@konemono/nostr-login 1.7.11

package/src/modules/Nip46.ts

@@ -0,0 +1,441 @@
+import NDK, { NDKEvent, NDKFilter, NDKNip46Signer, NDKNostrRpc, NDKRpcRequest, NDKRpcResponse, NDKSubscription, NDKSubscriptionCacheUsage, NostrEvent } from '@nostr-dev-kit/ndk';
+import { validateEvent, verifySignature } from 'nostr-tools';
+import { PrivateKeySigner } from './Signer';
+
+class NostrRpc extends NDKNostrRpc {
+  protected _ndk: NDK;
+  protected _signer: PrivateKeySigner;
+  protected requests: Set<string> = new Set();
+  private sub?: NDKSubscription;
+  protected _useNip44: boolean = false;
+
+  public constructor(ndk: NDK, signer: PrivateKeySigner) {
+    super(ndk, signer, ndk.debug.extend('nip46:signer:rpc'));
+    this._ndk = ndk;
+    this._signer = signer;
+  }
+
+  public async subscribe(filter: NDKFilter): Promise<NDKSubscription> {
+    // NOTE: fixing ndk
+    filter.kinds = filter.kinds?.filter(k => k === 24133);
+    this.sub = await super.subscribe(filter);
+    return this.sub;
+  }
+
+  public stop() {
+    if (this.sub) {
+      this.sub.stop();
+      this.sub = undefined;
+    }
+  }
+
+  public setUseNip44(useNip44: boolean) {
+    this._useNip44 = useNip44;
+  }
+
+  private isNip04(ciphertext: string) {
+    const l = ciphertext.length;
+    if (l < 28) return false;
+    return ciphertext[l - 28] === '?' && ciphertext[l - 27] === 'i' && ciphertext[l - 26] === 'v' && ciphertext[l - 25] === '=';
+  }
+
+  // override to auto-decrypt nip04/nip44
+  public async parseEvent(event: NDKEvent): Promise<NDKRpcRequest | NDKRpcResponse> {
+    const remoteUser = this._ndk.getUser({ pubkey: event.pubkey });
+    remoteUser.ndk = this._ndk;
+    const decrypt = this.isNip04(event.content) ? this._signer.decrypt : this._signer.decryptNip44;
+    const decryptedContent = await decrypt.call(this._signer, remoteUser, event.content);
+    const parsedContent = JSON.parse(decryptedContent);
+    const { id, method, params, result, error } = parsedContent;
+
+    if (method) {
+      return { id, pubkey: event.pubkey, method, params, event };
+    } else {
+      return { id, result, error, event };
+    }
+  }
+
+  public async parseNostrConnectReply(reply: any, secret: string) {
+    const event = new NDKEvent(this._ndk, reply);
+    const parsedEvent = await this.parseEvent(event);
+    console.log('nostr connect parsedEvent', parsedEvent);
+    if (!(parsedEvent as NDKRpcRequest).method) {
+      const response = parsedEvent as NDKRpcResponse;
+      if (response.result !== secret) throw new Error(response.error);
+      return event.pubkey;
+    } else {
+      throw new Error('Bad nostr connect reply');
+    }
+  }
+
+  // ndk doesn't support nostrconnect:
+  // we just listed to an unsolicited reply to
+  // our pubkey and if it's ack/secret - we're fine
+  public async listen(nostrConnectSecret: string): Promise<string> {
+    const pubkey = this._signer.pubkey;
+    console.log('nostr-login listening for conn to', pubkey);
+    const sub = await this.subscribe({
+      'kinds': [24133],
+      '#p': [pubkey],
+    });
+    return new Promise<string>((ok, err) => {
+      sub.on('event', async (event: NDKEvent) => {
+        try {
+          const parsedEvent = await this.parseEvent(event);
+          // console.log('ack parsedEvent', parsedEvent);
+          if (!(parsedEvent as NDKRpcRequest).method) {
+            const response = parsedEvent as NDKRpcResponse;
+
+            // ignore
+            if (response.result === 'auth_url') return;
+
+            // FIXME for now accept 'ack' replies, later on only
+            // accept secrets
+            if (response.result === 'ack' || response.result === nostrConnectSecret) {
+              ok(event.pubkey);
+            } else {
+              err(response.error);
+            }
+          }
+        } catch (e) {
+          console.log('error parsing event', e, event.rawEvent());
+        }
+        // done
+        this.stop();
+      });
+    });
+  }
+
+  // since ndk doesn't yet support perms param
+  // we reimplement the 'connect' call here
+  // instead of await signer.blockUntilReady();
