nostr-zap 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2dbcf7cc9306b5fe9ad608df598f848d7c121465a5fc1d5d77614a9b148566f7
-  data.tar.gz: 178a651a19ba53a6e25c4dd2104ef70ebb4de222b61dc3df846b0913112a6482
+  metadata.gz: 85d3b9fa913d9e3b38f2e62f2995299878f9860f5078e396272bb2f35632da9c
+  data.tar.gz: 29f215e0d57f0297c8e11d09938365757829933ce756a6869e959d551df46927
 SHA512:
-  metadata.gz: a713b3dbd1002c306a49a27d663278f1d95e38ff9e56609bed9ff599cee0dadd9372214cf45fd113dbfa9049e12f794aceea744d6c83ed597a8f68e537562bae
-  data.tar.gz: 6d97c5fb41f2b84203b405cbf7c54e4ad61944956219dd4447f383cb6eed745bf6ecdd318e625891e3f67ee2388857aa45674c26bbc89056776aba479addeed5
+  metadata.gz: b64eec1720df7ad87babaf118d85544a74267e740047c066e6b9cd038a12d14435a9b128e60817b43c3e807d0c805d02b2c9d6811b7616e041f13ff8b3e8d54d
+  data.tar.gz: 98510efc4be72be923e8aabb5b7603191bf8dc2380c06a7f31b410e25c193f8a98356827dad49e5841b22a1d960a53c3bd89523ffb73feaa394e5313395d03b8

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Sasha Zykov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -78,7 +78,7 @@ if validator.valid?
   validator.amount_msats      # => 1000
   validator.zapped_event_id   # => "hex event id" or nil
 else
-  validator.errors  # => ["Invalid kind: expected 9734, got 1"]
+  validator.errors  # => ["Invalid kind: expected integer 9734, got 1"]
 end
 ```
 
@@ -148,7 +148,6 @@ NostrZap::Error              # base
 ## Dependencies
 
 - [bip-schnorr](https://rubygems.org/gems/bip-schnorr) ~> 0.7 -- BIP-340 Schnorr signatures
-- [concurrent-ruby](https://rubygems.org/gems/concurrent-ruby) ~> 1.0 -- concurrent relay publishing
 - [websocket](https://rubygems.org/gems/websocket) ~> 1.0 -- WebSocket handshake and framing
 
 ## Development

data/lib/nostr_zap/relay_client.rb

@@ -5,7 +5,7 @@ require 'websocket'
 require 'openssl'
 require 'uri'
 require 'json'
-require 'concurrent'
+require 'resolv'
 
 module NostrZap
   # Client for publishing NOSTR events to relay servers via WebSocket.
@@ -43,15 +43,18 @@ module NostrZap
     # @param relay_urls [Array<String>] List of relay WebSocket URLs
     # @return [Hash] Map of relay URL to result { success: bool, message: String }
     def publish_event(event:, relay_urls:)
-      futures = relay_urls.to_h do |relay_url|
-        future = Concurrent::Promises.future do
+      threads = relay_urls.to_h do |relay_url|
+        thread = Thread.new do
           publish_to_relay(event: event, relay_url: relay_url)
         end
-        [relay_url, future]
+        [relay_url, thread]
       end
 
-      futures.transform_values do |future|
-        future.value(@timeout) || { success: false, message: 'Connection timeout' }
+      threads.transform_values do |thread|
+        next thread.value if thread.join(@timeout)
+
+        thread.kill
+        { success: false, message: 'Connection timeout' }
       end
     end
 
@@ -68,17 +71,31 @@ module NostrZap
       perform_handshake(socket, uri)
       send_event(socket, event)
       wait_for_ok_response(socket, event_id)
-    rescue => e
+    rescue StandardError => e
       @logger&.error("NostrZap::RelayClient error for #{relay_url}: #{e.message}")
       { success: false, message: e.message }
     ensure
       socket&.close
     end
 
-  private
+    private
 
     def create_socket(uri)
-      tcp_socket = TCPSocket.new(uri.host, uri.port || ((uri.scheme == 'wss') ? 443 : 80))
+      connect_hosts = resolve_connect_hosts(uri.host)
+      port = uri.port || (uri.scheme == 'wss' ? 443 : 80)
+      tcp_socket = nil
+      last_error = nil
+
+      connect_hosts.each do |connect_host|
+        tcp_socket = TCPSocket.new(connect_host, port)
+        break
+      rescue StandardError => e
+        last_error = e
+      end
+
+      if tcp_socket.nil?
