@konemono/nostr-login 1.9.14 → 1.10.0

package/src/modules/Nip46.ts

@@ -1,257 +1,425 @@
-import { EventEmitter } from 'tseep';
-import { validateEvent, verifySignature, nip04, getEventHash, getSignature } from 'nostr-tools';
-import { SimplePool } from 'nostr-tools';
+import NDK, { NDKEvent, NDKFilter, NDKNip46Signer, NDKNostrRpc, NDKRpcRequest, NDKRpcResponse, NDKSubscription, NDKSubscriptionCacheUsage, NostrEvent } from '@nostr-dev-kit/ndk';
+import { validateEvent, verifySignature } from 'nostr-tools';
 import { PrivateKeySigner } from './Signer';
+import { NIP46_REQUEST_TIMEOUT, NIP46_CONNECT_TIMEOUT } from '../const';
 
-// Lightweight Nostr RPC for NIP-46 that does not rely on NDK
-
-export type RpcRequest = { id: string; pubkey: string; method: string; params: any[]; event?: any };
-export type RpcResponse = { id: string; result?: any; error?: any; event?: any };
-
-export class NostrRpc extends EventEmitter {
-  protected localSigner: PrivateKeySigner;
-  protected localPubkey: string;
-  protected localPrivateKey: string;
-  protected remotePubkey: string = '';
-  protected pool: SimplePool;
-  protected relays: string[] = [];
-  protected subscription: any;
-  protected isSubscribed: boolean = false;
-  protected useNip44: boolean = false;
+// タイムアウト付きPromiseラッパー
+function withTimeout<T>(promise: Promise<T>, timeoutMs: number, errorMessage: string): Promise<T> {
+  return Promise.race([promise, new Promise<T>((_, reject) => setTimeout(() => reject(new Error(errorMessage)), timeoutMs))]);
+}
 
+class NostrRpc extends NDKNostrRpc {
+  protected _ndk: NDK;
+  protected _signer: PrivateKeySigner;
   protected requests: Set<string> = new Set();
+  private sub?: NDKSubscription;
+  protected _useNip44: boolean = false;
+  private reconnectAttempts: number = 0;
+  private maxReconnectAttempts: number = 3;
+  private reconnectDelay: number = 2000;
+
+  public constructor(ndk: NDK, signer: PrivateKeySigner) {
+    super(ndk, signer, ndk.debug.extend('nip46:signer:rpc'));
+    this._ndk = ndk;
+    this._signer = signer;
+    this.setupConnectionMonitoring();
+  }
 
-  constructor(localSigner: PrivateKeySigner, relays: string[] = []) {
-    super();
-    this.localSigner = localSigner;
-    this.localPubkey = localSigner.pubkey;
-    this.localPrivateKey = (localSigner as any).privateKey;
-    this.pool = new SimplePool();
-    this.relays = relays && relays.length ? relays : [];
+  public async subscribe(filter: NDKFilter): Promise<NDKSubscription> {
+    // NOTE: fixing ndk
+    filter.kinds = filter.kinds?.filter(k => k === 24133);
+    this.sub = await super.subscribe(filter);
+    return this.sub;
+  }
+
+  public stop() {
+    if (this.sub) {
+      this.sub.stop();
+      this.sub = undefined;
+    }
   }
 
-  public setUseNip44(use: boolean) {
-    this.useNip44 = use;
+  public setUseNip44(useNip44: boolean) {
+    this._useNip44 = useNip44;
   }
 
-  protected isNip04(ciphertext: string) {
+  private isNip04(ciphertext: string) {
     const l = ciphertext.length;
     if (l < 28) return false;
     return ciphertext[l - 28] === '?' && ciphertext[l - 27] === 'i' && ciphertext[l - 26] === 'v' && ciphertext[l - 25] === '=';
   }
 
