enable nip42 function for public bouncer.

Signed-off-by: Yonle <[email protected]>
Yonle · Nov 20, 2023 · 32600cd · 32600cd
1 parent 8a189bc
commit 32600cd
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 15 deletions.
diff --git a/auth.js b/auth.js
@@ -1,6 +1,7 @@
 const { validateEvent, verifySignature } = require("nostr-tools");
+const { authorized_keys, private_keys } = require("./config");
 
-module.exports = (authKey, authorized, authorized_keys, data, ws, req) => {
+module.exports = (authKey, data, ws, req) => {
   if (!validateEvent(data)) {
     ws.send(JSON.stringify(["NOTICE", "error: invalid challenge response."]));
     return false;
@@ -11,7 +12,7 @@ module.exports = (authKey, authorized, authorized_keys, data, ws, req) => {
     return false;
   }
 
-  if (!authorized_keys.includes(data.pubkey)) {
+  if (!authorized_keys?.includes(data.pubkey) && !private_keys?[data.pubkey]) {
     ws.send(JSON.stringify(["OK", data.id, false, "unauthorized."]));
     return false;
   }
@@ -21,11 +22,6 @@ module.exports = (authKey, authorized, authorized_keys, data, ws, req) => {
     return false;
   }
 
-  if (authorized) {
-    ws.send(JSON.stringify(["OK", data.id, false, "already authorized."]));
-    return false;
-  }
-
   const tags = new Map(data.tags);
   if (!tags.get("relay").includes(req.headers.host)) {
     ws.send(JSON.stringify(["OK", data.id, false, "unmatched relay url."]));
@@ -37,6 +33,6 @@ module.exports = (authKey, authorized, authorized_keys, data, ws, req) => {
     return false;
   }
 
-  ws.send(JSON.stringify(["OK", data.id, true, `Welcome ${data.pubkey}`]));
+  ws.send(JSON.stringify(["OK", data.id, true, `Hello ${data.pubkey}`]));
   return true;
 }
diff --git a/bouncer.js b/bouncer.js
@@ -26,6 +26,15 @@ module.exports = (ws, req) => {
     authKey = Date.now() + Math.random().toString(36);
     authorized = false;
     ws.send(JSON.stringify(["AUTH", authKey]));
+  } else if (private_keys !== {}) {
+    // If there is no whitelist, Then we ask to client what is their public key.
+    // We will enable NIP-42 function for this session if user pubkey was available & valid in <private_keys>.
+
+    // There is no need to limit this session. We only ask who is this user.
+    // If it was the users listed at <private_keys> in config.js, Then the user could use NIP-42 protected relays.
+
+    authKey = Date.now() + Math.random().toString(36);
+    ws.send(JSON.stringify(["AUTH", authKey]));
   }
 
   console.log(process.pid, `->- ${req.headers["x-forwarded-for"]?.split(",")[0] || req.socket.address()?.address} connected as ${ws.id}`);
@@ -69,10 +78,12 @@ module.exports = (ws, req) => {
         bc(data, ws.id);
         break;
       case "AUTH":
-        if (auth(authKey, authorized, authorized_keys, data[1], ws, req)) {
+        if (auth(authKey, data[1], ws, req)) {
           ws.pubkey = data[1].pubkey;
-          authorized = true;
+          console.log(process.pid, "---", ws.id, "succesfully authorized as", ws.pubkey, private_keys[ws.pubkey] ? "(admin)" : "(user)");
+          if (authorized) return;
           relays.forEach(_ => newConn(_, ws.id));
+          authorized = true;
         }
         break;
       default:

diff --git a/config.js.example b/config.js.example
@@ -16,7 +16,7 @@ module.exports = {
   // Time before reconnect to relays in miliseconds.
   reconnect_time: 5000,
 
-  // For personal usage. This is a whitelist of users public keys that could use this bouncer.
+  // A whitelist of users public keys who could use this bouncer.
   // Leaving this empty will allows everyone to use this bouncer.
   // NOTE: - Require NIP-42 compatible nostr client
   authorized_keys: [
@@ -25,10 +25,13 @@ module.exports = {
     // ....
   ],
 
-  // For personal usage. Used for authenticating NIP-42 relays to access certain events (such as kind 4, etc).
+  // Used for accessing NIP-42 protected events from certain relays.
   // It could be your key. Leaving this empty completely disables NIP-42 function.
-  // NOTE: - NIP-42 (auth) is ONLY supported with provided <private_keys>
-  //       - To use one of the following privatekeys, NIP-42 compatible nostr client is required.
+  //
+  // You could use this function even as a public bouncer.
+  // There are no security risk as it utilize NIP-42 to recognize client public key.
+  //
+  // NOTE: - Require NIP-42 compatible nostr client
   private_keys: {
     // "pubkey-in-hex": "privatekey",
     // "pubkey-in-hex": "nsec ...."
@@ -49,7 +52,7 @@ module.exports = {
     // Some nostr client may read the following for compatibility check.
     // You may change the supported_nips to match with what your relays supported.
     "supported_nips": [1,2,9,11,12,15,16,20,22,33,40,42,50],
-    "version": "1.0.0"
+    "version": require("./package.json").version
   },
 
   // Nostr relays to bounce [Required]