From d7bda40e18f1ec0d35644a5eae8f8c109561289a Mon Sep 17 00:00:00 2001
From: mleku <me@mleku.dev>
Date: Wed, 8 Oct 2025 21:31:04 +0100
Subject: [PATCH] Refactor authentication handling to use WebSocket URLs
 instead of Service URLs for improved connection management. Introduce
 WebSocketURL method in the Server struct to dynamically generate WebSocket
 URLs based on request headers. Clean up whitespace in handle-auth.go for
 better code readability.

---
 app/handle-auth.go | 10 +++++-----
 app/server.go      | 25 ++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/app/handle-auth.go b/app/handle-auth.go
index 6576694..19908a6 100644
--- a/app/handle-auth.go
+++ b/app/handle-auth.go
@@ -25,7 +25,7 @@ func (l *Listener) HandleAuth(b []byte) (err error) {
 	var valid bool
 	if valid, err = auth.Validate(
 		env.Event, l.challenge.Load(),
-		l.ServiceURL(l.req),
+		l.WebSocketURL(l.req),
 	); err != nil {
 		e := err.Error()
 		if err = Ok.Error(l, env, e); chk.E(err) {
@@ -50,7 +50,7 @@ func (l *Listener) HandleAuth(b []byte) (err error) {
 			env.Event.Pubkey,
 		)
 		l.authedPubkey.Store(env.Event.Pubkey)
-		
+
 		// Check if this is a first-time user and create welcome note
 		go l.handleFirstTimeUser(env.Event.Pubkey)
 	}
@@ -65,17 +65,17 @@ func (l *Listener) handleFirstTimeUser(pubkey []byte) {
 		log.E.F("failed to check first-time user status: %v", err)
 		return
 	}
-	
+
 	if !isFirstTime {
 		return // Not a first-time user
 	}
-	
+
 	// Get payment processor to create welcome note
 	if l.Server.paymentProcessor != nil {
 		// Set the dashboard URL based on the current HTTP request
 		dashboardURL := l.Server.DashboardURL(l.req)
 		l.Server.paymentProcessor.SetDashboardURL(dashboardURL)
-		
+
 		if err := l.Server.paymentProcessor.CreateWelcomeNote(pubkey); err != nil {
 			log.E.F("failed to create welcome note for first-time user: %v", err)
 		}
diff --git a/app/server.go b/app/server.go
index e98f584..7660b92 100644
--- a/app/server.go
+++ b/app/server.go
@@ -111,6 +111,29 @@ func (s *Server) ServiceURL(req *http.Request) (url string) {
 	return proto + "://" + host
 }
 
+func (s *Server) WebSocketURL(req *http.Request) (url string) {
+	proto := req.Header.Get("X-Forwarded-Proto")
+	if proto == "" {
+		if req.TLS != nil {
+			proto = "wss"
+		} else {
+			proto = "ws"
+		}
+	} else {
+		// Convert HTTP scheme to WebSocket scheme
+		if proto == "https" {
+			proto = "wss"
+		} else if proto == "http" {
+			proto = "ws"
+		}
+	}
+	host := req.Header.Get("X-Forwarded-Host")
+	if host == "" {
+		host = req.Host
+	}
+	return proto + "://" + host
+}
+
 func (s *Server) DashboardURL(req *http.Request) (url string) {
 	return s.ServiceURL(req) + "/"
 }
@@ -277,7 +300,7 @@ func (s *Server) handleAuthLogin(w http.ResponseWriter, r *http.Request) {
 	delete(s.challenges, challengeHex)
 	s.challengeMutex.Unlock()
 
-	relayURL := s.ServiceURL(r)
+	relayURL := s.WebSocketURL(r)
 
 	// Validate the authentication event with the correct challenge
 	// The challenge in the event tag is hex-encoded, so we need to pass the hex string as bytes