-  protected async decryptEventContent(event: any) {
-    const decrypt = this.isNip04(event.content)
-      ? this.localSigner.decrypt.bind(this.localSigner)
-      : this.localSigner.decryptNip44?.bind(this.localSigner) ?? this.localSigner.decrypt.bind(this.localSigner);
-    try {
-      const decrypted = await decrypt(event.pubkey || event.pubkey, event.content);
-      return JSON.parse(decrypted);
-    } catch (e) {
-      throw e;
+  // override to auto-decrypt nip04/nip44
+  public async parseEvent(event: NDKEvent): Promise<NDKRpcRequest | NDKRpcResponse> {
+    const remoteUser = this._ndk.getUser({ pubkey: event.pubkey });
+    remoteUser.ndk = this._ndk;
+    const decrypt = this.isNip04(event.content) ? this._signer.decrypt : this._signer.decryptNip44;
+    const decryptedContent = await decrypt.call(this._signer, remoteUser, event.content);
+    const parsedContent = JSON.parse(decryptedContent);
+    const { id, method, params, result, error } = parsedContent;
+
+    if (method) {
+      return { id, pubkey: event.pubkey, method, params, event };
+    } else {
+      return { id, result, error, event };
     }
   }
 
-  protected async parseEvent(event: any): Promise<RpcRequest | RpcResponse> {
-    const parsed = await this.decryptEventContent(event);
-    const { id, method, params, result, error } = parsed;
-    if (method) {
-      return { id, pubkey: event.pubkey, method, params, event } as RpcRequest;
+  public async parseNostrConnectReply(reply: any, secret: string) {
+    const event = new NDKEvent(this._ndk, reply);
+    const parsedEvent = await this.parseEvent(event);
+    console.log('nostr connect parsedEvent', parsedEvent);
+    if (!(parsedEvent as NDKRpcRequest).method) {
+      const response = parsedEvent as NDKRpcResponse;
+      if (response.result !== secret) throw new Error(response.error);
+      return event.pubkey;
     } else {
-      return { id, result, error, event } as RpcResponse;
+      throw new Error('Bad nostr connect reply');
     }
   }
 
-  public subscribe(relays: string[], filter: any) {
-    if (this.isSubscribed) return;
-    this.relays = relays && relays.length ? relays : this.relays;
-    const since = Math.floor(Date.now() / 1000) - 60;
-    const filters = [{ ...filter, since }];
-    this.subscription = this.pool.sub(this.relays, filters);
-    this.subscription.on('event', async (ev: any) => {
-      try {
-        const parsed = await this.parseEvent(ev);
-        if (!(parsed as RpcRequest).method) {
-          this.emit(`response-${(parsed as RpcResponse).id}`, parsed as RpcResponse);
-        } else {
-          this.emit('request', parsed as RpcRequest);
-        }
-      } catch (e) {
-        // ignore parse errors
-      }
+  // ndk doesn't support nostrconnect:
+  // we just listed to an unsolicited reply to
+  // our pubkey and if it's ack/secret - we're fine
+  public async listen(nostrConnectSecret: string): Promise<string> {
+    const pubkey = this._signer.pubkey;
+    console.log('nostr-login listening for conn to', pubkey);
+    const sub = await this.subscribe({
+      'kinds': [24133],
+      '#p': [pubkey],
     });
-    this.subscription.on('eose', () => {
-      /* noop */
+    return new Promise<string>((ok, err) => {
+      sub.on('event', async (event: NDKEvent) => {
+        try {
+          const parsedEvent = await this.parseEvent(event);
+          // console.log('ack parsedEvent', parsedEvent);
+          if (!(parsedEvent as NDKRpcRequest).method) {
+            const response = parsedEvent as NDKRpcResponse;
+
+            // ignore
+            if (response.result === 'auth_url') return;
+
+            // FIXME for now accept 'ack' replies, later on only
+            // accept secrets
+            if (response.result === 'ack' || response.result === nostrConnectSecret) {
+              ok(event.pubkey);
+            } else {
+              err(response.error);
+            }
+          }
+        } catch (e) {
+          console.log('error parsing event', e, event.rawEvent());
+        }
+        // done
+        this.stop();
+      });
     });
-    this.isSubscribed = true;
   }
 
-  public stop() {
-    if (this.subscription && this.subscription.unsub) {
-      try {
-        this.subscription.unsub();
-      } catch (e) {}
-    }
-    this.isSubscribed = false;
+  // since ndk doesn't yet support perms param
+  // we reimplement the 'connect' call here
+  // instead of await signer.blockUntilReady();
+  public async connect(pubkey: string, token?: string, perms?: string) {
+    return new Promise<void>((ok, err) => {
+      const connectParams = [pubkey!, token || '', perms || ''];
+      this.sendRequest(pubkey!, 'connect', connectParams, 24133, (response: NDKRpcResponse) => {
+        if (response.result === 'ack') {
+          ok();
+        } else {
+          err(response.error);
+        }
+      });
+    });
   }
 
