signet-login 0.3.0 → 0.5.0

package/dist/modal.js

@@ -5,11 +5,12 @@
  * top-layer placement, theme-aware colours, no third-party UI deps.
  */
 import { DEFAULTS } from './types.js';
-import { hasNip07, createNip07Signer, createBunkerSigner, EphemeralSigner } from './signers.js';
+import { hasNip07, createNip07Signer, createBunkerSigner, EphemeralSigner, createLocalSignerFromNsec } from './signers.js';
 import { waitForAuthResponse } from 'signet-verify';
 import { schnorr } from '@noble/curves/secp256k1';
 import { bytesToHex } from '@noble/hashes/utils';
 import { startRedirect } from './redirect.js';
+import QRCode from 'qrcode';
 function escapeHtml(str) {
     return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
 }
@@ -68,6 +69,7 @@ function renderPicker(refs, appName, theme) {
       <button data-choice="redirect" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🪪</span><span><strong>Sign in with Signet</strong><br><span style="font-size:0.8rem;color:${muted};">Open Signet on this device</span></span></button>
       <button data-choice="qr" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">📱</span><span><strong>Signet on another device</strong><br><span style="font-size:0.8rem;color:${muted};">Scan QR with your phone</span></span></button>
       <button data-choice="bunker" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🔑</span><span><strong>Paste bunker URI</strong><br><span style="font-size:0.8rem;color:${muted};">For NIP-46 power users</span></span></button>
+      <button data-choice="nsec" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">⚠️</span><span><strong>Paste private key</strong><br><span style="font-size:0.8rem;color:${muted};">In-memory only — risky, last resort</span></span></button>
     </div>
     <button data-choice="cancel" style="background:none;border:0;color:${muted};padding:12px;cursor:pointer;font-size:0.85rem;margin-top:8px;">Cancel</button>
   `;
@@ -183,9 +185,7 @@ async function runRedirectFlow(refs, opts) {
     <h2 style="margin:0 0 8px;font-size:1.2rem;">Sign in with Signet</h2>
     <p style="margin:0 0 16px;color:${muted};font-size:0.85rem;">Open the link on your phone, or scan the QR if rendered.</p>
     <div style="background:${dark ? '#0f0f1f' : '#f5f5f8'};border-radius:8px;padding:16px;margin-bottom:16px;">
-      <div id="signet-login-qr" style="width:200px;height:200px;margin:0 auto 12px;background:${dark ? '#1a1a2e' : '#ffffff'};border-radius:6px;display:flex;align-items:center;justify-content:center;color:${muted};font-size:0.8rem;text-align:center;padding:12px;box-sizing:border-box;">
-        QR placeholder<br><span style="font-size:0.7rem;">(bundle qr lib for production)</span>
-      </div>
+      <canvas id="signet-login-qr" width="200" height="200" style="display:block;width:200px;height:200px;margin:0 auto 12px;background:#ffffff;border-radius:6px;box-sizing:border-box;"></canvas>
       <a href="${escapeHtml(authUrl)}" target="_blank" rel="noopener" style="display:block;color:#5b6dff;font-size:0.75rem;word-break:break-all;text-decoration:none;">${escapeHtml(authUrl.slice(0, 80))}…</a>
     </div>
     <p id="signet-login-status" style="margin:0 0 12px;color:${muted};font-size:0.85rem;">Waiting for approval…</p>
@@ -194,6 +194,21 @@ async function runRedirectFlow(refs, opts) {
       <button data-action="cancel" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">Cancel</button>
     </div>
   `;
+    // Render the auth URL into the QR canvas. Async, but the dialog has already
+    // surfaced the visible link as a fallback so a slow encode doesn't block UX.
+    // M error correction tolerates ~15% damage — comfortable for camera scans.
+    const qrCanvas = refs.dialog.querySelector('#signet-login-qr');
+    if (qrCanvas) {
+        void QRCode.toCanvas(qrCanvas, authUrl, {
+            width: 200,
+            margin: 1,
+            errorCorrectionLevel: 'M',
+            color: { dark: '#0a0418', light: '#ffffff' },
+        }).catch(() => {
+            // Encoding failure (URL too long for QR L-Q levels, canvas inaccessible)
+            // — the visible link below the canvas still gets the user across.
+        });
+    }
     return new Promise(resolve => {
         let settled = false;
         const settle = (v) => {
@@ -294,6 +309,63 @@ async function runBunkerFlow(refs, opts) {
