bunker

package
v0.49.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2026 License: Unlicense Imports: 20 Imported by: 0

Documentation

Overview

Package bunker implements NIP-46 remote signing with Cashu token authentication.

Package bunker provides a NIP-46 remote signing service that listens only on the WireGuard VPN network for secure access.

Index

Constants

View Source 
const (
	MethodConnect      = "connect"
	MethodGetPublicKey = "get_public_key"
	MethodSignEvent    = "sign_event"
	MethodNIP04Encrypt = "nip04_encrypt"
	MethodNIP04Decrypt = "nip04_decrypt"
	MethodNIP44Encrypt = "nip44_encrypt"
	MethodNIP44Decrypt = "nip44_decrypt"
	MethodPing         = "ping"
)

NIP-46 method names

Variables

This section is empty.

Functions

This section is empty.

Types

type ACLAuthzChecker added in v0.41.0 

type ACLAuthzChecker struct {
	// ScopeRequirements maps scopes to required access levels.
	// If not set, defaults are used.
	ScopeRequirements map[string]string
}

ACLAuthzChecker adapts ORLY's ACL system to cashu.AuthzChecker. This allows the Cashu token system to use the existing ACL for authorization.

func NewACLAuthzChecker added in v0.41.0 

func NewACLAuthzChecker() *ACLAuthzChecker

NewACLAuthzChecker creates a new ACL-based authorization checker.

func (*ACLAuthzChecker) CheckAuthorization added in v0.41.0 

func (a *ACLAuthzChecker) CheckAuthorization(ctx context.Context, pubkey []byte, scope string, remoteAddr string) error

CheckAuthorization checks if a pubkey is authorized for a scope.

func (*ACLAuthzChecker) ReauthorizationEnabled added in v0.41.0 

func (a *ACLAuthzChecker) ReauthorizationEnabled() bool

ReauthorizationEnabled returns true - we always re-check ACL on each verification.

func (*ACLAuthzChecker) SetScopeRequirement added in v0.41.0 

func (a *ACLAuthzChecker) SetScopeRequirement(scope, level string)

SetScopeRequirement sets the required access level for a scope.

type Config 

type Config struct {
	RelaySigner signer.I
	RelayPubkey []byte
	Netstack    *netstack.Net
	ListenAddr  string // IP:port on WireGuard network
}

Config holds bunker server configuration.

type NIP46Request 

type NIP46Request struct {
	ID     string          `json:"id"`
	Method string          `json:"method"`
	Params json.RawMessage `json:"params"`
}

NIP46Request represents a NIP-46 request from a client.

type NIP46Response 

type NIP46Response struct {
	ID     string `json:"id"`
	Result any    `json:"result,omitempty"`
	Error  string `json:"error,omitempty"`
}

NIP46Response represents a NIP-46 response to a client.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server is the NIP-46 bunker server.

func New 

func New(cfg *Config) *Server

New creates a new bunker server.

func (*Server) RelayPubkeyHex 

func (s *Server) RelayPubkeyHex() string

RelayPubkeyHex returns the relay's public key as hex.

func (*Server) SessionCount 

func (s *Server) SessionCount() int

SessionCount returns the number of active sessions.

func (*Server) Start 

func (s *Server) Start() error

Start begins listening for bunker connections on the WireGuard network.

func (*Server) Stop 

func (s *Server) Stop() error

Stop shuts down the bunker server.

type Session 

type Session struct {
	ID string
	// contains filtered or unexported fields
}

Session represents a NIP-46 client session.

func NewSession 

func NewSession(parentCtx context.Context, conn *websocket.Conn, relaySigner signer.I, relayPubkey []byte) *Session

NewSession creates a new bunker session.

func (*Session) Handle 

func (s *Session) Handle()

Handle processes messages from the client.

Source Files

  • acl_adapter.go
  • server.go
  • session.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.