add nostr-tools

README.md

@@ -134,7 +134,3 @@ We welcome contributions to **Passport-Nostr**! Please see [CONTRIBUTING.md](CON
 ## 📄 License
 
 **Passport-Nostr** is [MIT licensed](LICENSE).
-
----
-
-Feel free to enhance the README according to your project needs. Adding a visually appealing banner, consistent typography, and possibly, some badges (for version number, build status, etc.) will make it even more engaging. If you need further adjustments or additional sections, please let me know!

index.html

@@ -69,11 +69,20 @@ <h1>Test API Endpoints</h1>
               Authorization: 'nostr'
             }
           })
+
+          if (response.status === 401) {
+            document.getElementById('protectedResponse').innerText =
+              'Protected Endpoint Response: Unauthorized'
+            return
+          }
+
           const data = await response.json()
           document.getElementById('protectedResponse').innerText =
             'Protected Endpoint Response: ' + JSON.stringify(data)
         } catch (error) {
           console.error('Error fetching protected endpoint:', error)
+          document.getElementById('protectedResponse').innerText =
+            'Protected Endpoint Response: Error fetching data'
         }
       }
     </script>

index.js

@@ -6,20 +6,63 @@ class NostrStrategy extends PassportStrategy {
         this.name = 'nostr'
     }
 
+    failWithJSON() {
+        // Send a JSON response on failure
+        console.log('401')
+        this.fail({ message: '401' }, 401)
+    }
+
     authenticate(req, options) {
-        // Extract the Authorization header from the request
         const authHeader = req.headers.authorization
 
-        // Check if the Authorization header contains the word "nostr"
-        if (authHeader && authHeader.includes('nostr')) {
+        if (!authHeader || !authHeader.startsWith('Nostr ')) {
+            // Authentication failed
+            this.failWithJSON()
+            return
+        }
+
+        const pubkey = isValidAuthorizationHeader(authHeader)
+
+        if (pubkey) {
             // Authentication succeeded
-            const user = {} // You might populate this object with user details if needed
+            const user = { pubkey } // You might populate this object with additional user details if needed
             this.success(user)
         } else {
             // Authentication failed
-            this.fail()
+            this.failWithJSON()
         }
     }
 }
 
+function isValidAuthorizationHeader(authorization) {
+    console.log('authorization', authorization)
+    const base64String = authorization.replace('Nostr ', '')
+
+    // Decode the base64-encoded string and parse the JSON object
+    const decodedString = Buffer.from(base64String, 'base64').toString('utf-8')
+    console.log('decodedString', decodedString)
+    if (!decodedString) {
+        console.log('auth header is empty')
+        return false
+    }
+
+    let event
+    try {
+        event = JSON.parse(decodedString)
+    } catch (e) {
+        console.error('Error parsing JSON:', e)
+        return false
+    }
+
+    // Print the object
+    console.log(event)
+
+    const isVerified = verifySignature(event)
+    if (isVerified) {
+        return event.pubkey
+    } else {
+        return false
+    }
+}
+
 export default NostrStrategy

package.json

@@ -25,6 +25,7 @@
   "dependencies": {
     "cors": "^2.8.5",
     "express": "^4.18.2",
+    "nostr-tools": "^1.16.0",
     "passport": "^0.6.0",
     "passport-strategy": "^1.0.0",
     "util": "^0.12.5"