From 6e3da0ffbe17a3e94cc03ca2a2a7db82cf70176e Mon Sep 17 00:00:00 2001 From: Jon Staab Date: Mon, 26 Feb 2024 09:27:05 -0800 Subject: [PATCH] Add NIP 43 for relay access requests --- 42.md | 12 +----------- 43.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 11 deletions(-) create mode 100644 43.md diff --git a/42.md b/42.md index 9fb89c42..8c70de49 100644 --- a/42.md +++ b/42.md @@ -36,17 +36,7 @@ And, when sent by clients, the following form: ### Canonical authentication event -The signed event is an ephemeral event of `kind: 22242` and it should have at least two tags, one for the relay URL, -and one containing evidence of access. This may be one of: - -- `challenge` - the challenge string recieved from the relay. -- `claim` - an arbitrary token exchanged out-of-band. Relays SHOULD store this authorization so that the `challenge` - method can be used in the future. - -Clients MUST NOT publish these events. Relays MUST exclude `kind: 22242` events from being broadcasted to any client. -Relays MUST validate that `created_at` is the current time, adjusting for clock skew. - -Example: +The signed event is an ephemeral event not meant to be published or queried, it must be of `kind: 22242` and it should have at least two tags, one for the relay URL and one for the challenge string as received from the relay. Relays MUST exclude `kind: 22242` events from being broadcasted to any client. `created_at` should be the current time. Example: ```json { diff --git a/43.md b/43.md new file mode 100644 index 00000000..4a26853a --- /dev/null +++ b/43.md @@ -0,0 +1,45 @@ +NIP-43 +====== + +Relay Access Requests +----------------------------------- + +`draft` `optional` + +This NIP defines a way for clients to request admission to relays enforcing authentication as defined in NIP 42 by +signing an ephemeral event. + +## Access Request Event + +This NIP defines kind `22243` events which are intended to allow clients to request admission to a relay. +Access requests MUST have a `claim` tag containing an invoice, invite code, or any other arbitrary string. + +The event's `created_at` MUST be the current time plus or minus a few minutes to prevent replay attacks. +Clients MAY send a claim at any time, but MUST check for relay support via NIP 11 to avoid non-compliant +relays broadcasting invites to subscribers. + +This event should be sent to a relay using the standard `EVENT` verb. + +```json +{ + "kind": 22243, + "tags": [ + ["claim", ""] + ], + ...other fields +} +``` + +## Relay response + +Upon receiving a claim, a relay MUST notify the client as to what the status of the claim is using an `OK` message. +Failed claims SHOULD use the same standard `"restricted: "` prefix specified by NIP 42. + +Some examples: + +``` +["OK", , false, "restricted: That invoice is expired."] +["OK", , false, "restricted: That is an unsupported claim."] +["OK", , true, "claim-ignored: You are already a member of this relay."] +["OK", , true, "claim-accepted: Welcome to wss://relay.bunk.skunk!"] +```