From e28454ac32042a7ca60a4f2c3dbf8e0d65154a0c Mon Sep 17 00:00:00 2001
From: William Casarin <jb55@jb55.com>
Date: Tue, 9 Jul 2024 10:14:33 -0700
Subject: [PATCH] filter: add protected_events filter

This adds support for protected events

Link: https://github.com/nostr-protocol/nips/pull/1030
Signed-off-by: William Casarin <jb55@jb55.com>
---
 README.md                       | 19 ++++++++++++++++++-
 noteguard.toml                  |  4 +++-
 src/filters/mod.rs              |  2 ++
 src/filters/protected_events.rs | 29 +++++++++++++++++++++++++++++
 src/main.rs                     |  3 ++-
 test/{test-delayed => delayed}  |  0
 test/{test-inputs => inputs}    |  2 +-
 7 files changed, 55 insertions(+), 4 deletions(-)
 create mode 100644 src/filters/protected_events.rs
 rename test/{test-delayed => delayed} (100%)
 rename test/{test-inputs => inputs} (93%)

diff --git a/README.md b/README.md
index 998e50c..1a09efb 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ You can add any new filter you want by implementing the `NoteFilter` trait and r
 The `pipeline` config specifies the order in which filters are run. When the first `reject` or `shadowReject` action is hit, then the pipeline stops and returns the rejection error.
 
 ```toml
-pipeline = ["whitelist", "ratelimit"]
+pipeline = ["protected_events", "whitelist", "ratelimit"]
 
 [filters.ratelimit]
 posts_per_minute = 8
@@ -23,6 +23,8 @@ whitelist = ["127.0.0.1"]
 [filters.whitelist]
 pubkeys = ["32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"]
 ips = ["127.0.0.1", "127.0.0.2"]
+
+[filters.protected_events]
 ```
 
 ## Filters
@@ -33,6 +35,8 @@ This is the initial release, and only includes one filter so far:
 
 ### Ratelimit
 
+* name: `ratelimit`
+
 The ratelimit filter limits the rate at which notes are written to the relay per-ip.
 
 Settings:
@@ -43,6 +47,8 @@ Settings:
 
 ### Whitelist
 
+* name: `whitelist`
+
 The whitelist filter only allows notes to pass if it matches a particular pubkey or source ip:
 
 - `pubkeys` *optional*: a list of hex public keys to let through
@@ -51,6 +57,16 @@ The whitelist filter only allows notes to pass if it matches a particular pubkey
 
 Either criteria can match
 
+### Protected Events
+
+See [nip70]
+
+* name: `protected_events`
+
+There are no config options, but an empty config entry is still needed:
+
+`[filters.protected_events]`
+
 ## Testing
 
