| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | feat: add separate read/write allowlists for granular access control | bndw | 3 days | 1 | -1/+12 |
| | | | | | | | | | | | | | | | - Split allowed_npubs into allowed_npubs_read and allowed_npubs_write - Write operations: Publish, Delete, Create, Update, Insert, Remove, Set, Put - Read operations: everything else (Query, Subscribe, Get, List, etc.) - Auth interceptor checks appropriate list based on method type - Enables common patterns: - Public relay: only some can write, everyone can read - Private relay: restricted read and write - Open relay: everyone can read and write - Updated config, docs, and comprehensive tests Use cases: "only some can write, everyone can read" | ||||
| * | feat: rename allowed_pubkeys to allowed_npubs with normalization | bndw | 3 days | 1 | -1/+3 |
| | | | | | | | | | | | | - Config now accepts npub format only (human-readable) - Automatically converts npubs to hex pubkeys at load time - Updated InterceptorOptions.AllowedPubkeys -> AllowedNpubs - Added validation to reject hex format in config (npub only) - Updated documentation to clarify npub-only config - Added comprehensive tests for npub normalization Config is for humans (npub), internal code uses hex pubkeys. | ||||
| * | docs: clarify NIP-98 relationship to NIP-42 and write access control | bndw | 3 days | 1 | -4/+60 |
| | | | | | | | | | | Explain that the gRPC NIP-98 implementation is effectively NIP-42 for reads (same pattern: authenticate once, stream many events) and adds standardized relay access control for writes (beyond event.sig). Add comparison table showing functional equivalence for streaming reads and the additional benefits for write access control. | ||||
| * | feat: implement NIP-98 HTTP auth for gRPC | bndw | 3 days | 1 | -0/+181 |
| Add comprehensive NIP-98 authentication support following the standard gRPC credentials.PerRPCCredentials pattern. Client-side: - NostrCredentials implements PerRPCCredentials interface - Automatically signs each request with kind 27235 event - Drop-in replacement for OAuth2/JWT in gRPC clients Server-side: - Unary and stream interceptors for validation - Extracts and validates NIP-98 events from Authorization headers - Configurable options (timestamp window, whitelists, skip methods) - Adds authenticated pubkey to request context Security features: - Replay protection via timestamp validation - Optional payload hash verification - Signature verification using schnorr - TLS requirement option Includes comprehensive test coverage and detailed README with usage examples and security considerations. | |||||
 |
index : muxstr.git | |
| Nostr relay with gRPC, HTTP/JSON, and WebSocket interfaces |
| summaryrefslogtreecommitdiffstats |