nappup 1.0.9 → 1.0.12

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Arthur França
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,75 @@
+# Napp Up!
+
+```text
+  _   _                   _   _       _
+ | \ | | __ _ _ __  _ __ | | | |_ __ | |
+ |  \| |/ _` | '_ \| '_ \| | | | '_ \| |
+ | |\  | (_| | |_) | |_) | |_| | |_) |_|
+ |_| \_|\__,_| .__/| .__/ \___/| .__/(_)
+             |_|   |_|         |_|
+```
+
+**Napp Up!** is a powerful CLI tool for developers to effortlessly upload and manage Nostr applications. Ship your decentralized apps to the Nostr network with a single command.
+
+## Usage
+
+```bash
+nappup [directory] [options]
+```
+
+### Arguments
+
+- `[directory]`
+  The root directory of your application to upload. If omitted, defaults to the current working directory (`.`).
+
+### Options
+
+| Flag | Description |
+|------|-------------|
+| `-s <secret_key>` | Your Nostr secret key (hex format) used to sign the application event. See [Authentication](#authentication) for alternatives. |
+| `-d <d_tag>` | The unique identifier (`d` tag) for your application. If omitted, defaults to the directory name. Avoid generic names like `dist` or `build` - use something unique among your other apps like `mycoolapp`. |
+| `-r` | Force re-upload. By default, Napp Up! might skip files that haven't changed. Use this flag to ensure everything is pushed fresh. |
+| `--main` | Publish to the **main** release channel. This is the default behavior. |
+| `--next` | Publish to the **next** release channel. Ideal for beta testing or staging builds. |
+| `--draft` | Publish to the **draft** release channel. Use this for internal testing or work-in-progress builds. |
+
+## Authentication
+
+Napp Up! supports multiple ways to provide your Nostr secret key:
+
+1. **CLI flag**: Pass your hex-encoded secret key directly via `-s`:
+   ```bash
+   nappup -s 0123456789abcdef...
+   ```
+
+2. **Environment variable**: Set `NOSTR_SECRET_KEY` in your environment or a `.env` file:
+   ```bash
+   export NOSTR_SECRET_KEY=0123456789abcdef...
+   nappup ./dist
+   ```
+
+3. **Auto-generated key**: If no key is provided, Napp Up! will generate a new keypair automatically and store it in your project's `.env` file for future use.
+
+> **Note**: The secret key must be in **hex format**. If you have an `nsec`, convert it to hex first.
+
+### Examples
+
+Upload the current directory to the main channel:
+```bash
+nappup -s 0123456789abcdef...
+```
+
+Or using an environment variable:
+```bash
+NOSTR_SECRET_KEY=0123456789abcdef... nappup
+```
+
+Upload a specific `dist` folder with a custom identifier to the `next` channel:
+```bash
+nappup ./dist -s 0123456789abcdef... -d myapp --next
+```
+
+Force re-upload a draft:
+```bash
+nappup ~/my-repos/projectx/build/projectx --draft -r
+```

package/bin/nappup/helpers.js

@@ -10,6 +10,7 @@ export function parseArgs (args) {
   let sk = null
   let dTag = null
   let channel = null
+  let shouldReupload = false
 
   for (let i = 0; i < args.length; i++) {
     if (args[i] === '-s' && args[i + 1]) {
@@ -24,6 +25,8 @@ export function parseArgs (args) {
       channel = 'next'
     } else if (args[i] === '--draft' && channel === null) {
       channel = 'draft'
+    } else if (args[i] === '-r') {
+      shouldReupload = true
     } else if (!args[i].startsWith('-') && dir === null) {
       dir = args[i]
     }
@@ -33,7 +36,8 @@ export function parseArgs (args) {
     dir: path.resolve(dir ?? '.'),
     sk,
     dTag,
-    channel: channel || 'main'
+    channel: channel || 'main',
+    shouldReupload
   }
 }
 

package/bin/nappup/index.js

@@ -11,7 +11,7 @@ import toApp from '#index.js'
 const args = parseArgs(process.argv.slice(2))
 await confirmArgs(args)
 
-const { dir, sk, dTag, channel } = args
+const { dir, sk, dTag, channel, shouldReupload } = args
 const fileList = await toFileList(getFiles(dir), dir)
 
