Skip to content
This repository has been archived by the owner on Sep 20, 2024. It is now read-only.

Commit

Permalink
enable nip42 function for public bouncer.
Browse files Browse the repository at this point in the history
Signed-off-by: Yonle <[email protected]>
  • Loading branch information
Yonle committed Nov 20, 2023
1 parent 8a189bc commit 4f393c1
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 15 deletions.
12 changes: 4 additions & 8 deletions auth.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
const { validateEvent, verifySignature } = require("nostr-tools");
const { authorized_keys, private_keys } = require("./config");

module.exports = (authKey, authorized, authorized_keys, data, ws, req) => {
module.exports = (authKey, data, ws, req) => {
if (!validateEvent(data)) {
ws.send(JSON.stringify(["NOTICE", "error: invalid challenge response."]));
return false;
Expand All @@ -11,7 +12,7 @@ module.exports = (authKey, authorized, authorized_keys, data, ws, req) => {
return false;
}

if (!authorized_keys.includes(data.pubkey)) {
if (!authorized_keys?.includes(data.pubkey) && !private_keys[data.pubkey]) {
ws.send(JSON.stringify(["OK", data.id, false, "unauthorized."]));
return false;
}
Expand All @@ -21,11 +22,6 @@ module.exports = (authKey, authorized, authorized_keys, data, ws, req) => {
return false;
}

if (authorized) {
ws.send(JSON.stringify(["OK", data.id, false, "already authorized."]));
return false;
}

const tags = new Map(data.tags);
if (!tags.get("relay").includes(req.headers.host)) {
ws.send(JSON.stringify(["OK", data.id, false, "unmatched relay url."]));
Expand All @@ -37,6 +33,6 @@ module.exports = (authKey, authorized, authorized_keys, data, ws, req) => {
return false;
}

ws.send(JSON.stringify(["OK", data.id, true, `Welcome ${data.pubkey}`]));
ws.send(JSON.stringify(["OK", data.id, true, `Hello ${data.pubkey}`]));
return true;
}
15 changes: 13 additions & 2 deletions bouncer.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,15 @@ module.exports = (ws, req) => {
authKey = Date.now() + Math.random().toString(36);
authorized = false;
ws.send(JSON.stringify(["AUTH", authKey]));
} else if (private_keys !== {}) {
// If there is no whitelist, Then we ask to client what is their public key.
// We will enable NIP-42 function for this session if user pubkey was available & valid in <private_keys>.

// There is no need to limit this session. We only ask who is this user.
// If it was the users listed at <private_keys> in config.js, Then the user could use NIP-42 protected relays.

authKey = Date.now() + Math.random().toString(36);
ws.send(JSON.stringify(["AUTH", authKey]));
}

console.log(process.pid, `->- ${req.headers["x-forwarded-for"]?.split(",")[0] || req.socket.address()?.address} connected as ${ws.id}`);
Expand Down Expand Up @@ -69,10 +78,12 @@ module.exports = (ws, req) => {
bc(data, ws.id);
break;
case "AUTH":
if (auth(authKey, authorized, authorized_keys, data[1], ws, req)) {
if (auth(authKey, data[1], ws, req)) {
ws.pubkey = data[1].pubkey;
authorized = true;
console.log(process.pid, "---", ws.id, "succesfully authorized as", ws.publickey, private_keys[ws.pubkey] ? "(admin)" : "(user)");
if (authorized) return;
relays.forEach(_ => newConn(_, ws.id));
authorized = true;
}
break;
default:
Expand Down
13 changes: 8 additions & 5 deletions config.js.example
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module.exports = {
// Time before reconnect to relays in miliseconds.
reconnect_time: 5000,

// For personal usage. This is a whitelist of users public keys that could use this bouncer.
// A whitelist of users public keys who could use this bouncer.
// Leaving this empty will allows everyone to use this bouncer.
// NOTE: - Require NIP-42 compatible nostr client
authorized_keys: [
Expand All @@ -25,10 +25,13 @@ module.exports = {
// ....
],

// For personal usage. Used for authenticating NIP-42 relays to access certain events (such as kind 4, etc).
// Used for accessing NIP-42 protected events from certain relays.
// It could be your key. Leaving this empty completely disables NIP-42 function.
// NOTE: - NIP-42 (auth) is ONLY supported with provided <private_keys>
// - To use one of the following privatekeys, NIP-42 compatible nostr client is required.
//
// You could use this function even as a public bouncer.
// There are no security risk as it utilize NIP-42 to recognize client public key.
//
// NOTE: - Require NIP-42 compatible nostr client
private_keys: {
// "pubkey-in-hex": "privatekey",
// "pubkey-in-hex": "nsec ...."
Expand All @@ -49,7 +52,7 @@ module.exports = {
// Some nostr client may read the following for compatibility check.
// You may change the supported_nips to match with what your relays supported.
"supported_nips": [1,2,9,11,12,15,16,20,22,33,40,42,50],
"version": "1.0.0"
"version": require("./package.json").version
},

// Nostr relays to bounce [Required]
Expand Down

0 comments on commit 4f393c1

Please sign in to comment.