| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
- Config now accepts npub format only (human-readable)
- Automatically converts npubs to hex pubkeys at load time
- Updated InterceptorOptions.AllowedPubkeys -> AllowedNpubs
- Added validation to reject hex format in config (npub only)
- Updated documentation to clarify npub-only config
- Added comprehensive tests for npub normalization
Config is for humans (npub), internal code uses hex pubkeys.
|
| |
|
|
|
|
|
|
|
| |
Explain that the gRPC NIP-98 implementation is effectively NIP-42 for
reads (same pattern: authenticate once, stream many events) and adds
standardized relay access control for writes (beyond event.sig).
Add comparison table showing functional equivalence for streaming reads
and the additional benefits for write access control.
|
|
|
Add comprehensive NIP-98 authentication support following the standard
gRPC credentials.PerRPCCredentials pattern.
Client-side:
- NostrCredentials implements PerRPCCredentials interface
- Automatically signs each request with kind 27235 event
- Drop-in replacement for OAuth2/JWT in gRPC clients
Server-side:
- Unary and stream interceptors for validation
- Extracts and validates NIP-98 events from Authorization headers
- Configurable options (timestamp window, whitelists, skip methods)
- Adds authenticated pubkey to request context
Security features:
- Replay protection via timestamp validation
- Optional payload hash verification
- Signature verification using schnorr
- TLS requirement option
Includes comprehensive test coverage and detailed README with
usage examples and security considerations.
|
