Kieran/snort
5
14
Fork 14
Code Issues 37 Pull Requests 1 Packages Projects Releases 24 Wiki Activity

don't auth if settings are not set to read #145

Closed
LiranCohen wants to merge 1 commits from nip42 into nip42
pull from: nip42
merge into: Kieran:nip42
Conversation 0 Commits 1 Files Changed 1 +4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Nostr/Connection.ts
View File

@ -352,6 +352,10 @@ export default class Connection {
}
async _OnAuthAsync(challenge: string): Promise<void> {
if(!this.Settings.read) {
v0l commented 2023-01-26 15:35:13 +00:00 (Migrated from github.com)
Review
Copy Link

I think we can always auth, because if you want to write an event but AUTH is required then it wont work

I think we can always auth, because if you want to write an event but AUTH is required then it wont work
LiranCohen commented 2023-01-26 15:38:22 +00:00 (Migrated from github.com)
Review
Copy Link

Hrm, I wonder if that's confusing.

I only noticed this because I was debugging and didn't realize my private relay was set to read = false, so after auth I wasn't getting any events.

I initially thought it didn't matter, but then realized writing is usually self-authed (since you're signing the message) but reading is where the NIP42 really matters.

I don't mind either way, just caught this as I was testing and it made me think a bit.

Can close if you think it can auth anyway, it won't hurt performance or anything (it's just a single message).

Hrm, I wonder if that's confusing. I only noticed this because I was debugging and didn't realize my private relay was set to read = false, so after auth I wasn't getting any events. I initially thought it didn't matter, but then realized writing is usually self-authed (since you're signing the message) but reading is where the NIP42 really matters. I don't mind either way, just caught this as I was testing and it made me think a bit. Can close if you think it can auth anyway, it won't hurt performance or anything (it's just a single message).
v0l commented 2023-01-26 15:43:21 +00:00 (Migrated from github.com)
Review
Copy Link

Well the server doesn't know that you signed the event, that's the entire point of NIP42, its to prove that you own the key (DM'S)

Well the server doesn't know that you signed the event, that's the entire point of NIP42, its to prove that you own the key (DM'S)
return;
}
const authCleanup = () => {
this.AwaitingAuth.delete(challenge)
}