@kodelyth/nostr 2026.5.42 → 2026.6.2

package/src/nostr-profile.test.ts

@@ -1,415 +0,0 @@
-import { verifyEvent, getPublicKey } from "nostr-tools";
-import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import type { NostrProfile } from "./config-schema.js";
-import {
-  createProfileEvent,
-  profileToContent,
-  contentToProfile,
-  validateProfile,
-  sanitizeProfileForDisplay,
-  type ProfileContent,
-} from "./nostr-profile.js";
-import { TEST_HEX_PRIVATE_KEY_BYTES } from "./test-fixtures.js";
-
-const TEST_PUBKEY = getPublicKey(TEST_HEX_PRIVATE_KEY_BYTES);
-
-function createTestProfileEvent(profile: NostrProfile, lastPublishedAt?: number) {
-  return createProfileEvent(TEST_HEX_PRIVATE_KEY_BYTES, profile, lastPublishedAt);
-}
-
-// ============================================================================
-// Profile Content Conversion Tests
-// ============================================================================
-
-describe("profileToContent", () => {
-  it("converts full profile to NIP-01 content format", () => {
-    const profile: NostrProfile = {
-      name: "testuser",
-      displayName: "Test User",
-      about: "A test user for unit testing",
-      picture: "https://example.com/avatar.png",
-      banner: "https://example.com/banner.png",
-      website: "https://example.com",
-      nip05: "testuser@example.com",
-      lud16: "testuser@walletofsatoshi.com",
-    };
-
-    const content = profileToContent(profile);
-
-    expect(content.name).toBe("testuser");
-    expect(content.display_name).toBe("Test User");
-    expect(content.about).toBe("A test user for unit testing");
-    expect(content.picture).toBe("https://example.com/avatar.png");
-    expect(content.banner).toBe("https://example.com/banner.png");
-    expect(content.website).toBe("https://example.com");
-    expect(content.nip05).toBe("testuser@example.com");
-    expect(content.lud16).toBe("testuser@walletofsatoshi.com");
-  });
-
-  it("omits undefined fields from content", () => {
-    const profile: NostrProfile = {
-      name: "minimaluser",
-    };
-
-    const content = profileToContent(profile);
-
-    expect(content.name).toBe("minimaluser");
-    expect("display_name" in content).toBe(false);
-    expect("about" in content).toBe(false);
-    expect("picture" in content).toBe(false);
-  });
-
-  it("handles empty profile", () => {
-    const profile: NostrProfile = {};
-    const content = profileToContent(profile);
-    expect(Object.keys(content)).toHaveLength(0);
-  });
-});
-
-describe("contentToProfile", () => {
-  it("converts NIP-01 content to profile format", () => {
-    const content: ProfileContent = {
-      name: "testuser",
-      display_name: "Test User",
-      about: "A test user",
-      picture: "https://example.com/avatar.png",
-      nip05: "test@example.com",
-    };
-
-    const profile = contentToProfile(content);
-
-    expect(profile.name).toBe("testuser");
-    expect(profile.displayName).toBe("Test User");
-    expect(profile.about).toBe("A test user");
-    expect(profile.picture).toBe("https://example.com/avatar.png");
-    expect(profile.nip05).toBe("test@example.com");
-  });
-
-  it("handles empty content", () => {
-    const content: ProfileContent = {};
-    const profile = contentToProfile(content);
-    expect(
-      Object.keys(profile).filter((k) => profile[k as keyof NostrProfile] !== undefined),
-    ).toHaveLength(0);
-  });
-
-  it("round-trips profile data", () => {
-    const original: NostrProfile = {
-      name: "roundtrip",
-      displayName: "Round Trip Test",
-      about: "Testing round-trip conversion",
-    };
-
-    const content = profileToContent(original);
-    const restored = contentToProfile(content);
-
-    expect(restored.name).toBe(original.name);
-    expect(restored.displayName).toBe(original.displayName);
-    expect(restored.about).toBe(original.about);
-  });
-});
-
-// ============================================================================
-// Event Creation Tests
-// ============================================================================
-
-describe("createProfileEvent", () => {
-  beforeEach(() => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date("2024-01-15T12:00:00Z"));
-  });
-
-  afterEach(() => {
-    vi.useRealTimers();
-  });
-
-  it("creates a valid kind:0 event", () => {
-    const profile: NostrProfile = {
-      name: "testbot",
-      about: "A test bot",