-  protected getId() {
-    return Math.random().toString(36).substring(7);
+  // タイムアウト対応のconnect
+  public async connectWithTimeout(pubkey: string, token?: string, perms?: string, timeoutMs: number = NIP46_CONNECT_TIMEOUT): Promise<void> {
+    return withTimeout(this.connect(pubkey, token, perms), timeoutMs, `Connection timeout after ${timeoutMs}ms`);
   }
 
-  protected setResponseHandler(id: string, cb?: (res: RpcResponse) => void) {
-    let authUrlSent = false;
-    const now = Date.now();
+  // タイムアウト対応のsendRequest
+  public async sendRequestWithTimeout(
+    remotePubkey: string,
+    method: string,
+    params: string[] = [],
+    kind = 24133,
+    timeoutMs: number = NIP46_REQUEST_TIMEOUT,
+  ): Promise<NDKRpcResponse> {
+    return withTimeout(
+      new Promise<NDKRpcResponse>((resolve, reject) => {
+        this.sendRequest(remotePubkey, method, params, kind, response => {
+          if (response.error) {
+            reject(new Error(response.error));
+          } else {
+            resolve(response);
+          }
+        });
+      }),
+      timeoutMs,
+      `Request timeout after ${timeoutMs}ms for method: ${method}`,
+    );
+  }
 
-    const responseHandler = (response: RpcResponse) => {
-      if (response.result === 'auth_url') {
-        // reattach for auth_url so we can get final response later
-        this.once(`response-${id}`, responseHandler);
-        if (!authUrlSent) {
-          authUrlSent = true;
-          this.emit('authUrl', response.error);
-        }
-      } else if (cb) {
-        if (this.requests.has(id)) {
-          this.requests.delete(id);
-          cb(response);
+  // 接続監視のセットアップ
+  private setupConnectionMonitoring() {
+    // アプリがフォアグラウンドに戻ったときの処理
+    if (typeof document !== 'undefined') {
+      document.addEventListener('visibilitychange', async () => {
+        if (document.visibilityState === 'visible') {
+          console.log('App visible, checking relay connections...');
+          await this.ensureConnected();
         }
-      }
-    };
+      });
+    }
 
-    this.once(`response-${id}`, responseHandler);
+    // オンライン/オフライン検知
+    if (typeof window !== 'undefined') {
+      window.addEventListener('online', async () => {
+        console.log('Network online, reconnecting relays...');
+        await this.reconnect();
+      });
+    }
   }
 
-  protected async createRequestEvent(id: string, remotePubkey: string, method: string, params: any[] = [], kind = 24133) {
-    this.requests.add(id);
-    const request = { id, method, params };
-    // encrypt
-    const content =
-      this.useNip44 && method !== 'create_account' && this.localSigner.encryptNip44
-        ? await this.localSigner.encryptNip44(remotePubkey, JSON.stringify(request))
-        : await this.localSigner.encrypt(remotePubkey, JSON.stringify(request));
+  // 接続を確認して必要なら再接続
+  private async ensureConnected(): Promise<void> {
+    const connectedRelays = Array.from(this._ndk.pool.relays.values()).filter(r => r.status === 1); // 1 = CONNECTED
 
-    const event: any = {
-      kind,
-      content,
-      tags: [['p', remotePubkey]],
-      pubkey: this.localPubkey,
-      created_at: Math.floor(Date.now() / 1000),
-    };
+    if (connectedRelays.length === 0) {
+      console.log('No connected relays, attempting reconnection...');
+      await this.reconnect();
+    }
+  }
 
-    // sign using signer
-    await this.localSigner.sign(event as any);
+  // 再接続処理
+  protected async reconnect(): Promise<void> {
+    if (this.reconnectAttempts >= this.maxReconnectAttempts) {
+      console.error('Max reconnection attempts reached');
+      this.emit('reconnectFailed');
+      return;
+    }
 
-    return event;
-  }
+    this.reconnectAttempts++;
+    console.log(`Reconnection attempt ${this.reconnectAttempts}/${this.maxReconnectAttempts}`);
 