+  public async connect(pubkey: string, token?: string, perms?: string) {
+    return new Promise<void>((ok, err) => {
+      const connectParams = [pubkey!, token || '', perms || ''];
+      this.sendRequest(pubkey!, 'connect', connectParams, 24133, (response: NDKRpcResponse) => {
+        if (response.result === 'ack') {
+          ok();
+        } else {
+          err(response.error);
+        }
+      });
+    });
+  }
+
+  protected getId(): string {
+    return Math.random().toString(36).substring(7);
+  }
+
+  public async sendRequest(remotePubkey: string, method: string, params: string[] = [], kind = 24133, cb?: (res: NDKRpcResponse) => void): Promise<NDKRpcResponse> {
+    const id = this.getId();
+
+    // response handler will deduplicate auth urls and responses
+    this.setResponseHandler(id, cb);
+
+    // create and sign request
+    const event = await this.createRequestEvent(id, remotePubkey, method, params, kind);
+    console.log("sendRequest", { event, method, remotePubkey, params });
+
+    // send to relays
+    const relays = await event.publish();
+    if (relays.size === 0) throw new Error('Failed to publish to relays');
+
+    // NOTE: ndk returns a promise that never resolves and
+    // in fact REQUIRES cb to be provided (otherwise no way
+    // to consume the result), we've already stepped on the bug
+    // of waiting for this unresolvable result, so now we return
+    // undefined to make sure waiters fail, not hang.
+    // @ts-ignore
+    return undefined as NDKRpcResponse;
+  }
+
+  protected setResponseHandler(id: string, cb?: (res: NDKRpcResponse) => void) {
+    let authUrlSent = false;
+    const now = Date.now();
+    return new Promise<NDKRpcResponse>((resolve, reject) => {
+      const responseHandler = (response: NDKRpcResponse) => {
+        if (response.result === 'auth_url') {
+          this.once(`response-${id}`, responseHandler);
+          if (!authUrlSent) {
+            authUrlSent = true;
+            this.emit('authUrl', response.error);
+          }
+        } else if (cb) {
+          if (this.requests.has(id)) {
+            this.requests.delete(id);
+            console.log('nostr-login processed nip46 request in', Date.now() - now, 'ms');
+            cb(response);
+            resolve(response);
+          }
+        }
+      };
+
+      this.once(`response-${id}`, responseHandler);
+
+      // timeout
+      setTimeout(() => {
+        if (this.requests.has(id)) {
+          this.requests.delete(id);
+          this.removeListener(`response-${id}`, responseHandler);
+          reject('Request timed out');
+        }
+      }, 30000);
+    });
+  }
+
+
+  protected async createRequestEvent(id: string, remotePubkey: string, method: string, params: string[] = [], kind = 24133) {
+    this.requests.add(id);
+    const localUser = await this._signer.user();
+    const remoteUser = this._ndk.getUser({ pubkey: remotePubkey });
+    const request = { id, method, params };
+
+    const event = new NDKEvent(this._ndk, {
+      kind,
+      content: JSON.stringify(request),
+      tags: [['p', remotePubkey]],
+      pubkey: localUser.pubkey,
+    } as NostrEvent);
+
+    const useNip44 = this._useNip44 && method !== 'create_account';
+    const encrypt = useNip44 ? this._signer.encryptNip44 : this._signer.encrypt;
+    event.content = await encrypt.call(this._signer, remoteUser, event.content);
+    await event.sign(this._signer);
+
+    return event;
+  }
+}
+
+export class IframeNostrRpc extends NostrRpc {
+  private peerOrigin?: string;
+  private iframePort?: MessagePort;
+  private iframeRequests = new Map<string, { id: string; pubkey: string }>();
+
+  public constructor(ndk: NDK, localSigner: PrivateKeySigner, iframePeerOrigin?: string) {
+    super(ndk, localSigner);
+    this._ndk = ndk;
+    this.peerOrigin = iframePeerOrigin;
+  }
+
+  public async subscribe(filter: NDKFilter): Promise<NDKSubscription> {
+    if (!this.peerOrigin) return super.subscribe(filter);
+    return new NDKSubscription(
+      this._ndk,
+      {},
+      {
+        // don't send to relay
+        closeOnEose: true,
