interim-docs-update #3
@@ -1,4 +1,5 @@
|
||||
{
|
||||
"MAX_THINKING_TOKENS": "8000",
|
||||
"permissions": {
|
||||
"allow": [
|
||||
"Bash:*",
|
||||
|
||||
@@ -150,10 +150,20 @@ Event kind `7` for reactions:
|
||||
|
||||
#### NIP-42: Authentication
|
||||
Client authentication to relays:
|
||||
- AUTH message from relay
|
||||
- Client responds with event kind `22242`
|
||||
- AUTH message from relay (challenge)
|
||||
- Client responds with event kind `22242` signed auth event
|
||||
- Proves key ownership
|
||||
|
||||
**CRITICAL: Clients MUST wait for OK response after AUTH**
|
||||
- Relays MUST respond to AUTH with an OK message (same as EVENT)
|
||||
- An OK with `true` confirms the relay has stored the authenticated pubkey
|
||||
- An OK with `false` indicates authentication failed:
|
||||
1. **Alert the user** that authentication failed
|
||||
2. **Assume the relay will reject** subsequent events requiring auth
|
||||
3. Check the `reason` field for error details (e.g., "error: failed to parse auth event")
|
||||
- Do NOT send events requiring authentication until OK `true` is received
|
||||
- If no OK is received within timeout, assume connection issues and retry or alert user
|
||||
|
||||
#### NIP-50: Search
|
||||
Query filter extension for full-text search:
|
||||
- `search` field in REQ filters
|
||||
|
||||
12
CLAUDE.md
12
CLAUDE.md
@@ -901,6 +901,18 @@ WebAssembly-compatible database backend (`pkg/wasmdb/`):
|
||||
- `ORLY_AUTH_REQUIRED=true`: Require authentication for ALL requests
|
||||
- `ORLY_AUTH_TO_WRITE=true`: Require authentication only for writes (allow anonymous reads)
|
||||
|
||||
### NIP-42 AUTH Protocol (IMPORTANT for Client Developers)
|
||||
Per NIP-42, this relay always responds to AUTH messages with an OK message:
|
||||
- **Clients MUST wait for the OK response** after sending AUTH before publishing events
|
||||
- An OK with `true` confirms the relay has stored the authenticated pubkey
|
||||
- An OK with `false` indicates authentication failed - clients should:
|
||||
1. Alert the user that authentication failed
|
||||
2. Assume the relay will reject subsequent events requiring auth
|
||||
3. Check the reason field for error details
|
||||
- If no OK is received within a reasonable timeout, assume connection issues
|
||||
|
||||
Implementation: `app/handle-auth.go`
|
||||
|
||||
### NIP-43 Relay Access Metadata
|
||||
Invite-based access control system:
|
||||
- `ORLY_NIP43_ENABLED=true`: Enable invite system
|
||||
|
||||
@@ -5,13 +5,25 @@ import (
|
||||
"lol.mleku.dev/log"
|
||||
"git.mleku.dev/mleku/nostr/encoders/envelopes/authenvelope"
|
||||
"git.mleku.dev/mleku/nostr/encoders/envelopes/okenvelope"
|
||||
"git.mleku.dev/mleku/nostr/encoders/reason"
|
||||
"git.mleku.dev/mleku/nostr/protocol/auth"
|
||||
)
|
||||
|
||||
// zeroEventID is used for OK responses when we cannot parse the event ID
|
||||
var zeroEventID = make([]byte, 32)
|
||||
|
||||
func (l *Listener) HandleAuth(b []byte) (err error) {
|
||||
var rem []byte
|
||||
env := authenvelope.NewResponse()
|
||||
if rem, err = env.Unmarshal(b); chk.E(err) {
|
||||
// NIP-42: AUTH messages MUST be answered with an OK message
|
||||
// For parse failures, use zero event ID
|
||||
log.E.F("%s AUTH unmarshal failed: %v", l.remote, err)
|
||||
if writeErr := okenvelope.NewFrom(
|
||||
zeroEventID, false, reason.Error.F("failed to parse auth event: %s", err),
|
||||
).Write(l); chk.E(writeErr) {
|
||||
return writeErr
|
||||
}
|
||||
return
|
||||
}
|
||||
defer func() {
|
||||
|
||||
@@ -1 +1 @@
|
||||
v0.34.6
|
||||
v0.34.7
|
||||
Reference in New Issue
Block a user