nip42-proxy/README.md

<table>
  <tr>
    <td><img src="images/logo.webp" alt="NIP-42 Proxy Logo" width="200"/></td>
    <td>
      <h1>NIP-42 Proxy</h1>
      <p>A simple, no-fuss NIP-42 authentication proxy for your Nostr relay.</p>
      <p>
        <a href="https://www.gnu.org/licenses/agpl-3.0"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg" alt="License: AGPL v3"></a>
      </p>
    </td>
  </tr>
</table>

---

Ever wanted to run a private Nostr relay without all the hassle? This NIP-42 proxy is your answer. It sits in front of your relay and makes sure only the right people can get in. Simple as that.

## ✨ What's Inside?

- **NIP-42 Auth:** Keep your relay safe and sound with NIP-42 authentication.
- **Proxy Power:** It's a straightforward proxy that forwards messages between your users and the relay.
- **Whitelist Control:** Easily manage who gets in and what they can do with a dynamic whitelist.
- **Admin Interface:** A handy RPC interface (protected by NIP-98) to manage your proxy.
- **Docker-Ready:** Comes with a `Dockerfile`, so you can get it up and running in a flash.
- **Bun-Powered:** Built with Bun for a fast and modern experience.

## 🚀 Get Going

### What You'll Need

- [Bun](https://bun.sh/)
- [Docker](https://www.docker.com/) (if you're into that)

### Let's Do This

1. **Clone the code:**

    ```bash
    git clone https://git.arx-ccn.com/Arx/nip42-proxy.git
    cd nip42-proxy
    ```

2. **Install the things:**

    ```bash
    bun install
    ```

3. **Fire it up:**
    - **With Bun:**

      ```bash
      RELAY_URL="wss://my-relay.com" ADMIN_PUBKEY="my-admin-pubkey" bun run index.ts
      ```

    - **With Docker:**
      1. Build it:

          ```bash
          docker build -t nip42-proxy .
          ```

      2. Run it:

          ```bash
          docker run -p 3000:3000 -e RELAY_URL="wss://your-relay-url.com" -e ADMIN_PUBKEY="my-admin-pubkey" --name nip42-proxy nip42-proxy
          ```

Now you can connect to your proxy with any Nostr client that gets NIP-42.

## ⚙️ Tweaks and Knobs

This proxy is configured with environment variables. Here's the rundown:

<details>
  <summary>Click to see all the options</summary>

| Variable                 | What it does                              | Default     |
| ------------------------ | ----------------------------------------- | ----------- |
| `ALLOW_UNAUTHED_PUBLISH` | Let unauthenticated users publish events. | `false`     |
| `RELAY_URL`              | The URL of the relay you're proxying.     |             |
| `RELAY_OUTSIDE_URL`      | The URL your users will connect to.       | `RELAY_URL` |
| `RELAY_NAME`             | The name of your relay.                   |             |
| `RELAY_DESCRIPTION`      | A little something about your relay.      |             |
| `RELAY_BANNER`           | A URL for a banner image.                 |             |
| `RELAY_ICON`             | A URL for an icon.                        |             |
| `RELAY_CONTACT`          | How people can get in touch.              |             |
| `RELAY_POLICY`           | A URL to your relay's policy.             |             |
| `ADMIN_PUBKEY`           | The public key of the relay's admin.      |             |

</details>

## 🔧 The Admin Zone

The proxy has a special RPC interface for admins, protected by NIP-98. Just send a `POST` request to the root URL (`/`) with the right headers (`Content-Type: application/nostr+json+rpc` and a NIP-98 `Authorization` token).

**What you can do:**

- `supportedmethods`: See what commands are available.
- `getinfo`: Get the relay's info doc.
- `banpubkey`: Kick someone out.
- `allowpubkey`: Let someone in.
- `listallowedpubkeys`: See who's on the list.
- `allowkind`: Allow a certain kind of event.
- `disallowkind`: Block a certain kind of event.
- `listallowedkinds`: See what kinds are allowed.

## 🤔 How's It Work?

1. **Knock Knock:** A client connects, but they're just a guest for now.
2. **Who's There?:** The proxy asks for their credentials with an `AUTH` challenge.
3. **The Password:** The client sends back a valid `AUTH` event, signed with a key that's on the list.
4. **You're In:** The client is now authenticated and can chat with the relay.
5. **The Conversation:** Messages flow freely between the client and the relay.

## 🤝 Wanna Help?

Got ideas? Found a bug? Pull requests and issues are always welcome.

## 📄 The Fine Print

This project is licensed under the AGPLv3. Check out the [LICENSE](LICENSE) file for the full text.