Added
- NIP-42 authentication of clients to relays (
src/nip42.zig). A connection can now authenticate to relays that require it — to protect DMs, deliver ephemeral events, etc. — so a signer can serve NIP-46 over such relays.nip42.authEvent(...)builds and signs thekind:22242event (arelaytag + the relay'schallenge, empty content).message.zigparses the relay's["AUTH", <challenge>]into a newRelayMessage.authvariant (it previously returnedInvalidMessage, which dropped the connection);encodeAuthemits the client's["AUTH", <event>]reply;Connection.authenticate/Relay.authenticatesend it.
Fixed
- The WebSocket opening handshake now includes a non-default port in the
Hostheader (RFC 9110 §7.2):Host: relay.example.com:8443, notHost: relay.example.com. Relays that derive their canonical URL fromHostcompare it against a NIP-42 auth event'srelaytag; omitting the port made them mismatch and reject the authentication. Default ports (80/443) stay omitted, so standardws:///wss://relays are unaffected. Addsrelay.Url.hostHeader.
Verified live against a relay requiring NIP-42 (nak serve --auth --eager-auth): the signer answers the challenge, is accepted, re-subscribes, and a full NIP-46 round-trip completes — the client receives a valid signed event (nak verify clean).
Full changelog: https://github.com/zig-nostr/nostr/blob/main/CHANGELOG.md