nostr-double-ratchet 0.0.6 → 0.0.8

package/src/Channel.ts

@@ -6,7 +6,7 @@ import {
   Unsubscribe,
   NostrSubscribe,
   MessageCallback,
-  EVENT_KIND,
+  MESSAGE_EVENT_KIND,
 } from "./types";
 import { kdf, skippedMessageIndexKey } from "./utils";
 
@@ -62,6 +62,7 @@ export class Channel {
       receivingChainMessageNumber: 0,
       previousSendingChainMessageCount: 0,
       skippedMessageKeys: {},
+      skippedHeaderKeys: {},
     };
     const channel = new Channel(nostrSubscribe, state);
     if (name) channel.name = name;
@@ -86,7 +87,7 @@ export class Channel {
     
     const nostrEvent = finalizeEvent({
       content: encryptedData,
-      kind: EVENT_KIND,
+      kind: MESSAGE_EVENT_KIND,
       tags: [["header", encryptedHeader]],
       created_at: Math.floor(Date.now() / 1000)
     }, this.state.ourCurrentNostrKey.privateKey);
@@ -106,6 +107,14 @@ export class Channel {
     return () => this.internalSubscriptions.delete(id)
   }
 
+  /**
+   * Stop listening to incoming messages
+   */
+  close() {
+    this.nostrUnsubscribe?.();
+    this.nostrNextUnsubscribe?.();
+  }
+
   // 2. RATCHET FUNCTIONS
   private ratchetEncrypt(plaintext: string): [Header, string] {
     const [newSendingChainKey, messageKey] = kdf(this.state.sendingChainKey!, new Uint8Array([1]), 2);
@@ -176,6 +185,18 @@ export class Channel {
       this.state.receivingChainKey = newReceivingChainKey;
       const key = skippedMessageIndexKey(nostrSender, this.state.receivingChainMessageNumber);
       this.state.skippedMessageKeys[key] = messageKey;
+      
+      if (!this.state.skippedHeaderKeys[nostrSender]) {
+        const secrets: Uint8Array[] = [];
+        if (this.state.ourCurrentNostrKey) {
+          const currentSecret = nip44.getConversationKey(this.state.ourCurrentNostrKey.privateKey, nostrSender);
+          secrets.push(currentSecret);
+        }
+        const nextSecret = nip44.getConversationKey(this.state.ourNextNostrKey.privateKey, nostrSender);
+        secrets.push(nextSecret);
+        this.state.skippedHeaderKeys[nostrSender] = secrets;
+      }
+      
       this.state.receivingChainMessageNumber++;
     }
   }
@@ -185,19 +206,29 @@ export class Channel {
     if (key in this.state.skippedMessageKeys) {
       const mk = this.state.skippedMessageKeys[key];
       delete this.state.skippedMessageKeys[key];
+      
+      // Check if we have any remaining skipped messages from this sender
+      const hasMoreSkippedMessages = Object.keys(this.state.skippedMessageKeys).some(k => k.startsWith(`${nostrSender}:`));
+      if (!hasMoreSkippedMessages) {
+        // Clean up header keys and unsubscribe as no more skipped messages from this sender
+        delete this.state.skippedHeaderKeys[nostrSender];
+        this.nostrUnsubscribe?.();
+        this.nostrUnsubscribe = undefined;
+      }
+      
       return nip44.decrypt(ciphertext, mk);
     }
     return null;
   }
 
   // 4. NOSTR EVENT HANDLING
-  private decryptHeader(event: any): [Header, boolean] {
+  private decryptHeader(event: any): [Header, boolean, boolean] {
     const encryptedHeader = event.tags[0][1];
     if (this.state.ourCurrentNostrKey) {
       const currentSecret = nip44.getConversationKey(this.state.ourCurrentNostrKey.privateKey, event.pubkey);
       try {
         const header = JSON.parse(nip44.decrypt(encryptedHeader, currentSecret)) as Header;
-        return [header, false];
+        return [header, false, false];
       } catch (error) {
         // Decryption with currentSecret failed, try with nextSecret
       }
@@ -206,32 +237,49 @@ export class Channel {
     const nextSecret = nip44.getConversationKey(this.state.ourNextNostrKey.privateKey, event.pubkey);
     try {
       const header = JSON.parse(nip44.decrypt(encryptedHeader, nextSecret)) as Header;
-      return [header, true];
+      return [header, true, false];
     } catch (error) {
       // Decryption with nextSecret also failed
     }
 