-  protected async publishRequest(event: any) {
     try {
-      await Promise.any(this.pool.publish(this.relays, event));
+      // サブスクリプションを停止
+      if (this.sub) {
+        this.sub.stop();
+      }
+
+      // 少し待ってから再接続
+      await new Promise(resolve => setTimeout(resolve, this.reconnectDelay));
+
+      // 再接続
+      await this._ndk.connect();
+
+      // サブスクリプションを再開
+      if (this.sub) {
+        await this.sub.start();
+      }
+
+      this.reconnectAttempts = 0;
+      this.emit('reconnected');
+      console.log('Successfully reconnected to relays');
     } catch (e) {
-      // swallow publish errors
+      console.error('Reconnection failed:', e);
+
+      // リトライ
+      setTimeout(() => this.reconnect(), this.reconnectDelay * this.reconnectAttempts);
     }
   }
 
-  public async sendRequest(remotePubkey: string, method: string, params: any[] = [], kind = 24133, cb?: (res: RpcResponse) => void): Promise<RpcResponse | undefined> {
+  protected getId(): string {
+    return Math.random().toString(36).substring(7);
+  }
+
+  public async sendRequest(remotePubkey: string, method: string, params: string[] = [], kind = 24133, cb?: (res: NDKRpcResponse) => void): Promise<NDKRpcResponse> {
     const id = this.getId();
+
+    // response handler will deduplicate auth urls and responses
     this.setResponseHandler(id, cb);
+
+    // create and sign request
     const event = await this.createRequestEvent(id, remotePubkey, method, params, kind);
-    await this.publishRequest(event);
-    return undefined as any;
+    console.log('sendRequest', { event, method, remotePubkey, params });
+
+    // send to relays
+    await event.publish();
+
+    // NOTE: ndk returns a promise that never resolves and
+    // in fact REQUIRES cb to be provided (otherwise no way
+    // to consume the result), we've already stepped on the bug
+    // of waiting for this unresolvable result, so now we return
+    // undefined to make sure waiters fail, not hang.
+    // @ts-ignore
+    return undefined as NDKRpcResponse;
   }
 
-  public async listen(nostrConnectSecret: string, relays?: string[]) {
-    const pubkey = this.localPubkey;
-    this.subscribe(relays || this.relays, { 'kinds': [24133], '#p': [pubkey] });
-    return new Promise<string>((ok, err) => {
-      const handler = async (event: any) => {
-        try {
-          const parsed = await this.parseEvent(event);
-          if ((parsed as RpcResponse).result === 'auth_url') return; // ignore
-          const response = parsed as RpcResponse;
-          if (response.result === 'ack' || response.result === nostrConnectSecret) {
-            ok(event.pubkey);
-            this.stop();
-          } else {
-            err(response.error);
-            this.stop();
+  protected setResponseHandler(id: string, cb?: (res: NDKRpcResponse) => void) {
+    let authUrlSent = false;
+    const now = Date.now();
+    return new Promise<NDKRpcResponse>(() => {
+      const responseHandler = (response: NDKRpcResponse) => {
+        if (response.result === 'auth_url') {
+          this.once(`response-${id}`, responseHandler);
+          if (!authUrlSent) {
+            authUrlSent = true;
+            this.emit('authUrl', response.error);
+          }
+        } else if (cb) {
+          if (this.requests.has(id)) {
+            this.requests.delete(id);
+            console.log('nostr-login processed nip46 request in', Date.now() - now, 'ms');
+            cb(response);
           }
-        } catch (e) {
-          // ignore
         }
       };
 
-      this.once('request', handler);
+      this.once(`response-${id}`, responseHandler);
     });
   }
+
+  protected async createRequestEvent(id: string, remotePubkey: string, method: string, params: string[] = [], kind = 24133) {
+    this.requests.add(id);
+    const localUser = await this._signer.user();
+    const remoteUser = this._ndk.getUser({ pubkey: remotePubkey });
+    const request = { id, method, params };
+
+    const event = new NDKEvent(this._ndk, {
+      kind,
+      content: JSON.stringify(request),
+      tags: [['p', remotePubkey]],
+      pubkey: localUser.pubkey,
+    } as NostrEvent);
+
+    const useNip44 = this._useNip44 && method !== 'create_account';
+    const encrypt = useNip44 ? this._signer.encryptNip44 : this._signer.encrypt;
+    event.content = await encrypt.call(this._signer, remoteUser, event.content);
+    await event.sign(this._signer);
+
+    return event;
+  }
 }
 
 export class IframeNostrRpc extends NostrRpc {
   private peerOrigin?: string;
   private iframePort?: MessagePort;
   private iframeRequests = new Map<string, { id: string; pubkey: string }>();
+  private heartbeatInterval?: number;
+  private lastResponseTime: number = Date.now();
+  private heartbeatTimeoutMs: number = 30000; // 30秒応答がなければ再接続
 
