpts) {}
+
+  async call(event: NostrEvent): Promise<NostrRelayOK> {
+    this.pubkeys ??= this.getPubkeys();
+    const pubkeys = await this.pubkeys;
+
+    if (pubkeys.has(event.pubkey)) {
+      return ['OK', event.id, true, ''];
+    }
+
+    return ['OK', event.id, false, 'blocked: only certain pubkeys are allowed to post'];
+  }
+
+  /** Retrieve the complete set of pubkeys to whitelist. */
+  private async getPubkeys(): Promise<Set<string>> {
+    const { store, depth } = this.opts;
+
+    const pubkeys = new Set<string>([...this.opts.pubkeys]);
+    const authors = new Set(pubkeys);
+
+    for (let i = 0; i < depth; i++) {
+      const events = await store.query([{ kinds: [3], authors: [...authors] }]);
+
+      authors.clear();
+
+      for (const event of events) {
+        for (const [name, value] of event.tags) {
+          if (name === 'p') {
+            if (!pubkeys.has(value)) { // Avoid infinite loops.
+              authors.add(value);
+            }
+            pubkeys.add(value);
+          }
+        }
+      }
+    }
+
+    return pubkeys;
+  }
+}

package/dist/AntiDuplicationPolicy.d.ts

@@ -0,0 +1,43 @@
+import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+import { Kv } from '@deno/kv';
+/** Policy options for `AntiDuplicationPolicy`. */
+interface AntiDuplicationPolicyOpts {
+    /** Deno.Kv implementation to use. */
+    kv: Pick<Kv, 'get' | 'set'>;
+    /** Time in ms until a message with this content may be posted again. Default: `60000` (1 minute). */
+    expireIn?: number;
+    /** Note text under this limit will be skipped by the policy. Default: `50`. */
+    minLength?: number;
+    /** Normalize the event's content before a hash is taken, to prevent the attacker from making small changes. Should return the normalized content. */
+    deobfuscate?(event: NostrEvent): string;
+}
+/**
+ * Prevent messages with the exact same content from being submitted repeatedly.
+ *
+ * It stores a hashcode for each content in a Deno.Kv database and rate-limits them. Only messages that meet the minimum length criteria are selected.
+ * Each time a matching message is submitted, the timer will reset, so spammers sending the same message will only ever get the first one through.
+ *
+ * ```ts
+ * // Open a Deno.KV instance.
+ * const kv = await Deno.openKv();
+ *
+ * // Prevent the same message from being posted within 60 seconds.
+ * new AntiDuplicationPolicy({ kv, expireIn: 60000 });
+ *
+ * // Only enforce the policy on messages with at least 50 characters.
+ * new AntiDuplicationPolicy({ kv, expireIn: 60000, minLength: 50 });
+ * ```
+ */
+export declare class AntiDuplicationPolicy implements NPolicy {
+    private opts;
+    constructor(opts: AntiDuplicationPolicyOpts);
+    call(event: NostrEvent): Promise<NostrRelayOK>;
+    /**
+     * Get a "good enough" unique identifier for this content.
+     * This algorithm was chosen because it's very fast with a low chance of collisions.
+     * https://stackoverflow.com/a/8831937
+     */
+    private static hashCode;
+}
+export {};
+//# sourceMappingURL=AntiDuplicationPolicy.d.ts.map

package/dist/AntiDuplicationPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AntiDuplicationPolicy.d.ts","sourceRoot":"","sources":["../AntiDuplicationPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACpE,OAAO,EAAE,EAAE,EAAS,MAAM,UAAU,CAAC;AAErC,kDAAkD;AAClD,UAAU,yBAAyB;IACjC,qCAAqC;IACrC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,GAAG,KAAK,CAAC,CAAC;IAC5B,qGAAqG;IACrG,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,+EAA+E;IAC/E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qJAAqJ;IACrJ,WAAW,CAAC,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAAC;CACzC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,qBAAsB,YAAW,OAAO;IACvC,OAAO,CAAC,IAAI;gBAAJ,IAAI,EAAE,yBAAyB;IAE7C,IAAI,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IA4BpD;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ;CASxB"}

