signet-login 0.7.2 → 0.9.6

package/dist/modal.js

@@ -5,13 +5,15 @@
  * top-layer placement, theme-aware colours, no third-party UI deps.
  */
 import { DEFAULTS } from './types.js';
-import { hasNip07, createNip07Signer, createBunkerSigner, createBunkerSignerFromNostrConnect, buildNostrConnectUri, EphemeralSigner, createLocalSignerFromNsec } from './signers.js';
+import { hasNip07, createNip07Signer, createBunkerSigner, createBunkerSignerFromNostrConnect, buildNostrConnectUri, EphemeralSigner, DeferredBunkerSigner, createLocalSignerFromNsec } from './signers.js';
 import { isAndroid, startAmberSignIn } from './amber.js';
+import { loadOrCreatePersistentClientSk } from './storage.js';
 import { waitForAuthResponse } from 'signet-verify';
 import { schnorr } from '@noble/curves/secp256k1';
 import { bytesToHex } from '@noble/hashes/utils';
 import { startRedirect } from './redirect.js';
 import QRCode from 'qrcode';
+const QR_BUNKER_CONNECT_TIMEOUT_MS = 8000;
 function escapeHtml(str) {
     return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
 }
@@ -39,9 +41,95 @@ function buildModalShell(theme) {
     dialog.style.cssText = `border:none;border-radius:16px;padding:32px;max-width:380px;width:90%;text-align:center;box-shadow:0 20px 60px rgba(0,0,0,0.3);background:${bg};color:${fg};font-family:system-ui,-apple-system,sans-serif;`;
     document.body.appendChild(dialog);
     dialog.showModal();
-    return { dialog, style };
+    // Gamepad navigation. A booth/kiosk drives this modal with a gamepad, whose
+    // host game dispatches *synthetic* Arrow / Enter / Escape KeyboardEvents on
+    // `window` (isTrusted=false). Native <dialog> only moves focus with Tab, and
+    // synthetic Enter/Escape don't trigger native button activation or the
+    // dialog's cancel — so bridge them here. Real keyboard events (isTrusted)
+    // keep their native behaviour; we only fully drive the synthetic ones. Works
+    // across every screen because it queries the live buttons each keypress.
+    const visibleButtons = () => Array.from(dialog.querySelectorAll('button'))
+        .filter((b) => {
+        if (b.disabled || !b.isConnected)
+            return false;
+        const css = window.getComputedStyle(b);
+        return css.display !== 'none' && css.visibility !== 'hidden';
+    });
+    const focusedButton = () => document.activeElement instanceof HTMLButtonElement && dialog.contains(document.activeElement)
+        ? document.activeElement
+        : null;
+    // Tracked cursor. We click THIS index on Enter rather than
+    // document.activeElement, because a host page's own menu-nav (still mounted
+    // behind the dialog) can clear/move DOM focus between keypresses — which made
+    // "A = select the highlighted item" click the wrong (first) button. Tracking
+    // the index ourselves makes selection reliable regardless of the host.
+    let selIndex = 0;
+    const showSel = () => {
+        const btns = visibleButtons();
+        if (btns.length === 0)
+            return;
+        selIndex = Math.min(Math.max(selIndex, 0), btns.length - 1);
+        btns[selIndex].focus();
+    };
+    const keyNav = (e) => {
+        if (!dialog.isConnected || !dialog.open)
+            return;
+        const tgt = e.target;
+        if (tgt && (tgt.tagName === 'INPUT' || tgt.tagName === 'TEXTAREA') && e.isTrusted)
+            return; // real typing owns its keys
+        const btns = visibleButtons();
+        if (btns.length === 0)
+            return;
+        const key = e.key || e.code;
+        const code = e.code || e.key;
+        const dir = key === 'ArrowDown' || code === 'ArrowDown' || key === 'ArrowRight' || code === 'ArrowRight' ? 1
+            : key === 'ArrowUp' || code === 'ArrowUp' || key === 'ArrowLeft' || code === 'ArrowLeft' ? -1 : 0;
+        if (dir) {
+            // The modal owns nav while open — stop the host page's listeners from
+            // also grabbing the key and stealing focus.
