node-red-contrib-nostr 0.1.3 → 0.2.0

package/dist/core/event.js

@@ -1,8 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.EventBuilder = void 0;
-const sha256_1 = require("@noble/hashes/sha256");
-const utils_1 = require("@noble/hashes/utils");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
+const utils_js_1 = require("@noble/hashes/utils.js");
 const keys_1 = require("../crypto/keys");
 class EventBuilder {
     static async createEvent(kind, content, privateKey, tags = []) {
@@ -26,7 +26,7 @@ class EventBuilder {
             event.tags,
             event.content
         ]);
-        event.id = (0, utils_1.bytesToHex)((0, sha256_1.sha256)(Buffer.from(serialized)));
+        event.id = (0, utils_js_1.bytesToHex)((0, sha2_js_1.sha256)(Buffer.from(serialized)));
         // Sign the event
         event.sig = await this.keyManager.sign(privateKey, event.id);
         return event;
@@ -46,7 +46,7 @@ class EventBuilder {
             event.tags,
             event.content
         ]);
-        const id = (0, utils_1.bytesToHex)((0, sha256_1.sha256)(Buffer.from(serialized)));
+        const id = (0, utils_js_1.bytesToHex)((0, sha2_js_1.sha256)(Buffer.from(serialized)));
         if (id !== event.id) {
             return false;
         }

package/dist/crypto/keys.d.ts

@@ -1,7 +1,7 @@
-export declare const DEFAULT_READER_KEYS: {
+export declare function getDefaultReaderKeys(): Promise<{
     privateKey: string;
     publicKey: string;
-};
+}>;
 /**
  * Generate a new Nostr key pair
  * @returns {Promise<Object>} Object containing private and public keys
@@ -29,8 +29,6 @@ export declare function npubToHex(npub: string): string;
  */
 export declare function getPublicKey(privateKeyHex: string): Promise<string>;
 export declare class KeyManager {
-    private secp256k1Promise;
-    constructor();
     generatePrivateKey(): Promise<string>;
     getPublicKey(privateKey: string): Promise<string>;
     sign(privateKey: string, message: string): Promise<string>;

package/dist/crypto/keys.js

@@ -1,70 +1,34 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.KeyManager = exports.DEFAULT_READER_KEYS = void 0;
+exports.KeyManager = void 0;
+exports.getDefaultReaderKeys = getDefaultReaderKeys;
 exports.generateKeyPair = generateKeyPair;
 exports.hexToNpub = hexToNpub;
 exports.npubToHex = npubToHex;
 exports.getPublicKey = getPublicKey;
+const secp256k1_js_1 = require("@noble/curves/secp256k1.js");
 const bech32_1 = require("bech32");
-const utils_1 = require("@noble/hashes/utils");
-const sha256_1 = require("@noble/hashes/sha256");
-// Default read-only key pair for basic operations
-// This is a dedicated key for node-red-contrib-nostr that's only used for reading events
-exports.DEFAULT_READER_KEYS = {
-    privateKey: '5acf32b3374c8c0aa6e483e0f7c6ba8c4b2d2f35d1d5854f08c8c9555d81903b',
-    publicKey: '04dbc5c6c357e5f33e19c89a2c0b2c1c41f7b15cc3e8f6a63f5e0e8c5d5c5c5c',
-};
-let secp256k1;
-async function initSecp256k1() {
-    if (!secp256k1) {
-        secp256k1 = await Promise.resolve().then(() => __importStar(require('@noble/secp256k1')));
+const utils_js_1 = require("@noble/hashes/utils.js");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
+// Lazily-initialized ephemeral key pair for read-only operations.
+// Generated at first use so no secret material is stored in source code.
+let _defaultReaderKeys = null;
+async function getDefaultReaderKeys() {
+    if (!_defaultReaderKeys) {
+        _defaultReaderKeys = await generateKeyPair();
     }
-    return secp256k1;
+    return _defaultReaderKeys;
 }
 /**
  * Generate a new Nostr key pair
  * @returns {Promise<Object>} Object containing private and public keys
  */
 async function generateKeyPair() {
-    const secp = await initSecp256k1();
-    const privateKey = secp.utils.randomPrivateKey();
-    const publicKey = secp.getPublicKey(privateKey, true);
+    const privateKey = secp256k1_js_1.secp256k1.utils.randomSecretKey();
+    const publicKey = secp256k1_js_1.secp256k1.getPublicKey(privateKey, true);
     return {
-        privateKey: Buffer.from(privateKey).toString('hex'),
-        publicKey: Buffer.from(publicKey).toString('hex')
+        privateKey: (0, utils_js_1.bytesToHex)(privateKey),
+        publicKey: (0, utils_js_1.bytesToHex)(publicKey)
     };
 }
 /**
@@ -91,34 +55,26 @@ function npubToHex(npub) {
  * @returns {Promise<string>} Public key in hex format
  */
 async function getPublicKey(privateKeyHex) {
-    const secp = await initSecp256k1();
-    const publicKey = secp.getPublicKey(privateKeyHex, true);
-    return Buffer.from(publicKey).toString('hex');
+    const publicKey = secp256k1_js_1.secp256k1.getPublicKey((0, utils_js_1.hexToBytes)(privateKeyHex), true);
+    return (0, utils_js_1.bytesToHex)(publicKey);
 }
 class KeyManager {
-    constructor() {
-        this.secp256k1Promise = initSecp256k1();
-    }
     async generatePrivateKey() {
-        const secp = await this.secp256k1Promise;
-        const privateKey = secp.utils.randomPrivateKey();
-        return Buffer.from(privateKey).toString('hex');
+        const privateKey = secp256k1_js_1.secp256k1.utils.randomSecretKey();
+        return (0, utils_js_1.bytesToHex)(privateKey);
     }
     async getPublicKey(privateKey) {
-        const secp = await this.secp256k1Promise;
-        const publicKey = secp.getPublicKey(privateKey, true);
-        return Buffer.from(publicKey).toString('hex');
+        const publicKey = secp256k1_js_1.secp256k1.getPublicKey((0, utils_js_1.hexToBytes)(privateKey), true);
+        return (0, utils_js_1.bytesToHex)(publicKey);
     }
     async sign(privateKey, message) {
-        const secp = await this.secp256k1Promise;
-        const messageHash = (0, sha256_1.sha256)(Buffer.from(message));
-        const signature = await secp.sign(messageHash, privateKey);
-        return (0, utils_1.bytesToHex)(signature.toCompactRawBytes());
+        const messageHash = (0, sha2_js_1.sha256)(new TextEncoder().encode(message));
+        const signature = secp256k1_js_1.secp256k1.sign(messageHash, (0, utils_js_1.hexToBytes)(privateKey));
+        return (0, utils_js_1.bytesToHex)(signature);
     }
     async verify(publicKey, message, signature) {
-        const secp = await this.secp256k1Promise;
-        const messageHash = (0, sha256_1.sha256)(Buffer.from(message));
-        return secp.verify(signature, messageHash, publicKey);
+        const messageHash = (0, sha2_js_1.sha256)(new TextEncoder().encode(message));
+        return secp256k1_js_1.secp256k1.verify((0, utils_js_1.hexToBytes)(signature), messageHash, (0, utils_js_1.hexToBytes)(publicKey));
     }
 }
 exports.KeyManager = KeyManager;

package/dist/nips/nip04.js

@@ -1,55 +1,22 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.NIP04 = void 0;
-const secp256k1 = __importStar(require("@noble/secp256k1"));
-const utils_1 = require("@noble/hashes/utils");
-const sha256_1 = require("@noble/hashes/sha256");
+const secp256k1_js_1 = require("@noble/curves/secp256k1.js");
+const utils_js_1 = require("@noble/hashes/utils.js");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
 const event_1 = require("../core/event");
 class NIP04 {
     static async encrypt(privateKey, publicKey, _text) {
-        const sharedPoint = secp256k1.getSharedSecret((0, utils_1.hexToBytes)(privateKey), (0, utils_1.hexToBytes)(publicKey));
+        const sharedPoint = secp256k1_js_1.secp256k1.getSharedSecret((0, utils_js_1.hexToBytes)(privateKey), (0, utils_js_1.hexToBytes)(publicKey));
         const sharedX = sharedPoint.slice(1, 33);
         // In a real implementation, we'd use this shared secret with
         // proper encryption. This is just a placeholder.
-        const key = (0, sha256_1.sha256)(sharedX);
+        const key = (0, sha2_js_1.sha256)(sharedX);
         // TODO: Implement actual encryption using AES-256-CBC
-        return (0, utils_1.bytesToHex)(key);
+        return (0, utils_js_1.bytesToHex)(key);
     }
     static async decrypt(privateKey, publicKey, _encryptedText) {
-        const sharedPoint = secp256k1.getSharedSecret((0, utils_1.hexToBytes)(privateKey), (0, utils_1.hexToBytes)(publicKey));
+        const sharedPoint = secp256k1_js_1.secp256k1.getSharedSecret((0, utils_js_1.hexToBytes)(privateKey), (0, utils_js_1.hexToBytes)(publicKey));
         const _sharedX = sharedPoint.slice(1, 33);
         // TODO: Implement actual decryption using AES-256-CBC
         return "decrypted text";

package/dist/nodes/nostr-filter/nostr-filter.js

@@ -34,6 +34,17 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = default_1;
+// Allowed fields in a Nostr subscription filter (NIP-01 + NIP-12 tag filters)
+const ALLOWED_FILTER_FIELDS = new Set(['ids', 'authors', 'kinds', 'since', 'until', 'limit', 'search']);
+function sanitizeFilterObject(parsed) {
+    const validated = {};
+    for (const [key, value] of Object.entries(parsed)) {
+        if (ALLOWED_FILTER_FIELDS.has(key) || key.startsWith('#')) {
+            validated[key] = value;
+        }
+    }
+    return validated;
+}
 function default_1(RED) {
     // Create a function to initialize the node
     async function initializeNode(config) {
@@ -103,7 +114,8 @@ function default_1(RED) {
                         case 'custom':
                             if (this.customFilter) {
                                 try {
-                                    const filter = JSON.parse(this.customFilter);
+                                    const parsed = JSON.parse(this.customFilter);
+                                    const filter = sanitizeFilterObject(parsed);
                                     shouldForward = Object.entries(filter).every(([key, value]) => {
                                         if (Array.isArray(value)) {
                                             return value.includes(event[key]);
@@ -147,7 +159,9 @@ function default_1(RED) {
                 case 'custom':
                     if (this.customFilter) {
                         try {
-                            Object.assign(filter, JSON.parse(this.customFilter));
+                            const parsed = JSON.parse(this.customFilter);
+                            const validated = sanitizeFilterObject(parsed);
+                            Object.assign(filter, validated);
                         }
                         catch (err) {
                             this.error("Invalid custom filter: " + err.message);

package/dist/nodes/nostr-relay-config/nostr-relay-config.d.ts

@@ -1,9 +1,13 @@
 import { Node, NodeAPI } from 'node-red';
 import type { NostrWSClient } from 'nostr-websocket-utils';
-export interface NostrRelayConfig extends Node {
+interface NostrRelayConfigCredentials {
+    privateKey?: string;
+}
+export interface NostrRelayConfig extends Node<NostrRelayConfigCredentials> {
     relay: string;
     publicKey?: string;
     privateKey?: string;
     _ws?: NostrWSClient;
 }
 export default function (RED: NodeAPI): void;
+export {};

package/dist/nodes/nostr-relay-config/nostr-relay-config.js

@@ -35,13 +35,25 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = default_1;
 const keys_js_1 = require("../../crypto/keys.js");
+const validation_js_1 = require("../../utils/validation.js");
 function default_1(RED) {
     // Create a function to initialize the node
     async function initializeNode(config) {
         RED.nodes.createNode(this, config);
-        this.relay = config.relay;
+        // Validate relay URL before accepting
+        if (config.relay) {
+            if (!validation_js_1.Validation.isValidRelayUrl(config.relay)) {
+                this.error('Invalid relay URL: must use ws:// or wss:// protocol and be a valid URL');
+                return;
+            }
+            this.relay = config.relay;
+        }
+        else {
+            this.error('Relay URL is required');
+            return;
+        }
         this.publicKey = config.publicKey;
-        this.privateKey = config.privateKey;
+        this.privateKey = this.credentials?.privateKey;
         // Set up keys based on mode
         if (this.publicKey && this.privateKey) {
             try {
@@ -53,9 +65,10 @@ function default_1(RED) {
             }
         }
         else {
-            // Use default reader keys
-            this.publicKey = keys_js_1.DEFAULT_READER_KEYS.publicKey;
-            this.privateKey = keys_js_1.DEFAULT_READER_KEYS.privateKey;
+            // Generate ephemeral reader keys
+            const readerKeys = await (0, keys_js_1.getDefaultReaderKeys)();
+            this.publicKey = readerKeys.publicKey;
+            this.privateKey = readerKeys.privateKey;
         }
         try {
             // Dynamically import ESM dependency
@@ -92,10 +105,14 @@ function default_1(RED) {
         }
     }
     // Register the node
-    RED.nodes.registerType("nostr-relay-config", function (config) {
+    RED.nodes.registerType("nostr-relay-config", (function (config) {
         // Initialize asynchronously
         initializeNode.call(this, config).catch((err) => {
             this.error("Failed to initialize node: " + err.message);
         });
+    }), {
+        credentials: {
+            privateKey: { type: "password" }
+        }
     });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "node-red-contrib-nostr",
-    "version": "0.1.3",
+    "version": "0.2.0",
     "description": "Node-RED nodes for seamless Nostr protocol integration. Features robust WebSocket handling, event filtering, and NPUB-based routing. Built with TypeScript for type safety and extensive testing. Perfect for Nostr automation flows.",
     "author": "vveerrgg",
     "type": "commonjs",
@@ -49,11 +49,11 @@
         }
     },
     "dependencies": {
-        "@noble/hashes": "^1.8.0",
-        "@noble/secp256k1": "^2.3.0",
+        "@noble/curves": "^2.0.1",
+        "@noble/hashes": "^2.0.1",
         "bech32": "^2.0.0",
-        "nostr-tools": "^1.17.0",
-        "nostr-websocket-utils": "^0.3.13",
+        "nostr-tools": "^2.23.3",
+        "nostr-websocket-utils": "^0.4.0",
         "ws": "^8.19.0"
     },
     "devDependencies": {
@@ -63,16 +63,16 @@
         "@types/ws": "^8.18.1",
         "@typescript-eslint/eslint-plugin": "^8.56.0",
         "@typescript-eslint/parser": "^8.56.0",
-        "@vitest/coverage-v8": "^3.2.4",
-        "@vitest/ui": "^3.2.4",
+        "@vitest/coverage-v8": "^4.0.18",
+        "@vitest/ui": "^4.0.18",
         "eslint": "^10.0.1",
         "node-red": "^4.1.5",
         "node-red-node-test-helper": "^0.3.6",
         "typescript": "^5.9.3",
-        "vitest": "^3.2.4"
+        "vitest": "^4.0.18"
     },
     "engines": {
-        "node": ">=14.0.0"
+        "node": ">=18.0.0"
     },
     "repository": {
         "type": "git",