-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathtest-nostr-auth.js
More file actions
114 lines (91 loc) · 3.3 KB
/
test-nostr-auth.js
File metadata and controls
114 lines (91 loc) · 3.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/**
* Test script for Nostr NIP-98 authentication
*
* Usage: node test-nostr-auth.js
*
* This script:
* 1. Generates a Nostr keypair
* 2. Creates a NIP-98 auth event
* 3. Makes authenticated request to JSS
* 4. Verifies the did:nostr identity is recognized
*/
import { generateSecretKey, getPublicKey, finalizeEvent } from 'nostr-tools';
import { getToken } from 'nostr-tools/nip98';
const BASE_URL = process.env.TEST_URL || 'http://localhost:4000';
async function main() {
console.log('=== Nostr NIP-98 Authentication Test ===\n');
// Generate a new keypair
const sk = generateSecretKey();
const pk = getPublicKey(sk);
console.log('1. Generated keypair');
console.log(` Public key: ${pk}`);
console.log(` did:nostr: did:nostr:${pk}\n`);
// Create NIP-98 token for GET request to a public resource
const testUrl = `${BASE_URL}/`;
const method = 'GET';
console.log(`2. Creating NIP-98 token for ${method} ${testUrl}`);
const token = await getToken(testUrl, method, (event) => finalizeEvent(event, sk));
console.log(` Token length: ${token.length} chars\n`);
// Make authenticated request
console.log('3. Making authenticated request...');
try {
const response = await fetch(testUrl, {
method,
headers: {
'Authorization': `Nostr ${token}`,
'Accept': 'application/json'
}
});
console.log(` Status: ${response.status} ${response.statusText}`);
// Check headers for any auth info
const wwwAuth = response.headers.get('www-authenticate');
if (wwwAuth) {
console.log(` WWW-Authenticate: ${wwwAuth}`);
}
// For a protected resource, we'd check if access was granted
// For now, just verify the request went through
if (response.ok) {
console.log(' Request succeeded!\n');
} else {
const body = await response.text();
console.log(` Response: ${body.slice(0, 200)}\n`);
}
} catch (err) {
console.error(` Error: ${err.message}\n`);
}
// Test with a protected resource (if exists)
console.log('4. Testing access to a container...');
const containerUrl = `${BASE_URL}/demo/public/`;
try {
const containerToken = await getToken(containerUrl, 'GET', (event) => finalizeEvent(event, sk));
const response = await fetch(containerUrl, {
headers: {
'Authorization': `Nostr ${containerToken}`,
'Accept': 'text/turtle'
}
});
console.log(` ${containerUrl}`);
console.log(` Status: ${response.status} ${response.statusText}`);
if (response.status === 200) {
console.log(' Container accessible with Nostr auth!');
} else if (response.status === 403) {
console.log(' 403 Forbidden - auth worked but no ACL grant for did:nostr');
console.log(` (Add did:nostr:${pk} to ACL to grant access)`);
} else if (response.status === 404) {
console.log(' 404 Not Found - container does not exist');
}
} catch (err) {
console.error(` Error: ${err.message}`);
}
console.log('\n=== Test Complete ===');
console.log('\nTo grant this identity access, add to an ACL file:');
console.log(`
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
<#nostrAuth>
a acl:Authorization;
acl:agent <did:nostr:${pk}>;
acl:accessTo <./>;
acl:mode acl:Read, acl:Write.
`);
}
main().catch(console.error);