1 package validation
2 3 import (
4 "next.orly.dev/pkg/nostr/encoders/event"
5 "next.orly.dev/pkg/utils"
6 )
7 8 // ValidateProtectedTagMatch checks NIP-70 protected tag requirements.
9 // Events with the "-" tag can only be published by users authenticated
10 // with the same pubkey as the event author.
11 func ValidateProtectedTagMatch(ev *event.E, authedPubkey []byte) Result {
12 // Check for protected tag (NIP-70)
13 protectedTag := ev.Tags.GetFirst([]byte("-"))
14 if protectedTag == nil {
15 return OK() // No protected tag, validation passes
16 }
17 18 // Event has protected tag - verify pubkey matches
19 if !utils.FastEqual(authedPubkey, ev.Pubkey) {
20 return Blocked("protected tag may only be published by user authed to the same pubkey")
21 }
22 23 return OK()
24 }
25 26 // HasProtectedTag checks if an event has the NIP-70 protected tag.
27 func HasProtectedTag(ev *event.E) bool {
28 return ev.Tags.GetFirst([]byte("-")) != nil
29 }
30