Skip to content

feat: reject NIP-70 protected events#644

Open
Anshumancanrock wants to merge 1 commit into
cameri:mainfrom
Anshumancanrock:nip70-reject-protected-events
Open

feat: reject NIP-70 protected events#644
Anshumancanrock wants to merge 1 commit into
cameri:mainfrom
Anshumancanrock:nip70-reject-protected-events

Conversation

@Anshumancanrock

@Anshumancanrock Anshumancanrock commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Description

Adds rejection logic for NIP-70 protected events in EventMessageHandler.

  • Events with a ["-"] tag get rejected with auth-required: this event may only be published by its author (same message the spec uses in its example).
  • Kind-6 reposts that embed a protected event in their content are also rejected.
  • Placed the check after canAcceptEvent so content-length limits kick in before we JSON.parse repost content.

Related Issue

Part of NIP-70 support. Follows #643 which added the detection utility.

Motivation and Context

NIP-70 says relays MUST reject events with ["-"] by default. Without this, those events just get stored and spread like any other event, which breaks the whole point of the tag. The repost check also covers the case where someone sticks a protected event inside a kind-6 repost body to get around the outer tag check.

How Has This Been Tested?

10 unit tests added to event-message-handler.spec.ts covering:

  • Direct protected tag rejection
  • Events with no tags / unrelated tags (no false positives)
  • Kind-6 repost with embedded protected event
  • Kind-6 repost with clean embedded event
  • Empty content, invalid JSON content (graceful handling)
  • Non-repost kind with JSON content containing ["-"] (should pass through)
  • Precedence: a repost that is itself protected hits auth-required before the embed check
  • Malformed embedded tags (non-array tags field in parsed JSON)

Screenshots (if appropriate):

N/A

Types of changes

  • Non-functional change (docs, style, minor refactor)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my code changes.
  • I added a changeset, or this is docs-only and I added an empty changeset.
  • All new and existing tests passed.

@changeset-bot

changeset-bot Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 35f12a9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
nostream Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@Anshumancanrock Anshumancanrock force-pushed the nip70-reject-protected-events branch from 4086a19 to 35f12a9 Compare June 15, 2026 18:44
@Anshumancanrock Anshumancanrock mentioned this pull request Jun 15, 2026
Open
@Anshumancanrock Anshumancanrock requested a review from cameri June 15, 2026 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cameri cameri Awaiting requested review from cameri

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Anshumancanrock