package/dist/AntiDuplicationPolicy.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AntiDuplicationPolicy = void 0;
+/**
+ * Prevent messages with the exact same content from being submitted repeatedly.
+ *
+ * It stores a hashcode for each content in a Deno.Kv database and rate-limits them. Only messages that meet the minimum length criteria are selected.
+ * Each time a matching message is submitted, the timer will reset, so spammers sending the same message will only ever get the first one through.
+ *
+ * ```ts
+ * // Open a Deno.KV instance.
+ * const kv = await Deno.openKv();
+ *
+ * // Prevent the same message from being posted within 60 seconds.
+ * new AntiDuplicationPolicy({ kv, expireIn: 60000 });
+ *
+ * // Only enforce the policy on messages with at least 50 characters.
+ * new AntiDuplicationPolicy({ kv, expireIn: 60000, minLength: 50 });
+ * ```
+ */
+class AntiDuplicationPolicy {
+    opts;
+    constructor(opts) {
+        this.opts = opts;
+    }
+    async call(event) {
+        const { id, kind } = event;
+        const { kv, expireIn = 60000, minLength = 50, deobfuscate } = this.opts;
+        const content = deobfuscate?.(event) ?? event.content;
+        if (kind === 1 && content.length >= minLength) {
+            const hash = AntiDuplicationPolicy.hashCode(content);
+            const key = ['nostrify', 'policies', 'antiduplication', hash];
+            const { value } = await kv.get(key);
+            if (value) {
+                await kv.set(key, true, { expireIn });
+                return [
+                    'OK',
+                    id,
+                    false,
+                    'blocked: the same message has been repeated too many times',
+                ];
+            }
+            await kv.set(key, true, { expireIn });
+        }
+        return ['OK', id, true, ''];
+    }
+    /**
+     * Get a "good enough" unique identifier for this content.
+     * This algorithm was chosen because it's very fast with a low chance of collisions.
+     * https://stackoverflow.com/a/8831937
+     */
+    static hashCode(str) {
+        let hash = 0;
+        for (let i = 0, len = str.length; i < len; i++) {
+            const chr = str.charCodeAt(i);
+            hash = (hash << 5) - hash + chr;
+            hash |= 0; // Convert to 32bit integer
+        }
+        return hash;
+    }
+}
+exports.AntiDuplicationPolicy = AntiDuplicationPolicy;
+//# sourceMappingURL=AntiDuplicationPolicy.js.map

package/dist/AntiDuplicationPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AntiDuplicationPolicy.js","sourceRoot":"","sources":["../AntiDuplicationPolicy.ts"],"names":[],"mappings":";;;AAeA;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,qBAAqB;IACZ;IAApB,YAAoB,IAA+B;QAA/B,SAAI,GAAJ,IAAI,CAA2B;IAAG,CAAC;IAEvD,KAAK,CAAC,IAAI,CAAC,KAAiB;QAC1B,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;QAC3B,MAAM,EAAE,EAAE,EAAE,QAAQ,GAAG,KAAK,EAAE,SAAS,GAAG,EAAE,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;QAExE,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC;QAEtD,IAAI,IAAI,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;YAC9C,MAAM,IAAI,GAAG,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,GAAG,GAAU,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,IAAI,CAAC,CAAC;YAErE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEpC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACtC,OAAO;oBACL,IAAI;oBACJ,EAAE;oBACF,KAAK;oBACL,4DAA4D;iBAC7D,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,QAAQ,CAAC,GAAW;QACjC,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC;YAChC,IAAI,IAAI,CAAC,CAAC,CAAC,2BAA2B;QACxC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AA7CD,sDA6CC"}

package/dist/AnyPolicy.d.ts

@@ -0,0 +1,8 @@
+import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+/** Similar to `PipePolicy`, but passes if at least one policy passes. */
+export declare class AnyPolicy implements NPolicy {
+    private policies;
+    constructor(policies: NPolicy[]);
+    call(event: NostrEvent, signal?: AbortSignal): Promise<NostrRelayOK>;
+}
+//# sourceMappingURL=AnyPolicy.d.ts.map

package/dist/AnyPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AnyPolicy.d.ts","sourceRoot":"","sources":["../AnyPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAEpE,yEAAyE;AACzE,qBAAa,SAAU,YAAW,OAAO;IAC3B,OAAO,CAAC,QAAQ;gBAAR,QAAQ,EAAE,OAAO,EAAE;IAEjC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC;CAc3E"}

package/dist/AnyPolicy.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AnyPolicy = void 0;
+/** Similar to `PipePolicy`, but passes if at least one policy passes. */
+class AnyPolicy {
+    policies;
+    constructor(policies) {
+        this.policies = policies;
+    }
+    async call(event, signal) {
+        let result = ['OK', event.id, false, 'blocked: no policy passed'];
+        for (const policy of this.policies) {
+            result = await policy.call(event, signal);
+            const ok = result[2];
+            if (ok) {
+                return result;
+            }
+        }
+        return result;
+    }
+}
+exports.AnyPolicy = AnyPolicy;
+//# sourceMappingURL=AnyPolicy.js.map

package/dist/AnyPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AnyPolicy.js","sourceRoot":"","sources":["../AnyPolicy.ts"],"names":[],"mappings":";;;AAEA,yEAAyE;AACzE,MAAa,SAAS;IACA;IAApB,YAAoB,QAAmB;QAAnB,aAAQ,GAAR,QAAQ,CAAW;IAAG,CAAC;IAE3C,KAAK,CAAC,IAAI,CAAC,KAAiB,EAAE,MAAoB;QAChD,IAAI,MAAM,GAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,2BAA2B,CAAC,CAAC;QAEhF,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnC,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAE1C,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACrB,IAAI,EAAE,EAAE,CAAC;gBACP,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAjBD,8BAiBC"}

