signet-login 0.4.0 → 0.6.0

package/dist/modal.js

@@ -5,7 +5,7 @@
  * top-layer placement, theme-aware colours, no third-party UI deps.
  */
 import { DEFAULTS } from './types.js';
-import { hasNip07, createNip07Signer, createBunkerSigner, EphemeralSigner } from './signers.js';
+import { hasNip07, createNip07Signer, createBunkerSigner, createBunkerSignerFromNostrConnect, buildNostrConnectUri, EphemeralSigner, createLocalSignerFromNsec } from './signers.js';
 import { waitForAuthResponse } from 'signet-verify';
 import { schnorr } from '@noble/curves/secp256k1';
 import { bytesToHex } from '@noble/hashes/utils';
@@ -69,6 +69,8 @@ function renderPicker(refs, appName, theme) {
       <button data-choice="redirect" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🪪</span><span><strong>Sign in with Signet</strong><br><span style="font-size:0.8rem;color:${muted};">Open Signet on this device</span></span></button>
       <button data-choice="qr" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">📱</span><span><strong>Signet on another device</strong><br><span style="font-size:0.8rem;color:${muted};">Scan QR with your phone</span></span></button>
       <button data-choice="bunker" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🔑</span><span><strong>Paste bunker URI</strong><br><span style="font-size:0.8rem;color:${muted};">For NIP-46 power users</span></span></button>
+      <button data-choice="nostrconnect" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">📡</span><span><strong>Connect a Nostr signer</strong><br><span style="font-size:0.8rem;color:${muted};">Scan with nsec.app, Amber, Keychat…</span></span></button>
+      <button data-choice="nsec" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">⚠️</span><span><strong>Paste private key</strong><br><span style="font-size:0.8rem;color:${muted};">In-memory only — risky, last resort</span></span></button>
     </div>
     <button data-choice="cancel" style="background:none;border:0;color:${muted};padding:12px;cursor:pointer;font-size:0.85rem;margin-top:8px;">Cancel</button>
   `;
@@ -308,6 +310,142 @@ async function runBunkerFlow(refs, opts) {
         });
     });
 }
+// ── Connect a Nostr signer (NostrConnect URI, app-initiated NIP-46) ──────────
+/**
+ * App-initiated NIP-46. Mirror image of bunker URI: instead of the user
+ * pasting a bunker URI from their signer, we generate a `nostrconnect://`
+ * URI and the user scans it with their signer (nsec.app, Amber, Keychat…).
+ * The signer connects to our chosen relay and signs ad-hoc from there.
+ */
+async function runNostrConnectFlow(refs, opts) {
+    const dark = isDarkMode(opts.theme);
+    const muted = dark ? '#888' : '#666';
+    const sk = schnorr.utils.randomPrivateKey();
+    const clientPubkey = bytesToHex(schnorr.getPublicKey(sk));
+    const secret = bytesToHex(schnorr.utils.randomPrivateKey()).slice(0, 32);
+    const uri = buildNostrConnectUri({
+        clientPubkeyHex: clientPubkey,
+        relayUrl: opts.relayUrl,
+        secret,
+        perms: ['sign_event', 'nip44_encrypt', 'nip44_decrypt'],
+        appName: opts.appName,
+        appUrl: opts.origin,
+    });
+    refs.dialog.innerHTML = `
+    <h2 style="margin:0 0 8px;font-size:1.2rem;">Connect a Nostr signer</h2>
+    <p style="margin:0 0 16px;color:${muted};font-size:0.85rem;">Scan or paste this into your signer (nsec.app, Amber, Keychat…). The connection happens over your relay.</p>
+    <div style="background:${dark ? '#0f0f1f' : '#f5f5f8'};border-radius:8px;padding:16px;margin-bottom:16px;">
+      <canvas id="signet-login-nc-qr" width="200" height="200" style="display:block;width:200px;height:200px;margin:0 auto 12px;background:#ffffff;border-radius:6px;box-sizing:border-box;"></canvas>
+      <button data-action="copy" style="${buttonStyle(dark)}width:auto;font-size:0.75rem;padding:6px 10px;margin:0 auto;display:block;">Copy URI</button>
+    </div>
+    <p id="signet-login-nc-status" style="margin:0 0 12px;color:${muted};font-size:0.85rem;">Waiting for signer to connect…</p>
+    <div style="display:flex;gap:8px;justify-content:space-between;">
+      <button data-action="back" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">← Back</button>
+      <button data-action="cancel" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">Cancel</button>
+    </div>
+  `;
+    const qrCanvas = refs.dialog.querySelector('#signet-login-nc-qr');
+    if (qrCanvas) {
