bouncer: improve NIP-42 compatibilities

Signed-off-by: Yonle <yonle@lecturify.net>
2025-06-29 02:01:40 +02:00 · 2024-04-28 21:20:25 +07:00
parent 07bca8d9cf
commit a3ae67a2c4
2 changed files with 16 additions and 6 deletions
--- a/auth.js
+++ b/auth.js
@ -3,12 +3,13 @@ const { validateEvent, verifyEvent } = require("nostr-tools");
 const { authorized_keys, private_keys } = require(process.env.BOSTR_CONFIG_PATH || "./config");
 module.exports = (authKey, data, ws, req) => {
  if (!(authorized_keys?.length || Object.keys(private_keys).length)) return; // do nothing
  if (!validateEvent(data) || !verifyEvent(data)) {
    ws.send(JSON.stringify(["NOTICE", "error: invalid challenge response."]));
    return false;
  }
-  if ((authorized_keys?.length || Object.keys(private_keys).length) && !authorized_keys?.includes(data.pubkey) && !(private_keys && private_keys[data.pubkey])) {
+  if (!authorized_keys?.includes(data.pubkey) && !private_keys[data.pubkey]) {
    ws.send(JSON.stringify(["OK", data.id, false, "unauthorized."]));
    return false;
  }
@ -18,14 +19,14 @@ module.exports = (authKey, data, ws, req) => {
    return false;
  }
-  const tags = new Map(data.tags);
+  const tags = Object.fromEntries(data.tags);
-  if (!tags.get("relay").includes(req.headers.host)) {
+  if (!tags.relay?.includes(req.headers.host)) {
    ws.send(JSON.stringify(["OK", data.id, false, "unmatched relay url."]));
    return false;
  };
-  if (tags.get("challenge") !== authKey) {
+  if (tags.challenge !== authKey) {
    ws.send(JSON.stringify(["OK", data.id, false, "unmatched challenge string."]));
    return false;
  }
--- a/bouncer.js
+++ b/bouncer.js
@ -202,10 +202,18 @@ function handleConnection(ws, req, onClose) {
        ws.send(JSON.stringify(["CLOSED", origID, ""]));
        break;
      case "AUTH":
        if (authorized) return;
        if (auth(authKey, data[1], ws, req)) {
          authKey = Date.now() + Math.random().toString(36);
          ws.pubkey = data[1].pubkey;
          console.log(process.pid, "---", ws.ip, "successfully authorized as", ws.pubkey, private_keys[ws.pubkey] ? "(admin)" : "(user)");
          if (private_keys[ws.pubkey]) {
            for (const relay of userRelays.get(ws.id)) {
              for (const challenge of relay.pendingNIP42) {
                nip42(relay, client.pubkey, private_keys[ws.pubkey], challenge);
                relay.pendingNIP42.delete(challenge);
              }
            }
          }
          if (authorized) return;
          authorized = true;
          lastEvent = Date.now();
@ -323,6 +331,7 @@ function newConn(addr, id, reconn_t = 0) {
  relay.isCache = relay_type(addr) === "cache_relay";
  relay.isLoadBalancer = relay_type(addr) === "loadbalancer";
  relay.ratelimit = 0;
  relay.pendingNIP42 = new Set();
  relay.on('open', _ => {
    if (!csess.has(id)) return relay.terminate();
    const client = csess.get(id);
@ -414,7 +423,7 @@ function newConn(addr, id, reconn_t = 0) {
        }
        break;
      case "AUTH":
-        if (!private_keys || typeof(data[1]) !== "string" || !client.pubkey) return;
+        if (!private_keys || typeof(data[1]) !== "string" || !client.pubkey) return relay.pendingNIP42.add(data[1]);
        nip42(relay, client.pubkey, private_keys[client.pubkey], data[1]);
        break;