Add blossom.authenticated_read config setting

README.md

@@ -95,6 +95,7 @@ Configures NIP 86 support.
 Configures blossom support.
 
 - `enabled` - whether blossom is enabled.
+- `authenticated_read` - whether users must perform NIP 98 AUTH in order to fetch a file.
 
 ### `[push]`
 

zooid/blossom.go

@@ -67,6 +67,10 @@ func (bl *BlossomStore) Enable(instance *Instance) {
 	}
 
 	backend.RejectGet = func(ctx context.Context, auth *nostr.Event, sha256 string, ext string) (bool, string, int) {
+		if !bl.Config.Blossom.AuthenticatedRead {
+			return false, "", 200
+		}
+
 		if auth == nil || !instance.Management.IsMember(auth.PubKey) {
 			return true, "unauthorized", 403
 		}

zooid/config.go

@@ -45,7 +45,8 @@ type Config struct {
 	} `toml:"management" json:"management"`
 
 	Blossom struct {
-		Enabled bool `toml:"enabled" json:"enabled"`
+		Enabled           bool `toml:"enabled" json:"enabled"`
+		AuthenticatedRead bool `toml:"authenticated_read" json:"authenticated_read"`
 	} `toml:"blossom" json:"blossom"`
 
 	Livekit struct {