Avatar
hzrd149 10mo ago

> do you not think that relays should protect the privacy of users DMs?

Please rewrite the github issue without the snide remarks...

The existing v0.42.0 version is using nostr-tools and custom auth handling logic. there aren't any checks if a relay needs auth before making a REQ so it probably keeps spamming REQs while its waiting for the user to approve the authentication

The next v0.43.0 version is using rx-nostr which has checks if relays require auth. the auths still have to be manually approved by the user (or auto if an option is enabled) but this should at prevent the app from spamming REQ while the auth process is happening

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 10mo ago

yeah, this is why auth should be http layer not socket layer, IMO

the spec does not make it clear what auth state is

i just resolved it by filtering requests of privileged kinds (dms mainly) until the socket gets auth and then it stores the auth

nostr auth is a mess, and it's the direct product of the unclear state of a socket, when is the socket authed, or not, or is it just requests that are authed, or is it ... :GRRRRRRRR:

this is why i will have a fully HTTP except subscriptions (which need sockets for push) protocol built out in the next two weeks

and you all will adopt it because it makes the relays run faster and simplifies your client code

mark my words