+        void QRCode.toCanvas(qrCanvas, uri, {
+            width: 200, margin: 1, errorCorrectionLevel: 'M',
+            color: { dark: '#0a0418', light: '#ffffff' },
+        }).catch(() => { });
+    }
+    const copyBtn = refs.dialog.querySelector('[data-action="copy"]');
+    copyBtn?.addEventListener('click', () => {
+        void navigator.clipboard?.writeText(uri).then(() => {
+            copyBtn.textContent = 'Copied ✓';
+            window.setTimeout(() => { copyBtn.textContent = 'Copy URI'; }, 1500);
+        });
+    });
+    const ac = new AbortController();
+    const status = refs.dialog.querySelector('#signet-login-nc-status');
+    return new Promise(resolve => {
+        let settled = false;
+        const settle = (v) => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(v);
+        };
+        refs.dialog.querySelector('[data-action="back"]')?.addEventListener('click', () => {
+            ac.abort();
+            settle(null);
+        });
+        refs.dialog.querySelector('[data-action="cancel"]')?.addEventListener('click', () => {
+            ac.abort();
+            settle(null);
+        });
+        createBunkerSignerFromNostrConnect({ uri, clientSecretKey: sk, abortSignal: ac.signal })
+            .then(signer => settle(signer))
+            .catch(err => {
+            if (settled)
+                return; // already cancelled
+            if (status) {
+                status.textContent = `✗ ${err instanceof Error ? err.message : String(err)}`;
+                status.style.color = '#d04848';
+            }
+            // Don't auto-settle on error — user clicks Back/Cancel.
+        });
+    });
+}
+// ── Paste nsec (in-memory only) ───────────────────────────────────────────────
+async function runNsecFlow(refs, opts) {
+    const dark = isDarkMode(opts.theme);
+    const muted = dark ? '#888' : '#666';
+    const inputBg = dark ? '#0f0f1f' : '#f5f5f8';
+    const inputFg = dark ? '#e0e0e0' : '#1a1a2e';
+    void opts;
+    refs.dialog.innerHTML = `
+    <h2 style="margin:0 0 8px;font-size:1.2rem;">Paste private key</h2>
+    <p style="margin:0 0 12px;color:#d04848;font-size:0.85rem;font-weight:600;">⚠️ Last-resort method — only paste keys you can afford to lose.</p>
+    <p style="margin:0 0 16px;color:${muted};font-size:0.8rem;line-height:1.4;">Held in memory for this session only. Cleared on page reload. Prefer a browser extension or bunker URI for any key with real value.</p>
+    <textarea id="signet-login-nsec-input" placeholder="nsec1..." rows="2" autocomplete="off" autocapitalize="off" autocorrect="off" spellcheck="false" style="width:100%;background:${inputBg};color:${inputFg};border:1px solid ${dark ? '#3a3a4e' : '#d0d0d0'};border-radius:8px;padding:10px;font-size:0.85rem;font-family:ui-monospace,monospace;box-sizing:border-box;resize:vertical;margin-bottom:12px;-webkit-text-security:disc;text-security:disc;"></textarea>
+    <p id="signet-login-nsec-status" style="margin:0 0 12px;color:${muted};font-size:0.85rem;min-height:1.2em;"></p>
+    <div style="display:flex;gap:8px;justify-content:space-between;">
+      <button data-action="back" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">← Back</button>
+      <button data-action="connect" style="${buttonStyle(dark, true)}width:auto;flex:1;padding:8px 16px;text-align:center;">Sign in</button>
+    </div>
+  `;
+    return new Promise(resolve => {
+        let settled = false;
+        const settle = (v) => {
+            if (settled)
+                return;
+            settled = true;
+            resolve(v);
+        };
+        const input = refs.dialog.querySelector('#signet-login-nsec-input');
+        const status = refs.dialog.querySelector('#signet-login-nsec-status');
+        const connectBtn = refs.dialog.querySelector('[data-action="connect"]');
+        refs.dialog.querySelector('[data-action="back"]')?.addEventListener('click', () => {
+            if (input)
+                input.value = '';
+            settle(null);
+        });
+        connectBtn?.addEventListener('click', () => {
+            const value = input?.value ?? '';
+            if (!value.trim()) {
+                if (status)
+                    status.textContent = 'Please paste an nsec.';
+                return;
+            }
+            try {
+                const signer = createLocalSignerFromNsec(value);
+                // Wipe the textarea ASAP — the key is now in the signer.