         });
     });
 }
+// ── Paste nsec (in-memory only) ───────────────────────────────────────────────
+async function runNsecFlow(refs, opts) {
+    const dark = isDarkMode(opts.theme);
+    const muted = dark ? '#888' : '#666';
+    const inputBg = dark ? '#0f0f1f' : '#f5f5f8';
+    const inputFg = dark ? '#e0e0e0' : '#1a1a2e';
+    void opts;
+    refs.dialog.innerHTML = `
+    <h2 style="margin:0 0 8px;font-size:1.2rem;">Paste private key</h2>
+    <p style="margin:0 0 12px;color:#d04848;font-size:0.85rem;font-weight:600;">⚠️ Last-resort method — only paste keys you can afford to lose.</p>
+    <p style="margin:0 0 16px;color:${muted};font-size:0.8rem;line-height:1.4;">Held in memory for this session only. Cleared on page reload. Prefer a browser extension or bunker URI for any key with real value.</p>
+    <textarea id="signet-login-nsec-input" placeholder="nsec1..." rows="2" autocomplete="off" autocapitalize="off" autocorrect="off" spellcheck="false" style="width:100%;background:${inputBg};color:${inputFg};border:1px solid ${dark ? '#3a3a4e' : '#d0d0d0'};border-radius:8px;padding:10px;font-size:0.85rem;font-family:ui-monospace,monospace;box-sizing:border-box;resize:vertical;margin-bottom:12px;-webkit-text-security:disc;text-security:disc;"></textarea>
+    <p id="signet-login-nsec-status" style="margin:0 0 12px;color:${muted};font-size:0.85rem;min-height:1.2em;"></p>
+    <div style="display:flex;gap:8px;justify-content:space-between;">
+      <button data-action="back" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">← Back</button>
+      <button data-action="connect" style="${buttonStyle(dark, true)}width:auto;flex:1;padding:8px 16px;text-align:center;">Sign in</button>
+    </div>
+  `;
+    return new Promise(resolve => {
+        let settled = false;
+        const settle = (v) => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(v);
+        };
+        const input = refs.dialog.querySelector('#signet-login-nsec-input');
+        const status = refs.dialog.querySelector('#signet-login-nsec-status');
+        const connectBtn = refs.dialog.querySelector('[data-action="connect"]');
+        refs.dialog.querySelector('[data-action="back"]')?.addEventListener('click', () => {
+            if (input)
+                input.value = '';
+            settle(null);
+        });
+        connectBtn?.addEventListener('click', () => {
+            const value = input?.value ?? '';
+            if (!value.trim()) {
+                if (status)
+                    status.textContent = 'Please paste an nsec.';
+                return;
+            }
+            try {
+                const signer = createLocalSignerFromNsec(value);
+                // Wipe the textarea ASAP — the key is now in the signer.
+                if (input)
+                    input.value = '';
+                settle(signer);
+            }
+            catch (err) {
+                if (status) {
+                    status.textContent = `✗ ${err instanceof Error ? err.message : String(err)}`;
+                    status.style.color = '#d04848';
+                }
+            }
+        });
+    });
+}
 function resolveOptions(opts) {
     const challenge = opts.challenge ?? generateChallenge();
     if (!/^[0-9a-f]{64}$/i.test(challenge))
@@ -411,6 +483,29 @@ export async function showLoginModal(opts) {
                     authEvent,
                 };
             }
+            if (choice === 'nsec') {
+                const signer = await runNsecFlow(refs, resolved);
+                if (!signer) {
+                    if (resolved.preferredMethod)
+                        return null;
+                    continue;
+                }
+                const authEvent = await signer.signEvent({
+                    kind: 21236,
+                    content: '',
+                    tags: [
+                        ['challenge', resolved.challenge],
+                        ['origin', resolved.origin],
+                        ['app', resolved.appName],
+                    ],
+                });
+                return {
+                    pubkey: signer.pubkey,
+                    method: 'nsec',
+                    signer,
+                    authEvent,
+                };
+            }
             // Unknown choice — restart picker
         }
     }

