Arx/nip42-proxy
Arx/nip42-proxy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nip42-proxy/README.md
Danny Morabito 65d9eca142
initial commit
2025-08-05 23:47:38 +02:00

3.1 KiB
Raw Blame History

NIP-42 Proxy

This project is a NIP-42 proxy for Nostr relays. It provides an authentication layer in front of a public relay, allowing only authenticated users to connect and interact with it.

Features

  • NIP-42 Authentication: Enforces NIP-42 authentication, ensuring that only authorized users can access the relay.
  • Proxy Layer: Acts as a proxy, forwarding messages between authenticated clients and the main relay.
  • Whitelist: Filters access based on a whitelist of public keys defined in allowed-pubkeys.json.

Prerequisites

  • Docker installed on your system.

Installation

  1. Clone the repository: 
    git clone https://github.com/your-username/nip42-proxy.git
cd nip42-proxy

Configuration

  1. Whitelist (Optional):

    • Create a file named allowed-pubkeys.json in the root directory.
    • Add an array of whitelisted public keys in the following format: 
      [
  "pubkey1",
  "pubkey2"
]
    • If this file does not exist, the proxy will allow any user to authenticate.

  2. Relay URL:

    • The proxy can be configured to connect to a specific relay using one of the following methods (in order of priority):
      1. Environment Variable: Set the RELAY_URL environment variable when running the Docker container: 
        docker run -e RELAY_URL="wss://your-relay-url.com" ...
      2. Default: If no URL is provided, the proxy will connect to the default relay: wss://relay.arx-ccn.com.

Usage

To run the proxy using Docker, follow these steps:

  1. Build the Docker image:

    docker build -t nip42-proxy .

  2. Run the Docker container:

    docker run -p 3000:3000 -v $(pwd)/allowed-pubkeys.json:/app/allowed-pubkeys.json --name nip42-proxy nip42-proxy
    • This command maps port 3000 on your local machine to port 3000 in the container.
    • It also mounts the allowed-pubkeys.json file from your local directory into the container.

    To run with a custom relay URL, use the -e flag:

    docker run -p 3000:3000 -e RELAY_URL="wss://your-relay-url.com" -v $(pwd)/allowed-pubkeys.json:/app/allowed-pubkeys.json --name nip42-proxy nip42-proxy

The server will start, and you can connect to it using a Nostr client that supports NIP-42 authentication.

How It Works

  1. Client Connection: When a client connects to the proxy, it is initially in an unauthenticated state.
  2. Authentication Request: The proxy sends an AUTH challenge to the client.
  3. Client Authentication: The client must respond with a valid AUTH event, signed with a whitelisted public key.
  4. Authenticated State: Once authenticated, the client can send and receive messages from the main relay through the proxy.
  5. Message Forwarding: All messages from the authenticated client are forwarded to the main relay, and all messages from the main relay are forwarded to the client.

Contributing

Contributions are welcome! Please open an issue or submit a pull request with your improvements.