+        cacheUsage: NDKSubscriptionCacheUsage.ONLY_CACHE,
+      },
+    );
+  }
+
+  public setWorkerIframePort(port: MessagePort) {
+    if (!this.peerOrigin) throw new Error('Unexpected iframe port');
+
+    this.iframePort = port;
+
+    // to make sure Chrome doesn't terminate the channel
+    setInterval(() => {
+      console.log('iframe-nip46 ping');
+      this.iframePort!.postMessage('ping');
+    }, 5000);
+
+    port.onmessage = async ev => {
+      console.log('iframe-nip46 got response', ev.data);
+      if (typeof ev.data === 'string' && ev.data.startsWith('errorNoKey')) {
+        const event_id = ev.data.split(':')[1];
+        const { id = '', pubkey = '' } = this.iframeRequests.get(event_id) || {};
+        if (id && pubkey && this.requests.has(id)) this.emit(`iframeRestart-${pubkey}`);
+        return;
+      }
+
+      // a copy-paste from rpc.subscribe
+      try {
+        const event = ev.data;
+
+        if (!validateEvent(event)) throw new Error('Invalid event from iframe');
+        if (!verifySignature(event)) throw new Error('Invalid event signature from iframe');
+        const nevent = new NDKEvent(this._ndk, event);
+        const parsedEvent = await this.parseEvent(nevent);
+        // we're only implementing client-side rpc
+        if (!(parsedEvent as NDKRpcRequest).method) {
+          console.log('parsed response', parsedEvent);
+          this.emit(`response-${parsedEvent.id}`, parsedEvent);
+        }
+      } catch (e) {
+        console.log('error parsing event', e, ev.data);
+      }
+    };
+  }
+
+  public async sendRequest(remotePubkey: string, method: string, params: string[] = [], kind = 24133, cb?: (res: NDKRpcResponse) => void): Promise<NDKRpcResponse> {
+    const id = this.getId();
+
+    // create and sign request event
+    const event = await this.createRequestEvent(id, remotePubkey, method, params, kind);
+
+    // set response handler, it will dedup auth urls,
+    // and also dedup response handlers - we're sending
+    // to relays and to iframe
+    this.setResponseHandler(id, cb);
+
+    if (this.iframePort) {
+      // map request event id to request id, if iframe
+      // has no key it will reply with error:event_id (it can't
+      // decrypt the request id without keys)
+      this.iframeRequests.set(event.id, { id, pubkey: remotePubkey });
+
+      // send to iframe
+      console.log('iframe-nip46 sending request to', this.peerOrigin, event.rawEvent());
+      this.iframePort.postMessage(event.rawEvent());
+    } else {
+      // send to relays
+      await event.publish();
+    }
+
+    // see notes in 'super'
+    // @ts-ignore
+    return undefined as NDKRpcResponse;
+  }
+}
+
+export class ReadyListener {
+  origin: string;
+  messages: string[];
+  promise: Promise<any>;
+
+  constructor(messages: string[], origin: string) {
+    this.origin = origin;
+    this.messages = messages;
+    this.promise = new Promise<any>(ok => {
+      console.log(new Date(), 'started listener for', this.messages);
+
+      // ready message handler
+      const onReady = async (e: MessageEvent) => {
+        const originHostname = new URL(origin!).hostname;
+        const messageHostname = new URL(e.origin).hostname;
+        // same host or subdomain
+        const validHost = messageHostname === originHostname || messageHostname.endsWith('.' + originHostname);
+        if (!validHost || !Array.isArray(e.data) || !e.data.length || !this.messages.includes(e.data[0])) {
+          // console.log(new Date(), 'got invalid ready message', e.origin, e.data);
+          return;
+        }
+
+        console.log(new Date(), 'got ready message from', e.origin, e.data);
+        window.removeEventListener('message', onReady);
+        ok(e.data);
+      };
+      window.addEventListener('message', onReady);
+    });
+  }
+
+  async wait(): Promise<any> {
+    console.log(new Date(), 'waiting for', this.messages);
+    const r = await this.promise;
+    // NOTE: timer here doesn't help bcs it must be activated when
+    // user "confirms", but that's happening on a different
+    // origin and we can't really know.
