This is a grpc authz server that uses the Nostrocket Engine to validate current users for the Flamebucket Rocket, which is a set of paid nostr relays.
Flamebucket Manager should not be used directly, but consumed from the Flamebucket repo (as a submodule).
gRPC authz server for nostr-rs-rely. Admits events based on whether they have been allowed by the relay admin.
This package is an extension of nostr-rs-relay and the instructions here assume the relay exists in ./nostr-rs-relay/
- Make sure you are running the latest version of Rust, if you installed with rustup:
rustup update
- Clone and compile
git clone https://github.com/nostrocket/flamebucketmanager.git
cd manage-relay-users
cargo update
cargo build -r
- Edit the config file.
vim config.toml
Add a pubkey (in hex) that will have permission to administer the relay. Uncomment the grpc and db_path lines.
- Edit the config of the relay
cd ../nostr-rs-relay
vim config.toml
Find the line with event_admission_server
[grpc]
# event_admission_server = "http://[::1]:50051" <---- this line
Uncomment this line and change it to reflect your local setup that matches the grpc config you used above. For example:
event_admission_server = "http://127.0.0.1:50001"
- Run
You will need to use
screen
ortmux
or a different terminal tab so that you can run two processes. Start the relay manager first:
cd ../manage-relay-users
./target/release/manage_relay_users --config config.toml
In a different terminal on the same system:
cd ../nostr-rs-relay
RUST_LOG=warn,nostr_rs_relay=info ./target/release/nostr-rs-relay --config config.toml
The admin(s) can update accounts by publishing an kind
4242 event with an allow tag where index 0 is "allow" followed by the list of hex pubkeys, and a "deny" tag of the same format.
For now this is not in a NIP if there is interest it can be more formalized.
Events can be published using this branch of nostr tools or implementing the event format in other tools.
https://github.com/thesimplekid/nostr-tool/tree/manage_relay_users
{
"id": <32-bytes lowercase hex-encoded sha256 of the the serialized event data>,
"pubkey": <pubkey of the relay admin>,
"created_at": <unix timestamp in seconds>,
"kind": 4242,
"tags": [
["allow", <32-bytes hex of a pubkey>, <32-bytes hex of a pubkey>, ...],
["deny", <32-bytes hex of a pubkey>, <32-bytes hex of a pubkey>, ...],
...
],
"content": "",
...
}
The users can be updated by sending a http POST
to the /update
endpoint with a json body with the following format.
{
"allow":, [<32-bytes hex of a pubkey>, <32-bytes hex of a pubkey>, ...],
"deny": [<32-bytes hex of a pubkey>, <32-bytes hex of a pubkey>, ...],
}
There is also a GET
endpoint with at /users
that will return json of the same format with allowed and denied users.
If the relay has nip42 enabled it will use the authenticated pubkey if not the author pubkey of the note will be used.
Code is under the BSD 3-Clause License