+                if (input)
+                    input.value = '';
+                settle(signer);
+            }
+            catch (err) {
+                if (status) {
+                    status.textContent = `✗ ${err instanceof Error ? err.message : String(err)}`;
+                    status.style.color = '#d04848';
+                }
+            }
+        });
+    });
+}
 function resolveOptions(opts) {
     const challenge = opts.challenge ?? generateChallenge();
     if (!/^[0-9a-f]{64}$/i.test(challenge))
@@ -425,6 +563,56 @@ export async function showLoginModal(opts) {
                     authEvent,
                 };
             }
+            if (choice === 'nostrconnect') {
+                const signer = await runNostrConnectFlow(refs, resolved);
+                if (!signer) {
+                    if (resolved.preferredMethod)
+                        return null;
+                    continue;
+                }
+                const authEvent = await signer.signEvent({
+                    kind: 21236,
+                    content: '',
+                    tags: [
+                        ['challenge', resolved.challenge],
+                        ['origin', resolved.origin],
+                        ['app', resolved.appName],
+                    ],
+                });
+                // Surfaces as 'bunker' since the session shape is identical to a
+                // bunker URI session — same signer, same persistence path, same
+                // capabilities. The picker choice routed us here; from this point
+                // on the rest of the SDK doesn't care about the initiation direction.
+                return {
+                    pubkey: signer.pubkey,
+                    method: 'bunker',
+                    signer,
+                    authEvent,
+                };
+            }
+            if (choice === 'nsec') {
+                const signer = await runNsecFlow(refs, resolved);
+                if (!signer) {
+                    if (resolved.preferredMethod)
+                        return null;
+                    continue;
+                }
+                const authEvent = await signer.signEvent({
+                    kind: 21236,
+                    content: '',
+                    tags: [
+                        ['challenge', resolved.challenge],
+                        ['origin', resolved.origin],
+                        ['app', resolved.appName],
+                    ],
+                });
+                return {
+                    pubkey: signer.pubkey,
+                    method: 'nsec',
+                    signer,
+                    authEvent,
+                };
+            }
             // Unknown choice — restart picker
         }
     }

package/dist/signers.d.ts

@@ -54,6 +54,35 @@ export declare class BunkerSignerImpl implements SignetSigner {
     signEvent(template: EventTemplate): Promise<NostrEvent>;
     close(): Promise<void>;
 }
+/**
+ * App-initiated NIP-46: we generate a `nostrconnect://` URI containing our
+ * client pubkey, relay, secret, and requested perms. The user pastes/scans
+ * it into their signer, which then connects to the relay and acks. Returns
+ * a BunkerSignerImpl once the handshake completes (or rejects on abort).
+ *
+ *   uri              — the nostrconnect:// URI shown to the user (built by
+ *                      the caller via buildNostrConnectUri)
+ *   clientSecretKey  — the 32-byte session key the URI was built with
+ *   abortSignal      — cancel a long-running wait when the modal closes
+ */
+export declare function createBunkerSignerFromNostrConnect(input: {
+    uri: string;
+    clientSecretKey: Uint8Array;
+    abortSignal?: AbortSignal;
+}): Promise<BunkerSignerImpl>;
+/**
+ * Build a NIP-46 `nostrconnect://` URI for the app-initiated flow. The
+ * `secret` is echoed back by the bunker on connect so the app can verify
+ * it's talking to the right peer; it must be unguessable.