-    throw new Error("Failed to decrypt header with both current and next secrets");
+    const keys = this.state.skippedHeaderKeys[event.pubkey];
+    if (keys) {
+      for (const key of keys) {
+        try {
+          const header = JSON.parse(nip44.decrypt(encryptedHeader, key)) as Header;
+          return [header, false, true];
+        } catch (error) {
+          // Decryption failed, try next secret
+        }
+      }
+    }
 
-    // what if it was a skipped message? need to store our old private keys for that?
+    throw new Error("Failed to decrypt header with current and skipped header keys");
   }
 
   private handleNostrEvent(e: any) {
-    const [header, shouldRatchet] = this.decryptHeader(e);
+    const [header, shouldRatchet, isSkipped] = this.decryptHeader(e);
 
-    if (this.state.theirNostrPublicKey !== header.nextPublicKey) {
-      this.state.theirNostrPublicKey = header.nextPublicKey;
-      this.nostrUnsubscribe?.(); // should we keep this open for a while? maybe as long as we have skipped messages?
-      this.nostrUnsubscribe = this.nostrNextUnsubscribe;
-      this.nostrNextUnsubscribe = this.nostrSubscribe(
-        {authors: [this.state.theirNostrPublicKey], kinds: [EVENT_KIND]},
-        (e) => this.handleNostrEvent(e)
-      );
-    }
-
-    if (shouldRatchet) {
-      this.skipMessageKeys(header.previousChainLength, e.pubkey);
-      this.ratchetStep(header.nextPublicKey);
+    if (!isSkipped) {
+      if (this.state.theirNostrPublicKey !== header.nextPublicKey) {
+        this.state.theirNostrPublicKey = header.nextPublicKey;
+        this.nostrUnsubscribe?.(); // should we keep this open for a while? maybe as long as we have skipped messages?
+        this.nostrUnsubscribe = this.nostrNextUnsubscribe;
+        this.nostrNextUnsubscribe = this.nostrSubscribe(
+          {authors: [this.state.theirNostrPublicKey], kinds: [MESSAGE_EVENT_KIND]},
+          (e) => this.handleNostrEvent(e)
+        );
+      }
+  
+      if (shouldRatchet) {
+        this.skipMessageKeys(header.previousChainLength, e.pubkey);
+        this.ratchetStep(header.nextPublicKey);
+      }
+    } else {
+      const key = skippedMessageIndexKey(e.pubkey, header.number);
+      if (!(key in this.state.skippedMessageKeys)) {
+        return // maybe we already processed this message
+      }
     }
 
     const data = this.ratchetDecrypt(header, e.content, e.pubkey);
@@ -242,24 +290,16 @@ export class Channel {
   private subscribeToNostrEvents() {
     if (this.nostrNextUnsubscribe) return;
     this.nostrNextUnsubscribe = this.nostrSubscribe(
-      {authors: [this.state.theirNostrPublicKey], kinds: [EVENT_KIND]},
+      {authors: [this.state.theirNostrPublicKey], kinds: [MESSAGE_EVENT_KIND]},
       (e) => this.handleNostrEvent(e)
     );
-    
-    // Subscribe to all public keys from skipped messages
-    const uniquePublicKeys = new Set<string>();
-    for (const key of Object.keys(this.state.skippedMessageKeys)) {
-      const [pubkey] = key.split(':');
-      if (pubkey !== this.state.theirNostrPublicKey) {
-        uniquePublicKeys.add(pubkey);
-      }
-    }
 
