This repository has been archived by the owner on Sep 20, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
/
auth.js
47 lines (36 loc) · 1.51 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
"use strict";
let { validateEvent, verifyEvent, nip19 } = require("nostr-tools");
let { authorized_keys, private_keys, noscraper } = require(process.env.BOSTR_CONFIG_PATH || "./config");
authorized_keys = authorized_keys?.map(i => i.startsWith("npub") ? nip19.decode(i).data : i);
for (const key in private_keys) {
if (!key.startsWith("npub")) continue;
private_keys[nip19.decode(key).data] = private_keys[key];
delete private_keys[key];
}
module.exports = (authKey, data, ws, req) => {
if (!authorized_keys?.length && !Object.keys(private_keys).length && !noscraper) return; // do nothing
if (!validateEvent(data) || !verifyEvent(data)) {
ws.send(JSON.stringify(["NOTICE", "error: invalid challenge response."]));
return false;
}
let pubkeyInConfig = authorized_keys?.includes(data.pubkey) || data.pubkey in private_keys;
if (authorized_keys?.length && !pubkeyInConfig) {
ws.send(JSON.stringify(["OK", data.id, false, "unauthorized."]));
return false;
}
if (data.kind != 22242) {
ws.send(JSON.stringify(["OK", data.id, false, "not kind 22242."]));
return false;
}
const tags = Object.fromEntries(data.tags);
if (!tags.relay?.includes(req.headers.host)) {
ws.send(JSON.stringify(["OK", data.id, false, "unmatched relay url."]));
return false;
};
if (tags.challenge !== authKey) {
ws.send(JSON.stringify(["OK", data.id, false, "unmatched challenge string."]));
return false;
}
ws.send(JSON.stringify(["OK", data.id, true, `Hello ${data.pubkey}`]));
return true;
}