Not open source atm and to be honest with you it’s a good bit more complicated than it seems on the surface to write performant middleware that does something as simple as AUTH for only DMs. Also there’s lots of design choices to be made for specific use cases. 

What happens if the REQ doesn’t include a kind filter? Should the middleware allow this filter and parse all the events and remove any kind 4s? How about if a filter includes multiple kinds some of which are restricted (like DMs) and some are not. Do you augment their filter or just return unauthorized for the whole thing?

It’s much easier to just have “AUTH only” middleware and then connect the user directly to the relay backend, but unfortunately that doesn’t let you protect DM metadata.