[NIP05 BE] Require API users to give us metadata before they can use the API

[setch-l]

We need users of the NIP05 API to provide metadata about who they are so we can track when someone is abusing the API.

[rabble]

Don’t we require that requests to the nip05 api to have a signed Nostr event in the request as specified in nip-98?

https://github.com/nostr-protocol/nips/blob/master/98.md

This would let us know for sure that it comes from a specific nsec/npub. We could also embed a signature derived from a secret we embed in the nos app which provide pretty good security for now.

[dcadenas]

Yes, the authentication only requires signing the auth request. The metadata collection isn’t for authentication purposes but rather for tracking activities, like IP addresses, user agent, to identify if someone is generating random npubs via a script. Just to help us manually address any possible abuse through direct database manipulation if we need to.