+            e.preventDefault();
+            e.stopImmediatePropagation();
+            // Re-sync to live DOM focus if the host moved it, else step our index.
+            const fb = focusedButton();
+            const fi = fb ? btns.indexOf(fb) : -1;
+            selIndex = ((fi >= 0 ? fi : selIndex) + dir + btns.length) % btns.length;
+            btns[selIndex].focus();
+            return;
+        }
+        // Real keyboard (isTrusted): let native Enter/Escape stand AND keep
+        // propagating so the focused button's native activation fires. We only
+        // fully drive the SYNTHETIC events a gamepad host dispatches on window.
+        if (e.isTrusted)
+            return;
+        if (e.key === 'Enter' || e.key === ' ' || e.code === 'Space' || e.code === 'Enter') {
+            e.preventDefault();
+            e.stopImmediatePropagation();
+            btns[Math.min(Math.max(selIndex, 0), btns.length - 1)].click(); // tracked cursor, not activeElement
+        }
+        else if (e.key === 'Escape' || e.code === 'Escape') {
+            e.preventDefault();
+            e.stopImmediatePropagation();
+            // Prefer Back (sub-screen → picker); fall back to Cancel.
+            (dialog.querySelector('[data-action="back"]')
+                ?? dialog.querySelector('[data-action="cancel"],[data-choice="cancel"]'))?.click();
+        }
+    };
+    // Capture phase: run BEFORE the host page's bubble-phase window keydown
+    // handlers, so stopImmediatePropagation above actually pre-empts them.
+    window.addEventListener('keydown', keyNav, true);
+    // Reset the cursor to the first button when a new SCREEN swaps in. childList
+    // (no subtree) so frequent status-text updates inside a screen don't reset it.
+    const mo = new MutationObserver(() => { selIndex = 0; showSel(); });
+    mo.observe(dialog, { childList: true });
+    showSel();
+    return {
+        dialog,
+        style,
+        cleanupNav: () => { window.removeEventListener('keydown', keyNav, true); mo.disconnect(); },
+    };
 }
 function tearDown(refs) {
+    refs.cleanupNav?.();
     try {
         refs.dialog.close();
     }
@@ -233,7 +321,8 @@ async function runRedirectFlow(refs, opts) {
             sessionPrivKey,
             expectedOrigin: opts.origin,
             timeout: opts.timeout,
-        }).then(result => {
+        }).then(rawResult => {
+            const result = rawResult;
             const authEvent = {
                 id: result.authEvent.id,
                 pubkey: result.authEvent.pubkey,
@@ -246,6 +335,8 @@ async function runRedirectFlow(refs, opts) {
             const out = { pubkey: result.pubkey, authEvent };
             if (result.displayName)
                 out.displayName = result.displayName;
+            if (result.bunkerUri)
+                out.bunkerUri = result.bunkerUri;
             settle(out);
         }).catch(err => {
             const status = refs.dialog.querySelector('#signet-login-status');
@@ -300,7 +391,7 @@ async function runBunkerFlow(refs, opts) {
             }
             connectBtn.disabled = true;
             try {
-                const signer = await createBunkerSigner({ uri });
+                const signer = await createBunkerSigner({ uri, clientSecretKey: loadOrCreatePersistentClientSk() });
                 settle(signer);
             }
             catch (err) {
@@ -323,7 +414,10 @@ async function runBunkerFlow(refs, opts) {
 async function runNostrConnectFlow(refs, opts) {
     const dark = isDarkMode(opts.theme);
     const muted = dark ? '#888' : '#666';
-    const sk = schnorr.utils.randomPrivateKey();
+    // Persistent client key so the advertised client pubkey is stable across
+    // logins (bunkers auto-approve a bound client pubkey). The connect `secret`
+    // stays fresh per handshake — it's a one-time challenge, not an identity.
