@konemono/nostr-login 1.7.36 → 1.7.38

package/dist/utils/index.d.ts

@@ -1,4 +1,4 @@
-import { Info, RecentType } from 'nostr-login-components';
+import { Info, RecentType } from 'nostr-login-components/dist/types/types';
 import NDK, { NDKSigner } from '@nostr-dev-kit/ndk';
 import { NostrLoginOptions } from '../types';
 export declare const localStorageSetItem: (key: string, value: string) => void;

package/dist/utils/nip44.d.ts

@@ -2,7 +2,7 @@ export declare function encryptNip44(plaintext: string, conversationKey: Uint8Ar
 export declare function decryptNip44(payload: string, conversationKey: Uint8Array): string;
 export declare class Nip44 {
     private cache;
-    createKey(privkey: string, pubkey: string): Uint8Array;
+    createKey(privkey: string, pubkey: string): Uint8Array<ArrayBufferLike>;
     private getKey;
     encrypt(privkey: string, pubkey: string, text: string): string;
     decrypt(privkey: string, pubkey: string, data: string): string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@konemono/nostr-login",
-  "version": "1.7.36",
+  "version": "1.7.38",
   "description": "",
   "main": "./dist/index.esm.js",
   "types": "./dist/index.d.ts",
@@ -11,17 +11,17 @@
   },
   "author": "a-fralou",
   "dependencies": {
-    "@nostr-dev-kit/ndk": "^2.3.1",
+    "@nostr-dev-kit/ndk": "^2.18.1",
     "nostr-tools": "^1.17.0",
-    "tseep": "^1.2.1"
+    "tseep": "^1.3.1"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "^25.0.7",
-    "@rollup/plugin-node-resolve": "^15.2.3",
+    "@rollup/plugin-commonjs": "^25.0.8",
+    "@rollup/plugin-node-resolve": "^15.3.1",
     "@rollup/plugin-terser": "^0.4.4",
     "nostr-login-components": "^1.0.3",
-    "prettier": "^3.2.2",
-    "rollup": "^4.9.6",
+    "prettier": "^3.7.4",
+    "rollup": "^4.53.5",
     "rollup-plugin-typescript2": "^0.36.0"
   },
   "license": "MIT"

package/src/const/index.ts

@@ -1,2 +1 @@
-export const CALL_TIMEOUT = 10000;
-export const NIP46_TIMEOUT = 30000;
+export const CALL_TIMEOUT = 5000;

package/src/iife-module.ts

@@ -1,7 +1,9 @@
 import { init } from './index';
 import { NostrLoginOptions, StartScreens } from './types';
 
+// wrap to hide local vars
 (() => {
+  // currentScript only visible in global scope code, not event handlers
   const cs = document.currentScript;
   const start = async () => {
     const options: NostrLoginOptions = {};
@@ -69,13 +71,6 @@ import { NostrLoginOptions, StartScreens } from './types';
       const custom = cs.getAttribute('data-custom-nostr-connect') === 'true';
       if (custom) options.customNostrConnect = custom;
 
-      const connectRelays = cs.getAttribute('data-connect-relays');
-      if (connectRelays)
-        options.connectRelays = connectRelays
-          .split(',')
-          .map(r => r.trim())
-          .filter(r => !!r);
-
       console.log('nostr-login options', options);
     }
 

package/src/index.ts

@@ -2,7 +2,7 @@ import 'nostr-login-components';
 import { AuthNostrService, NostrExtensionService, Popup, NostrParams, Nostr, ProcessManager, BannerManager, ModalManager } from './modules';
 import { NostrLoginAuthOptions, NostrLoginOptions, StartScreens } from './types';
 import { localStorageGetAccounts, localStorageGetCurrent, localStorageGetRecents, localStorageSetItem } from './utils';
-import { Info } from 'nostr-login-components';
+import { Info } from 'nostr-login-components/dist/types/types';
 import { NostrObjectParams } from './modules/Nostr';
 
 export class NostrLoginInitializer {
@@ -93,11 +93,6 @@ export class NostrLoginInitializer {
       this.bannerManager.onUserInfo(info);
     });
 
