From 9ee32a917b13ffb3f52ddbc3a0c72dd8ec71953c Mon Sep 17 00:00:00 2001 From: bndw Date: Sat, 14 Feb 2026 14:46:48 -0800 Subject: fix: silently wait for auth instead of sending NOTICE After sending AUTH challenge, return nil instead of error to avoid sending NOTICE messages to clients. Add explicit checks in handleEvent and handleReq to silently ignore requests when auth is required but client hasn't authenticated yet. This follows NIP-42 spec more closely. --- internal/handler/websocket/handler.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'internal/handler') diff --git a/internal/handler/websocket/handler.go b/internal/handler/websocket/handler.go index c8fb6cc..581c434 100644 --- a/internal/handler/websocket/handler.go +++ b/internal/handler/websocket/handler.go @@ -177,7 +177,7 @@ func (h *Handler) requireAuth(ctx context.Context, conn *websocket.Conn, isWrite *authChallenge = challenge h.sendAuthChallenge(ctx, conn, challenge) } - return fmt.Errorf("restricted: authentication required") + return nil } if len(allowedPubkeys) > 0 { @@ -205,6 +205,10 @@ func (h *Handler) handleEvent(ctx context.Context, conn *websocket.Conn, raw []j return err } + if *authenticatedPubkey == "" && h.authConfig != nil && h.authConfig.WriteEnabled { + return nil + } + var event nostr.Event if err := json.Unmarshal(raw[1], &event); err != nil { return fmt.Errorf("invalid event: %w", err) @@ -263,6 +267,10 @@ func (h *Handler) handleReq(ctx context.Context, conn *websocket.Conn, raw []jso return err } + if *authenticatedPubkey == "" && h.authConfig != nil && h.authConfig.ReadEnabled { + return nil + } + var subID string if err := json.Unmarshal(raw[1], &subID); err != nil { return fmt.Errorf("invalid subscription ID") -- cgit v1.2.3