Arx/nip42-proxy
Arx/nip42-proxy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

allow publishing events from allowed pubkeys without auth, if env variable is set

Browse source
This commit is contained in:
Danny Morabito 2025-08-06 18:40:17 +02:00
parent 3367cb929b
commit 22a4fe069f
Signed by: dannym
GPG key ID: 7CC8056A5A04557E
2 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
index.ts
View file

@ -1,7 +1,8 @@
import { main } from "./src/main.ts"; import { main } from "./src/main.ts";
let allowUnauthedPublish = Boolean(process.env.ALLOW_UNAUTHED_PUBLISH) || false;
let relay = process.env.RELAY_URL ?? Bun.argv[Bun.argv.length - 1]; let relay = process.env.RELAY_URL ?? Bun.argv[Bun.argv.length - 1];
if (!relay?.startsWith("wss://") && !relay?.startsWith("ws://")) if (!relay?.startsWith("wss://") && !relay?.startsWith("ws://"))
relay = "wss://relay.arx-ccn.com"; relay = "wss://relay.arx-ccn.com";
main(relay) main(relay, allowUnauthedPublish)

15
src/main.ts
View file

@ -16,23 +16,26 @@ type Nip42ProxySocketData = {
remoteWs: WebSocket; remoteWs: WebSocket;
}; };
async function validateAuthEvent(event: Event, challenge: string): boolean { async function validateAuthEvent(event: Event, challenge: string): Promise<boolean> {
if (event.kind !== 22242) return false; if (event.kind !== 22242) return false;
const last30Seconds = Math.floor(Date.now() / 1000) - 30; const last30Seconds = Math.floor(Date.now() / 1000) - 30;
if (event.created_at < last30Seconds) return false; if (event.created_at < last30Seconds) return false;
const challengeTag = event.tags.find(tag => tag[0] === 'challenge')?.[1]; const challengeTag = event.tags.find(tag => tag[0] === 'challenge')?.[1];
if (challengeTag !== challenge) return false; if (challengeTag !== challenge) return false;
return await isPubkeyAllowed(event);
}
async function isPubkeyAllowed(event: Event): Promise<boolean> {
const file = Bun.file("./allowed-pubkeys.json"); const file = Bun.file("./allowed-pubkeys.json");
if (!await file.exists()) return true; if (!await file.exists()) return true;
const allowedPubkeys = JSON.parse(await file.text()); const allowedPubkeys = JSON.parse(await file.text());
if (!allowedPubkeys.includes(event.pubkey)) return false; return allowedPubkeys.includes(event.pubkey);
return true;
} }
const sendMessage = (ws: ServerWebSocket<Nip42ProxySocketData>, message: any[]) => ws.send(JSON.stringify(message), true); const sendMessage = (ws: ServerWebSocket<Nip42ProxySocketData>, message: any[]) => ws.send(JSON.stringify(message), true);
const sendAuth = (ws: ServerWebSocket<Nip42ProxySocketData>) => sendMessage(ws, ["AUTH", ws.data.authToken, "This is an authenticated relay."]); const sendAuth = (ws: ServerWebSocket<Nip42ProxySocketData>) => sendMessage(ws, ["AUTH", ws.data.authToken, "This is an authenticated relay."]);
export function main(mainRelayUrl: string) { export function main(mainRelayUrl: string, allowUnauthedPublish: boolean) {
const server = Bun.serve<Nip42ProxySocketData, {}>({ const server = Bun.serve<Nip42ProxySocketData, {}>({
fetch(req, server) { fetch(req, server) {
const upgrade = server.upgrade(req, { const upgrade = server.upgrade(req, {
@ -54,6 +57,10 @@ export function main(mainRelayUrl: string) {
} }
if (command === "EVENT") { if (command === "EVENT") {
const [event] = data; const [event] = data;
if (allowUnauthedPublish && await isPubkeyAllowed(event)) {
ws.data.remoteWs.send(msg);
return;
}
sendMessage(ws, ["OK", event.id, false, 'auth-required: you must authenticate first']); sendMessage(ws, ["OK", event.id, false, 'auth-required: you must authenticate first']);
} }
if (command === "AUTH") { if (command === "AUTH") {