-    this.authNostrService.on('reconnecting', () => {
-      // リレー再接続中はProcessManagerのタイマーをリセット
-      this.processManager.onIframeUrl();
-    });
-
     this.modalManager.on('onAuthUrlClick', url => {
       this.openPopup(url);
     });
@@ -327,7 +322,7 @@ export class NostrLoginInitializer {
   };
 
   public cancelNeedAuth = () => {
-    console.log('cancelNeedAuth');
+    console.log("cancelNeedAuth");
     this.fulfillCustomLaunchPromise();
     this.authNostrService.cancelNostrConnect();
   };

package/src/modules/AuthNostrService.ts

@@ -2,16 +2,17 @@ import { localStorageAddAccount, bunkerUrlToInfo, isBunkerUrl, fetchProfile, get
 import { ConnectionString, Info } from 'nostr-login-components/dist/types/types';
 import { generatePrivateKey, getEventHash, getPublicKey, nip19 } from 'nostr-tools';
 import { NostrLoginAuthOptions, Response } from '../types';
-import NDK, { NDKEvent, NDKNip46Signer, NDKRpcResponse, NDKUser, NostrEvent } from '@nostr-dev-kit/ndk';
+import NDK, { NDKEvent, NDKNip46Signer, NDKPrivateKeySigner, NDKRpcResponse, NDKUser, NostrEvent } from '@nostr-dev-kit/ndk';
 import { NostrParams } from './';
 import { EventEmitter } from 'tseep';
 import { Signer } from './Nostr';
 import { Nip44 } from '../utils/nip44';
 import { IframeNostrRpc, Nip46Signer, ReadyListener } from './Nip46';
-import { PrivateKeySigner } from './Signer';
+//import { PrivateKeySigner } from './Signer';
 
 const OUTBOX_RELAYS = ['wss://user.kindpag.es', 'wss://purplepag.es', 'wss://relay.nos.social'];
 const DEFAULT_NOSTRCONNECT_RELAYS = ['wss://relay.nsec.app/', 'wss://ephemeral.snowflare.cc/'];
+const CONNECT_TIMEOUT = 5000;
 const NOSTRCONNECT_APPS: ConnectionString[] = [
   {
     name: 'Nsec.app',
@@ -19,19 +20,19 @@ const NOSTRCONNECT_APPS: ConnectionString[] = [
     canImport: true,
     img: 'https://nsec.app/assets/favicon.ico',
     link: 'https://use.nsec.app/<nostrconnect>',
-    relay: 'wss://relay.nsec.app/',
+    relays: DEFAULT_NOSTRCONNECT_RELAYS,
   },
   {
     name: 'Amber',
     img: 'https://raw.githubusercontent.com/greenart7c3/Amber/refs/heads/master/assets/android-icon.svg',
     link: '<nostrconnect>',
-    relay: 'wss://relay.nsec.app/',
+    relays: DEFAULT_NOSTRCONNECT_RELAYS,
   },
   {
     name: 'Other key stores',
     img: '',
     link: '<nostrconnect>',
-    relay: 'wss://relay.nsec.app/',
+    relays: DEFAULT_NOSTRCONNECT_RELAYS,
   },
 ];
 
@@ -39,7 +40,7 @@ class AuthNostrService extends EventEmitter implements Signer {
   private ndk: NDK;
   private profileNdk: NDK;
   private signer: Nip46Signer | null = null;
-  private localSigner: PrivateKeySigner | null = null;
+  private localSigner: NDKPrivateKeySigner | null = null;
   private params: NostrParams;
   private signerPromise?: Promise<void>;
   private signerErrCallback?: (err: string) => void;
@@ -71,7 +72,7 @@ class AuthNostrService extends EventEmitter implements Signer {
       enableOutboxModel: true,
       explicitRelayUrls: OUTBOX_RELAYS,
     });
-    this.profileNdk.connect();
+    this.profileNdk.connect(CONNECT_TIMEOUT);
 
     this.nip04 = {
       encrypt: this.encrypt04.bind(this),
@@ -106,15 +107,8 @@ class AuthNostrService extends EventEmitter implements Signer {
     this.resetAuth();
   }
 
