Package Exports
- express-nostr-auth
- express-nostr-auth/dist/src/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (express-nostr-auth) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Express nostr auth
Express middleware for nostr http authorization using nip98
Installation
npm install -s express-nostr-authUsage
Protect express routes with nostr http authorization, see nip98
import { nostrAuthorization } from "express-nostr-auth";
export const app = express();
app.use(
"/api",
nostrAuthorization({
ttl: 60,
debug: false,
persistPubkeyFieldName: "nostr",
persistPubkey: true,
})
);Incoming requests must include the nostr http authorization header to access the resource
Authorization: Nostr eyJraW5kIjoyNzIzNSwidGFnc==....Example: Generate the authorization token with your nostr bech32 secret key
import { finalizeEvent } from "nostr-tools";
import { decode, NSec } from "nostr-tools/nip19";
import { getToken } from "nostr-tools/nip98";
import { axios } from "axios";
// The nostr bech32 secret key
const sk = process.env.NOSTR_PKEY as NSec;
// decode to uint8 array
const skBytes = decode(sk);
// the proctected api route
const apiUrl = "http://localhost:3000/api/state";
// generates nostr base64 token: Nostr eyJraW5kIjoyNzIzNSwidGFnc==....
const token = await getToken(
apiUrl,
"GET",
(e) => finalizeEvent(e, skBytes.data),
true
);
// use the token in API requests to authorize with the nostr event
axios.get(apiUrl, {
headers: {
authorization: token,
},
});Test
Run test suite
npm test