+ */
+export declare function buildNostrConnectUri(input: {
+    clientPubkeyHex: string;
+    relayUrl: string;
+    secret: string;
+    perms?: string[];
+    appName?: string;
+    appUrl?: string;
+}): string;
 /**
  * Connect a bunker session from a `bunker://` or `nostr+connect://` URI (or a
  * NIP-05 identifier). Generates a fresh client secret key for the session.
@@ -65,6 +94,28 @@ export declare function createBunkerSigner(input: {
 }): Promise<BunkerSignerImpl>;
 /** Generate a 32-byte secret key. */
 export declare function generateSecretKey(): Uint8Array;
+/**
+ * Holds a 32-byte private key in memory, signs locally with schnorr, exposes
+ * NIP-44 via nostr-tools. The key is never persisted by this signer — the SDK
+ * will not call any storage write for an nsec session, so reloads land back
+ * on the picker. The consumer must surface the security trade-off in the UI.
+ */
+export declare class LocalSigner implements SignetSigner {
+    readonly pubkey: string;
+    private readonly privkey;
+    readonly method: "nsec";
+    readonly capabilities: SignerCapabilities;
+    readonly nip44: SignetSigner['nip44'];
+    constructor(pubkey: string, privkey: Uint8Array);
+    signEvent(template: EventTemplate): Promise<NostrEvent>;
+    close(): Promise<void>;
+}
+/**
+ * Decode a bech32 nsec into a LocalSigner. Accepts either the `nsec1...`
+ * prefix or a raw 64-char hex private key for power-user paste paths.
+ * Throws on any malformed input — caller surfaces the error to the user.
+ */
+export declare function createLocalSignerFromNsec(input: string): LocalSigner;
 /**
  * Auth-only signer returned by the redirect/QR flow before Option B is built.
  * Holds the signed challenge but cannot sign further events.

package/dist/signers.js

@@ -6,6 +6,9 @@
  *   EphemeralSigner   — auth-only fallback when only the redirect signature is available
  */
 import { BunkerSigner, parseBunkerInput } from 'nostr-tools/nip46';
+import { finalizeEvent, getPublicKey } from 'nostr-tools/pure';
+import { decode as nip19Decode } from 'nostr-tools/nip19';
+import { encrypt as nip44Encrypt, decrypt as nip44Decrypt, getConversationKey } from 'nostr-tools/nip44';
 /** Returns true if a NIP-07 extension is present on the page. */
 export function hasNip07() {
     return typeof window !== 'undefined' && !!window.nostr && typeof window.nostr.signEvent === 'function';
@@ -77,6 +80,51 @@ export class BunkerSignerImpl {
         await this.bunker.close();
     }
 }
+/**
+ * App-initiated NIP-46: we generate a `nostrconnect://` URI containing our
+ * client pubkey, relay, secret, and requested perms. The user pastes/scans
+ * it into their signer, which then connects to the relay and acks. Returns
+ * a BunkerSignerImpl once the handshake completes (or rejects on abort).
+ *
+ *   uri              — the nostrconnect:// URI shown to the user (built by
+ *                      the caller via buildNostrConnectUri)
+ *   clientSecretKey  — the 32-byte session key the URI was built with
+ *   abortSignal      — cancel a long-running wait when the modal closes
+ */
+export async function createBunkerSignerFromNostrConnect(input) {
+    const { uri, clientSecretKey, abortSignal } = input;
+    if (clientSecretKey.length !== 32)
+        throw new Error('invalid-client-secret-key');
+    const bunker = abortSignal
+        ? await BunkerSigner.fromURI(clientSecretKey, uri, undefined, abortSignal)
+        : await BunkerSigner.fromURI(clientSecretKey, uri);
+    const pubkey = await bunker.getPublicKey();
+    if (!/^[0-9a-f]{64}$/i.test(pubkey)) {
+        await bunker.close().catch(() => { });
+        throw new Error('invalid-pubkey-from-bunker');
+    }
+    return new BunkerSignerImpl(pubkey.toLowerCase(), bunker, uri, clientSecretKey);
+}
+/**
+ * Build a NIP-46 `nostrconnect://` URI for the app-initiated flow. The
+ * `secret` is echoed back by the bunker on connect so the app can verify
+ * it's talking to the right peer; it must be unguessable.
