yeah, this is why auth should be http layer not socket layer, IMO
the spec does not make it clear what auth state is
i just resolved it by filtering requests of privileged kinds (dms mainly) until the socket gets auth and then it stores the auth
nostr auth is a mess, and it's the direct product of the unclear state of a socket, when is the socket authed, or not, or is it just requests that are authed, or is it ... :GRRRRRRRR:
this is why i will have a fully HTTP except subscriptions (which need sockets for push) protocol built out in the next two weeks
and you all will adopt it because it makes the relays run faster and simplifies your client code
mark my words
mleku
npub1fj…mleku
2025-03-02 20:25:52
in reply to nevent1q…mf69
Author Public Key
npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmlekuPublished at
2025-03-02 20:25:52Event JSON
{
"id": "616bd6b502f08e65b7cdc2fcf90f7f0724d041e8d96707f956bcc70431559bfa",
"pubkey": "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f",
"created_at": 1740947152,
"kind": 1,
"tags": [
[
"p",
"266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5",
"wss://relay.damus.io/",
"hzrd149"
],
[
"p",
"97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
"wss://nos.lol/",
"hodlbod"
],
[
"e",
"3015ef25f986f284f74ae3511ad6e1353d1456fab3f78071f47027be43c88152",
"wss://relay.nostr.band/",
"root"
],
[
"e",
"61d9dec6f89cbd8b1ab8b269372c475e18ca66dd17f047b970400193174f1ccd",
"wss://nostr.wine/",
"reply",
"266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5"
],
[
"client",
"Coracle",
"31990:97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322:1685968093690"
]
],
"content": "yeah, this is why auth should be http layer not socket layer, IMO\n\nthe spec does not make it clear what auth state is\n\ni just resolved it by filtering requests of privileged kinds (dms mainly) until the socket gets auth and then it stores the auth\n\nnostr auth is a mess, and it's the direct product of the unclear state of a socket, when is the socket authed, or not, or is it just requests that are authed, or is it ... :GRRRRRRRR:\n\nthis is why i will have a fully HTTP except subscriptions (which need sockets for push) protocol built out in the next two weeks\n\nand you all will adopt it because it makes the relays run faster and simplifies your client code\n\nmark my words",
"sig": "77ac87277663b99b6619ec2a9c65bfe3c307b10ea3a260664ba0f12e1e15f30f05bec720313698aa71ae8407260bce62c0f8d98324d640959c50216d66abc5cf"
}