nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl there is some bug on https://jumble.social/ that prevents it from requesting notes from wss://lockbox.fiatjaf.com/ in some cases: ...
this doesn't happen with #realy auth implementation, i'd be almost certain there's something wrong with your implementation as well
my relay needed changes to enable full public read with selective auth required, it edits the filters to remove the stuff that is not allowed without auth and then returns the result and then sends a CLOSED auth-required and this works on coracle and nostrudel as well as jumble... jumble was fine with how realy was doing it but the others were not because they were getting stuck because they have queries that mix DMs with allowed event kinds and the socket was waiting for them
so i just filter it out, then tell the client to auth after giving back what results it can, and it doesn't stall the whole socket, just blocks reading
what happens often also is once a client auths to publish an event that socket is unlocked and doesn't go through this pathway
this is why i have been saying for a while now, a few months maybe, that the design of nostr using sockets for everything makes it a lot harder to reason about, and the auth spec does not make it clear that authorization is a PER SOCKET thing, that is, it is a state, the socket is not authed, or it is, there is no "authed for some request" semantics and that confuses a lot of people, and the spec is not clear about it
auth is the bread and butter of the internet... without it there is not accounts or the ability to monetize anything, seems like y'all are starting to finally grasp this, but you still don't seem to be quite there
my relay needed changes to enable full public read with selective auth required, it edits the filters to remove the stuff that is not allowed without auth and then returns the result and then sends a CLOSED auth-required and this works on coracle and nostrudel as well as jumble... jumble was fine with how realy was doing it but the others were not because they were getting stuck because they have queries that mix DMs with allowed event kinds and the socket was waiting for them
so i just filter it out, then tell the client to auth after giving back what results it can, and it doesn't stall the whole socket, just blocks reading
what happens often also is once a client auths to publish an event that socket is unlocked and doesn't go through this pathway
this is why i have been saying for a while now, a few months maybe, that the design of nostr using sockets for everything makes it a lot harder to reason about, and the auth spec does not make it clear that authorization is a PER SOCKET thing, that is, it is a state, the socket is not authed, or it is, there is no "authed for some request" semantics and that confuses a lot of people, and the spec is not clear about it
auth is the bread and butter of the internet... without it there is not accounts or the ability to monetize anything, seems like y'all are starting to finally grasp this, but you still don't seem to be quite there
2
