applesauce-signers 2.0.0 → 3.0.0

package/dist/signers/nostr-connect-provider.js

@@ -0,0 +1,406 @@
+import { logger } from "applesauce-core";
+import { getEncryptedContentEncryptionMethods, getHiddenContent, isEvent, unixNow, unlockHiddenContent, } from "applesauce-core/helpers";
+import { createDefer } from "applesauce-core/promise";
+import { kinds, verifyEvent } from "nostr-tools";
+import { nanoid } from "nanoid";
+import { isNIP04 } from "../helpers/encryption.js";
+import { createBunkerURI, NostrConnectMethod, parseNostrConnectURI, } from "../helpers/nostr-connect.js";
+import { SimpleSigner } from "./simple-signer.js";
+export class NostrConnectProvider {
+    /** A fallback method to use for subscriptionMethod if none is passed in when creating the provider */
+    static subscriptionMethod = undefined;
+    /** A fallback method to use for publishMethod if none is passed in when creating the provider */
+    static publishMethod = undefined;
+    /** A fallback pool to use if none is pass in when creating the provider */
+    static pool = undefined;
+    /** A method that is called when an event needs to be published */
+    publishMethod;
+    /** The active nostr subscription */
+    subscriptionMethod;
+    /** Internal logger */
+    log = logger.extend("NostrConnectProvider");
+    /** A set of nostr requests that have been seen */
+    seen = new Set();
+    /** The main signer for the actual signing operations */
+    upstream;
+    /** The identity signer (provider's identity) */
+    signer;
+    /** Whether the provider is listening for events */
+    listening = false;
+    /** The connected client's public key */
+    client;
+    /** The secret used to authorize clients to connect */
+    secret;
+    /** Relays to communicate over */
+    relays;
+    /** Whether a client is connected (received a `connect` request) */
+    connected = false;
+    /** Callbacks */
+    onClientConnect;
+    onClientDisconnect;
+    /** A method used to accept or reject `connect` requests */
+    onConnect;
+    /** A method used to accept or reject `sign_event` requests */
+    onSignEvent;
+    /** A method used to accept or reject `nip04_encrypt` requests */
+    onNip04Encrypt;
+    /** A method used to accept or reject `nip04_decrypt` requests */
+    onNip04Decrypt;
+    /** A method used to accept or reject `nip44_encrypt` requests */
+    onNip44Encrypt;
+    /** A method used to accept or reject `nip44_decrypt` requests */
+    onNip44Decrypt;
+    constructor(opts) {
+        this.relays = opts.relays;
+        this.upstream = opts.upstream;
+        this.signer = opts.signer ?? new SimpleSigner();
+        this.secret = opts.secret;
+        // Get the subscription and publish methods
+        const subscriptionMethod = opts.subscriptionMethod ||
+            opts.pool?.subscription ||
+            NostrConnectProvider.subscriptionMethod ||
+            NostrConnectProvider.pool?.subscription;
+        if (!subscriptionMethod)
+            throw new Error("Missing subscriptionMethod, either pass a method or set NostrConnectProvider.subscriptionMethod");
+        const publishMethod = opts.publishMethod ||
+            opts.pool?.publish ||
+            NostrConnectProvider.publishMethod ||
+            NostrConnectProvider.pool?.publish;
+        if (!publishMethod)
+            throw new Error("Missing publishMethod, either pass a method or set NostrConnectProvider.publishMethod");
+        // Use arrow functions so "this" isn't bound to the signer
+        this.subscriptionMethod = (relays, filters) => subscriptionMethod(relays, filters);
+        this.publishMethod = (relays, event) => publishMethod(relays, event);
+        // Set client connection callbacks
+        if (opts.onClientConnect)
+            this.onClientConnect = opts.onClientConnect;
+        if (opts.onClientDisconnect)
+            this.onClientDisconnect = opts.onClientDisconnect;
+        // Set authorization callbacks
+        if (opts.onConnect)
+            this.onConnect = opts.onConnect;
+        if (opts.onSignEvent)
+            this.onSignEvent = opts.onSignEvent;
+        if (opts.onNip04Encrypt)
+            this.onNip04Encrypt = opts.onNip04Encrypt;
+        if (opts.onNip04Decrypt)
+            this.onNip04Decrypt = opts.onNip04Decrypt;
+        if (opts.onNip44Encrypt)
+            this.onNip44Encrypt = opts.onNip44Encrypt;
+        if (opts.onNip44Decrypt)
+            this.onNip44Decrypt = opts.onNip44Decrypt;
+    }
+    /** The currently active REQ subscription */
+    req;
+    /** Updates the relay subscription to listen for request events */
+    async updateSubscription() {
+        if (this.req)
+            this.req.unsubscribe();
+        const pubkey = await this.signer.getPublicKey();
+        // Setup subscription to listen for requests
+        this.req = this.subscriptionMethod(this.relays, [
+            // If client is known, only listen for requests from the client
+            this.client
+                ? {
+                    kinds: [kinds.NostrConnect],
+                    "#p": [pubkey],
+                    authors: [this.client],
+                }
+                : // Otherwise listen for all requests (waiting for a `connect` request)
+                    {
+                        kinds: [kinds.NostrConnect],
+                        "#p": [pubkey],
+                    },
+        ]).subscribe({
+            next: (event) => typeof event !== "string" && this.handleEvent(event),
+        });
+    }
+    /**
+     * Start the provider
+     * @param request - An inital `connect` request to respond to or a {@link NostrConnectURI}
+     */
+    async start(request) {
+        if (this.listening)
+            return;
+        this.listening = true;
+        // Handle first request if provided (e.g. from a `connect` request)
+        if (isEvent(request))
+            await this.handleEvent(request);
+        // Handle NostrConnectURI
+        else if (request)
+            await this.handleNostrConnectURI(request);
+        // Start the subscription (if its not already started)
+        if (!this.req)
+            await this.updateSubscription();
+        this.log("Started", this.relays);
+    }
+    /** Stop the provider */
+    async stop() {
+        this.listening = false;
+        // Close the current subscription
+        if (this.req) {
+            this.req.unsubscribe();
+            this.req = undefined;
+        }
+        // Cancel waiting promise
+        if (this.waitingPromise) {
+            this.waitingPromise.reject(new Error("Closed"));
+            this.waitingPromise = null;
+        }
+        // Notify client disconnect
+        if (this.client && this.connected && this.onClientDisconnect)
+            this.onClientDisconnect(this.client);
+        // Forget all seen requests
+        this.seen.clear();
+        this.client = undefined;
+        this.connected = false;
+        this.log("Stopped");
+    }
+    waitingPromise = null;
+    /** Wait for a client to connect */
+    waitForClient(abort) {
+        if (this.client)
+            return Promise.resolve(this.client);
+        this.start();
+        this.waitingPromise = createDefer();
+        abort?.addEventListener("abort", () => {
+            this.waitingPromise?.reject(new Error("Aborted"));
+            this.waitingPromise = null;
+            this.stop();
+        }, true);
+        return this.waitingPromise;
+    }
+    /** Call this method with incoming events */
+    async handleEvent(event) {
+        if (!verifyEvent(event))
+            return;
+        // Do nothing if this request has already been seen
+        if (this.seen.has(event.id))
+            return;
+        this.seen.add(event.id);
+        try {
+            const content = getHiddenContent(event) ||
+                // Support legacy NIP-04 encryption
+                (isNIP04(event.content)
+                    ? await unlockHiddenContent(event, this.signer, "nip04")
+                    : await unlockHiddenContent(event, this.signer, "nip44"));
+            const request = JSON.parse(content);
+            // If the client isn't known, reject the request
+            if (!this.client && request.method !== NostrConnectMethod.Connect)
+                throw new Error("Received request from unknown client");
+            else if (this.client && event.pubkey !== this.client)
+                throw new Error("Received request from wrong client");
+            // Process the request
+            this.log(`Processing ${request.method} from ${event.pubkey}`);
+            try {
+                let result;
+                switch (request.method) {
+                    case NostrConnectMethod.Connect:
+                        result = await this.handleConnect(event.pubkey, request.params);
+                        break;
+                    case NostrConnectMethod.GetPublicKey:
+                        result = await this.upstream.getPublicKey();
+                        break;
+                    case NostrConnectMethod.SignEvent:
+                        result = await this.handleSignEvent(request.params);
+                        break;
+                    case NostrConnectMethod.Nip04Encrypt:
+                        result = await this.handleNip04Encrypt(request.params);
+                        break;
+                    case NostrConnectMethod.Nip04Decrypt:
+                        result = await this.handleNip04Decrypt(request.params);
+                        break;
+                    case NostrConnectMethod.Nip44Encrypt:
+                        result = await this.handleNip44Encrypt(request.params);
+                        break;
+                    case NostrConnectMethod.Nip44Decrypt:
+                        result = await this.handleNip44Decrypt(request.params);
+                        break;
+                    default:
+                        throw new Error(`Unsupported method: ${request.method}`);
+                }
+                // Send success response
+                await this.sendResponse(event, request.id, result);
+            }
+            catch (error) {
+                this.log(`Error processing ${request.method}:`, error);
+                await this.sendErrorResponse(event, request.id, error instanceof Error ? error.message : "Unknown error");
+            }
+        }
+        catch (err) {
+            this.log("Error handling request:", err);
+        }
+    }
+    /** Handle an initial NostrConnectURI */
+    async handleNostrConnectURI(uri) {
+        if (this.client)
+            throw new Error("Already connected to a client");
+        // Parse the URI
+        if (typeof uri === "string")
+            uri = parseNostrConnectURI(uri);
+        // Get a response to a fake initial `connect` request
+        const response = await this.handleConnect(uri.client, [
+            await this.signer.getPublicKey(),
+            uri.secret,
+            uri.metadata?.permissions?.join(",") ?? "",
+        ]);
+        // Send `connect` response with random id
+        await this.sendResponse(uri.client, nanoid(8), response);
+    }
+    /** Handle connect request */
+    async handleConnect(client, [target, secret, permissionsStr]) {
+        const permissions = permissionsStr ? permissionsStr.split(",") : [];
+        // Check if this is a connection to our provider
+        const providerPubkey = await this.signer.getPublicKey();
+        if (target !== providerPubkey)
+            throw new Error("Invalid target pubkey");
+        // If a secret is set, check that if matches
+        if (this.secret && this.secret !== secret)
+            throw new Error("Invalid secret");
+        // Handle authorization if callback is provided
+        if (this.onConnect) {
+            const authorized = await this.onConnect(client, permissions);
+            if (authorized === false)
+                throw new Error("Authorization denied");
+        }
+        // If the client isn't set yet, this if the first `connect` request
+        const isFirstRequest = !this.client;
+        // Establish connection
+        this.client = client;
+        this.connected = true;
+        if (!this.secret)
+            this.secret = secret;
+        // Update the subscription since we now know the client pubkey
+        if (isFirstRequest)
+            await this.updateSubscription();
+        // Notify connection
+        if (this.onClientConnect)
+            this.onClientConnect(client);
+        // Resolve waiting promise
+        if (this.waitingPromise) {
+            this.waitingPromise.resolve(client);
+            this.waitingPromise = null;
+        }
+        // Return ack or the secret if provided
+        return secret || "ack";
+    }
+    /** Handle sign event request */
+    async handleSignEvent([eventJson]) {
+        const template = JSON.parse(eventJson);
+        // Check if the sign event is allowed
+        if (this.onSignEvent) {
+            const result = await this.onSignEvent(template, this.client);
+            if (result === false)
+                throw new Error("Sign event denied");
+        }
+        const signedEvent = await this.upstream.signEvent(template);
+        return JSON.stringify(signedEvent);
+    }
+    /** Handle NIP-04 encryption */
+    async handleNip04Encrypt([pubkey, plaintext,]) {
+        if (!this.upstream.nip04)
+            throw new Error("NIP-04 not supported");
+        // Check if the nip04 encryption is allowed
+        if (this.onNip04Encrypt) {
+            const result = await this.onNip04Encrypt(pubkey, plaintext, this.client);
+            if (result === false)
+                throw new Error("NIP-04 encryption denied");
+        }
+        return await this.upstream.nip04.encrypt(pubkey, plaintext);
+    }
+    /** Handle NIP-04 decryption */
+    async handleNip04Decrypt([pubkey, ciphertext,]) {
+        if (!this.upstream.nip04)
+            throw new Error("NIP-04 not supported");
+        // Check if the nip04 decryption is allowed
+        if (this.onNip04Decrypt) {
+            const result = await this.onNip04Decrypt(pubkey, ciphertext, this.client);
+            if (result === false)
+                throw new Error("NIP-04 decryption denied");
+        }
+        return await this.upstream.nip04.decrypt(pubkey, ciphertext);
+    }
+    /** Handle NIP-44 encryption */
+    async handleNip44Encrypt([pubkey, plaintext,]) {
+        if (!this.upstream.nip44)
+            throw new Error("NIP-44 not supported");
+        // Check if the nip44 encryption is allowed
+        if (this.onNip44Encrypt) {
+            const result = await this.onNip44Encrypt(pubkey, plaintext, this.client);
+            if (result === false)
+                throw new Error("NIP-44 encryption denied");
+        }
+        return await this.upstream.nip44.encrypt(pubkey, plaintext);
+    }
+    /** Handle NIP-44 decryption */
+    async handleNip44Decrypt([pubkey, ciphertext,]) {
+        if (!this.upstream.nip44)
+            throw new Error("NIP-44 not supported");
+        // Check if the nip44 decryption is allowed
+        if (this.onNip44Decrypt) {
+            const result = await this.onNip44Decrypt(pubkey, ciphertext, this.client);
+            if (result === false)
+                throw new Error("NIP-44 decryption denied");
+        }
+        return await this.upstream.nip44.decrypt(pubkey, ciphertext);
+    }
+    /**
+     * Send a response to the client
+     * @param clientOrRequest - The client pubkey or request event
+     * @param requestId - The id of the request
+     * @param result - The result of the request
+     */
+    async sendResponse(clientOrRequest, requestId, result) {
+        const response = {
+            id: requestId,
+            result,
+        };
+        await this.sendMessage(clientOrRequest, response);
+    }
+    /** Send an error response to the client */
+    async sendErrorResponse(event, requestId, error) {
+        const response = {
+            id: requestId,
+            result: "",
+            error,
+        };
+        await this.sendMessage(event, response);
+    }
+    /** Send an encrypted message to the client */
+    async sendMessage(clientOrRequest, message) {
+        // Get the pubkey of the client
+        const client = typeof clientOrRequest === "string" ? clientOrRequest : clientOrRequest.pubkey;
+        // Try NIP-44 first, fallback to NIP-04
+        let encryption;
+        // If responding to a request, try to use the same encryption
+        if (typeof clientOrRequest !== "string")
+            encryption = getEncryptedContentEncryptionMethods(clientOrRequest.kind, this.signer, isNIP04(clientOrRequest.content) ? "nip04" : "nip44");
+        // Get default encryption method (nip44)
+        else
+            encryption = getEncryptedContentEncryptionMethods(kinds.NostrConnect, this.signer);
+        const content = JSON.stringify(message);
+        const event = await this.signer.signEvent({
+            kind: kinds.NostrConnect,
+            created_at: unixNow(),
+            tags: [["p", client]],
+            content: await encryption.encrypt(client, content),
+        });
+        // Publish the event
+        const result = this.publishMethod(this.relays, event);
+        // Handle returned Promise or Observable
+        if (result instanceof Promise) {
+            await result;
+        }
+        else if ("subscribe" in result) {
+            await new Promise((res) => result.subscribe({ complete: res }));
+        }
+    }
+    /** Get the connection string that clients can use to connect */
+    async getBunkerURI() {
+        return createBunkerURI({
+            remote: await this.signer.getPublicKey(),
+            relays: this.relays,
+            secret: this.secret,
+        });
+    }
+}

package/dist/signers/nostr-connect-signer.d.ts

@@ -1,60 +1,8 @@
-import { EventTemplate, Filter, NostrEvent, verifyEvent } from "nostr-tools";
-import { Nip07Interface, SimpleSigner } from "applesauce-signers";
 import { Deferred } from "applesauce-core/promise";
-export declare function isErrorResponse(response: any): response is NostrConnectErrorResponse;
-export declare enum Permission {
-    GetPublicKey = "get_pubic_key",
-    SignEvent = "sign_event",
-    Nip04Encrypt = "nip04_encrypt",
-    Nip04Decrypt = "nip04_decrypt",
-    Nip44Encrypt = "nip44_encrypt",
-    Nip44Decrypt = "nip44_decrypt"
-}
-export declare enum NostrConnectMethod {
-    Connect = "connect",
-    CreateAccount = "create_account",
-    GetPublicKey = "get_public_key",
-    SignEvent = "sign_event",
-    Nip04Encrypt = "nip04_encrypt",
-    Nip04Decrypt = "nip04_decrypt",
-    Nip44Encrypt = "nip44_encrypt",
-    Nip44Decrypt = "nip44_decrypt"
-}
-type RequestParams = {
-    [NostrConnectMethod.Connect]: [string] | [string, string] | [string, string, string];
-    [NostrConnectMethod.CreateAccount]: [string, string] | [string, string, string] | [string, string, string, string];
-    [NostrConnectMethod.GetPublicKey]: [];
-    [NostrConnectMethod.SignEvent]: [string];
-    [NostrConnectMethod.Nip04Encrypt]: [string, string];
-    [NostrConnectMethod.Nip04Decrypt]: [string, string];
-    [NostrConnectMethod.Nip44Encrypt]: [string, string];
-    [NostrConnectMethod.Nip44Decrypt]: [string, string];
-};
-type ResponseResults = {
-    [NostrConnectMethod.Connect]: "ack";
-    [NostrConnectMethod.CreateAccount]: string;
-    [NostrConnectMethod.GetPublicKey]: string;
-    [NostrConnectMethod.SignEvent]: string;
-    [NostrConnectMethod.Nip04Encrypt]: string;
-    [NostrConnectMethod.Nip04Decrypt]: string;
-    [NostrConnectMethod.Nip44Encrypt]: string;
-    [NostrConnectMethod.Nip44Decrypt]: string;
-};
-export type NostrConnectRequest<N extends NostrConnectMethod> = {
-    id: string;
-    method: N;
-    params: RequestParams[N];
-};
-export type NostrConnectResponse<N extends NostrConnectMethod> = {
-    id: string;
-    result: ResponseResults[N];
-    error?: string;
-};
-export type NostrConnectErrorResponse = {
-    id: string;
-    result: string;
-    error: string;
-};
+import { ISigner, SimpleSigner } from "applesauce-signers";
+import { EventTemplate, Filter, NostrEvent, verifyEvent } from "nostr-tools";
+import { BunkerURI, NostrConnectAppMetadata } from "../helpers/nostr-connect.js";
+import { Subscribable, Unsubscribable } from "../helpers/observable.js";
 export type NostrConnectSignerOptions = {
     /** The relays to communicate over */
     relays: string[];
@@ -64,39 +12,37 @@ export type NostrConnectSignerOptions = {
     remote?: string;
     /** Users pubkey */
     pubkey?: string;
+    /** A secret used when initalizing the connection from the client side */
+    secret?: string;
     /** A method for handling "auth" requests */
     onAuth?: (url: string) => Promise<void>;
     /** A method for subscribing to relays */
     subscriptionMethod?: NostrSubscriptionMethod;
     /** A method for publishing events */
     publishMethod?: NostrPublishMethod;
-};
-interface Unsubscribable {
-    unsubscribe(): void;
-}
-interface Observer<T> {
-    next: (value: T) => void;
-    error: (err: any) => void;
-    complete: () => void;
-}
-type Subscribable<T extends unknown> = {
-    subscribe: (observer: Partial<Observer<T>>) => Unsubscribable;
+    /** A pool of methods to use if none are passed in when creating the signer */
+    pool?: NostrPool;
 };
 /** A method used to subscribe to events on a set of relays */
 export type NostrSubscriptionMethod = (relays: string[], filters: Filter[]) => Subscribable<NostrEvent | string>;
 /** A method used for publishing an event, can return a Promise that completes when published or an Observable that completes when published*/
 export type NostrPublishMethod = (relays: string[], event: NostrEvent) => Promise<any> | Subscribable<any>;
-export type NostrConnectAppMetadata = {
-    name?: string;
-    image?: string;
-    url?: string | URL;
-    permissions?: string[];
+/** A simple pool type that combines the subscription and publish methods */
+export type NostrPool = {
+    subscription: NostrSubscriptionMethod;
+    publish: NostrPublishMethod;
 };
-export declare class NostrConnectSigner implements Nip07Interface {
+export declare class NostrConnectSigner implements ISigner {
     /** A method that is called when an event needs to be published */
     protected publishMethod: NostrPublishMethod;
     /** The active nostr subscription */
     protected subscriptionMethod: NostrSubscriptionMethod;
+    /** A fallback method to use for subscriptionMethod if none is pass in when creating the signer */
+    static subscriptionMethod: NostrSubscriptionMethod | undefined;
+    /** A fallback method to use for publishMethod if none is pass in when creating the signer */
+    static publishMethod: NostrPublishMethod | undefined;
+    /** A fallback pool to use if none is pass in when creating the signer */
+    static pool: NostrPool | undefined;
     protected log: import("debug").Debugger;
     /** The local client signer */
     signer: SimpleSigner;
@@ -116,19 +62,15 @@ export declare class NostrConnectSigner implements Nip07Interface {
     onAuth: (url: string) => Promise<void>;
     verifyEvent: typeof verifyEvent;
     /** A secret used when initiating a connection from the client side */
-    protected clientSecret: string;
+    secret: string;
     nip04?: {
-        encrypt: (pubkey: string, plaintext: string) => Promise<string> | string;
-        decrypt: (pubkey: string, ciphertext: string) => Promise<string> | string;
+        encrypt: (pubkey: string, plaintext: string) => Promise<string>;
+        decrypt: (pubkey: string, ciphertext: string) => Promise<string>;
     } | undefined;
     nip44?: {
-        encrypt: (pubkey: string, plaintext: string) => Promise<string> | string;
-        decrypt: (pubkey: string, ciphertext: string) => Promise<string> | string;
+        encrypt: (pubkey: string, plaintext: string) => Promise<string>;
+        decrypt: (pubkey: string, ciphertext: string) => Promise<string>;
     } | undefined;
-    /** A fallback method to use for subscriptionMethod if none is pass in when creating the signer */
-    static subscriptionMethod: NostrSubscriptionMethod | undefined;
-    /** A fallback method to use for publishMethod if none is pass in when creating the signer */
-    static publishMethod: NostrPublishMethod | undefined;
     constructor(opts: NostrConnectSignerOptions);
     /** The currently active REQ subscription */
     protected req?: Unsubscribable;
@@ -143,7 +85,7 @@ export declare class NostrConnectSigner implements Nip07Interface {
     protected createRequestEvent(content: string, target?: string | undefined, kind?: number): Promise<import("nostr-tools").VerifiedEvent>;
     private makeRequest;
     /** Connect to remote signer */
-    connect(secret?: string | undefined, permissions?: string[]): Promise<"ack">;
+    connect(secret?: string | undefined, permissions?: string[]): Promise<string>;
     private waitingPromise;
     /** Wait for a remote signer to connect */
     waitForSigner(abort?: AbortSignal): Promise<void>;
@@ -164,11 +106,7 @@ export declare class NostrConnectSigner implements Nip07Interface {
     /** Returns the nostrconnect:// URI for this signer */
     getNostrConnectURI(metadata?: NostrConnectAppMetadata): string;
     /** Parses a bunker:// URI */
-    static parseBunkerURI(uri: string): {
-        remote: string;
-        relays: string[];
-        secret?: string;
-    };
+    static parseBunkerURI(uri: string): BunkerURI;
     /** Builds an array of signing permissions for event kinds */
     static buildSigningPermissions(kinds: number[]): string[];
     /** Create a {@link NostrConnectSigner} from a bunker:// URI */
@@ -177,4 +115,3 @@ export declare class NostrConnectSigner implements Nip07Interface {
         signer?: SimpleSigner;
     }): Promise<NostrConnectSigner>;
 }
-export {};