Merge branch 'main' into 'fts-ranked-search'

# Conflicts:
#   deno.json

deno.json

@@ -1,6 +1,5 @@
 {
   "$schema": "https://deno.land/x/deno@v1.41.0/cli/schemas/config-file.v1.json",
-  "lock": false,
   "tasks": {
     "start": "deno run -A src/server.ts",
     "dev": "deno run -A --watch src/server.ts",
@@ -51,7 +50,7 @@
     "linkifyjs": "npm:linkifyjs@^4.1.1",
     "lru-cache": "npm:lru-cache@^10.2.2",
     "nostr-relaypool": "npm:nostr-relaypool2@0.6.34",
-    "nostr-tools": "npm:nostr-tools@^2.5.1",
+    "nostr-tools": "npm:nostr-tools@2.5.1",
     "nostr-wasm": "npm:nostr-wasm@^0.1.0",
     "tldts": "npm:tldts@^6.0.14",
     "tseep": "npm:tseep@^1.2.1",

scripts/nsec.ts

@@ -1,4 +1,4 @@
-import { generateSecretKey, nip19 } from 'npm:nostr-tools';
+import { generateSecretKey, nip19 } from 'nostr-tools';
 
 const sk = generateSecretKey();
 const nsec = nip19.nsecEncode(sk);

src/app.ts

@@ -129,7 +129,7 @@ app.get('/relay', relayController);
 app.use(
   '*',
   cspMiddleware(),
-  cors({ origin: '*', exposeHeaders: ['link'] }),
+  cors({ origin: '*', exposeHeaders: ['link', 'Ln-Invoice'] }),
   signerMiddleware,
   uploaderMiddleware,
   auth98Middleware(),

src/controllers/api/mutes.ts

@@ -16,7 +16,7 @@ const mutesController: AppController = async (c) => {
 
   if (event10000) {
     const pubkeys = getTagSet(event10000.tags, 'p');
-    return renderAccounts(c, [...pubkeys].reverse());
+    return renderAccounts(c, [...pubkeys]);
   } else {
     return c.json([]);
   }

src/controllers/api/oauth.ts

@@ -1,12 +1,14 @@
-import { encodeBase64 } from '@std/encoding/base64';
+import { NConnectSigner, NSchema as n, NSecSigner } from '@nostrify/nostrify';
+import { bech32 } from '@scure/base';
 import { escape } from 'entities';
-import { nip19 } from 'nostr-tools';
+import { generateSecretKey, getPublicKey } from 'nostr-tools';
 import { z } from 'zod';
 
 import { AppController } from '@/app.ts';
+import { DittoDB } from '@/db/DittoDB.ts';
 import { nostrNow } from '@/utils.ts';
 import { parseBody } from '@/utils/api.ts';
-import { getClientConnectUri } from '@/utils/connect.ts';
+import { Storages } from '@/storages.ts';
 
 const passwordGrantSchema = z.object({
   grant_type: z.literal('password'),
@@ -22,10 +24,18 @@ const credentialsGrantSchema = z.object({
   grant_type: z.literal('client_credentials'),
 });
 
+const nostrGrantSchema = z.object({
+  grant_type: z.literal('nostr_bunker'),
+  pubkey: n.id(),
+  relays: z.string().url().array().optional(),
+  secret: z.string().optional(),
+});
+
 const createTokenSchema = z.discriminatedUnion('grant_type', [
   passwordGrantSchema,
   codeGrantSchema,
   credentialsGrantSchema,
+  nostrGrantSchema,
 ]);
 
 const createTokenController: AppController = async (c) => {
@@ -37,6 +47,13 @@ const createTokenController: AppController = async (c) => {
   }
 
   switch (result.data.grant_type) {
+    case 'nostr_bunker':
+      return c.json({
+        access_token: await getToken(result.data),
+        token_type: 'Bearer',
+        scope: 'read write follow push',
+        created_at: nostrNow(),
+      });
     case 'password':
       return c.json({
         access_token: result.data.password,
@@ -61,50 +78,63 @@ const createTokenController: AppController = async (c) => {
   }
 };
 