+    const sk = loadOrCreatePersistentClientSk();
     const clientPubkey = bytesToHex(schnorr.getPublicKey(sk));
     const secret = bytesToHex(schnorr.utils.randomPrivateKey()).slice(0, 32);
     const uri = buildNostrConnectUri({
@@ -558,11 +652,50 @@ export async function showLoginModal(opts) {
                         return null;
                     continue;
                 }
-                const ephemeral = new EphemeralSigner(result.pubkey, result.authEvent);
+                // Default: auth-only ephemeral signer (identity proof, no live signing).
+                let signer = new EphemeralSigner(result.pubkey, result.authEvent);
+                let method = 'redirect';
+                // Cross-device bunker passthrough: when the signer device hands back a
+                // `bunker://` URI (its own NIP-46 server, or an upstream hardware
+                // bunker), preserve it as a deferred signer. That keeps login responsive
+                // and avoids downgrading to auth-only just because a cold ESP32 / relay
+                // is not ready during the approval round trip. The first real signing
+                // request awaits the connection and reports auth-only only if it fails.
+                if (result.bunkerUri) {
+                    const clientSecretKey = loadOrCreatePersistentClientSk();
+                    const expected = result.pubkey;
+                    const authEvent = result.authEvent;
+                    const upgrade = createBunkerSigner({
+                        uri: result.bunkerUri,
+                        clientSecretKey,
+                        timeoutMs: QR_BUNKER_CONNECT_TIMEOUT_MS,
+                    })
+                        .then((bunkerSigner) => {
+                        if (bunkerSigner.pubkey.toLowerCase() === expected.toLowerCase()) {
+                            return bunkerSigner;
+                        }
+                        console.warn('[signet-login] QR upgrade: bunker pubkey mismatch — staying auth-only (cannot sign)', { connected: bunkerSigner.pubkey, expected });
+                        void bunkerSigner.close().catch(() => { });
+                        return null;
+                    })
+                        .catch((err) => {
+                        console.warn('[signet-login] QR upgrade: createBunkerSigner failed — deferred signer will behave auth-only until reconnect. Reconnect/relay issue or signer device unreachable.', err);
+                        return null;
+                    });
+                    // QR handoffs must not advertise signing until the remote bunker is
+                    // actually connected. Pallasite starts several background signing
+                    // tasks as soon as canSignEvents=true; an optimistic cold ESP32
+                    // handoff strands the UI on "Signing…" before the player can act.
+                    signer = new DeferredBunkerSigner(expected, authEvent, upgrade, result.bunkerUri, clientSecretKey, false);
+                    method = 'bunker';
+                }
+                else {
+                    console.warn('[signet-login] QR login carried no bunkerUri — auth-only ephemeral (cannot sign). The signer device must have its NIP-46 server enabled to hand back a bunker:// URI.');
+                }
                 const session = {
                     pubkey: result.pubkey,
-                    method: 'redirect',
-                    signer: ephemeral,
+                    method,
+                    signer,
                     authEvent: result.authEvent,
                 };
                 if (result.displayName)

package/dist/signers.d.ts

@@ -85,12 +85,25 @@ export declare function buildNostrConnectUri(input: {
 }): string;
 /**
  * Connect a bunker session from a `bunker://` or `nostr+connect://` URI (or a
- * NIP-05 identifier). Generates a fresh client secret key for the session.
+ * NIP-05 identifier). Pass `clientSecretKey` to bind a stable client pubkey the
+ * signer can auto-approve (see `loadOrCreatePersistentClientSk`); when omitted a
+ * fresh ephemeral key is generated, which a per-pubkey-approving bunker will
+ * treat as a new, unapproved client.
  */
 export declare function createBunkerSigner(input: {
     uri: string;
     clientSecretKey?: Uint8Array;
     onauth?: (url: string) => void;
+    /**
+     * Bound the NIP-46 `connect` + `get_public_key` handshake, in milliseconds.