package/dist/signers.d.ts

@@ -65,6 +65,28 @@ export declare function createBunkerSigner(input: {
 }): Promise<BunkerSignerImpl>;
 /** Generate a 32-byte secret key. */
 export declare function generateSecretKey(): Uint8Array;
+/**
+ * Holds a 32-byte private key in memory, signs locally with schnorr, exposes
+ * NIP-44 via nostr-tools. The key is never persisted by this signer — the SDK
+ * will not call any storage write for an nsec session, so reloads land back
+ * on the picker. The consumer must surface the security trade-off in the UI.
+ */
+export declare class LocalSigner implements SignetSigner {
+    readonly pubkey: string;
+    private readonly privkey;
+    readonly method: "nsec";
+    readonly capabilities: SignerCapabilities;
+    readonly nip44: SignetSigner['nip44'];
+    constructor(pubkey: string, privkey: Uint8Array);
+    signEvent(template: EventTemplate): Promise<NostrEvent>;
+    close(): Promise<void>;
+}
+/**
+ * Decode a bech32 nsec into a LocalSigner. Accepts either the `nsec1...`
+ * prefix or a raw 64-char hex private key for power-user paste paths.
+ * Throws on any malformed input — caller surfaces the error to the user.
+ */
+export declare function createLocalSignerFromNsec(input: string): LocalSigner;
 /**
  * Auth-only signer returned by the redirect/QR flow before Option B is built.
  * Holds the signed challenge but cannot sign further events.

package/dist/signers.js

@@ -6,6 +6,9 @@
  *   EphemeralSigner   — auth-only fallback when only the redirect signature is available
  */
 import { BunkerSigner, parseBunkerInput } from 'nostr-tools/nip46';
+import { finalizeEvent, getPublicKey } from 'nostr-tools/pure';
+import { decode as nip19Decode } from 'nostr-tools/nip19';
+import { encrypt as nip44Encrypt, decrypt as nip44Decrypt, getConversationKey } from 'nostr-tools/nip44';
 /** Returns true if a NIP-07 extension is present on the page. */
 export function hasNip07() {
     return typeof window !== 'undefined' && !!window.nostr && typeof window.nostr.signEvent === 'function';
@@ -106,6 +109,70 @@ export function generateSecretKey() {
     crypto.getRandomValues(sk);
     return sk;
 }
+// ── nsec (local privkey, in-memory only) ─────────────────────────────────────
+/**
+ * Holds a 32-byte private key in memory, signs locally with schnorr, exposes
+ * NIP-44 via nostr-tools. The key is never persisted by this signer — the SDK
+ * will not call any storage write for an nsec session, so reloads land back
+ * on the picker. The consumer must surface the security trade-off in the UI.
+ */
+export class LocalSigner {
+    constructor(pubkey, privkey) {
+        this.pubkey = pubkey;
+        this.privkey = privkey;
+        this.method = 'nsec';
+        this.capabilities = { canSignEvents: true, hasNip44: true };
+        this.nip44 = {
+            encrypt: async (peer, pt) => nip44Encrypt(pt, getConversationKey(this.privkey, peer)),
+            decrypt: async (peer, ct) => nip44Decrypt(ct, getConversationKey(this.privkey, peer)),
+        };
+    }
+    async signEvent(template) {
+        const filled = {
+            kind: template.kind,
+            content: template.content,
+            created_at: template.created_at ?? Math.floor(Date.now() / 1000),
+            tags: template.tags ?? [],
+        };
+        return finalizeEvent(filled, this.privkey);
+    }
+    async close() {
+        // Best-effort wipe — the engine may already have copies in CoW pages, but
+        // zeroing here at least gives a consistent shape with bunker.close().
+        this.privkey.fill(0);
+    }
+}
+/**
+ * Decode a bech32 nsec into a LocalSigner. Accepts either the `nsec1...`
+ * prefix or a raw 64-char hex private key for power-user paste paths.
+ * Throws on any malformed input — caller surfaces the error to the user.
+ */
+export function createLocalSignerFromNsec(input) {
+    const trimmed = input.trim();
+    if (!trimmed)
+        throw new Error('empty-nsec');
+    let sk;
+    if (trimmed.startsWith('nsec1')) {
+        const decoded = nip19Decode(trimmed);
+        if (decoded.type !== 'nsec')
+            throw new Error('not-an-nsec');
+        sk = decoded.data;
+    }
+    else if (/^[0-9a-f]{64}$/i.test(trimmed)) {
+        sk = new Uint8Array(32);
+        for (let i = 0; i < 32; i++)
+            sk[i] = parseInt(trimmed.slice(i * 2, i * 2 + 2), 16);
+    }
+    else {
+        throw new Error('invalid-nsec-format');
+    }
+    if (sk.length !== 32)
+        throw new Error('invalid-nsec-length');
+    const pubkey = getPublicKey(sk);
+    if (!/^[0-9a-f]{64}$/i.test(pubkey))
+        throw new Error('invalid-pubkey-from-nsec');
+    return new LocalSigner(pubkey.toLowerCase(), sk);
+}
 // ── Ephemeral (redirect-only) ─────────────────────────────────────────────────
 /**
  * Auth-only signer returned by the redirect/QR flow before Option B is built.