+    // await new Promise<any>((ok, err) => {
+    //   // 10 sec should be more than enough
+    //   setTimeout(() => err(new Date() + ' timeout for ' + this.message), 10000);
+
+    //   // if promise already resolved or will resolve in the future
+    //   this.promise.then(ok);
+    // });
+
+    console.log(new Date(), 'finished waiting for', this.messages, r);
+    return r;
+  }
+}
+
+export class Nip46Signer extends NDKNip46Signer {
+  private _userPubkey: string = '';
+  private _rpc: IframeNostrRpc;
+
+  constructor(ndk: NDK, localSigner: PrivateKeySigner, signerPubkey: string, iframeOrigin?: string) {
+    super(ndk, signerPubkey, localSigner);
+
+    // override with our own rpc implementation
+    this._rpc = new IframeNostrRpc(ndk, localSigner, iframeOrigin);
+    this._rpc.setUseNip44(true); // !!this.params.optionsModal.dev);
+    this._rpc.on('authUrl', (url: string) => {
+      this.emit('authUrl', url);
+    });
+
+    this.rpc = this._rpc;
+  }
+
+  get userPubkey() {
+    return this._userPubkey;
+  }
+
+  private async setSignerPubkey(signerPubkey: string, sameAsUser: boolean = false) {
+    console.log("setSignerPubkey", signerPubkey);
+
+    // ensure it's set
+    this.remotePubkey = signerPubkey;
+
+    // when we're sure it's known
+    this._rpc.on(`iframeRestart-${signerPubkey}`, () => {
+      this.emit('iframeRestart');
+    });
+
+    // now call getPublicKey and swap remotePubkey w/ that
+    await this.initUserPubkey(sameAsUser ? signerPubkey : '');
+  }
+
+  public async initUserPubkey(hintPubkey?: string) {
+    if (this._userPubkey) throw new Error('Already called initUserPubkey');
+
+    if (hintPubkey) {
+      this._userPubkey = hintPubkey;
+      return;
+    }
+
+    this._userPubkey = await new Promise<string>((ok, err) => {
+      if (!this.remotePubkey) throw new Error('Signer pubkey not set');
+
+      console.log("get_public_key", this.remotePubkey);
+      this._rpc.sendRequest(this.remotePubkey, 'get_public_key', [], 24133, (response: NDKRpcResponse) => {
+        ok(response.result);
+      });
+    });
+  }
+
+  public async listen(nostrConnectSecret: string) {
+    const signerPubkey = await (this.rpc as IframeNostrRpc).listen(nostrConnectSecret);
+    await this.setSignerPubkey(signerPubkey);
+  }
+
+  public async connect(token?: string, perms?: string) {
+    if (!this.remotePubkey) throw new Error('No signer pubkey');
+    await this._rpc.connect(this.remotePubkey, token, perms);
+    await this.setSignerPubkey(this.remotePubkey);
+  }
+
+  public async setListenReply(reply: any, nostrConnectSecret: string) {
+    const signerPubkey = await this._rpc.parseNostrConnectReply(reply, nostrConnectSecret);
+    await this.setSignerPubkey(signerPubkey, true);
+  }
+
+  public async createAccount2({ bunkerPubkey, name, domain, perms = '' }: { bunkerPubkey: string; name: string; domain: string; perms?: string }) {
+    const params = [
+      name,
+      domain,
+      '', // email
+      perms,
+    ];
+
+    const r = await new Promise<NDKRpcResponse>(ok => {
+      this.rpc.sendRequest(bunkerPubkey, 'create_account', params, undefined, ok);
+    });
+
+    console.log('create_account pubkey', r);
+    if (r.result === 'error') {
+      throw new Error(r.error);
+    }
+
+    return r.result;
+  }
+}

package/src/modules/Nostr.ts

@@ -0,0 +1,107 @@
+import { Info } from 'nostr-login-components';
+
+export interface Signer {
+  signEvent: (event: any) => Promise<any>;
+  nip04: {
+    encrypt: (pubkey: string, plaintext: string) => Promise<string>;