+async function getToken(
+  { pubkey, secret, relays = [] }: { pubkey: string; secret?: string; relays?: string[] },
+): Promise<`token1${string}`> {
+  const kysely = await DittoDB.getInstance();
+  const token = generateToken();
+
+  const serverSeckey = generateSecretKey();
+  const serverPubkey = getPublicKey(serverSeckey);
+
+  const signer = new NConnectSigner({
+    pubkey,
+    signer: new NSecSigner(serverSeckey),
+    relay: await Storages.pubsub(), // TODO: Use the relays from the request.
+    timeout: 60_000,
+  });
+
+  await signer.connect(secret);
+
+  await kysely.insertInto('nip46_tokens').values({
+    api_token: token,
+    user_pubkey: pubkey,
+    server_seckey: serverSeckey,
+    server_pubkey: serverPubkey,
+    relays: JSON.stringify(relays),
+    connected_at: new Date(),
+  }).execute();
+
+  return token;
+}
+
+/** Generate a bech32 token for the API. */
+function generateToken(): `token1${string}` {
+  const words = bech32.toWords(generateSecretKey());
+  return bech32.encode('token', words);
+}
+
 /** Display the OAuth form. */
-const oauthController: AppController = async (c) => {
+const oauthController: AppController = (c) => {
   const encodedUri = c.req.query('redirect_uri');
   if (!encodedUri) {
     return c.text('Missing `redirect_uri` query param.', 422);
   }
 
   const redirectUri = maybeDecodeUri(encodedUri);
-  const connectUri = await getClientConnectUri(c.req.raw.signal);
-
-  const script = `
-      window.addEventListener('load', function() {
-        if ('nostr' in window) {
-          nostr.getPublicKey().then(function(pubkey) {
-            document.getElementById('pubkey').value = pubkey;
-            document.getElementById('oauth_form').submit();
-          });
-        }
-      });
-    `;
-
-  const hash = encodeBase64(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(script)));
-
-  c.res.headers.set(
-    'content-security-policy',
-    `default-src 'self' 'sha256-${hash}'`,
-  );
 
   return c.html(`<!DOCTYPE html>
 <html lang="en">
   <head>
     <title>Log in with Ditto</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
-    <script>${script}</script>
   </head>
   <body>
     <form id="oauth_form" action="/oauth/authorize" method="post">
-      <input type="text" placeholder="npub1... or nsec1..." name="nip19" autocomplete="off">
-      <input type="hidden" name="pubkey" id="pubkey" value="">
+      <input type="text" placeholder="bunker://..." name="bunker_uri" autocomplete="off" required>
       <input type="hidden" name="redirect_uri" id="redirect_uri" value="${escape(redirectUri)}">
       <button type="submit">Authorize</button>
     </form>
-    <br>
-    <a href="${escape(connectUri)}">Nostr Connect</a>
   </body>
 </html>
 `);
@@ -125,16 +155,8 @@ function maybeDecodeUri(uri: string): string {
 
 /** Schema for FormData POSTed to the OAuthController. */
 const oauthAuthorizeSchema = z.object({
-  pubkey: z.string().regex(/^[0-9a-f]{64}$/).optional().catch(undefined),
-  nip19: z.string().regex(new RegExp(`^${nip19.BECH32_REGEX.source}$`)).optional().catch(undefined),
+  bunker_uri: z.string().url().refine((v) => v.startsWith('bunker://')),
   redirect_uri: z.string().url(),
-}).superRefine((data, ctx) => {
-  if (!data.pubkey && !data.nip19) {
-    ctx.addIssue({
-      code: z.ZodIssueCode.custom,
-      message: 'Missing `pubkey` or `nip19`.',
-    });
-  }
 });
 
 /** Controller the OAuth form is POSTed to. */
@@ -147,18 +169,19 @@ const oauthAuthorizeController: AppController = async (c) => {
   }
 
   // Parsed FormData values.
-  const { pubkey, nip19: nip19id, redirect_uri: redirectUri } = result.data;
+  const { bunker_uri, redirect_uri: redirectUri } = result.data;
 
-  if (pubkey) {
-    const encoded = nip19.npubEncode(pubkey!);
-    const url = addCodeToRedirectUri(redirectUri, encoded);
-    return c.redirect(url);
-  } else if (nip19id) {
-    const url = addCodeToRedirectUri(redirectUri, nip19id);
-    return c.redirect(url);
-  }
+  const bunker = new URL(bunker_uri);
 
-  return c.text('The Nostr ID was not provided or invalid.', 422);
+  const token = await getToken({
+    pubkey: bunker.hostname,
+    secret: bunker.searchParams.get('secret') || undefined,
+    relays: bunker.searchParams.getAll('relay'),
+  });
+
+  const url = addCodeToRedirectUri(redirectUri, token);
+
+  return c.redirect(url);
 };
 