+     * Omit for the interactive paste flow, where a cold remote signer may
+     * legitimately take tens of seconds to approve via the `auth_url` callback.
+     * Set it for unattended boot-time connects (redirect-bunker auto-pair,
+     * session restore) where a non-responding signer must degrade to the
+     * auth-only fallback rather than stall. On expiry the half-open signer is
+     * closed and the call rejects with `bunker-connect-timeout`.
+     */
+    timeoutMs?: number;
 }): Promise<BunkerSignerImpl>;
 /** Generate a 32-byte secret key. */
 export declare function generateSecretKey(): Uint8Array;
@@ -129,4 +142,37 @@ export declare class EphemeralSigner implements SignetSigner {
     signEvent(_template: EventTemplate): Promise<NostrEvent>;
     close(): Promise<void>;
 }
+/**
+ * A redirect-bunker signer whose bunker connects in the BACKGROUND.
+ *
+ * `handleRedirectCallback` returns this immediately so the consumer can paint a
+ * signed-in UI without waiting on an up-to-8s bunker handshake over flaky
+ * relays (the cause of the "blank screen on sign-in"). The authenticated pubkey
+ * is known up front; the first `signEvent` / `nip44` call awaits the background
+ * connect. If that connect fails, signing rejects with the auth-only error —
+ * the session is still valid for identity proof.
+ */
+export declare class DeferredBunkerSigner implements SignetSigner {
+    readonly pubkey: string;
+    readonly authEvent: SignetAuthEvent;
+    /** Resolves to the connected bunker, or null if the connect failed. */
+    private readonly upgrade;
+    /** Original bunker URI — exposed so persistence can reconnect on reload. */
+    readonly bunkerUri?: string | undefined;
+    /** Stable client key — exposed so persistence keeps the same NIP-46 client pubkey. */
+    readonly clientSecretKey?: Uint8Array | undefined;
+    readonly method: "bunker";
+    readonly capabilities: SignerCapabilities;
+    readonly nip44: SignetSigner['nip44'];
+    constructor(pubkey: string, authEvent: SignetAuthEvent, 
+    /** Resolves to the connected bunker, or null if the connect failed. */
+    upgrade: Promise<BunkerSignerImpl | null>, 
+    /** Original bunker URI — exposed so persistence can reconnect on reload. */
+    bunkerUri?: string | undefined, 
+    /** Stable client key — exposed so persistence keeps the same NIP-46 client pubkey. */
+    clientSecretKey?: Uint8Array | undefined, optimisticCapabilities?: boolean);
+    private live;
+    signEvent(template: EventTemplate): Promise<NostrEvent>;
+    close(): Promise<void>;
+}
 export {};

package/dist/signers.js

@@ -125,9 +125,39 @@ export function buildNostrConnectUri(input) {
         params.set('url', input.appUrl);
     return `nostrconnect://${clientPubkeyHex}?${params.toString()}`;
 }
+/**
+ * Race a bunker handshake against a deadline. nostr-tools' `BunkerSigner`
+ * `sendRequest` has no per-request timeout — it publishes the request and only
+ * settles when a matching response arrives on the subscription. If the remote
+ * signer never replies (relay unreachable, or the bunker server is already gone
+ * — e.g. signet-app's in-page NIP-46 server after a same-tab redirect navigated
+ * it away), `connect()`/`getPublicKey()` hang forever. On timeout we close the
+ * half-open signer (releasing its relay subscription) and reject so the caller
+ * can fall back. `Promise.race` keeps a rejection handler attached to `p`, so a
+ * late rejection from the abandoned handshake won't surface as unhandled.