-  constructor(localSigner: PrivateKeySigner, iframePeerOrigin?: string, relays: string[] = []) {
-    super(localSigner, relays);
+  public constructor(ndk: NDK, localSigner: PrivateKeySigner, iframePeerOrigin?: string) {
+    super(ndk, localSigner);
+    this._ndk = ndk;
     this.peerOrigin = iframePeerOrigin;
   }
 
+  public async subscribe(filter: NDKFilter): Promise<NDKSubscription> {
+    if (!this.peerOrigin) return super.subscribe(filter);
+    return new NDKSubscription(
+      this._ndk,
+      {},
+      {
+        // don't send to relay
+        closeOnEose: true,
+        cacheUsage: NDKSubscriptionCacheUsage.ONLY_CACHE,
+      },
+    );
+  }
+
+  // ハートビート開始
+  private startHeartbeat() {
+    this.stopHeartbeat();
+
+    this.heartbeatInterval = window.setInterval(async () => {
+      const timeSinceLastResponse = Date.now() - this.lastResponseTime;
+
+      if (timeSinceLastResponse > this.heartbeatTimeoutMs) {
+        console.warn('No response from relay for too long, reconnecting...');
+        await this.reconnect();
+      }
+    }, 10000); // 10秒ごとにチェック
+  }
+
+  private stopHeartbeat() {
+    if (this.heartbeatInterval) {
+      clearInterval(this.heartbeatInterval);
+      this.heartbeatInterval = undefined;
+    }
+  }
+
   public setWorkerIframePort(port: MessagePort) {
     if (!this.peerOrigin) throw new Error('Unexpected iframe port');
+
     this.iframePort = port;
+    this.startHeartbeat();
 
-    // keep the channel alive
+    // to make sure Chrome doesn't terminate the channel
     setInterval(() => {
-      try {
-        this.iframePort!.postMessage('ping');
-      } catch (e) {}
+      console.log('iframe-nip46 ping');
+      this.iframePort!.postMessage('ping');
     }, 5000);
 
-    this.iframePort.onmessage = async ev => {
-      // handle special error reply
+    port.onmessage = async ev => {
+      console.log('iframe-nip46 got response', ev.data);
       if (typeof ev.data === 'string' && ev.data.startsWith('errorNoKey')) {
         const event_id = ev.data.split(':')[1];
-        const entry = this.iframeRequests.get(event_id) || { id: '', pubkey: '' };
-        const { id = '', pubkey = '' } = entry;
+        const { id = '', pubkey = '' } = this.iframeRequests.get(event_id) || {};
         if (id && pubkey && this.requests.has(id)) this.emit(`iframeRestart-${pubkey}`);
         return;
       }
 
+      // a copy-paste from rpc.subscribe
       try {
         const event = ev.data;
+
         if (!validateEvent(event)) throw new Error('Invalid event from iframe');
         if (!verifySignature(event)) throw new Error('Invalid event signature from iframe');
-        const parsed = await this.parseEvent(event);
-        if (!(parsed as RpcRequest).method) {
-          this.emit(`response-${(parsed as RpcResponse).id}`, parsed as RpcResponse);
+        const nevent = new NDKEvent(this._ndk, event);
+        const parsedEvent = await this.parseEvent(nevent);
+        // レスポンス受信時にタイムスタンプを更新
+        this.lastResponseTime = Date.now();
+        // we're only implementing client-side rpc
+        if (!(parsedEvent as NDKRpcRequest).method) {
+          console.log('parsed response', parsedEvent);
+          this.emit(`response-${parsedEvent.id}`, parsedEvent);
         }
       } catch (e) {
-        // ignore parse errors
+        console.log('error parsing event', e, ev.data);
       }
     };
   }
 
-  public async sendRequest(remotePubkey: string, method: string, params: any[] = [], kind = 24133, cb?: (res: RpcResponse) => void): Promise<RpcResponse | undefined> {
+  public async sendRequest(remotePubkey: string, method: string, params: string[] = [], kind = 24133, cb?: (res: NDKRpcResponse) => void): Promise<NDKRpcResponse> {
     const id = this.getId();
-    this.setResponseHandler(id, cb);
+
+    // create and sign request event
     const event = await this.createRequestEvent(id, remotePubkey, method, params, kind);
 