+ */
+export function buildNostrConnectUri(input) {
+    const { clientPubkeyHex, relayUrl, secret } = input;
+    if (!/^[0-9a-f]{64}$/i.test(clientPubkeyHex))
+        throw new Error('invalid-client-pubkey');
+    if (!/^wss?:\/\//.test(relayUrl))
+        throw new Error('invalid-relay-url');
+    const params = new URLSearchParams({ relay: relayUrl, secret });
+    if (input.perms && input.perms.length > 0)
+        params.set('perms', input.perms.join(','));
+    if (input.appName)
+        params.set('name', input.appName);
+    if (input.appUrl)
+        params.set('url', input.appUrl);
+    return `nostrconnect://${clientPubkeyHex}?${params.toString()}`;
+}
 /**
  * Connect a bunker session from a `bunker://` or `nostr+connect://` URI (or a
  * NIP-05 identifier). Generates a fresh client secret key for the session.
@@ -106,6 +154,70 @@ export function generateSecretKey() {
     crypto.getRandomValues(sk);
     return sk;
 }
+// ── nsec (local privkey, in-memory only) ─────────────────────────────────────
+/**
+ * Holds a 32-byte private key in memory, signs locally with schnorr, exposes
+ * NIP-44 via nostr-tools. The key is never persisted by this signer — the SDK
+ * will not call any storage write for an nsec session, so reloads land back
+ * on the picker. The consumer must surface the security trade-off in the UI.
+ */
+export class LocalSigner {
+    constructor(pubkey, privkey) {
+        this.pubkey = pubkey;
+        this.privkey = privkey;
+        this.method = 'nsec';
+        this.capabilities = { canSignEvents: true, hasNip44: true };
+        this.nip44 = {
+            encrypt: async (peer, pt) => nip44Encrypt(pt, getConversationKey(this.privkey, peer)),
+            decrypt: async (peer, ct) => nip44Decrypt(ct, getConversationKey(this.privkey, peer)),
+        };
+    }
+    async signEvent(template) {
+        const filled = {
+            kind: template.kind,
+            content: template.content,
+            created_at: template.created_at ?? Math.floor(Date.now() / 1000),
+            tags: template.tags ?? [],
+        };
+        return finalizeEvent(filled, this.privkey);
+    }
+    async close() {
+        // Best-effort wipe — the engine may already have copies in CoW pages, but
+        // zeroing here at least gives a consistent shape with bunker.close().
+        this.privkey.fill(0);
+    }
+}
+/**
+ * Decode a bech32 nsec into a LocalSigner. Accepts either the `nsec1...`
+ * prefix or a raw 64-char hex private key for power-user paste paths.
+ * Throws on any malformed input — caller surfaces the error to the user.
+ */
+export function createLocalSignerFromNsec(input) {
+    const trimmed = input.trim();
+    if (!trimmed)
+        throw new Error('empty-nsec');
+    let sk;
+    if (trimmed.startsWith('nsec1')) {
+        const decoded = nip19Decode(trimmed);
+        if (decoded.type !== 'nsec')
+            throw new Error('not-an-nsec');
+        sk = decoded.data;
+    }
+    else if (/^[0-9a-f]{64}$/i.test(trimmed)) {
+        sk = new Uint8Array(32);
+        for (let i = 0; i < 32; i++)
+            sk[i] = parseInt(trimmed.slice(i * 2, i * 2 + 2), 16);
+    }
+    else {
+        throw new Error('invalid-nsec-format');
+    }
+    if (sk.length !== 32)
+        throw new Error('invalid-nsec-length');
+    const pubkey = getPublicKey(sk);
+    if (!/^[0-9a-f]{64}$/i.test(pubkey))
+        throw new Error('invalid-pubkey-from-nsec');
+    return new LocalSigner(pubkey.toLowerCase(), sk);
+}
 // ── Ephemeral (redirect-only) ─────────────────────────────────────────────────
 /**
  * Auth-only signer returned by the redirect/QR flow before Option B is built.