 /** Append the given `code` as a query param to the `redirect_uri`. */

src/controllers/api/statuses.ts

@@ -13,15 +13,15 @@ import { getAncestors, getAuthor, getDescendants, getEvent } from '@/queries.ts'
 import { renderEventAccounts } from '@/views.ts';
 import { renderReblog, renderStatus } from '@/views/mastodon/statuses.ts';
 import { Storages } from '@/storages.ts';
-import { hydrateEvents } from '@/storages/hydrate.ts';
+import { hydrateEvents, purifyEvent } from '@/storages/hydrate.ts';
 import { createEvent, paginationSchema, parseBody, updateListEvent } from '@/utils/api.ts';
-import { getLnurl } from '@/utils/lnurl.ts';
+import { getInvoice, getLnurl } from '@/utils/lnurl.ts';
 import { lookupPubkey } from '@/utils/lookup.ts';
 import { addTag, deleteTag } from '@/utils/tags.ts';
 import { asyncReplaceAll } from '@/utils/text.ts';
 
 const createStatusSchema = z.object({
-  in_reply_to_id: z.string().regex(/[0-9a-f]{64}/).nullish(),
+  in_reply_to_id: n.id().nullish(),
   language: z.string().refine(ISO6391.validate).nullish(),
   media_ids: z.string().array().nullish(),
   poll: z.object({
@@ -36,7 +36,7 @@ const createStatusSchema = z.object({
   status: z.string().nullish(),
   to: z.string().array().nullish(),
   visibility: z.enum(['public', 'unlisted', 'private', 'direct']).nullish(),
-  quote_id: z.string().nullish(),
+  quote_id: n.id().nullish(),
 }).refine(
   (data) => Boolean(data.status || data.media_ids?.length),
   { message: 'Status must contain text or media.' },
@@ -155,11 +155,12 @@ const createStatusController: AppController = async (c) => {
     .map(({ data }) => data.find(([name]) => name === 'url')?.[1])
     .filter((url): url is string => Boolean(url));
 
-  const mediaCompat: string = mediaUrls.length ? ['', '', ...mediaUrls].join('\n') : '';
+  const quoteCompat = data.quote_id ? `\n\nnostr:${nip19.noteEncode(data.quote_id)}` : '';
+  const mediaCompat = mediaUrls.length ? `\n\n${mediaUrls.join('\n')}` : '';
 
   const event = await createEvent({
     kind: 1,
-    content: content + mediaCompat,
+    content: content + quoteCompat + mediaCompat,
     tags,
   }, c);
 
@@ -450,15 +451,16 @@ const zapController: AppController = async (c) => {
   const author = target?.author;
   const meta = n.json().pipe(n.metadata()).catch({}).parse(author?.content);
   const lnurl = getLnurl(meta);
+  const amount = params.data.amount;
 
   if (target && lnurl) {
-    await createEvent({
+    const nostr = await createEvent({
       kind: 9734,
       content: params.data.comment ?? '',
       tags: [
         ['e', target.id],
         ['p', target.pubkey],
-        ['amount', params.data.amount.toString()],
+        ['amount', amount.toString()],
         ['relays', Conf.relay],
         ['lnurl', lnurl],
       ],
@@ -467,7 +469,11 @@ const zapController: AppController = async (c) => {
     const status = await renderStatus(target, { viewerPubkey: await c.get('signer')?.getPublicKey() });
     status.zapped = true;
 
-    return c.json(status);
+    return c.json(status, {
+      headers: {
+        'Ln-Invoice': await getInvoice({ amount, nostr: purifyEvent(nostr), lnurl }, signal),
+      },
+    });
   } else {
     return c.json({ error: 'Event not found.' }, 404);
   }

src/controllers/api/streaming.ts

@@ -4,6 +4,7 @@ import { z } from 'zod';
 
 import { type AppController } from '@/app.ts';
 import { Conf } from '@/config.ts';
+import { DittoDB } from '@/db/DittoDB.ts';
 import { MuteListPolicy } from '@/policies/MuteListPolicy.ts';
 import { getFeedPubkeys } from '@/queries.ts';
 import { hydrateEvents } from '@/storages/hydrate.ts';
@@ -34,7 +35,7 @@ const streamSchema = z.enum([
 
 type Stream = z.infer<typeof streamSchema>;
 
-const streamingController: AppController = (c) => {
+const streamingController: AppController = async (c) => {
   const upgrade = c.req.header('upgrade');
   const token = c.req.header('sec-websocket-protocol');
   const stream = streamSchema.optional().catch(undefined).parse(c.req.query('stream'));
@@ -44,7 +45,7 @@ const streamingController: AppController = (c) => {
     return c.text('Please use websocket protocol', 400);
   }
 