-    // map request event id -> id for iframe restarts
-    this.iframeRequests.set(event.id, { id, pubkey: remotePubkey });
+    // set response handler, it will dedup auth urls,
+    // and also dedup response handlers - we're sending
+    // to relays and to iframe
+    this.setResponseHandler(id, cb);
 
     if (this.iframePort) {
-      try {
-        this.iframePort.postMessage(event);
-      } catch (e) {
-        // fallthrough to publish to relays as well
-        await this.publishRequest(event);
-      }
+      // map request event id to request id, if iframe
+      // has no key it will reply with error:event_id (it can't
+      // decrypt the request id without keys)
+      this.iframeRequests.set(event.id, { id, pubkey: remotePubkey });
+
+      // send to iframe
+      console.log('iframe-nip46 sending request to', this.peerOrigin, event.rawEvent());
+      this.iframePort.postMessage(event.rawEvent());
     } else {
-      await this.publishRequest(event);
+      // send to relays
+      await event.publish();
     }
 
-    return undefined as any;
+    // see notes in 'super'
+    // @ts-ignore
+    return undefined as NDKRpcResponse;
   }
 }
 
@@ -264,14 +432,20 @@ export class ReadyListener {
     this.origin = origin;
     this.messages = messages;
     this.promise = new Promise<any>(ok => {
+      console.log(new Date(), 'started listener for', this.messages);
+
+      // ready message handler
       const onReady = async (e: MessageEvent) => {
         const originHostname = new URL(origin!).hostname;
         const messageHostname = new URL(e.origin).hostname;
+        // same host or subdomain
         const validHost = messageHostname === originHostname || messageHostname.endsWith('.' + originHostname);
         if (!validHost || !Array.isArray(e.data) || !e.data.length || !this.messages.includes(e.data[0])) {
+          // console.log(new Date(), 'got invalid ready message', e.origin, e.data);
           return;
         }
 
+        console.log(new Date(), 'got ready message from', e.origin, e.data);
         window.removeEventListener('message', onReady);
         ok(e.data);
       };
@@ -280,32 +454,39 @@ export class ReadyListener {
   }
 
   async wait(): Promise<any> {
+    console.log(new Date(), 'waiting for', this.messages);
     const r = await this.promise;
+    // NOTE: timer here doesn't help bcs it must be activated when
+    // user "confirms", but that's happening on a different
+    // origin and we can't really know.
+    // await new Promise<any>((ok, err) => {
+    //   // 10 sec should be more than enough
+    //   setTimeout(() => err(new Date() + ' timeout for ' + this.message), 10000);
+
+    //   // if promise already resolved or will resolve in the future
+    //   this.promise.then(ok);
+    // });
+
+    console.log(new Date(), 'finished waiting for', this.messages, r);
     return r;
   }
 }
 
-export class Nip46Signer extends EventEmitter {
+export class Nip46Signer extends NDKNip46Signer {
   private _userPubkey: string = '';
-  public remotePubkey: string = '';
-  public rpc: IframeNostrRpc | NostrRpc;
-  private localSigner: PrivateKeySigner;
-
-  constructor(localSigner: PrivateKeySigner, signerPubkey: string, iframeOrigin?: string, relays: string[] = []) {
-    super();
-    this.remotePubkey = signerPubkey;
-    this.localSigner = localSigner;
+  private _rpc: IframeNostrRpc;
 
-    if (iframeOrigin) {
-      this.rpc = new IframeNostrRpc(localSigner, iframeOrigin, relays);
-    } else {
-      this.rpc = new NostrRpc(localSigner, relays);
-    }
-    (this.rpc as any).setUseNip44(true);
+  constructor(ndk: NDK, localSigner: PrivateKeySigner, signerPubkey: string, iframeOrigin?: string) {
+    super(ndk, signerPubkey, localSigner);
 
-    this.rpc.on('authUrl', (url: string) => {
+    // override with our own rpc implementation
+    this._rpc = new IframeNostrRpc(ndk, localSigner, iframeOrigin);
+    this._rpc.setUseNip44(true); // !!this.params.optionsModal.dev);
+    this._rpc.on('authUrl', (url: string) => {
       this.emit('authUrl', url);
     });
+
+    this.rpc = this._rpc;
   }
 
   get userPubkey() {
@@ -313,12 +494,17 @@ export class Nip46Signer extends EventEmitter {
   }
 
   private async setSignerPubkey(signerPubkey: string, sameAsUser: boolean = false) {
+    console.log('setSignerPubkey', signerPubkey);
+
+    // ensure it's set
     this.remotePubkey = signerPubkey;
 
