A simple, no-fuss NIP-42 authentication proxy for your Nostr relay.
---
Ever wanted to run a private Nostr relay without all the hassle? This NIP-42 proxy is your answer. It sits in front of your relay and makes sure only the right people can get in. Simple as that.
## ✨ What's Inside?
- **NIP-42 Auth:** Keep your relay safe and sound with NIP-42 authentication.
- **Proxy Power:** It's a straightforward proxy that forwards messages between your users and the relay.
- **Whitelist Control:** Easily manage who gets in and what they can do with a dynamic whitelist.
- **Admin Interface:** A handy RPC interface (protected by NIP-98) to manage your proxy.
- **Docker-Ready:** Comes with a `Dockerfile`, so you can get it up and running in a flash.
- **Bun-Powered:** Built with Bun for a fast and modern experience.
## 🚀 Get Going
### What You'll Need
- [Bun](https://bun.sh/)
- [Docker](https://www.docker.com/) (if you're into that)
### Let's Do This
1. **Clone the code:**
```bash
git clone https://git.arx-ccn.com/Arx/nip42-proxy.git
cd nip42-proxy
```
2. **Install the things:**
```bash
bun install
```
3. **Fire it up:**
- **With Bun:**
```bash
RELAY_URL="wss://my-relay.com" ADMIN_PUBKEY="my-admin-pubkey" bun run index.ts
```
- **With Docker:**
1. Build it:
```bash
docker build -t nip42-proxy .
```
2. Run it:
```bash
docker run -p 3000:3000 -e RELAY_URL="wss://your-relay-url.com" -e ADMIN_PUBKEY="my-admin-pubkey" --name nip42-proxy nip42-proxy
```
Now you can connect to your proxy with any Nostr client that gets NIP-42.
## ⚙️ Tweaks and Knobs
This proxy is configured with environment variables. Here's the rundown:
Click to see all the options
| Variable | What it does | Default |
| ------------------------ | ----------------------------------------- | ----------- |
| `ALLOW_UNAUTHED_PUBLISH` | Let unauthenticated users publish events. | `false` |
| `RELAY_URL` | The URL of the relay you're proxying. | |
| `RELAY_OUTSIDE_URL` | The URL your users will connect to. | `RELAY_URL` |
| `RELAY_NAME` | The name of your relay. | |
| `RELAY_DESCRIPTION` | A little something about your relay. | |
| `RELAY_BANNER` | A URL for a banner image. | |
| `RELAY_ICON` | A URL for an icon. | |
| `RELAY_CONTACT` | How people can get in touch. | |
| `RELAY_POLICY` | A URL to your relay's policy. | |
| `ADMIN_PUBKEY` | The public key of the relay's admin. | |
## 🔧 The Admin Zone
The proxy has a special RPC interface for admins, protected by NIP-98. Just send a `POST` request to the root URL (`/`) with the right headers (`Content-Type: application/nostr+json+rpc` and a NIP-98 `Authorization` token).
**What you can do:**
- `supportedmethods`: See what commands are available.
- `getinfo`: Get the relay's info doc.
- `banpubkey`: Kick someone out.
- `allowpubkey`: Let someone in.
- `listallowedpubkeys`: See who's on the list.
- `allowkind`: Allow a certain kind of event.
- `disallowkind`: Block a certain kind of event.
- `listallowedkinds`: See what kinds are allowed.
## 🤔 How's It Work?
1. **Knock Knock:** A client connects, but they're just a guest for now.
2. **Who's There?:** The proxy asks for their credentials with an `AUTH` challenge.
3. **The Password:** The client sends back a valid `AUTH` event, signed with a key that's on the list.
4. **You're In:** The client is now authenticated and can chat with the relay.
5. **The Conversation:** Messages flow freely between the client and the relay.
## 🤝 Wanna Help?
Got ideas? Found a bug? Pull requests and issues are always welcome.
## 📄 The Fine Print
This project is licensed under the AGPLv3. Check out the [LICENSE](LICENSE) file for the full text.
