-
@ mleku
2025-03-02 20:25:52
yeah, this is why auth should be http layer not socket layer, IMO
the spec does not make it clear what auth state is
i just resolved it by filtering requests of privileged kinds (dms mainly) until the socket gets auth and then it stores the auth
nostr auth is a mess, and it's the direct product of the unclear state of a socket, when is the socket authed, or not, or is it just requests that are authed, or is it ... :GRRRRRRRR:
this is why i will have a fully HTTP except subscriptions (which need sockets for push) protocol built out in the next two weeks
and you all will adopt it because it makes the relays run faster and simplifies your client code
mark my words