+        raise PublishError, "Could not connect to relay host #{uri.host}: #{last_error&.message || 'unknown error'}"
+      end
 
       if uri.scheme == 'wss'
         ssl_context = OpenSSL::SSL::SSLContext.new
@@ -93,6 +110,22 @@ module NostrZap
       end
     end
 
+    def resolve_connect_hosts(host)
+      addresses = Resolv.getaddresses(host)
+      raise PublishError, "Relay host could not be resolved: #{host}" if addresses.empty?
+
+      public_addresses = addresses.select { |addr| public_ip_address?(addr) }
+      return public_addresses if public_addresses.any?
+
+      raise PublishError, "Relay host resolves only to private/reserved addresses: #{host}"
+    rescue Resolv::ResolvError
+      raise PublishError, "Relay host could not be resolved: #{host}"
+    end
+
+    def public_ip_address?(address)
+      RelayUrlValidator::PRIVATE_IP_RANGES.none? { |range| range.include?(address) }
+    end
+
     def perform_handshake(socket, uri)
       handshake = WebSocket::Handshake::Client.new(url: uri.to_s)
       socket.write(handshake.to_s)
@@ -169,7 +202,7 @@ module NostrZap
 
       {
         success: parsed[2] == true,
-        message: (relay_message.nil? || relay_message.empty?) ? default_message : relay_message,
+        message: relay_message.nil? || relay_message.empty? ? default_message : relay_message
       }
     rescue JSON::ParserError
       nil

data/lib/nostr_zap/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module NostrZap
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

data/lib/nostr_zap/zap/request_validator.rb

@@ -69,7 +69,7 @@ module NostrZap
         find_tag_value('e')
       end
 
-    private
+      private
 
       def find_tag_value(tag_name)
         return nil unless @parsed_event
@@ -113,9 +113,10 @@ module NostrZap
       end
 
       def kind_valid?
-        return true if @parsed_event['kind'] == ZAP_REQUEST_KIND
+        kind = @parsed_event['kind']
+        return true if kind.is_a?(Integer) && kind == ZAP_REQUEST_KIND
 
-        fail_with("Invalid kind: expected #{ZAP_REQUEST_KIND}, got #{@parsed_event['kind']}")
+        fail_with("Invalid kind: expected integer #{ZAP_REQUEST_KIND}, got #{kind.inspect}")
       end
 
       def tags_valid?
@@ -124,9 +125,12 @@ module NostrZap
 
       def p_tag_valid?
         p_tag = @parsed_event['tags']&.find { |tag| tag[0] == 'p' }
-        return true if p_tag && p_tag[1] && !p_tag[1].empty?
+        value = p_tag&.[](1)
+        return fail_with("Missing required 'p' tag (recipient pubkey)") unless value.is_a?(String) && !value.empty?
 
-        fail_with("Missing required 'p' tag (recipient pubkey)")
+        return true if value.is_a?(String) && value.match?(/\A[0-9a-f]{64}\z/i)
+
+        fail_with("Invalid 'p' tag: expected 64-character hex pubkey")
       end
 
       def relays_tag_valid?
@@ -145,7 +149,7 @@ module NostrZap
           created_at: @parsed_event['created_at'],
           kind: @parsed_event['kind'],
           tags: @parsed_event['tags'],
-          content: @parsed_event['content'],
+          content: @parsed_event['content']
         )
         return true if @parsed_event['id'] == computed
 
@@ -158,12 +162,12 @@ module NostrZap
         valid = Crypto.verify_signature?(
           @parsed_event['id'],
           @parsed_event['pubkey'],
-          @parsed_event['sig'],
+          @parsed_event['sig']
         )
         return true if valid
 
         fail_with('Invalid signature')
-      rescue => e
+      rescue StandardError => e
         fail_with("Signature validation error: #{e.message}")
       end
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nostr-zap
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Alexander Zykov
@@ -24,20 +24,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
-- !ruby/object:Gem::Dependency
-  name: concurrent-ruby
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: websocket
   requirement: !ruby/object:Gem::Requirement
@@ -62,6 +48,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- LICENSE
 - README.md
 - lib/nostr_zap.rb
 - lib/nostr_zap/crypto.rb