-  private getDefaultRelays(customRelays?: string[]): string[] {
-    if (customRelays && customRelays.length > 0) {
-      return customRelays;
-    }
-    return [...DEFAULT_NOSTRCONNECT_RELAYS];
-  }
-
   public async nostrConnect(
-    relay?: string | string[],
+    relays?: string[],
     {
       domain = '',
       link = '',
@@ -127,12 +121,12 @@ class AuthNostrService extends EventEmitter implements Signer {
       iframeUrl?: string;
     } = {},
   ) {
-    const relays = Array.isArray(relay) ? relay : relay ? [relay] : this.getDefaultRelays();
+    relays = relays && relays.length > 0 ? relays : DEFAULT_NOSTRCONNECT_RELAYS;
 
     const info: Info = {
       authMethod: 'connect',
-      pubkey: '',
-      signerPubkey: '',
+      pubkey: '', // unknown yet!
+      signerPubkey: '', // unknown too!
       sk: this.nostrConnectKey,
       domain: domain,
       relays: relays,
@@ -141,20 +135,31 @@ class AuthNostrService extends EventEmitter implements Signer {
 
     console.log('nostrconnect info', info, link);
 
+    // non-iframe flow
     if (link && !iframeUrl) window.open(link, '_blank', 'width=400,height=700');
 
+    // init nip46 signer
     await this.initSigner(info, { listen: true });
 
+    // signer learns the remote pubkey
     if (!info.pubkey || !info.signerPubkey) throw new Error('Bad remote pubkey');
 
-    info.bunkerUrl = `bunker://${info.signerPubkey}?${relays.map(r => `relay=${r}`).join('&')}`;
+    info.bunkerUrl = `bunker://${info.signerPubkey}?${relays.map((r, i) => `${i !== 0 ? '&' : ''}relay=${r}`)}`;
 
+    // callback
     if (!importConnect) this.onAuth('login', info);
 
     return info;
   }
 
-  public async createNostrConnect(relay?: string | string[]) {
+  public async createNostrConnect(relays?: string[]) {
+    /*const relayList = relays
+      ? relays
+        .split(",")
+        .map(r => r.trim().replace(/['"]/g, ""))
+        .filter(r => r.length > 0)
+      : [];*/
+
     this.nostrConnectKey = generatePrivateKey();
     this.nostrConnectSecret = Math.random().toString(36).substring(7);
 
@@ -166,37 +171,52 @@ class AuthNostrService extends EventEmitter implements Signer {
       perms: encodeURIComponent(this.params.optionsModal.perms || ''),
     };
 
-    const relays = Array.isArray(relay) ? relay : relay ? [relay] : this.getDefaultRelays();
-
-    const relayParams = relays.map(r => `relay=${r}`).join('&');
-    return `nostrconnect://${pubkey}?image=${meta.icon}&url=${meta.url}&name=${meta.name}&perms=${meta.perms}&secret=${this.nostrConnectSecret}&${relayParams}`;
+    return `nostrconnect://${pubkey}?image=${meta.icon}&url=${meta.url}&name=${meta.name}&perms=${meta.perms}&secret=${this.nostrConnectSecret}${(relays || []).length > 0 ? (relays || []).map((r, i) => `&relay=${r}`) : ''}`;
   }
 
   public async getNostrConnectServices(): Promise<[string, ConnectionString[]]> {
-    const customRelays = this.params.optionsModal.connectRelays;
-    const nostrconnect = await this.createNostrConnect(customRelays);
+    const nostrconnect = await this.createNostrConnect();
 
+    // copy defaults
     const apps = NOSTRCONNECT_APPS.map(a => ({ ...a }));
+    // if (this.params.optionsModal.dev) {
+    //   apps.push({
+    //     name: 'Dev.Nsec.app',
+    //     domain: 'new.nsec.app',
+    //     canImport: true,
+    //     img: 'https://new.nsec.app/assets/favicon.ico',
+    //     link: 'https://dev.nsec.app/<nostrconnect>',
+    //     relay: 'wss://relay.nsec.app/',
+    //   });
+    // }
 