package/dist/AuthorPolicy.d.ts

@@ -0,0 +1,9 @@
+import { NostrEvent, NostrRelayOK, NPolicy, NStore } from '@nostrify/types';
+/** Rejects events by authors without a kind 0, then optionally applies another policy to the kind 0. */
+export declare class AuthorPolicy implements NPolicy {
+    private store;
+    private policy?;
+    constructor(store: NStore, policy?: NPolicy);
+    call(event: NostrEvent, signal?: AbortSignal): Promise<NostrRelayOK>;
+}
+//# sourceMappingURL=AuthorPolicy.d.ts.map

package/dist/AuthorPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorPolicy.d.ts","sourceRoot":"","sources":["../AuthorPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE5E,wGAAwG;AACxG,qBAAa,YAAa,YAAW,OAAO;IAC9B,OAAO,CAAC,KAAK;IAAU,OAAO,CAAC,MAAM,CAAC;gBAA9B,KAAK,EAAE,MAAM,EAAU,MAAM,CAAC,EAAE,OAAO;IAErD,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC;CAgB3E"}

package/dist/AuthorPolicy.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorPolicy = void 0;
+/** Rejects events by authors without a kind 0, then optionally applies another policy to the kind 0. */
+class AuthorPolicy {
+    store;
+    policy;
+    constructor(store, policy) {
+        this.store = store;
+        this.policy = policy;
+    }
+    async call(event, signal) {
+        const author = event.kind === 0 ? event : await this.store
+            .query([{ kinds: [0], authors: [event.pubkey], limit: 1 }], { signal })
+            .then(([event]) => event);
+        if (!author) {
+            return ['OK', event.id, false, 'blocked: author is missing a kind 0 event'];
+        }
+        if (this.policy) {
+            const [, , ok, reason] = await this.policy.call(author, signal);
+            return ['OK', event.id, ok, reason];
+        }
+        return ['OK', event.id, true, ''];
+    }
+}
+exports.AuthorPolicy = AuthorPolicy;
+//# sourceMappingURL=AuthorPolicy.js.map

package/dist/AuthorPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorPolicy.js","sourceRoot":"","sources":["../AuthorPolicy.ts"],"names":[],"mappings":";;;AAEA,wGAAwG;AACxG,MAAa,YAAY;IACH;IAAuB;IAA3C,YAAoB,KAAa,EAAU,MAAgB;QAAvC,UAAK,GAAL,KAAK,CAAQ;QAAU,WAAM,GAAN,MAAM,CAAU;IAAG,CAAC;IAE/D,KAAK,CAAC,IAAI,CAAC,KAAiB,EAAE,MAAoB;QAChD,MAAM,MAAM,GAA2B,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK;aAC/E,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC;aACtE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;QAE5B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,2CAA2C,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,CAAC,EAAE,AAAD,EAAG,EAAE,EAAE,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAChE,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IACpC,CAAC;CACF;AAnBD,oCAmBC"}

package/dist/DomainPolicy.d.ts

@@ -0,0 +1,21 @@
+import { NPolicy, NProfilePointer, NStore } from '@nostrify/types';
+import { AuthorPolicy } from './AuthorPolicy';
+/** Options for `DomainPolicy`. */
+interface DomainPolicyOpts {
+    /** Custom NIP-05 lookup function. */
+    lookup?(nip05: string, signal?: AbortSignal): Promise<NProfilePointer>;
+    /** List of domains to blacklist. Reject events from users with a NIP-05 matching any of these domains. */
+    blacklist?: string[];
+    /** List of domains to whitelist. If provided, only events from users with a valid NIP-05 on the given domains will be accepted. */
+    whitelist?: string[];
+}
+/** Ban events unless their author has a valid NIP-05 name. Domains can also be whitelisted or blacklisted. */
+export declare class DomainPolicy extends AuthorPolicy implements NPolicy {
+    constructor(store: NStore, opts?: DomainPolicyOpts);
+    /** Check if a domain is blacklisted, including subdomains of blacklisted domains. */
+    private static isDomainBlacklisted;
+    /** Default NIP-05 lookup method if one isn't provided by the caller. */
+    private static lookup;
+}
+export {};
+//# sourceMappingURL=DomainPolicy.d.ts.map

package/dist/DomainPolicy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DomainPolicy.d.ts","sourceRoot":"","sources":["../DomainPolicy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEnE,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,kCAAkC;AAClC,UAAU,gBAAgB;IACxB,qCAAqC;IACrC,MAAM,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IACvE,0GAA0G;IAC1G,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,mIAAmI;IACnI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,8GAA8G;AAC9G,qBAAa,YAAa,SAAQ,YAAa,YAAW,OAAO;gBACnD,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,gBAAqB;IAmDtD,qFAAqF;IACrF,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAmBlC,wEAAwE;IACxE,OAAO,CAAC,MAAM,CAAC,MAAM;CAMtB"}