+    decrypt: (pubkey: string, ciphertext: string) => Promise<string>;
+  };
+  nip44: {
+    encrypt: (pubkey: string, plaintext: string) => Promise<string>;
+    decrypt: (pubkey: string, ciphertext: string) => Promise<string>;
+  };
+}
+
+export interface NostrObjectParams {
+  waitReady(): Promise<void>;
+  getUserInfo(): Info | null;
+  launch(): Promise<void>;
+  getSigner(): Signer;
+  wait<T>(cb: () => Promise<T>): Promise<T>;
+}
+
+class Nostr {
+  #params: NostrObjectParams;
+  private nip04: {
+    encrypt: (pubkey: string, plaintext: string) => Promise<any>;
+    decrypt: (pubkey: string, ciphertext: string) => Promise<any>;
+  };
+  private nip44: {
+    encrypt: (pubkey: string, plaintext: string) => Promise<any>;
+    decrypt: (pubkey: string, ciphertext: string) => Promise<any>;
+  };
+
+  constructor(params: NostrObjectParams) {
+    this.#params = params;
+
+    this.getPublicKey = this.getPublicKey.bind(this);
+    this.signEvent = this.signEvent.bind(this);
+    this.getRelays = this.getRelays.bind(this);
+    this.nip04 = {
+      encrypt: this.encrypt04.bind(this),
+      decrypt: this.decrypt04.bind(this),
+    };
+    this.nip44 = {
+      encrypt: this.encrypt44.bind(this),
+      decrypt: this.decrypt44.bind(this),
+    };
+  }
+
+  private async ensureAuth() {
+    await this.#params.waitReady();
+
+    // authed?
+    if (this.#params.getUserInfo()) return;
+
+    // launch auth flow
+    await this.#params.launch();
+
+    // give up
+    if (!this.#params.getUserInfo()) {
+      throw new Error('Rejected by user');
+    }
+  }
+
+  async getPublicKey() {
+    await this.ensureAuth();
+    const userInfo = this.#params.getUserInfo();
+    if (userInfo) {
+      return userInfo.pubkey;
+    } else {
+      throw new Error('No user');
+    }
+  }
+
+  // @ts-ignore
+  async signEvent(event) {
+    await this.ensureAuth();
+    return this.#params.wait(async () => await this.#params.getSigner().signEvent(event));
+  }
+
+  async getRelays() {
+    // FIXME implement!
+    return {};
+  }
+
+  async encrypt04(pubkey: string, plaintext: string) {
+    await this.ensureAuth();
+    return this.#params.wait(async () => await this.#params.getSigner().nip04.encrypt(pubkey, plaintext));
+  }
+
+  async decrypt04(pubkey: string, ciphertext: string) {
+    await this.ensureAuth();
+    return this.#params.wait(async () => await this.#params.getSigner().nip04.decrypt(pubkey, ciphertext));
+  }
+
+  async encrypt44(pubkey: string, plaintext: string) {
+    await this.ensureAuth();
+    return this.#params.wait(async () => await this.#params.getSigner().nip44.encrypt(pubkey, plaintext));
+  }
+
+  async decrypt44(pubkey: string, ciphertext: string) {
+    await this.ensureAuth();
+    return this.#params.wait(async () => await this.#params.getSigner().nip44.decrypt(pubkey, ciphertext));
+  }
+}
+
+export default Nostr;

package/src/modules/NostrExtensionService.ts

@@ -0,0 +1,99 @@
+import { Nostr, NostrParams } from './';
+import { EventEmitter } from 'tseep';
+
+class NostrExtensionService extends EventEmitter {
+  private params: NostrParams;
+  private nostrExtension: any | undefined;
+
+  constructor(params: NostrParams) {
+    super();
+    this.params = params;
+  }
+
+  public startCheckingExtension(nostr: Nostr) {
+    if (this.checkExtension(nostr)) return;
+
+    // watch out for extension trying to overwrite us
+    const to = setInterval(() => {
+      if (this.checkExtension(nostr)) clearTimeout(to);
+    }, 100);
+  }
+
+  private checkExtension(nostr: Nostr) {