     for (const a of apps) {
-      let relays = customRelays && customRelays.length > 0 ? customRelays : this.getDefaultRelays();
+      let relays: string[] = [...DEFAULT_NOSTRCONNECT_RELAYS];
 
       if (a.link.startsWith('https://')) {
-        let domain = a.domain || new URL(a.link).hostname;
+        const domain = a.domain || new URL(a.link).hostname;
         try {
           const info = await (await fetch(`https://${domain}/.well-known/nostr.json`)).json();
           const pubkey = info.names['_'];
-          const serviceRelays = info.nip46[pubkey] as string[];
-          if (serviceRelays && serviceRelays.length) {
-            relays = serviceRelays;
+          const appRelays = info.nip46?.[pubkey] as string[] | undefined;
+
+          if (Array.isArray(appRelays) && appRelays.length > 0) {
+            relays = appRelays;
           }
-          a.iframeUrl = info.nip46.iframe_url || '';
+
+          a.iframeUrl = info.nip46?.iframe_url || '';
         } catch (e) {
           console.log('Bad app info', e, a);
         }
       }
 
-      const nc = nostrconnect + '&' + relays.map(r => `relay=${r}`).join('&');
+      const relayParams = relays
+        .map(r => r.replace(/['"]/g, ''))
+        .map(r => `&relay=${encodeURIComponent(r)}`)
+        .join('');
+
+      const nc = nostrconnect + relayParams;
+
       if (a.iframeUrl) {
         a.link = nc;
       } else {
@@ -223,7 +243,7 @@ class AuthNostrService extends EventEmitter implements Signer {
 
   public async setLocal(info: Info, signup?: boolean) {
     this.releaseSigner();
-    this.localSigner = new PrivateKeySigner(info.sk!);
+    this.localSigner = new NDKPrivateKeySigner(info.sk!);
 
     if (signup) await createProfile(info, this.profileNdk, this.localSigner, this.params.optionsModal.signupRelays, this.params.optionsModal.outboxRelays);
 
@@ -231,23 +251,27 @@ class AuthNostrService extends EventEmitter implements Signer {
   }
 
   public prepareImportUrl(url: string) {
+    // for OTP we choose interactive import
     if (this.params.userInfo?.authMethod === 'otp') return url + '&import=true';
 
+    // for local we export our existing key
     if (!this.localSigner || this.params.userInfo?.authMethod !== 'local') throw new Error('Most be local keys');
     return url + '#import=' + nip19.nsecEncode(this.localSigner.privateKey!);
   }
 
   public async importAndConnect(cs: ConnectionString) {
-    const { relay, domain, link, iframeUrl } = cs;
+    const { relays, domain, link, iframeUrl } = cs;
     if (!domain) throw new Error('Domain required');
 
-    const relays = relay ? [relay] : this.getDefaultRelays();
-    const info = await this.nostrConnect(relays, { domain, link, importConnect: true, iframeUrl });
+    const info = await this.nostrConnect(relays, {
+      domain,
+      link,
+      importConnect: true,
+      iframeUrl,
+    });
 
     await this.logout(true);
-
     this.localSigner = null;
-
     this.onAuth('login', info);
   }
 
@@ -277,20 +301,23 @@ class AuthNostrService extends EventEmitter implements Signer {
   public async createAccount(nip05: string) {
     const [name, domain] = nip05.split('@');
 
+    // bunker's own url
     const bunkerUrl = await getBunkerUrl(`_@${domain}`, this.params.optionsModal);
     console.log("create account bunker's url", bunkerUrl);
 
+    // parse bunker url and generate local nsec
     const info = bunkerUrlToInfo(bunkerUrl);
     if (!info.signerPubkey) throw new Error('Bad bunker url');
 
     const eventToAddAccount = Boolean(this.params.userInfo);
 
+    // init signer to talk to the bunker (not the user!)
     await this.initSigner(info, { eventToAddAccount });
 
     const userPubkey = await this.signer!.createAccount2({ bunkerPubkey: info.signerPubkey!, name, domain, perms: this.params.optionsModal.perms });
 
     return {
-      bunkerUrl: `bunker://${userPubkey}?relay=${info.relays?.[0]}`,
+      bunkerUrl: `bunker://${userPubkey}?` + (info.relays ?? []).map((r: string) => `relay=${encodeURIComponent(r)}`).join('&'),
       sk: info.sk,
     };
   }
@@ -300,6 +327,7 @@ class AuthNostrService extends EventEmitter implements Signer {
     this.signerErrCallback?.('cancelled');
     this.localSigner = null;
 