-    this.rpc.on(`iframeRestart-${signerPubkey}`, () => {
+    // when we're sure it's known
+    this._rpc.on(`iframeRestart-${signerPubkey}`, () => {
       this.emit('iframeRestart');
     });
 
+    // now call getPublicKey and swap remotePubkey w/ that
     await this.initUserPubkey(sameAsUser ? signerPubkey : '');
   }
 
@@ -330,51 +516,57 @@ export class Nip46Signer extends EventEmitter {
       return;
     }
 
-    this._userPubkey = await new Promise<string>((ok, err) => {
-      if (!this.remotePubkey) throw new Error('Signer pubkey not set');
-      this.rpc.sendRequest(this.remotePubkey, 'get_public_key', [], 24133, (response: RpcResponse) => {
-        if (response.error) return err(response.error);
-        ok(response.result);
-      });
-    });
+    this._userPubkey = await withTimeout(
+      new Promise<string>((ok, err) => {
+        if (!this.remotePubkey) throw new Error('Signer pubkey not set');
+
+        console.log('get_public_key', this.remotePubkey);
+        this._rpc.sendRequest(this.remotePubkey, 'get_public_key', [], 24133, (response: NDKRpcResponse) => {
+          if (response.error) {
+            err(new Error(response.error));
+          } else {
+            ok(response.result);
+          }
+        });
+      }),
+      NIP46_REQUEST_TIMEOUT,
+      'Timeout getting public key',
+    );
   }
 
   public async listen(nostrConnectSecret: string) {
-    const signerPubkey = await (this.rpc as any).listen(nostrConnectSecret, (this.rpc as any).relays);
+    const signerPubkey = await (this.rpc as IframeNostrRpc).listen(nostrConnectSecret);
     await this.setSignerPubkey(signerPubkey);
   }
 
   public async connect(token?: string, perms?: string) {
     if (!this.remotePubkey) throw new Error('No signer pubkey');
-    return new Promise<void>((ok, err) => {
-      const params = [this.localSigner.pubkey, token || '', perms || ''];
-      this.rpc.sendRequest(this.remotePubkey, 'connect', params, 24133, (response: RpcResponse) => {
-        if (response.result === 'ack') ok();
-        else err(response.error);
-      });
-    });
+    await (this._rpc as any).connectWithTimeout(this.remotePubkey, token, perms, NIP46_CONNECT_TIMEOUT);
+    await this.setSignerPubkey(this.remotePubkey);
   }
 
-  // convenience wrappers
-  public async createAccount2(params: any) {
-    return new Promise((ok, err) => {
-      this.rpc.sendRequest(this.remotePubkey, 'create_account', [params], 24133, (response: RpcResponse) => {
-        if (response.error) err(response.error);
-        else ok(response.result);
-      });
-    });
+  public async setListenReply(reply: any, nostrConnectSecret: string) {
+    const signerPubkey = await this._rpc.parseNostrConnectReply(reply, nostrConnectSecret);
+    await this.setSignerPubkey(signerPubkey, true);
   }
 
-  public async encrypt(pubkey: string, plaintext: string) {
-    return this.localSigner.encrypt(pubkey, plaintext);
-  }
+  public async createAccount2({ bunkerPubkey, name, domain, perms = '' }: { bunkerPubkey: string; name: string; domain: string; perms?: string }) {
+    const params = [
+      name,
+      domain,
+      '', // email
+      perms,
+    ];
 
-  public async decrypt(pubkey: string, ciphertext: string) {
-    return this.localSigner.decrypt(pubkey, ciphertext);
-  }
+    const r = await new Promise<NDKRpcResponse>(ok => {
+      this.rpc.sendRequest(bunkerPubkey, 'create_account', params, undefined, ok);
+    });
+
+    console.log('create_account pubkey', r);
+    if (r.result === 'error') {
+      throw new Error(r.error);
+    }
 
-  public async sign(event: any) {
-    await this.localSigner.sign(event);
-    return event.sig;
+    return r.result;
   }
 }