 You can test your filters like so:
@@ -62,3 +78,4 @@ $ <test/test-inputs ./target/release/noteguard
 ```
 
 [strfry]: https://github.com/hoytech/strfry
+[nip70]: https://github.com/nostr-protocol/nips/blob/protected-events-tag/70.md
diff --git a/noteguard.toml b/noteguard.toml
index 382e33e..efdc3d2 100644
--- a/noteguard.toml
+++ b/noteguard.toml
@@ -1,5 +1,5 @@
 
-pipeline = ["whitelist", "ratelimit"]
+pipeline = ["protected_events", "whitelist", "ratelimit"]
 
 [filters.ratelimit]
 posts_per_minute = 8
@@ -8,3 +8,5 @@ whitelist = ["127.0.0.1"]
 [filters.whitelist]
 pubkeys = ["16c21558762108afc34e4ff19e4ed51d9a48f79e0c34531efc423d21ab435e93"]
 ips = ["127.0.0.1"]
+
+[filters.protected_events]
diff --git a/src/filters/mod.rs b/src/filters/mod.rs
index 247f2c1..b29e8a4 100644
--- a/src/filters/mod.rs
+++ b/src/filters/mod.rs
@@ -1,5 +1,7 @@
+mod protected_events;
 mod ratelimit;
 mod whitelist;
 
+pub use protected_events::ProtectedEvents;
 pub use ratelimit::RateLimit;
 pub use whitelist::Whitelist;
diff --git a/src/filters/protected_events.rs b/src/filters/protected_events.rs
new file mode 100644
index 0000000..c3b52f0
--- /dev/null
+++ b/src/filters/protected_events.rs
@@ -0,0 +1,29 @@
+use crate::{Action, InputMessage, NoteFilter, OutputMessage};
+use serde::Deserialize;
+
+#[derive(Deserialize, Default)]
+pub struct ProtectedEvents {}
+
+impl NoteFilter for ProtectedEvents {
+    fn filter_note(&mut self, input: &InputMessage) -> OutputMessage {
+        for tag in &input.event.tags {
+            for entry in tag {
+                if entry == "-" {
+                    return OutputMessage::new(
+                        input.event.id.clone(),
+                        Action::Reject,
+                        Some("blocked: event marked as protected".to_string()),
+                    );
+                }
+                break;
+            }
+            break;
+        }
+
+        OutputMessage::new(input.event.id.clone(), Action::Accept, None)
+    }
+
+    fn name(&self) -> &'static str {
+        "protected_events"
+    }
+}
diff --git a/src/main.rs b/src/main.rs
index 07396b9..9ffecb6 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,4 +1,4 @@
-use noteguard::filters::{RateLimit, Whitelist};
+use noteguard::filters::{ProtectedEvents, RateLimit, Whitelist};
 use noteguard::{Action, InputMessage, NoteFilter, OutputMessage};
 use serde::de::DeserializeOwned;
 use serde::Deserialize;
@@ -42,6 +42,7 @@ impl Noteguard {
     fn register_builtin_filters(&mut self) {
         self.register_filter::<RateLimit>();
         self.register_filter::<Whitelist>();
+        self.register_filter::<ProtectedEvents>();
     }
 
     /// Run the loaded filters. You must call `load_config` before calling this, otherwise
diff --git a/test/test-delayed b/test/delayed
similarity index 100%
rename from test/test-delayed
rename to test/delayed
diff --git a/test/test-inputs b/test/inputs
similarity index 93%
rename from test/test-inputs
rename to test/inputs
index 3a3f145..51ebb25 100644
--- a/test/test-inputs
+++ b/test/inputs
@@ -1,4 +1,4 @@
-{"type": "new","receivedAt":12345,"sourceType":"IP4","sourceInfo": "127.0.0.3","event":{"id": "68421a122cef086512b2c5bd29ca6285ced8bd8e302e347e3c5d90466c860a76","pubkey": "16c21558762108afc34e4ff19e4ed51d9a48f79e0c34531efc423d21ab435e93","created_at": 1720408658,"kind": 1,"tags": [],"content": "hi","sig": "7b76471744ded2b720ca832cdc89e670f6093ce38aeef55a5c6a4e077883d7d80dda1e9051032fb1faa1c3c212c517e93ee42b3ceac8e8e9b04bad46a361de90"}}
+{"type": "new","receivedAt":12345,"sourceType":"IP4","sourceInfo": "127.0.0.3","event":{"id": "70651d96a2b6b3431cc06b7543249ccd22ab5c203c6aa590b7688f916f252f8f","pubkey": "879d67486027539073d6531d271e3791b15c3e48becbfe4c3727e93355330cc8","created_at": 1720545068,"kind": 1,"tags": [["-"]],"content": "hello there","sig": "21a901e3663bac846493df588ad2185751a5a2826a64c26afb9edce8f9d9344cf00c1ea43016e7faca69da661eadd2731b457a0c31b207ab6ed509a047bf7845"}}
 {"type": "new","receivedAt":12345,"sourceType":"IP4","sourceInfo": "127.0.0.3","event":{"id": "68421a122cef086512b2c5bd29ca6285ced8bd8e302e347e3c5d90466c860a76","pubkey": "16c21558762108afc34e4ff19e4ed51d9a48f79e0c34531efc423d21ab435e93","created_at": 1720408658,"kind": 1,"tags": [],"content": "hi","sig": "7b76471744ded2b720ca832cdc89e670f6093ce38aeef55a5c6a4e077883d7d80dda1e9051032fb1faa1c3c212c517e93ee42b3ceac8e8e9b04bad46a361de90"}}
 {"type": "new","receivedAt":12345,"sourceType":"IP4","sourceInfo": "127.0.0.3","event":{"id": "68421a122cef086512b2c5bd29ca6285ced8bd8e302e347e3c5d90466c860a76","pubkey": "16c21558762108afc34e4ff19e4ed51d9a48f79e0c34531efc423d21ab435e93","created_at": 1720408658,"kind": 1,"tags": [],"content": "hi","sig": "7b76471744ded2b720ca832cdc89e670f6093ce38aeef55a5c6a4e077883d7d80dda1e9051032fb1faa1c3c212c517e93ee42b3ceac8e8e9b04bad46a361de90"}}
 {"type": "new","receivedAt":12345,"sourceType":"IP4","sourceInfo": "127.0.0.1","event":{"id": "68421a122cef086512b2c5bd29ca6285ced8bd8e302e347e3c5d90466c860a76","pubkey": "16c21558762108afc34e4ff19e4ed51d9a48f79e0c34531efc423d21ab435e93","created_at": 1720408658,"kind": 1,"tags": [],"content": "hi","sig": "7b76471744ded2b720ca832cdc89e670f6093ce38aeef55a5c6a4e077883d7d80dda1e9051032fb1faa1c3c212c517e93ee42b3ceac8e8e9b04bad46a361de90"}}