+    // disconnect from signer relays
     for (const r of this.ndk.pool.relays.keys()) {
       this.ndk.pool.removeRelay(r);
     }
@@ -308,8 +336,10 @@ class AuthNostrService extends EventEmitter implements Signer {
   public async logout(keepSigner = false) {
     if (!keepSigner) this.releaseSigner();
 
+    // move current to recent
     localStorageRemoveCurrentAccount();
 
+    // notify everyone
     this.onAuth('logout');
 
     this.emit('updateAccounts');
@@ -334,6 +364,7 @@ class AuthNostrService extends EventEmitter implements Signer {
   private onAuth(type: 'login' | 'signup' | 'logout', info: Info | null = null) {
     if (type !== 'logout' && !info) throw new Error('No user info in onAuth');
 
+    // make sure we emulate logout first
     if (info && this.params.userInfo && (info.pubkey !== this.params.userInfo.pubkey || info.authMethod !== this.params.userInfo.authMethod)) {
       const event = new CustomEvent('nlAuth', { detail: { type: 'logout' } });
       console.log('nostr-login auth', event.detail);
@@ -343,6 +374,7 @@ class AuthNostrService extends EventEmitter implements Signer {
     this.setUserInfo(info);
 
     if (info) {
+      // async profile fetch
       fetchProfile(info, this.profileNdk).then(p => {
         if (this.params.userInfo !== info) return;
 
@@ -350,6 +382,10 @@ class AuthNostrService extends EventEmitter implements Signer {
           ...this.params.userInfo,
           picture: p?.image || p?.picture,
           name: p?.name || p?.displayName || p?.nip05 || nip19.npubEncode(info.pubkey),
+          // NOTE: do not overwrite info.nip05 with the one from profile!
+          // info.nip05 refers to nip46 provider,
+          // profile.nip05 is just a fancy name that user has chosen
+          // nip05: p?.nip05
         };
 
         this.setUserInfo(userInfo);
@@ -364,6 +400,7 @@ class AuthNostrService extends EventEmitter implements Signer {
       };
 
       if (type === 'logout') {
+        // reset
         if (this.iframe) this.iframe.remove();
         this.iframe = undefined;
       } else {
@@ -400,10 +437,12 @@ class AuthNostrService extends EventEmitter implements Signer {
   private async createIframe(iframeUrl?: string) {
     if (!iframeUrl) return undefined;
 
+    // ensure iframe
     const url = new URL(iframeUrl);
     const domain = url.hostname;
     let iframe: HTMLIFrameElement | undefined;
 
+    // one iframe per domain
     const did = domain.replaceAll('.', '-');
     const id = '__nostr-login-worker-iframe-' + did;
     iframe = document.querySelector(`#${id}`) as HTMLIFrameElement;
@@ -414,25 +453,46 @@ class AuthNostrService extends EventEmitter implements Signer {
       iframe.setAttribute('height', '0');
       iframe.setAttribute('border', '0');
       iframe.style.display = 'none';
+      // iframe.setAttribute('sandbox', 'allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts');
       iframe.id = id;
       document.body.append(iframe);
     }
 
+    // wait until loaded
     iframe.setAttribute('src', iframeUrl);
 
+    // we start listening right now to avoid races
+    // with 'load' event below
     const ready = new ReadyListener(['workerReady', 'workerError'], url.origin);
 
     await new Promise(ok => {
       iframe!.addEventListener('load', ok);
     });
 
+    // now make sure the iframe is ready,
+    // timeout timer starts here
     const r = await ready.wait();
 
