feat: NIP-42: Implement AUTH Challenge-Response Flow

[alibaba0010]

Description

This pull request implements NIP-42 (Authentication of clients to relays) in Nostream. This allows the relay to verify the identity of clients via a challenge-response mechanism using Nostr events (Kind 22242).

Key changes include:

• Protocol Support: Added AUTH to MessageType and EventKinds (Kind 22242).
• Session Management: Enhanced WebSocketAdapter to generate and store a unique 16-byte hex challenge for every client session upon connection.
• Authentication Logic: Implemented AuthMessageHandler which performs a full cryptographic and protocol validation of incoming AUTH events, including:
  • Signature and ID verification.
  • Challenge tag matching against the session-specific challenge.
  • Relay tag matching against the configured relay_url.
  • Freshness check (created_at within a 10-minute window).
• Factory Integration: Registered the new handler in messageHandlerFactory with proper dependency injection of settings.
• Schema Validation: Updated Zod schemas in message-schema.ts to support incoming AUTH messages.

Related Issue

Linked to the Nostream competency assessment for NIP implementation.

Motivation and Context

NIP-42 is a core Nostr improvement that enables relays to authenticate users, which is essential for access control, paid relay features, and spam mitigation. This implementation brings Nostream closer to full NIP compliance.

How Has This Been Tested?

1. Unit Testing: Fixed regressions in test/unit/adapters/web-socket-adapter.spec.ts caused by the immediate challenge dispatch. Verified that the full test suite (1,046 tests) passes.
2. Manual Verification:
   • Created a standalone Node.js client script (task3.js) that connects to the relay, parses the challenge, signs a valid response, and submits it.
   • Verified server-side logs to confirm successful authentication of the client's public key.
3. Signature Verification Test: Created task4.ts and test_task4.ts to independently verify the Schnorr signature logic using @noble/secp256k1.

Screenshots (if appropriate):

N/A (Backend logic)

Types of changes

• Non-functional change (docs, style, minor refactor)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation. (Will update README for NIP-42 support)
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my code changes.
• I added a changeset, or this is docs-only and I added an empty changeset.
• All new and existing tests passed.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 80e516a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR