lightning-agent 0.3.0 → 0.3.1

package/lib/auth.js

@@ -156,6 +156,10 @@ function createAuthServer(opts = {}) {
 /**
  * Sign an LNURL-auth challenge with a private key.
  * 
+ * Uses the native secp256k1 package (libsecp256k1 bindings) for signing,
+ * which produces DER signatures accepted by all LNURL-auth implementations.
+ * Falls back to @noble/curves if secp256k1 is not available.
+ * 
  * @param {string} k1 - Challenge hex (32 bytes)
  * @param {string|Uint8Array} privateKey - Signing private key (hex or bytes)
  * @returns {{ sig: string, key: string }}
@@ -165,14 +169,27 @@ function createAuthServer(opts = {}) {
  * // Send sig + key back to the auth server
  */
 function signAuth(k1, privateKey) {
-  const secp = getSecp256k1();
-  const privBytes = typeof privateKey === 'string'
-    ? Uint8Array.from(Buffer.from(privateKey, 'hex'))
-    : privateKey;
-  const msgBytes = Uint8Array.from(Buffer.from(k1, 'hex'));
+  const privBuf = typeof privateKey === 'string'
+    ? Buffer.from(privateKey, 'hex')
+    : Buffer.from(privateKey);
+  const msgBuf = Buffer.from(k1, 'hex');
+
+  // Prefer native secp256k1 (libsecp256k1 bindings) — produces DER signatures
+  // accepted by all LNURL-auth server implementations
+  try {
+    const secp = require('secp256k1');
+    const { signature } = secp.ecdsaSign(msgBuf, privBuf);
+    const derSig = Buffer.from(secp.signatureExport(signature)).toString('hex');
+    const pubkey = Buffer.from(secp.publicKeyCreate(privBuf, true)).toString('hex');
+    return { sig: derSig, key: pubkey };
+  } catch (e) {
+    if (e.code !== 'MODULE_NOT_FOUND') throw e;
+  }
 
-  // secp256k1.sign returns 64-byte compact sig (r||s) in @noble/curves v2
-  const compactSig = secp.sign(msgBytes, privBytes);
+  // Fallback: @noble/curves with manual DER encoding
+  const secp = getSecp256k1();
+  const privBytes = Uint8Array.from(privBuf);
+  const compactSig = secp.sign(msgBuf, privBytes);
   const sigDer = compactToDER(compactSig);
   const pubkey = Buffer.from(secp.getPublicKey(privBytes, true)).toString('hex');
 
@@ -231,13 +248,25 @@ function getSecp256k1() {
   throw new Error('secp256k1 not available — install @noble/curves or nostr-tools');
 }
 
-// Verify a secp256k1 DER signature over a message hash
+// Verify a secp256k1 DER signature over a message
 function verifySignature(k1Hex, sigHex, pubkeyHex) {
+  const msg = Buffer.from(k1Hex, 'hex');
+  const sigBuf = Buffer.from(sigHex, 'hex');
+  const pub = Buffer.from(pubkeyHex, 'hex');
+
+  // Prefer native secp256k1
+  try {
+    const secp = require('secp256k1');
+    const compact = secp.signatureImport(sigBuf);
+    return secp.ecdsaVerify(compact, msg, pub);
+  } catch (e) {
+    if (e.code !== 'MODULE_NOT_FOUND') throw e;
+  }
+
+  // Fallback: @noble/curves
   const secp = getSecp256k1();
-  const msg = Uint8Array.from(Buffer.from(k1Hex, 'hex'));
   const compactSig = derToCompact(sigHex);
-  const pub = Uint8Array.from(Buffer.from(pubkeyHex, 'hex'));
-  return secp.verify(compactSig, msg, pub);
+  return secp.verify(compactSig, Uint8Array.from(msg), Uint8Array.from(pub));
 }
 
 // Convert 64-byte compact signature (r||s) to DER hex

package/package.json

@@ -1,16 +1,30 @@
 {
   "name": "lightning-agent",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "Lightning toolkit for AI agents. Payments, auth, escrow, and streaming micropayments.",
   "main": "lib/index.js",
   "bin": {
     "lightning-agent": "bin/lightning-agent.js"
   },
-  "keywords": ["lightning", "bitcoin", "ai", "agent", "nostr", "nwc", "payments", "escrow", "streaming", "lnurl", "auth", "micropayments"],
+  "keywords": [
+    "lightning",
+    "bitcoin",
+    "ai",
+    "agent",
+    "nostr",
+    "nwc",
+    "payments",
+    "escrow",
+    "streaming",
+    "lnurl",
+    "auth",
+    "micropayments"
+  ],
   "author": "Jeletor",
   "license": "MIT",
   "dependencies": {
     "nostr-tools": "^2.0.0",
+    "secp256k1": "^5.0.1",
     "ws": "^8.0.0"
   }
 }