From 9b97943680a9675809f942a75c0a8ea4747ce5bb Mon Sep 17 00:00:00 2001
From: bndw <ben@bdw.to>
Date: Sun, 15 Feb 2026 09:03:45 -0800
Subject: fix: send OK response when AUTH required but not completed

Previously when an EVENT was received before authentication was
completed, the relay would send an AUTH challenge but silently drop
the EVENT without sending an OK response. This caused clients to
timeout waiting for the OK that never came.

Now the relay immediately sends OK false with "auth-required" message,
so clients know the EVENT was rejected and can retry after AUTH
completes.

Also optimized to parse the event JSON only once instead of twice.
---
 internal/handler/websocket/handler.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/internal/handler/websocket/handler.go b/internal/handler/websocket/handler.go
index 35d0aea..5201698 100644
--- a/internal/handler/websocket/handler.go
+++ b/internal/handler/websocket/handler.go
@@ -262,8 +262,16 @@ func (h *Handler) handleEvent(ctx context.Context, conn *websocket.Conn, raw []j
 		return err
 	}
 
+	// Parse event to get ID for OK response
+	var event nostr.Event
+	if err := json.Unmarshal(raw[1], &event); err != nil {
+		status = "error"
+		return fmt.Errorf("invalid event: %w", err)
+	}
+
 	if state.authenticatedPubkey == "" && h.authConfig != nil && h.authConfig.WriteEnabled {
 		status = "unauthenticated"
+		h.sendOK(ctx, conn, event.ID, false, "auth-required: authentication required")
 		return nil
 	}
 
@@ -279,11 +287,7 @@ func (h *Handler) handleEvent(ctx context.Context, conn *websocket.Conn, raw []j
 		}
 	}
 
-	var event nostr.Event
-	if err := json.Unmarshal(raw[1], &event); err != nil {
-		status = "error"
-		return fmt.Errorf("invalid event: %w", err)
-	}
+	// Event already parsed above for auth check
 
 	if !event.CheckID() {
 		status = "error"
-- 
cgit v1.2.3