-await toApp(fileList, await NostrSigner.create(sk), { log: console.log.bind(console), dTag, channel })
+await toApp(fileList, await NostrSigner.create(sk), { log: console.log.bind(console), dTag, channel, shouldReupload })

package/package.json

@@ -6,7 +6,7 @@
     "url": "git+https://github.com/44billion/nappup.git"
   },
   "license": "GPL-3.0-or-later",
-  "version": "1.0.9",
+  "version": "1.0.12",
   "description": "Nostr App Uploader",
   "type": "module",
   "scripts": {
@@ -17,10 +17,12 @@
     "nappup": "bin/nappup/index.js"
   },
   "dependencies": {
+    "@noble/curves": "^2.0.0",
+    "@noble/hashes": "^2.0.0",
     "dotenv": "^17.2.0",
     "file-type": "^21.0.0",
     "mime-types": "^3.0.1",
-    "nmmr": "^1.0.4",
+    "nmmr": "^1.0.9",
     "nostr-tools": "^2.15.0"
   },
   "devDependencies": {

package/src/helpers/app-metadata.js

@@ -0,0 +1,54 @@
+export function extractHtmlMetadata (htmlContent) {
+  let name
+  let description
+
+  try {
+    const titleRegex = /<title[^>]*>([\s\S]*?)<\/title>/i
+    const titleMatch = htmlContent.match(titleRegex)
+    if (titleMatch && titleMatch[1]) {
+      name = titleMatch[1].trim()
+    }
+
+    const metaDescRegex = /<meta\s+[^>]*name\s*=\s*["']description["'][^>]*content\s*=\s*["']([^"']+)["'][^>]*>/i
+    const metaDescMatch = htmlContent.match(metaDescRegex)
+    if (metaDescMatch && metaDescMatch[1]) {
+      description = metaDescMatch[1].trim()
+    }
+
+    if (!description) {
+      const altMetaDescRegex = /<meta\s+[^>]*content\s*=\s*["']([^"']+)["'][^>]*name\s*=\s*["']description["'][^>]*>/i
+      const altMetaDescMatch = htmlContent.match(altMetaDescRegex)
+      if (altMetaDescMatch && altMetaDescMatch[1]) {
+        description = altMetaDescMatch[1].trim()
+      }
+    }
+  } catch (_) {
+    // ignore
+  }
+
+  return { name, description }
+}
+
+export function findFavicon (fileList) {
+  const faviconExtensions = ['ico', 'svg', 'webp', 'png', 'jpg', 'jpeg', 'gif']
+  for (const file of fileList) {
+    const filename = (file.webkitRelativePath || file.name || '').split('/').pop().toLowerCase()
+    if (filename.startsWith('favicon.')) {
+      const ext = filename.split('.').pop()
+      if (faviconExtensions.includes(ext)) {
+        return file
+      }
+    }
+  }
+  return null
+}
+
+export function findIndexFile (fileList) {
+  for (const file of fileList) {
+    const filename = (file.webkitRelativePath || file.name || '').split('/').pop().toLowerCase()
+    if (filename === 'index.html' || filename === 'index.htm') {
+      return file
+    }
+  }
+  return null
+}

package/src/helpers/app.js

@@ -1,4 +1,4 @@
-import { bytesToBase36 } from '#helpers/base36.js'
+import { bytesToBase36, isBase36 } from '#helpers/base36.js'
 
 // 63 - (1<channel> + 5<b36loggeduserpkslug> 50<b36pk>)
 // <b36loggeduserpkslug> pk chars at positions [7][17][27][37][47]
@@ -6,10 +6,10 @@ import { bytesToBase36 } from '#helpers/base36.js'
 export const NOSTR_APP_D_TAG_MAX_LENGTH = 7
 
 export function isNostrAppDTagSafe (string) {
-  return isSubdomainSafe(string) && string.length <= NOSTR_APP_D_TAG_MAX_LENGTH
+  return string.length > 0 && string.length <= NOSTR_APP_D_TAG_MAX_LENGTH && isBase36(string)
 }
 
-function isSubdomainSafe (string) {
+export function isSubdomainSafe (string) {
   return /(?:^[a-z0-9]$)|(?:^(?!.*--)[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$)/.test(string)
 }
 

package/src/helpers/base36.js

@@ -5,6 +5,12 @@ export const BASE36_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyz'
 const BASE = BigInt(BASE36_ALPHABET.length)
 const LEADER = BASE36_ALPHABET[0]
 const CHAR_MAP = new Map([...BASE36_ALPHABET].map((char, index) => [char, BigInt(index)]))
+const BASE36_REGEX = /^[0-9a-z]+$/
+
+export function isBase36 (str) {
+  if (typeof str !== 'string') return false
+  return BASE36_REGEX.test(str)
+}
 
