🔒 Add Nostr authentication support with custom guard and user provider

🛠️ Integrate Nostr auth across relevant components and views 📦 Update config, routes, and service provider for Nostr auth
2026-01-01 02:10:15 +00:00 · 2025-11-20 23:10:20 +01:00
parent aff3f32c9b
commit 9c1cea5868
19 changed files with 419 additions and 6 deletions
--- a/app/Auth/NostrSessionGuard.php
+++ b/app/Auth/NostrSessionGuard.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Auth;
+
+use Illuminate\Auth\SessionGuard;
+use Illuminate\Contracts\Auth\Authenticatable;
+
+class NostrSessionGuard extends SessionGuard
+{
+    public function loginByPubkey(string $pubkey): void
+    {
+        $user = new NostrUser($pubkey);
+
+        $this->updateSession($user->getAuthIdentifier());
+
+        $this->setUser($user);
+
+        $this->fireLoginEvent($user, false);
+    }
+
+    protected function updateSession($id): void
+    {
+        $this->session->put($this->getName(), $id);
+        $this->session->migrate(true);
+    }
+
+    public function user(): ?Authenticatable
+    {
+        if ($this->user !== null) {
+            return $this->user;
+        }
+
+        $id = $this->session->get($this->getName());
+
+        if ($id !== null) {
+            $this->user = $this->provider->retrieveById($id);
+        }
+
+        return $this->user;
+    }
+}
--- a/app/Auth/NostrUser.php
+++ b/app/Auth/NostrUser.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Auth;
+
+use Illuminate\Contracts\Auth\Authenticatable;
+
+class NostrUser implements Authenticatable
+{
+    protected string $pubkey;
+    protected ?object $pleb;
+
+    public function __construct(string $pubkey)
+    {
+        $this->pubkey = $pubkey;
+        $this->pleb = \App\Models\EinundzwanzigPleb::query()
+            ->where('pubkey', $pubkey)
+            ->first();
+    }
+
+    public function getAuthIdentifierName(): string
+    {
+        return 'pubkey';
+    }
+
+    public function getAuthIdentifier(): string
+    {
+        return $this->pubkey;
+    }
+
+    public function getAuthPassword(): string
+    {
+        return '';
+    }
+
+    public function getRememberToken(): ?string
+    {
+        return null;
+    }
+
+    public function setRememberToken($value): void
+    {
+        //
+    }
+
+    public function getRememberTokenName(): ?string
+    {
+        return null;
+    }
+
+    public function getAuthPasswordName(): string
+    {
+        return 'password';
+    }
+
+    public function getPubkey(): string
+    {
+        return $this->pubkey;
+    }
+
+    public function getPleb(): ?object
+    {
+        return $this->pleb;
+    }
+}
--- a/app/Auth/NostrUserProvider.php
+++ b/app/Auth/NostrUserProvider.php
@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Auth;
+
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Contracts\Auth\UserProvider;
+
+class NostrUserProvider implements UserProvider
+{
+    public function retrieveById($identifier): ?Authenticatable
+    {
+        return new NostrUser($identifier);
+    }
+
+    public function retrieveByToken($identifier, $token): ?Authenticatable
+    {
+        return null;
+    }
+
+    public function updateRememberToken(Authenticatable $user, $token): void
+    {
+        //
+    }
+
+    public function retrieveByCredentials(array $credentials): ?Authenticatable
+    {
+        if (isset($credentials['pubkey'])) {
+            return new NostrUser($credentials['pubkey']);
+        }
+
+        return null;
+    }
+
+    public function validateCredentials(Authenticatable $user, array $credentials): bool
+    {
+        return $user instanceof NostrUser && $user->getPubkey() === ($credentials['pubkey'] ?? null);
+    }
+
+    public function rehashPasswordIfRequired(Authenticatable $user, array $credentials, bool $force = false): void
+    {
+        //
+    }
+}
--- a/app/Livewire/Traits/WithNostrAuth.php