+    // FIXME wait until the iframe is ready to accept requests,
+    // maybe it should send us some message?
+
     console.log('nostr-login iframe ready', iframeUrl, r);
 
     return { iframe, port: r[1] as MessagePort };
   }
 
+  // private async getIframeUrl(domain?: string) {
+  //   if (!domain) return '';
+  //   try {
+  //     const r = await fetch(`https://${domain}/.well-known/nostr.json`);
+  //     const data = await r.json();
+  //     return data.nip46?.iframe_url || '';
+  //   } catch (e) {
+  //     console.log('failed to fetch iframe url', e, domain);
+  //     return '';
+  //   }
+  // }
+
   public async sendNeedAuth() {
     const [nostrconnect] = await this.getNostrConnectServices();
     const event = new CustomEvent('nlNeedAuth', { detail: { nostrconnect } });
@@ -448,16 +508,19 @@ class AuthNostrService extends EventEmitter implements Signer {
     console.log('startAuth');
     if (this.readyCallback) throw new Error('Already started');
 
+    // start the new promise
     this.readyPromise = new Promise<void>(ok => (this.readyCallback = ok));
   }
 
   public async endAuth() {
     console.log('endAuth', this.params.userInfo);
     if (this.params.userInfo && this.params.userInfo.iframeUrl) {
+      // create iframe
       const { iframe, port } = (await this.createIframe(this.params.userInfo.iframeUrl)) || {};
       this.iframe = iframe;
       if (!this.iframe || !port) return;
 
+      // assign iframe to RPC object
       (this.signer!.rpc as IframeNostrRpc).setWorkerIframePort(port);
     }
 
@@ -482,58 +545,85 @@ class AuthNostrService extends EventEmitter implements Signer {
   }
 
   public async initSigner(info: Info, { listen = false, connect = false, eventToAddAccount = false } = {}) {
+    // mutex
     if (this.signerPromise) {
       try {
         await this.signerPromise;
       } catch {}
     }
 
+    // we remove support for iframe from nip05 and bunker-url methods,
+    // only nostrconnect flow will use it.
+    // info.iframeUrl = info.iframeUrl || (await this.getIframeUrl(info.domain));
     console.log('initSigner info', info);
 
+    // start listening for the ready signal
     const iframeOrigin = info.iframeUrl ? new URL(info.iframeUrl!).origin : undefined;
     if (iframeOrigin) this.starterReady = new ReadyListener(['starterDone', 'starterError'], iframeOrigin);
 
+    // notify modals so they could show the starter iframe,
+    // FIXME shouldn't this come from nostrconnect service list?
     this.emit('onIframeUrl', info.iframeUrl);
 
     this.signerPromise = new Promise<void>(async (ok, err) => {
       this.signerErrCallback = err;
       try {
+        // pre-connect if we're creating the connection (listen|connect) or
+        // not iframe mode
         if (info.relays && !info.iframeUrl) {
           for (const r of info.relays) {
             this.ndk.addExplicitRelay(r, undefined);
           }
         }
 
-        await this.ndk.connect();
+        // wait until we connect, otherwise
+        // signer won't start properly
+        await this.ndk.connect(CONNECT_TIMEOUT);
 
-        const localSigner = new PrivateKeySigner(info.sk!);
+        // create and prepare the signer
+        const localSigner = new NDKPrivateKeySigner(info.sk!);
         this.signer = new Nip46Signer(this.ndk, localSigner, info.signerPubkey!, iframeOrigin);
 
+        // we should notify the banner the same way as
+        // the onAuthUrl does
         this.signer.on(`iframeRestart`, async () => {
           const iframeUrl = info.iframeUrl + (info.iframeUrl!.includes('?') ? '&' : '?') + 'pubkey=' + info.pubkey + '&rebind=' + localSigner.pubkey;
           this.emit('iframeRestart', { pubkey: info.pubkey, iframeUrl });
         });
 
+        // OAuth flow
+        // if (!listen) {
         this.signer.on('authUrl', (url: string) => {
           console.log('nostr login auth url', url);
 
+          // notify our UI
           this.emit('onAuthUrl', { url, iframeUrl: info.iframeUrl, eventToAddAccount });
         });
+        // }
 
         if (listen) {
+          // nostrconnect: flow
+          // wait for the incoming message from signer
           await this.listen(info);
         } else if (connect) {
+          // bunker: flow
+          // send 'connect' message to signer
           await this.connect(info, this.params.optionsModal.perms);
         } else {
+          // provide saved pubkey as a hint
           await this.signer!.initUserPubkey(info.pubkey);
         }
 
