Skip to content

Commit 92570e9

Browse files
Improve NIP-98 auto-auth: auto-trust Solid servers, better 401 retry logging
1 parent d58bea9 commit 92570e9

2 files changed

Lines changed: 76 additions & 5 deletions

File tree

src/background.js

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -324,15 +324,58 @@ function encodeNip98Header (signedEvent) {
324324
* @param {string|ArrayBuffer|Blob|null} body - Request body
325325
* @returns {Promise<string>} Authorization header value
326326
*/
327+
/**
328+
* Check if an origin is likely a Solid server
329+
* @param {string} origin - Origin to check
330+
* @returns {boolean}
331+
*/
332+
function isLikelySolidServer (origin) {
333+
// Common Solid server indicators
334+
const solidIndicators = [
335+
'solid.social',
336+
'solidcommunity.net',
337+
'inrupt.net',
338+
'solidweb.org',
339+
'/.well-known/solid'
340+
];
341+
342+
return solidIndicators.some(indicator => origin.includes(indicator));
343+
}
344+
327345
async function createNip98AuthHeader (url, method, body = null) {
328346
try {
329347
// Check if we should add auth
330348
const origin = new URL(url).origin;
331349
const trusted = await isTrustedOrigin(origin);
332350
const autoSign = await getAutoSign();
333351
const keyExists = await hasKeypair();
352+
const isSolid = isLikelySolidServer(origin);
353+
354+
console.log('[Podkey] NIP-98 auth check:', {
355+
url,
356+
origin,
357+
keyExists,
358+
trusted,
359+
autoSign,
360+
isSolid
361+
});
362+
363+
if (!keyExists) {
364+
console.log('[Podkey] No keypair found, skipping NIP-98 auth');
365+
return null;
366+
}
367+
368+
// For Solid servers, auto-trust on first use if auto-sign is enabled
369+
if (!trusted && isSolid && autoSign) {
370+
console.log('[Podkey] Auto-trusting Solid server:', origin);
371+
await addTrustedOrigin(origin);
372+
} else if (!trusted) {
373+
console.log('[Podkey] Origin not trusted, skipping NIP-98 auth');
374+
return null;
375+
}
334376

335-
if (!keyExists || !trusted || !autoSign) {
377+
if (!autoSign) {
378+
console.log('[Podkey] Auto-sign disabled, skipping NIP-98 auth');
336379
return null;
337380
}
338381

src/injected.js

Lines changed: 32 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -88,20 +88,38 @@ window.addEventListener('podkey-request', async (event) => {
8888

8989
const response = await originalFetch(url, options);
9090

91-
// Handle 401 responses
91+
// Handle 401 responses - retry with NIP-98 auth
9292
if (response.status === 401) {
93+
console.log('[Podkey] 401 detected, attempting NIP-98 auth retry for:', url);
9394
try {
95+
// Clone response to read body if needed, but for retry we'll make a new request
9496
const authHeader = await getNip98AuthHeader(url, options.method || 'GET', options.body);
9597
if (authHeader) {
9698
// Retry with auth
9799
const retryOptions = { ...options };
98100
retryOptions.headers = retryOptions.headers || {};
101+
102+
// Handle Headers object
99103
if (retryOptions.headers instanceof Headers) {
100104
retryOptions.headers.set('Authorization', authHeader);
101-
} else {
105+
} else if (retryOptions.headers instanceof Object) {
102106
retryOptions.headers['Authorization'] = authHeader;
107+
} else {
108+
retryOptions.headers = { 'Authorization': authHeader };
103109
}
104-
return await originalFetch(url, retryOptions);
110+
111+
console.log('[Podkey] Retrying request with NIP-98 auth');
112+
const retryResponse = await originalFetch(url, retryOptions);
113+
114+
if (retryResponse.status === 200 || retryResponse.status === 201) {
115+
console.log('[Podkey] ✅ NIP-98 auth successful!');
116+
} else {
117+
console.log('[Podkey] ⚠️ Retry still failed with status:', retryResponse.status);
118+
}
119+
120+
return retryResponse;
121+
} else {
122+
console.log('[Podkey] No NIP-98 auth header available for retry');
105123
}
106124
} catch (error) {
107125
console.error('[Podkey] Error retrying fetch with NIP-98 auth:', error);
@@ -156,17 +174,27 @@ window.addEventListener('podkey-request', async (event) => {
156174

157175
async function getNip98AuthHeader (url, method, body) {
158176
try {
177+
const urlString = typeof url === 'string' ? url : url.toString();
178+
console.log('[Podkey] Requesting NIP-98 auth header for:', urlString, method);
179+
159180
const response = await chrome.runtime.sendMessage({
160181
type: 'CREATE_NIP98_AUTH_HEADER',
161-
url: typeof url === 'string' ? url : url.toString(),
182+
url: urlString,
162183
method: method || 'GET',
163184
body: body
164185
});
165186

166187
if (chrome.runtime.lastError) {
188+
console.error('[Podkey] Error from background script:', chrome.runtime.lastError.message);
167189
return null;
168190
}
169191

192+
if (response) {
193+
console.log('[Podkey] Got NIP-98 auth header');
194+
} else {
195+
console.log('[Podkey] No NIP-98 auth header (origin not trusted, auto-sign disabled, or no keypair)');
196+
}
197+
170198
return response || null;
171199
} catch (error) {
172200
console.error('[Podkey] Error getting NIP-98 auth header:', error);

0 commit comments

Comments
 (0)