-    if (uniquePublicKeys.size > 0) {
+    const skippedSenders = Object.keys(this.state.skippedHeaderKeys);
+    if (skippedSenders.length > 0) {
       // do we want this unsubscribed on rotation or should we keep it open
       // in case more skipped messages are found by relays or peers?
       this.nostrUnsubscribe = this.nostrSubscribe(
-        {authors: Array.from(uniquePublicKeys), kinds: [EVENT_KIND]},
+        {authors: skippedSenders, kinds: [MESSAGE_EVENT_KIND]},
         (e) => this.handleNostrEvent(e)
       );
     }

package/src/{InviteLink.ts → Invite.ts}

@@ -1,8 +1,8 @@
-import { generateSecretKey, getPublicKey, nip44, finalizeEvent, VerifiedEvent, nip19 } from "nostr-tools";
-import { NostrSubscribe, Unsubscribe } from "./types";
+import { generateSecretKey, getPublicKey, nip44, finalizeEvent, VerifiedEvent, nip19, UnsignedEvent, verifyEvent } from "nostr-tools";
+import { INVITE_EVENT_KIND, NostrSubscribe, Unsubscribe } from "./types";
 import { getConversationKey } from "nostr-tools/nip44";
 import { Channel } from "./Channel";
-import { EVENT_KIND } from "./types";
+import { MESSAGE_EVENT_KIND } from "./types";
 import { EncryptFunction, DecryptFunction } from "./types";
 import { hexToBytes, bytesToHex } from "@noble/hashes/utils";
 
@@ -17,7 +17,7 @@ import { hexToBytes, bytesToHex } from "@noble/hashes/utils";
  * 
  * Also make sure to keep the session key safe.
  */
-export class InviteLink {
+export class Invite {
     constructor(
         public inviterSessionPublicKey: string,
         public linkSecret: string,
@@ -28,11 +28,11 @@ export class InviteLink {
         public usedBy: string[] = [],
     ) {}
 
-    static createNew(inviter: string, label?: string, maxUses?: number): InviteLink {
+    static createNew(inviter: string, label?: string, maxUses?: number): Invite {
         const inviterSessionPrivateKey = generateSecretKey();
         const inviterSessionPublicKey = getPublicKey(inviterSessionPrivateKey);
         const linkSecret = bytesToHex(generateSecretKey());
-        return new InviteLink(
+        return new Invite(
             inviterSessionPublicKey,
             linkSecret,
             inviter,
@@ -42,7 +42,7 @@ export class InviteLink {
         );
     }
 
-    static fromUrl(url: string): InviteLink {
+    static fromUrl(url: string): Invite {
         const parsedUrl = new URL(url);
         const rawHash = parsedUrl.hash.slice(1);
         if (!rawHash) {
@@ -72,16 +72,16 @@ export class InviteLink {
             throw new Error("Decoded session key is not a string");
         }
 
-        return new InviteLink(
+        return new Invite(
             decodedSessionKey.data,
             linkSecret,
             decodedInviter.data
         );
     }
 
-    static deserialize(json: string): InviteLink {
+    static deserialize(json: string): Invite {
         const data = JSON.parse(json);
-        return new InviteLink(
+        return new Invite(
             data.inviterSessionPublicKey,
             data.linkSecret,
             data.inviter,
@@ -92,6 +92,56 @@ export class InviteLink {
         );
     }
 
+    static fromEvent(event: VerifiedEvent): Invite {
+        if (!event.sig) {
+            throw new Error("Event is not signed");
+        }
+        if (!verifyEvent(event)) {
+            throw new Error("Event signature is invalid");
+        }
+        const { tags } = event;
+        const inviterSessionPublicKey = tags.find(([key]) => key === 'sessionKey')?.[1];
+        const linkSecret = tags.find(([key]) => key === 'linkSecret')?.[1];
+        const inviter = event.pubkey;
+
+        if (!inviterSessionPublicKey || !linkSecret) {
+            throw new Error("Invalid invite event: missing session key or link secret");
+        }
+
+        return new Invite(
+            inviterSessionPublicKey,
+            linkSecret,
+            inviter
+        );
+    }
+
+    static fromUser(user: string, subscribe: NostrSubscribe): Promise<Invite | undefined> {
+        const filter = {
+            kinds: [INVITE_EVENT_KIND],
+            pubkey: user,
+            limit: 1,
+            "#d": ["nostr-double-ratchet/invite"],
+        };
+        return new Promise((resolve) => {
+            const unsub = subscribe(filter, (event) => {
+                try {
+                    const inviteLink = Invite.fromEvent(event);
+                    unsub();
+                    resolve(inviteLink);
+                } catch (error) {
+                    unsub();
+                    resolve(undefined);
+                }
+            });
+
+            // Set timeout to unsubscribe and return undefined after 10 seconds
+            setTimeout(() => {
+                unsub();
+                resolve(undefined);
+            }, 10000);
+        });
+    }
+
     serialize(): string {
         return JSON.stringify({
             inviterSessionPublicKey: this.inviterSessionPublicKey,
@@ -116,6 +166,16 @@ export class InviteLink {
         return url.toString();
     }
 
+    getEvent(): UnsignedEvent {
+        return {
+            kind: INVITE_EVENT_KIND,
+            pubkey: this.inviter,
+            content: "",
+            created_at: Math.floor(Date.now() / 1000),
+            tags: [['sessionKey', this.inviterSessionPublicKey], ['linkSecret', this.linkSecret], ['d', 'nostr-double-ratchet/invite']],
+        };
+    }
+
     /**
      * Accepts the invite and creates a new channel with the inviter.
      * 
@@ -131,7 +191,7 @@ export class InviteLink {
      * Note: You need to publish the returned event on Nostr using NDK or another Nostr system of your choice,
      * so the inviter can create the channel on their side.
      */
-    async acceptInvite(
+    async accept(
         nostrSubscribe: NostrSubscribe,
         inviteePublicKey: string,
         inviteeSecretKey: Uint8Array | EncryptFunction,
@@ -159,7 +219,7 @@ export class InviteLink {
         };
 
         const envelope = {
-            kind: EVENT_KIND,
+            kind: MESSAGE_EVENT_KIND,
             pubkey: randomSenderPublicKey,
             content: nip44.encrypt(JSON.stringify(innerEvent), getConversationKey(randomSenderKey, this.inviterSessionPublicKey)),
             created_at: Math.floor(Date.now() / 1000),
@@ -175,7 +235,7 @@ export class InviteLink {
         }
         
         const filter = {
-            kinds: [EVENT_KIND],
+            kinds: [MESSAGE_EVENT_KIND],
             '#p': [this.inviterSessionPublicKey],
         };
 

package/src/index.ts

@@ -1,4 +1,4 @@
 export * from "./Channel"
-export * from "./InviteLink"
+export * from "./Invite"
 export * from "./types"
 export * from "./utils"

package/src/types.ts

@@ -1,4 +1,4 @@
-import { VerifiedEvent } from "nostr-tools";
+import { Filter, UnsignedEvent, VerifiedEvent } from "nostr-tools";
 
 /**
  * An event that has been verified to be from the Nostr network.
@@ -17,11 +17,6 @@ export type Header = {
   time: number;
 }
 
-export type NostrFilter = {
-  authors?: string[];
-  kinds?: number[];
-}
-
 /**
  * A keypair used for encryption and decryption.
  */
@@ -63,6 +58,9 @@ export interface ChannelState {
   
   /** Cache of message keys for handling out-of-order messages */
   skippedMessageKeys: Record<string, Uint8Array>;
+
+  /** Cache of header keys for handling out-of-order messages */
+  skippedHeaderKeys: Record<string, Uint8Array[]>;
 }
 
 /**
@@ -73,7 +71,7 @@ export type Unsubscribe = () => void;
 /** 
  * Function that subscribes to Nostr events matching a filter and calls onEvent for each event.
  */
-export type NostrSubscribe = (filter: NostrFilter, onEvent: (e: VerifiedEvent) => void) => Unsubscribe;
+export type NostrSubscribe = (filter: Filter, onEvent: (e: VerifiedEvent) => void) => Unsubscribe;
 
 /** 
  * Callback function for handling decrypted messages
@@ -81,7 +79,8 @@ export type NostrSubscribe = (filter: NostrFilter, onEvent: (e: VerifiedEvent) =
  */
 export type MessageCallback = (message: Message) => void;
 
-export const EVENT_KIND = 4;
+export const MESSAGE_EVENT_KIND = 4;
+export const INVITE_EVENT_KIND = 30078;
 export const MAX_SKIP = 100;
 
 export type NostrEvent = {
@@ -100,4 +99,5 @@ export enum Sender {
 }
 
 export type EncryptFunction = (plaintext: string, pubkey: string) => Promise<string>;
-export type DecryptFunction = (ciphertext: string, pubkey: string) => Promise<string>;
+export type DecryptFunction = (ciphertext: string, pubkey: string) => Promise<string>;
+export type NostrPublish = (event: UnsignedEvent) => Promise<VerifiedEvent>;

package/src/utils.ts

@@ -27,6 +27,12 @@ export function serializeChannelState(state: ChannelState): string {
         bytesToHex(value),
       ])
     ),
+    skippedHeaderKeys: Object.fromEntries(
+      Object.entries(state.skippedHeaderKeys).map(([key, value]) => [
+        key,
+        value.map(bytes => bytesToHex(bytes))
+      ])
+    ),
   });
 }
 
@@ -54,6 +60,12 @@ export function deserializeChannelState(data: string): ChannelState {
         hexToBytes(value as string),
       ])
     ),
+    skippedHeaderKeys: Object.fromEntries(
+      Object.entries(state.skippedHeaderKeys || {}).map(([key, value]) => [
+        key,
+        (value as string[]).map(hex => hexToBytes(hex))
+      ])
+    ),
   };
 }
 

package/dist/InviteLink.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"InviteLink.d.ts","sourceRoot":"","sources":["../src/InviteLink.ts"],"names":[],"mappings":"AAAA,OAAO,EAAyD,aAAa,EAAS,MAAM,aAAa,CAAC;AAC1G,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAG3D;;;;;;;;;;GAUG;AACH,qBAAa,UAAU;IAER,uBAAuB,EAAE,MAAM;IAC/B,UAAU,EAAE,MAAM;IAClB,OAAO,EAAE,MAAM;IACf,wBAAwB,CAAC,EAAE,UAAU;IACrC,KAAK,CAAC,EAAE,MAAM;IACd,OAAO,CAAC,EAAE,MAAM;IAChB,MAAM,EAAE,MAAM,EAAE;gBANhB,uBAAuB,EAAE,MAAM,EAC/B,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,wBAAwB,CAAC,EAAE,UAAU,YAAA,EACrC,KAAK,CAAC,EAAE,MAAM,YAAA,EACd,OAAO,CAAC,EAAE,MAAM,YAAA,EAChB,MAAM,GAAE,MAAM,EAAO;IAGhC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU;IAc/E,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;IAqCvC,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU;IAa5C,SAAS,IAAI,MAAM;IAYnB,MAAM,CAAC,IAAI,SAAoB;IAY/B;;;;;;;;;;;;;;OAcG;IACG,YAAY,CACd,cAAc,EAAE,cAAc,EAC9B,gBAAgB,EAAE,MAAM,EACxB,gBAAgB,EAAE,UAAU,GAAG,eAAe,GAC/C,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,aAAa,CAAA;KAAE,CAAC;IAkCtD,MAAM,CAAC,gBAAgB,EAAE,UAAU,GAAG,eAAe,EAAE,cAAc,EAAE,cAAc,EAAE,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,MAAM,KAAK,IAAI,GAAG,WAAW;CAoChK"}