+ */
+async function raceBunkerHandshake(p, ms, bunker) {
+    let timer;
+    const timeout = new Promise((_, reject) => {
+        timer = setTimeout(() => {
+            void bunker.close().catch(() => { });
+            reject(new Error('bunker-connect-timeout'));
+        }, ms);
+    });
+    try {
+        return await Promise.race([p, timeout]);
+    }
+    finally {
+        if (timer !== undefined)
+            clearTimeout(timer);
+    }
+}
 /**
  * Connect a bunker session from a `bunker://` or `nostr+connect://` URI (or a
- * NIP-05 identifier). Generates a fresh client secret key for the session.
+ * NIP-05 identifier). Pass `clientSecretKey` to bind a stable client pubkey the
+ * signer can auto-approve (see `loadOrCreatePersistentClientSk`); when omitted a
+ * fresh ephemeral key is generated, which a per-pubkey-approving bunker will
+ * treat as a new, unapproved client.
  */
 export async function createBunkerSigner(input) {
     const trimmed = input.uri.trim();
@@ -140,8 +170,13 @@ export async function createBunkerSigner(input) {
     if (sk.length !== 32)
         throw new Error('invalid-client-secret-key');
     const bunker = BunkerSigner.fromBunker(sk, pointer, { onauth: input.onauth });
-    await bunker.connect();
-    const pubkey = await bunker.getPublicKey();
+    const handshake = (async () => {
+        await bunker.connect();
+        return bunker.getPublicKey();
+    })();
+    const pubkey = input.timeoutMs && input.timeoutMs > 0
+        ? await raceBunkerHandshake(handshake, input.timeoutMs, bunker)
+        : await handshake;
     if (!/^[0-9a-f]{64}$/i.test(pubkey)) {
         await bunker.close().catch(() => { });
         throw new Error('invalid-pubkey-from-bunker');
@@ -238,3 +273,59 @@ export class EphemeralSigner {
         // nothing to close
     }
 }
+/**
+ * A redirect-bunker signer whose bunker connects in the BACKGROUND.
+ *
+ * `handleRedirectCallback` returns this immediately so the consumer can paint a
+ * signed-in UI without waiting on an up-to-8s bunker handshake over flaky
+ * relays (the cause of the "blank screen on sign-in"). The authenticated pubkey
+ * is known up front; the first `signEvent` / `nip44` call awaits the background
+ * connect. If that connect fails, signing rejects with the auth-only error —
+ * the session is still valid for identity proof.
+ */
+export class DeferredBunkerSigner {
+    constructor(pubkey, authEvent, 
+    /** Resolves to the connected bunker, or null if the connect failed. */
+    upgrade, 
+    /** Original bunker URI — exposed so persistence can reconnect on reload. */
+    bunkerUri, 
+    /** Stable client key — exposed so persistence keeps the same NIP-46 client pubkey. */
+    clientSecretKey, optimisticCapabilities = true) {
+        this.pubkey = pubkey;
+        this.authEvent = authEvent;
+        this.upgrade = upgrade;
+        this.bunkerUri = bunkerUri;
+        this.clientSecretKey = clientSecretKey;
+        this.method = 'bunker';
+        this.capabilities = {
+            canSignEvents: optimisticCapabilities,
+            hasNip44: optimisticCapabilities,
+        };
+        void this.upgrade.then(signer => {
+            if (signer) {
+                this.capabilities.canSignEvents = true;
+                this.capabilities.hasNip44 = true;
+            }
+        });
+        this.nip44 = {
+            encrypt: async (peer, pt) => (await this.live()).nip44.encrypt(peer, pt),
+            decrypt: async (peer, ct) => (await this.live()).nip44.decrypt(peer, ct),
+        };
+    }
+    async live() {
+        const signer = await this.upgrade;
+        if (!signer) {
+            throw new Error('signer-auth-only: the redirect bunker handoff did not connect, so this ' +
+                'session cannot sign. Reconnect the signer or paste a bunker URI to upgrade.');
+        }
+        return signer;
+    }
+    async signEvent(template) {
+        return (await this.live()).signEvent(template);
+    }
+    async close() {
+        const signer = await this.upgrade.catch(() => null);
+        if (signer)
+            await signer.close().catch(() => { });
+    }
+}