+++ b/app/Livewire/Traits/WithNostrAuth.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace App\Livewire\Traits;
+
+use App\Support\NostrAuth;
+use Livewire\Attributes\On;
+
+trait WithNostrAuth
+{
+    public ?string $currentPubkey = null;
+    public ?object $currentPleb = null;
+    public bool $isAllowed = false;
+    public bool $canEdit = false;
+
+    #[On('nostrLoggedIn')]
+    public function handleNostrLogin(string $pubkey): void
+    {
+        NostrAuth::login($pubkey);
+
+        $this->currentPubkey = $pubkey;
+        $this->currentPleb = \App\Models\EinundzwanzigPleb::query()
+            ->where('pubkey', $pubkey)
+            ->first();
+
+        if ($this->currentPleb && in_array($this->currentPleb->npub, config('einundzwanzig.config.current_board'), true)) {
+            $this->canEdit = true;
+        }
+
+        $this->isAllowed = true;
+    }
+
+    #[On('nostrLoggedOut')]
+    public function handleNostrLogout(): void
+    {
+        NostrAuth::logout();
+
+        $this->isAllowed = false;
+        $this->currentPubkey = null;
+        $this->currentPleb = null;
+        $this->canEdit = false;
+    }
+
+    public function mountNostrAuth(): void
+    {
+        if ($user = NostrAuth::user()) {
+            $this->currentPubkey = $user->getPubkey();
+            $this->currentPleb = $user->getPleb();
+            $this->isAllowed = true;
+
+            if ($this->currentPleb && in_array($this->currentPleb->npub, config('einundzwanzig.config.current_board'), true)) {
+                $this->canEdit = true;
+            }
+        }
+    }
+}
--- a/app/Providers/NostrAuthServiceProvider.php
+++ b/app/Providers/NostrAuthServiceProvider.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Providers;
+
+use App\Auth\NostrSessionGuard;
+use App\Auth\NostrUserProvider;
+use Illuminate\Foundation\Application;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\ServiceProvider;
+
+class NostrAuthServiceProvider extends ServiceProvider
+{
+    public function boot(): void
+    {
+        Auth::provider('nostr', function (Application $app, array $config) {
+            return new NostrUserProvider();
+        });
+
+        Auth::extend('nostr-session', function (Application $app, string $name, array $config) {
+            $provider = Auth::createUserProvider($config['provider']);
+
+            return new NostrSessionGuard(
+                $name,
+                $provider,
+                $app['session.store'],
+                $app['request']
+            );
+        });
+    }
+}
--- a/app/Support/NostrAuth.php
+++ b/app/Support/NostrAuth.php
@@ -0,0 +1,61 @@
+<?php
+
+namespace App\Support;
+
+use App\Auth\NostrUser;
+use Illuminate\Support\Facades\Session;
+use Illuminate\Support\Facades\Auth;
+
+class NostrAuth
+{
+    /**
+     * Login a user by their Nostr pubkey
+     */
+    public static function login(string $pubkey): void
+    {
+        Auth::guard('nostr')->loginByPubkey($pubkey);
+        Session::regenerate();
+    }
+
+    /**
+     * Logout the current Nostr user
+     */
+    public static function logout(): void
+    {
+        if (Auth::guard('nostr')->check()) {
+            Session::flush();
+        }
+    }
+
+    /**
+     * Get the currently authenticated Nostr user
+     */
+    public static function user(): ?NostrUser
+    {
+        return Auth::guard('nostr')->user();
+    }
+
+    /**
+     * Check if a Nostr user is authenticated
+     */
+    public static function check(): bool
+    {
+        return Auth::guard('nostr')->check();
+    }
+
+    /**
+     * Get the current pubkey (convenience method)
+     */
+    public static function pubkey(): ?string
+    {
+        return self::user()?->getPubkey();
+    }
+
+    /**
+     * Get the current pleb (convenience method)
+     */
+    public static function pleb(): ?object
+    {
+        return self::user()?->getPleb();
+    }
+}