 export function bytesToBase36 (bytes, padLength = 0) {
   return base16ToBase36(bytesToBase16(bytes), padLength)

package/src/helpers/base62.js

@@ -1,7 +1,7 @@
-export const ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
-const BASE = BigInt(ALPHABET.length)
-const LEADER = ALPHABET[0]
-const CHAR_MAP = new Map([...ALPHABET].map((char, index) => [char, BigInt(index)]))
+export const BASE62_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
+const BASE = BigInt(BASE62_ALPHABET.length)
+const LEADER = BASE62_ALPHABET[0]
+const CHAR_MAP = new Map([...BASE62_ALPHABET].map((char, index) => [char, BigInt(index)]))
 
 export function bytesToBase62 (bytes, padLength = 0) {
   if (bytes.length === 0) return ''.padStart(padLength, LEADER)
@@ -16,7 +16,7 @@ export function bytesToBase62 (bytes, padLength = 0) {
 
   while (num > 0n) {
     const remainder = num % BASE
-    result = ALPHABET[Number(remainder)] + result
+    result = BASE62_ALPHABET[Number(remainder)] + result
     num = num / BASE
   }
 

package/src/helpers/nip01.js

@@ -0,0 +1,32 @@
+import { schnorr } from '@noble/curves/secp256k1.js'
+import { sha256 } from '@noble/hashes/sha2.js'
+import { bytesToBase16, base16ToBytes } from '#helpers/base16.js'
+import { getPublicKey } from 'nostr-tools/pure'
+
+function serializeEvent (event) {
+  return JSON.stringify([
+    0,
+    event.pubkey,
+    event.created_at,
+    event.kind,
+    event.tags,
+    event.content
+  ])
+}
+
+function getEventHash (event) {
+  return sha256(new TextEncoder().encode(serializeEvent(event)))
+}
+
+function getSignature (eventHash, privkey) {
+  return bytesToBase16(schnorr.sign(eventHash, privkey))
+}
+
+export function finalizeEvent (event, privkey, withSig = true) {
+  event.pubkey ??= getPublicKey(privkey)
+  const eventHash = event.id ? base16ToBytes(event.id) : getEventHash(event)
+  event.id ??= bytesToBase16(eventHash)
+  if (withSig) event.sig ??= getSignature(eventHash, privkey)
+  else delete event.sig
+  return event
+}

package/src/helpers/nip19.js

@@ -1,9 +1,9 @@
 import { bytesToBase16, base16ToBytes } from '#helpers/base16.js'
-import { bytesToBase62, base62ToBytes, ALPHABET as base62Alphabet } from '#helpers/base62.js'
+import { bytesToBase62, base62ToBytes, BASE62_ALPHABET } from '#helpers/base62.js'
 import { isNostrAppDTagSafe } from '#helpers/app.js'
 
 const MAX_SIZE = 5000
-export const BASE62_ENTITY_REGEX = new RegExp(`^\\+{1,3}[${base62Alphabet}]{,${MAX_SIZE}}$`)
+export const NAPP_ENTITY_REGEX = new RegExp(`^\\+{1,3}[${BASE62_ALPHABET}]{48,${MAX_SIZE}}$`)
 const textEncoder = new TextEncoder()
 const textDecoder = new TextDecoder()
 
@@ -46,9 +46,11 @@ export function appDecode (entity) {
   if (!tlv[0]?.[0]) throw new Error('Missing deduplication tag')
   if (!tlv[2]?.[0]) throw new Error('Missing author pubkey')
   if (tlv[2][0].length !== 32) throw new Error('Author pubkey should be 32 bytes')
+  const dTag = textDecoder.decode(tlv[0][0])
+  if (!isNostrAppDTagSafe(dTag)) { throw new Error('Invalid deduplication tag') }
 
   return {
-    dTag: textDecoder.decode(tlv[0][0]),
+    dTag,
     pubkey: bytesToBase16(tlv[2][0]),
     kind: kindByChannel[channel],
     channel,

package/src/helpers/stream.js

@@ -18,3 +18,16 @@ export async function * streamToChunks (stream, chunkSize) {
 
   if (buffer.length > 0) yield buffer
 }
+
+export async function streamToText (stream) {
+  const reader = stream.getReader()
+  let result = ''
+  const decoder = new TextDecoder()
+  while (true) {
+    const { done, value } = await reader.read()
+    if (done) break
+    result += decoder.decode(value, { stream: true })
+  }
+  result += decoder.decode()
+  return result
+}