+    // @ts-ignore
+    if (!this.nostrExtension && window.nostr && window.nostr !== nostr) {
+      this.initExtension(nostr);
+      return true;
+    }
+    return false;
+  }
+
+  private async initExtension(nostr: Nostr, lastTry?: boolean) {
+    // @ts-ignore
+    this.nostrExtension = window.nostr;
+    // @ts-ignore
+    window.nostr = nostr;
+    // we're signed in with extesions? well execute that
+    if (this.params.userInfo?.authMethod === 'extension') {
+      await this.trySetExtensionForPubkey(this.params.userInfo.pubkey);
+    }
+
+    // schedule another check
+    if (!lastTry) {
+      setTimeout(() => {
+        // NOTE: we can't know if user has >1 extension and thus
+        // if the current one we detected is the actual 'last one'
+        // that will set the window.nostr. So the simplest
+        // solution is to wait a bit more, hoping that if one
+        // extension started then the rest are likely to start soon,
+        // and then just capture the most recent one
+
+        // @ts-ignore
+        if (window.nostr !== nostr && this.nostrExtension !== window.nostr) {
+          this.initExtension(nostr, true);
+        }
+      }, 300);
+    }
+
+    // in the worst case of app saving the nostrExtension reference
+    // it will be calling it directly, not a big deal
+  }
+
+  private async setExtensionReadPubkey(expectedPubkey?: string) {
+    window.nostr = this.nostrExtension;
+    // @ts-ignore
+    const pubkey = await window.nostr.getPublicKey();
+    if (expectedPubkey && expectedPubkey !== pubkey) {
+      this.emit('extensionLogout');
+    } else {
+      this.emit('extensionLogin', pubkey);
+    }
+  }
+
+  public async trySetExtensionForPubkey(expectedPubkey: string) {
+    if (this.nostrExtension) {
+      return this.setExtensionReadPubkey(expectedPubkey);
+    }
+  }
+
+  public async setExtension() {
+    return this.setExtensionReadPubkey();
+  }
+
+  public unsetExtension(nostr: Nostr) {
+    if (window.nostr === this.nostrExtension) {
+      // @ts-ignore
+      window.nostr = nostr;
+    }
+  }
+
+  public getExtension() {
+    return this.nostrExtension;
+  }
+
+  public hasExtension() {
+    return !!this.nostrExtension;
+  }
+}
+
+export default NostrExtensionService;

package/src/modules/NostrParams.ts

@@ -0,0 +1,18 @@
+import { Info } from 'nostr-login-components';
+import { NostrLoginOptions } from '../types';
+
+class NostrParams {
+  public userInfo: Info | null;
+  public optionsModal: NostrLoginOptions;
+  constructor() {
+    this.userInfo = null;
+
+    this.optionsModal = {
+      theme: 'default',
+      startScreen: 'welcome',
+      devOverrideBunkerOrigin: '',
+    };
+  }
+}
+
+export default NostrParams;

package/src/modules/Popup.ts

@@ -0,0 +1,27 @@
+class Popup {
+  private popup: Window | null = null;
+
+  constructor() {}
+
+  public openPopup(url: string) {
+    // user might have closed it already
+    if (!this.popup || this.popup.closed) {
+      // NOTE: do not set noreferrer, bunker might use referrer to
+      // simplify the naming of the connected app.
+      // NOTE: do not pass noopener, otherwise null is returned
+      this.popup = window.open(url, '_blank', 'width=400,height=700');
+      console.log('popup', this.popup);
+      if (!this.popup) throw new Error('Popup blocked. Try again, please!');
+    }
+  }
+
+  public closePopup() {
+    // make sure we release the popup
+    try {
+      this.popup?.close();
+      this.popup = null;
+    } catch {}
+  }
+}
+
+export default Popup;