-    };
-
-    const event = createTestProfileEvent(profile);
-
-    expect(event.kind).toBe(0);
-    expect(event.pubkey).toBe(TEST_PUBKEY);
-    expect(event.tags).toStrictEqual([]);
-    expect(event.id).toMatch(/^[0-9a-f]{64}$/);
-    expect(event.sig).toMatch(/^[0-9a-f]{128}$/);
-  });
-
-  it("includes profile content as JSON in event content", () => {
-    const profile: NostrProfile = {
-      name: "jsontest",
-      displayName: "JSON Test User",
-      about: "Testing JSON serialization",
-    };
-
-    const event = createTestProfileEvent(profile);
-    const parsedContent = JSON.parse(event.content) as ProfileContent;
-
-    expect(parsedContent.name).toBe("jsontest");
-    expect(parsedContent.display_name).toBe("JSON Test User");
-    expect(parsedContent.about).toBe("Testing JSON serialization");
-  });
-
-  it("produces a verifiable signature", () => {
-    const profile: NostrProfile = { name: "signaturetest" };
-    const event = createTestProfileEvent(profile);
-
-    expect(verifyEvent(event)).toBe(true);
-  });
-
-  it("uses current timestamp when no lastPublishedAt provided", () => {
-    const profile: NostrProfile = { name: "timestamptest" };
-    const event = createTestProfileEvent(profile);
-
-    const expectedTimestamp = Math.floor(Date.now() / 1000);
-    expect(event.created_at).toBe(expectedTimestamp);
-  });
-
-  it("ensures monotonic timestamp when lastPublishedAt is in the future", () => {
-    // Current time is 2024-01-15T12:00:00Z = 1705320000
-    const futureTimestamp = 1705320000 + 3600; // 1 hour in the future
-    const profile: NostrProfile = { name: "monotonictest" };
-
-    const event = createTestProfileEvent(profile, futureTimestamp);
-
-    expect(event.created_at).toBe(futureTimestamp + 1);
-  });
-
-  it("uses current time when lastPublishedAt is in the past", () => {
-    const pastTimestamp = 1705320000 - 3600; // 1 hour in the past
-    const profile: NostrProfile = { name: "pasttest" };
-
-    const event = createTestProfileEvent(profile, pastTimestamp);
-
-    const expectedTimestamp = Math.floor(Date.now() / 1000);
-    expect(event.created_at).toBe(expectedTimestamp);
-  });
-});
-
-// ============================================================================
-// Profile Validation Tests
-// ============================================================================
-
-describe("validateProfile", () => {
-  it("validates a correct profile", () => {
-    const profile = {
-      name: "validuser",
-      about: "A valid user",
-      picture: "https://example.com/pic.png",
-    };
-
-    const result = validateProfile(profile);
-
-    expect(result.valid).toBe(true);
-    expect(result.profile?.name).toBe("validuser");
-    expect(result.profile?.about).toBe("A valid user");
-    expect(result.profile?.picture).toBe("https://example.com/pic.png");
-    expect(result).not.toHaveProperty("errors");
-  });
-
-  it("rejects profile with invalid URL", () => {
-    const profile = {
-      name: "invalidurl",
-      picture: "http://insecure.example.com/pic.png", // HTTP not HTTPS
-    };
-
-    const result = validateProfile(profile);
-
-    expect(result.valid).toBe(false);
-    expect(result.errors).toEqual(["picture: URL must use https:// protocol"]);
-  });
-
-  it("rejects profile with javascript: URL", () => {
-    const profile = {
-      name: "xssattempt",
-      picture: "javascript:alert('xss')",
-    };
-
-    const result = validateProfile(profile);
-
-    expect(result.valid).toBe(false);
-  });
-
-  it("rejects profile with data: URL", () => {
-    const profile = {
-      name: "dataurl",
-      picture: "data:image/png;base64,abc123",
-    };
-
-    const result = validateProfile(profile);
-
-    expect(result.valid).toBe(false);
-  });
-
-  it("rejects name exceeding 256 characters", () => {
-    const profile = {
-      name: "a".repeat(257),
-    };
-
-    const result = validateProfile(profile);
-
-    expect(result.valid).toBe(false);
-    expect(result.errors).toEqual(["name: Too big: expected string to have <=256 characters"]);
-  });
-
-  it("rejects about exceeding 2000 characters", () => {
-    const profile = {
-      about: "a".repeat(2001),
-    };
-
-    const result = validateProfile(profile);
-
-    expect(result.valid).toBe(false);
-    expect(result.errors).toEqual(["about: Too big: expected string to have <=2000 characters"]);
-  });
-