-        info.pubkey = this.signer!.userPubkey;
+        // ensure, we're using it in callbacks above
+        // and expect info to be valid after this call
+        info.pubkey = this.signer!.userPubkey!;
+        // learned after nostrconnect flow
         info.signerPubkey = this.signer!.remotePubkey;
 
         ok();
       } catch (e) {
         console.log('initSigner failure', e);
+        // make sure signer isn't set
         this.signer = null;
         err(e);
       }
@@ -556,35 +646,50 @@ class AuthNostrService extends EventEmitter implements Signer {
       if (domain) info.domain = domain;
       if (iframeUrl) info.iframeUrl = iframeUrl;
 
-      if (!info.signerPubkey || !info.sk || !info.relays?.[0]) {
+      // console.log('nostr login auth info', info);
+      if (!info.signerPubkey || !info.sk || !info.relays || info.relays.length === 0) {
         throw new Error(`Bad bunker url ${bunkerUrl}`);
       }
 
       const eventToAddAccount = Boolean(this.params.userInfo);
       console.log('authNip46', type, info);
 
+      // updates the info
       await this.initSigner(info, { connect: true, eventToAddAccount });
 
+      // callback
       this.onAuth(type, info);
     } catch (e) {
       console.log('nostr login auth failed', e);
+      // make ure it's closed
+      // this.popupManager.closePopup();
       throw e;
     }
   }
 
-  public async signEvent(ev: any) {
-    const event = { ...ev };
-    if (this.localSigner) {
-      event.pubkey = getPublicKey(this.localSigner.privateKey!);
-      event.id = getEventHash(event);
-      event.sig = await this.localSigner.sign(event);
-    } else {
-      event.pubkey = this.signer?.remotePubkey;
-      event.id = getEventHash(event);
-      event.sig = await this.signer?.sign(event);
-    }
-    console.log('signed', { event });
-    return event;
+  public async signEvent(event: any) {
+    const timeoutMs = 20000;
+
+    const signPromise = (async () => {
+      if (this.localSigner) {
+        event.pubkey = getPublicKey(this.localSigner.privateKey!);
+        event.id = getEventHash(event);
+        event.sig = await this.localSigner.sign(event);
+      } else {
+        event.pubkey = this.signer?.remotePubkey;
+        event.id = getEventHash(event);
+        event.sig = await this.signer?.sign(event);
+      }
+      return event;
+    })();
+
+    const timeoutPromise = new Promise((_, reject) => {
+      setTimeout(() => reject(new Error('Sign timeout')), timeoutMs);
+    });
+
+    const result = await Promise.race([signPromise, timeoutPromise]);
+    console.log('signed', { event: result });
+    return result;
   }
 
   private async codec_call(method: string, pubkey: string, param: string) {
@@ -611,6 +716,10 @@ class AuthNostrService extends EventEmitter implements Signer {
     if (this.localSigner) {
       return this.localSigner.decrypt(new NDKUser({ pubkey }), ciphertext);
     } else {
+      // decrypt is broken in ndk v2.3.1, and latest
+      // ndk v2.8.1 doesn't allow to override connect easily,
+      // so we reimplement and fix decrypt here as a temporary fix
+
       return this.codec_call('nip04_decrypt', pubkey, ciphertext);
     }
   }
@@ -619,6 +728,7 @@ class AuthNostrService extends EventEmitter implements Signer {
     if (this.localSigner) {
       return this.nip44Codec.encrypt(this.localSigner.privateKey!, pubkey, plaintext);
     } else {
+      // no support of nip44 in ndk yet
       return this.codec_call('nip44_encrypt', pubkey, plaintext);
     }
   }
@@ -627,6 +737,7 @@ class AuthNostrService extends EventEmitter implements Signer {
     if (this.localSigner) {
       return this.nip44Codec.decrypt(this.localSigner.privateKey!, pubkey, ciphertext);
     } else {
+      // no support of nip44 in ndk yet
       return this.codec_call('nip44_decrypt', pubkey, ciphertext);
     }
   }