Examples
3. mixFetch

mixFetch

An easy way to secure parts or all of your web app is to replace calls to fetch (opens in a new tab) with mixFetch:

npm install @nymproject/mix-fetch

And then:

import { mixFetch } from '@nymproject/mix-fetch';
 
...
 
// HTTP GET
const response = await mixFetch('https://nymtech.net');
const html = await response.text();
 
...
 
// HTTP POST
const apiResponse = await mixFetch('https://api.example.com', {
  method: 'POST',
  body: JSON.stringify({ foo: 'bar' }),
  headers: { [`Content-Type`]: 'application/json', Authorization: `Bearer ${AUTH_TOKEN}` }
});

Sounds great, are there any catches? Well, there are a few (for now):

  1. Currently, the operators of Network Requesters that make the final request at the egress part of the Nym Mixnet to the internet use a standard allow list (opens in a new tab) in combination with their own configuration. If you are trying to access something that is not on the allow list, you have two choices:
  • run your own Network Requester and locally configure it to allow the hosts you need to connect to
  • get in touch with us and give us more information about the sites you want included in the standard allow list

  1. We periodically update the CA certificates in mixFetch so if you get a certificate error, we may not have the root CA certificate you need in our list. Send us a PR (opens in a new tab) if you need changes.

  2. If you are using mixFetch in a web app with HTTPS you will need to use a gateway that has Secure Websockets to avoid getting a mixed content (opens in a new tab) error.

  3. Workaround for Mixed Content Errors because you might be using mixFetch from web app served from HTTPS while connecting a gateway that only listens on a plain websocket, without HTTPS/TLS.

We are currently working on a feature that adds a Secure Websocket (WSS) listener with HTTPS (automatically generated with LetsEncrypt) to Nym's gateways.

While we are adding this feature, you can use a gateway that has Caddy providing HTTPS/WSS by adding this to the options when settings up mixFetch:

import type { SetupMixFetchOps } from '@nymproject/mix-fetch';
 
const extra = {
  hiddenGateways: [
    {
      owner: 'n1kymvkx6vsq7pvn6hfurkpg06h3j4gxj4em7tlg',
      host: 'gateway1.nymtech.net',
      explicitIp: '213.219.38.119',
      identityKey: 'E3mvZTHQCdBvhfr178Swx9g4QG3kkRUun7YnToLMcMbM',
      sphinxKey: 'CYcrjoJ8GT7Dp54zViUyyRUfegeRCyPifWQZHRgMZrfX',
    },
  ],
};
 
const mixFetchOptions: SetupMixFetchOps = {
  preferredGateway: 'E3mvZTHQCdBvhfr178Swx9g4QG3kkRUun7YnToLMcMbM', // with WSS
  preferredNetworkRequester:
    'GiRjFWrMxt58pEMuusm4yT3RxoMD1MMPrR9M2N4VWRJP.3CNZBPq4vg7v7qozjGjdPMXcvDmkbWPCgbGCjQVw9n6Z@2xU4CBE6QiiYt6EyBXSALwxkNvM7gqJfjHXaMkjiFmYW',
  mixFetchOverride: {
    requestTimeoutMs: 60_000,
  },
  forceTls: true, // force WSS
  extra, // manually set the gateway details for WSS so certificates will work for hostname
};
2. Mixnet Client4. Cosmos Kit