-  it("accepts empty profile", () => {
-    const result = validateProfile({});
-    expect(result.valid).toBe(true);
-  });
-
-  it("rejects null input", () => {
-    const result = validateProfile(null);
-    expect(result.valid).toBe(false);
-  });
-
-  it("rejects non-object input", () => {
-    const result = validateProfile("not an object");
-    expect(result.valid).toBe(false);
-  });
-});
-
-// ============================================================================
-// Sanitization Tests
-// ============================================================================
-
-describe("sanitizeProfileForDisplay", () => {
-  it("escapes HTML in name field", () => {
-    const profile: NostrProfile = {
-      name: "<script>alert('xss')</script>",
-    };
-
-    const sanitized = sanitizeProfileForDisplay(profile);
-
-    expect(sanitized.name).toBe("&lt;script&gt;alert(&#039;xss&#039;)&lt;/script&gt;");
-  });
-
-  it("escapes HTML in about field", () => {
-    const profile: NostrProfile = {
-      about: 'Check out <img src="x" onerror="alert(1)">',
-    };
-
-    const sanitized = sanitizeProfileForDisplay(profile);
-
-    expect(sanitized.about).toBe(
-      "Check out &lt;img src=&quot;x&quot; onerror=&quot;alert(1)&quot;&gt;",
-    );
-  });
-
-  it("preserves URLs without modification", () => {
-    const profile: NostrProfile = {
-      picture: "https://example.com/pic.png",
-      website: "https://example.com",
-    };
-
-    const sanitized = sanitizeProfileForDisplay(profile);
-
-    expect(sanitized.picture).toBe("https://example.com/pic.png");
-    expect(sanitized.website).toBe("https://example.com");
-  });
-
-  it("handles undefined fields", () => {
-    const profile: NostrProfile = {
-      name: "test",
-    };
-
-    const sanitized = sanitizeProfileForDisplay(profile);
-
-    expect(sanitized.name).toBe("test");
-    expect(sanitized.about).toBeUndefined();
-    expect(sanitized.picture).toBeUndefined();
-  });
-
-  it("escapes ampersands", () => {
-    const profile: NostrProfile = {
-      name: "Tom & Jerry",
-    };
-
-    const sanitized = sanitizeProfileForDisplay(profile);
-
-    expect(sanitized.name).toBe("Tom &amp; Jerry");
-  });
-
-  it("escapes quotes", () => {
-    const profile: NostrProfile = {
-      about: 'Say "hello" to everyone',
-    };
-
-    const sanitized = sanitizeProfileForDisplay(profile);
-
-    expect(sanitized.about).toBe("Say &quot;hello&quot; to everyone");
-  });
-});
-
-// ============================================================================
-// Edge Cases
-// ============================================================================
-
-describe("edge cases", () => {
-  it("handles emoji in profile fields", () => {
-    const profile: NostrProfile = {
-      name: "🤖 Bot",
-      about: "I am a 🤖 robot! 🎉",
-    };
-
-    const content = profileToContent(profile);
-    expect(content.name).toBe("🤖 Bot");
-    expect(content.about).toBe("I am a 🤖 robot! 🎉");
-
-    const event = createTestProfileEvent(profile);
-    const parsed = JSON.parse(event.content) as ProfileContent;
-    expect(parsed.name).toBe("🤖 Bot");
-  });
-
-  it("handles unicode in profile fields", () => {
-    const profile: NostrProfile = {
-      name: "日本語ユーザー",
-      about: "Привет мир! 你好世界!",
-    };
-
-    const content = profileToContent(profile);
-    expect(content.name).toBe("日本語ユーザー");
-
-    const event = createTestProfileEvent(profile);
-    expect(verifyEvent(event)).toBe(true);
-  });
-
-  it("handles newlines in about field", () => {
-    const profile: NostrProfile = {
-      about: "Line 1\nLine 2\nLine 3",
-    };
-
-    const content = profileToContent(profile);
-    expect(content.about).toBe("Line 1\nLine 2\nLine 3");
-
-    const event = createTestProfileEvent(profile);
-    const parsed = JSON.parse(event.content) as ProfileContent;
-    expect(parsed.about).toBe("Line 1\nLine 2\nLine 3");
-  });
-
-  it("handles maximum length fields", () => {
-    const profile: NostrProfile = {
-      name: "a".repeat(256),
-      about: "b".repeat(2000),
-    };
-
-    const result = validateProfile(profile);
-    expect(result.valid).toBe(true);
-
-    const event = createTestProfileEvent(profile);
-    expect(verifyEvent(event)).toBe(true);
-  });
-});

package/src/nostr-profile.ts

@@ -1,144 +0,0 @@
-/**
- * Nostr Profile Management (NIP-01 kind:0)
- *
- * Profile events are "replaceable" - the latest created_at wins.
