handlers

func CanServeProtectedEvent ¶ added in v0.7.0

func CanServeProtectedEvent(evt nostr.Event, authedPubkey string) bool

CanServeProtectedEvent reports whether evt may be served to a client that has AUTHed as authedPubkey ("" if unauthenticated). Non-protected events always pass; a protected event passes only when the authed pubkey appears in one of its p tags.

func ClearChallengeForConnection ¶ added in v0.5.0

func ClearChallengeForConnection(client nostr.ClientInterface)

ClearChallengeForConnection removes the challenge for a connection

func FilterRequestsProtectedKind ¶ added in v0.7.0

func FilterRequestsProtectedKind(f nostr.Filter) bool

FilterRequestsProtectedKind reports whether the filter explicitly asks for a protected kind. Used to decide when an unauthenticated REQ/COUNT should be told to AUTH (vs. a broad filter where we just silently omit the events).

func GetAuthedPubkey ¶ added in v0.6.0

func GetAuthedPubkey(client nostr.ClientInterface) string

GetAuthedPubkey returns the pubkey the connection authenticated as, or "" if the connection has not completed NIP-42 AUTH.

func GetChallengeForConnection ¶

func GetChallengeForConnection(client nostr.ClientInterface) string

GetChallengeForConnection retrieves the challenge string for a given connection

func HandleAuth ¶

func HandleAuth(client nostr.ClientInterface, message []interface{})

HandleAuth processes the "AUTH" message type as defined in NIP-42

func HandleClose ¶

func HandleClose(client nostr.ClientInterface, message []interface{})

HandleClose processes a "CLOSE" message from a client

func HandleCount ¶ added in v0.6.0

func HandleCount(client nostr.ClientInterface, message []interface{})

HandleCount processes a NIP-45 "COUNT" message. The wire format mirrors REQ — `["COUNT", <sub_id>, <filter1>, ...]` — and the response is `["COUNT", <sub_id>, {"count": N}]` (with an optional `approximate: true` field).

Filter parsing intentionally duplicates the REQ-side logic rather than sharing it: REQ also creates a long-lived subscription; COUNT is a one-shot read. The shared bits are small enough that a helper would obscure more than it saves.

func HandleEvent ¶

func HandleEvent(client nostr.ClientInterface, message []interface{})

HandleEvent processes an "EVENT" message

func HandleReq ¶

func HandleReq(client nostr.ClientInterface, message []interface{})

HandleReq processes a new subscription request with proper subscription management

func IsAuthenticated ¶

func IsAuthenticated(client nostr.ClientInterface) bool

IsAuthenticated checks if a connection is authenticated.

func SetAuthenticated ¶

func SetAuthenticated(client nostr.ClientInterface, pubkey string)

SetAuthenticated marks a connection as authenticated and records the authenticated pubkey.

func SetChallengeForConnection ¶

func SetChallengeForConnection(client nostr.ClientInterface, challenge string)

SetChallengeForConnection sets the challenge string for a given connection

func VerifyAuthEvent ¶

func VerifyAuthEvent(client nostr.ClientInterface, evt nostr.Event) error

VerifyAuthEvent verifies the authentication event according to NIP-42

func VerifyNIP98Event ¶ added in v0.7.0

func VerifyNIP98Event(evt nostr.Event, method, absURL, bodyHashHex string) error

VerifyNIP98Event verifies an HTTP Auth event per NIP-98.

Callers (typically the HTTP middleware in server/api/authHelpers.go) supply the request context the event must commit to:

• method: the uppercase HTTP method of the request
• absURL: the absolute URL of the request as the server sees it, reconstructed honoring X-Forwarded-Proto / X-Forwarded-Host so the value matches what the client signed
• bodyHashHex: sha256 hex digest of the request body. Pass "" for methods/requests with no body — in that case the event's payload tag (if any) must also be empty/absent

On success the caller may trust evt.PubKey as the request's authenticated identity. NIP-98 does not standardize a relay-side challenge/nonce; the tight created_at window is the only replay defense.