Skip to content

feat: Add Nip42 handler#629

Open
Anshumancanrock wants to merge 2 commits into
cameri:mainfrom
Anshumancanrock:nip42-handler
Open

feat: Add Nip42 handler#629
Anshumancanrock wants to merge 2 commits into
cameri:mainfrom
Anshumancanrock:nip42-handler

Conversation

@Anshumancanrock
Copy link
Copy Markdown
Collaborator

@Anshumancanrock Anshumancanrock commented May 25, 2026
edited
Loading

Description

Second PR for NIP-42 (follows #622). This one wires everything up so the adapter now sends a challenge on connect and there's a handler to verify the client's AUTH response.

  • WebSocketAdapter generates a random challenge on connect and sends ["AUTH", <challenge>]
  • new AuthMessageHandler verifies kind 22242 events (checks id, sig, timestamp, challenge tag, relay domain)
  • on success the pubkey gets stored in a per-connection set, cleared on disconnect
  • kind 22242 is blocked from the normal EVENT pipeline so it can't hit storage
  • messageHandlerFactory routes AUTH messages to the new handler
  • extended IWebSocketAdapter with getChallenge(), getAuthenticatedPubkeys(), addAuthenticatedPubkey()

Related Issue

Closes #619

Motivation and Context

With the types from #622 in place, this wires up the actual auth flow so connections can be tied to a pubkey. Sets things up for NIP-70 protected events next.

How Has This Been Tested?

Added 20 new tests across the handler, adapter and factory specs.

Types of changes

  • Non-functional change (docs, style, minor refactor)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my code changes.
  • I added a changeset, or this is docs-only and I added an empty changeset.
  • All new and existing tests passed.

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 25, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 8b60719

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
nostream Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@Anshumancanrock Anshumancanrock changed the title Add Nip42 handler feat: Add Nip42 handler May 25, 2026
@coveralls
Copy link
Copy Markdown
Collaborator

coveralls commented May 25, 2026

Coverage Status

coverage: 65.411% (+0.3%) from 65.119% — Anshumancanrock:nip42-handler into cameri:main

@cameri cameri requested a review from Copilot May 26, 2026 12:38
Copilot AI reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds NIP-42 challenge/response authentication to the WebSocket ingestion path by issuing an AUTH challenge on connect and validating incoming AUTH events (kind 22242) in a dedicated handler, while preventing 22242 events from being published through the normal EVENT pipeline.

Changes:

  • Send ["AUTH", <challenge>] on new WebSocket connections and track authenticated pubkeys per connection.
  • Introduce AuthMessageHandler and route AUTH messages to it via messageHandlerFactory.
  • Block kind 22242 from the standard EVENT handler to avoid persistence/pipeline handling.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/adapters/web-socket-adapter.ts Generates/sends NIP-42 challenges on connect; tracks authenticated pubkeys and clears them on disconnect.
src/handlers/auth-message-handler.ts Implements validation for kind 22242 AUTH events (id, sig, timestamp, challenge tag, relay domain) and records authenticated pubkeys.
src/handlers/event-message-handler.ts Rejects kind 22242 when sent via EVENT to keep auth events out of the normal event pipeline.
src/factories/message-handler-factory.ts Routes AUTH messages to the new AuthMessageHandler.
src/@types/adapters.ts Extends IWebSocketAdapter with challenge/authenticated-pubkeys accessors/mutator.
test/unit/adapters/web-socket-adapter.spec.ts Adds coverage for challenge emission and new adapter auth-related methods.
test/unit/handlers/auth-message-handler.spec.ts Adds unit tests for AUTH validation success/failure cases.
test/unit/factories/message-handler-factory.spec.ts Adds a test ensuring AUTH messages produce AuthMessageHandler.
.changeset/funky-coins-know.md Declares a minor release for NIP-42 AUTH wiring.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Add NIP-42 client authentication

4 participants

@Anshumancanrock @coveralls @cameri