- * This module handles profile event creation and publishing.
- */
-
-import { formatErrorMessage } from "klaw/plugin-sdk/error-runtime";
-import { finalizeEvent, SimplePool, type Event } from "nostr-tools";
-import type { NostrProfile } from "./config-schema.js";
-import { profileToContent } from "./nostr-profile-core.js";
-export {
-  contentToProfile,
-  profileToContent,
-  sanitizeProfileForDisplay,
-  validateProfile,
-  type ProfileContent,
-} from "./nostr-profile-core.js";
-
-// ============================================================================
-// Types
-// ============================================================================
-
-/** Result of a profile publish attempt */
-export interface ProfilePublishResult {
-  /** Event ID of the published profile */
-  eventId: string;
-  /** Relays that successfully received the event */
-  successes: string[];
-  /** Relays that failed with their error messages */
-  failures: Array<{ relay: string; error: string }>;
-  /** Unix timestamp when the event was created */
-  createdAt: number;
-}
-
-// ============================================================================
-// Event Creation
-// ============================================================================
-
-/**
- * Create a signed kind:0 profile event.
- *
- * @param sk - Private key as Uint8Array (32 bytes)
- * @param profile - Profile data to include
- * @param lastPublishedAt - Previous profile timestamp (for monotonic guarantee)
- * @returns Signed Nostr event
- */
-export function createProfileEvent(
-  sk: Uint8Array,
-  profile: NostrProfile,
-  lastPublishedAt?: number,
-): Event {
-  const content = profileToContent(profile);
-  const contentJson = JSON.stringify(content);
-
-  // Ensure monotonic timestamp (new event > previous)
-  const now = Math.floor(Date.now() / 1000);
-  const createdAt = lastPublishedAt !== undefined ? Math.max(now, lastPublishedAt + 1) : now;
-
-  const event = finalizeEvent(
-    {
-      kind: 0,
-      content: contentJson,
-      tags: [],
-      created_at: createdAt,
-    },
-    sk,
-  );
-
-  return event;
-}
-
-// ============================================================================
-// Profile Publishing
-// ============================================================================
-
-/** Per-relay publish timeout (ms) */
-const RELAY_PUBLISH_TIMEOUT_MS = 5000;
-
-/**
- * Publish a profile event to multiple relays.
- *
- * Best-effort: publishes to all relays in parallel, reports per-relay results.
- * Does NOT retry automatically - caller should handle retries if needed.
- *
- * @param pool - SimplePool instance for relay connections
- * @param relays - Array of relay WebSocket URLs
- * @param event - Signed profile event (kind:0)
- * @returns Publish results with successes and failures
- */
-async function publishProfileEvent(
-  pool: SimplePool,
-  relays: string[],
-  event: Event,
-): Promise<ProfilePublishResult> {
-  const successes: string[] = [];
-  const failures: Array<{ relay: string; error: string }> = [];
-
-  // Publish to each relay in parallel with timeout
-  const publishPromises = relays.map(async (relay) => {
-    try {
-      const timeoutPromise = new Promise<never>((_, reject) => {
-        setTimeout(() => reject(new Error("timeout")), RELAY_PUBLISH_TIMEOUT_MS);
-      });
-
-      await Promise.race([...pool.publish([relay], event), timeoutPromise]);
-
-      successes.push(relay);
-    } catch (err) {
-      const errorMessage = formatErrorMessage(err);
-      failures.push({ relay, error: errorMessage });
-    }
-  });
-
-  await Promise.all(publishPromises);
-
-  return {
-    eventId: event.id,
-    successes,
-    failures,
-    createdAt: event.created_at,
-  };
-}
-
-/**
- * Create and publish a profile event in one call.
- *
- * @param pool - SimplePool instance
- * @param sk - Private key as Uint8Array
- * @param relays - Array of relay URLs
- * @param profile - Profile data
- * @param lastPublishedAt - Previous timestamp for monotonic ordering
- * @returns Publish results
- */
-export async function publishProfile(
-  pool: SimplePool,
-  sk: Uint8Array,
-  relays: string[],
-  profile: NostrProfile,
-  lastPublishedAt?: number,
-): Promise<ProfilePublishResult> {
-  const event = createProfileEvent(sk, profile, lastPublishedAt);
-  return publishProfileEvent(pool, relays, event);
-}