From 4fc493e6d8cc20137f920f8647e39fc5051bb245 Mon Sep 17 00:00:00 2001 From: bndw Date: Sat, 14 Feb 2026 12:03:21 -0800 Subject: refactor: remove frivolous comments from auth validation/credentials Also removed internal/nostr package - now using northwest.io/nostr library. --- internal/auth/validation.go | 33 +++++---------------------------- 1 file changed, 5 insertions(+), 28 deletions(-) (limited to 'internal/auth/validation.go') diff --git a/internal/auth/validation.go b/internal/auth/validation.go index 11435ee..8b9d8a1 100644 --- a/internal/auth/validation.go +++ b/internal/auth/validation.go @@ -7,52 +7,37 @@ import ( "strings" "time" - "northwest.io/muxstr/internal/nostr" + "northwest.io/nostr" ) -// ValidationOptions configures how NIP-98 events are validated. type ValidationOptions struct { - // TimestampWindow is the maximum age of events in seconds TimestampWindow int64 - - // ValidatePayload checks the payload hash if present ValidatePayload bool - - // ExpectedURI is the URI that should match the 'u' tag - ExpectedURI string - - // ExpectedMethod is the method that should match the 'method' tag - ExpectedMethod string - - // PayloadHash is the expected payload hash (if ValidatePayload is true) - PayloadHash string + ExpectedURI string + ExpectedMethod string + PayloadHash string } -// ParseAuthHeader extracts and decodes a NIP-98 event from an Authorization header. -// Expected format: "Nostr " +// ParseAuthHeader parses "Nostr " format. func ParseAuthHeader(header string) (*nostr.Event, error) { if header == "" { return nil, fmt.Errorf("empty authorization header") } - // Check for "Nostr " prefix if !strings.HasPrefix(header, "Nostr ") { return nil, fmt.Errorf("invalid authorization header: must start with 'Nostr '") } - // Extract base64 part encoded := strings.TrimPrefix(header, "Nostr ") if encoded == "" { return nil, fmt.Errorf("empty authorization token") } - // Decode base64 decoded, err := base64.StdEncoding.DecodeString(encoded) if err != nil { return nil, fmt.Errorf("invalid base64 encoding: %w", err) } - // Unmarshal event var event nostr.Event if err := json.Unmarshal(decoded, &event); err != nil { return nil, fmt.Errorf("invalid event JSON: %w", err) @@ -61,19 +46,15 @@ func ParseAuthHeader(header string) (*nostr.Event, error) { return &event, nil } -// ValidateAuthEvent validates a NIP-98 auth event according to the spec. func ValidateAuthEvent(event *nostr.Event, opts ValidationOptions) error { - // Check event kind if event.Kind != 27235 { return fmt.Errorf("invalid event kind: expected 27235, got %d", event.Kind) } - // Verify signature if !event.Verify() { return fmt.Errorf("invalid event signature") } - // Check timestamp (prevent replay attacks) now := time.Now().Unix() age := now - event.CreatedAt @@ -85,7 +66,6 @@ func ValidateAuthEvent(event *nostr.Event, opts ValidationOptions) error { return fmt.Errorf("event too old: %d seconds (max %d)", age, opts.TimestampWindow) } - // Validate 'u' tag (URL) if opts.ExpectedURI != "" { uTag := event.Tags.Find("u") if uTag == nil { @@ -98,7 +78,6 @@ func ValidateAuthEvent(event *nostr.Event, opts ValidationOptions) error { } } - // Validate 'method' tag if opts.ExpectedMethod != "" { methodTag := event.Tags.Find("method") if methodTag == nil { @@ -111,7 +90,6 @@ func ValidateAuthEvent(event *nostr.Event, opts ValidationOptions) error { } } - // Validate payload hash if requested if opts.ValidatePayload && opts.PayloadHash != "" { payloadTag := event.Tags.Find("payload") if payloadTag == nil { @@ -127,7 +105,6 @@ func ValidateAuthEvent(event *nostr.Event, opts ValidationOptions) error { return nil } -// ExtractPubkey returns the pubkey from a validated auth event. func ExtractPubkey(event *nostr.Event) string { return event.PubKey } -- cgit v1.2.3