-  const pubkey = token ? bech32ToPubkey(token) : undefined;
+  const pubkey = token ? await getTokenPubkey(token) : undefined;
   if (token && !pubkey) {
     return c.json({ error: 'Invalid access token' }, 401);
   }
@@ -143,4 +144,20 @@ async function topicToFilter(
   }
 }
 
+async function getTokenPubkey(token: string): Promise<string | undefined> {
+  if (token.startsWith('token1')) {
+    const kysely = await DittoDB.getInstance();
+
+    const { user_pubkey } = await kysely
+      .selectFrom('nip46_tokens')
+      .select(['user_pubkey', 'server_seckey', 'relays'])
+      .where('api_token', '=', token)
+      .executeTakeFirstOrThrow();
+
+    return user_pubkey;
+  } else {
+    return bech32ToPubkey(token);
+  }
+}
+
 export { streamingController };

src/controllers/nostr/relay.ts

@@ -4,29 +4,19 @@ import {
   NostrClientEVENT,
   NostrClientMsg,
   NostrClientREQ,
-  NostrEvent,
-  NostrFilter,
+  NostrRelayMsg,
   NSchema as n,
 } from '@nostrify/nostrify';
+
+import { AppController } from '@/app.ts';
 import { relayInfoController } from '@/controllers/nostr/relay-info.ts';
 import * as pipeline from '@/pipeline.ts';
 import { RelayError } from '@/RelayError.ts';
 import { Storages } from '@/storages.ts';
 
-import type { AppController } from '@/app.ts';
-import { Conf } from '@/config.ts';
-
 /** Limit of initial events returned for a subscription. */
 const FILTER_LIMIT = 100;
 
-/** NIP-01 relay to client message. */
-type RelayMsg =
-  | ['EVENT', string, NostrEvent]
-  | ['NOTICE', string]
-  | ['EOSE', string]
-  | ['OK', string, boolean, string]
-  | ['COUNT', string, { count: number; approximate?: boolean }];
-
 /** Set up the Websocket connection. */
 function connectStream(socket: WebSocket) {
   const controllers = new Map<string, AbortController>();
@@ -65,18 +55,22 @@ function connectStream(socket: WebSocket) {
   }
 
   /** Handle REQ. Start a subscription. */
-  async function handleReq([_, subId, ...rest]: NostrClientREQ): Promise<void> {
-    const filters = prepareFilters(rest);
-
+  async function handleReq([_, subId, ...filters]: NostrClientREQ): Promise<void> {
     const controller = new AbortController();
     controllers.get(subId)?.abort();
     controllers.set(subId, controller);
 
-    const db = await Storages.db();
+    const store = await Storages.db();
     const pubsub = await Storages.pubsub();
 
-    for (const event of await db.query(filters, { limit: FILTER_LIMIT })) {
-      send(['EVENT', subId, event]);
+    try {
+      for (const event of await store.query(filters, { limit: FILTER_LIMIT })) {
+        send(['EVENT', subId, event]);
+      }
+    } catch (e) {
+      send(['CLOSED', subId, e.message]);
+      controllers.delete(subId);
+      return;
     }
 
     send(['EOSE', subId]);
@@ -118,30 +112,20 @@ function connectStream(socket: WebSocket) {
   }
 
   /** Handle COUNT. Return the number of events matching the filters. */
-  async function handleCount([_, subId, ...rest]: NostrClientCOUNT): Promise<void> {
+  async function handleCount([_, subId, ...filters]: NostrClientCOUNT): Promise<void> {
     const store = await Storages.db();
-    const { count } = await store.count(prepareFilters(rest));
+    const { count } = await store.count(filters);
     send(['COUNT', subId, { count, approximate: false }]);
   }
 
   /** Send a message back to the client. */
-  function send(msg: RelayMsg): void {
+  function send(msg: NostrRelayMsg): void {
     if (socket.readyState === WebSocket.OPEN) {
       socket.send(JSON.stringify(msg));
     }
   }
 }
 
-/** Enforce the filters with certain criteria. */
-function prepareFilters(filters: NostrClientREQ[2][]): NostrFilter[] {
-  return filters.map((filter) => {
-    const narrow = Boolean(filter.ids?.length || filter.authors?.length);
-    const search = narrow ? filter.search : `domain:${Conf.url.host} ${filter.search ?? ''}`;
-    // Return only local events unless the query is already narrow.
-    return { ...filter, search };
-  });
-}
-
 const relayController: AppController = (c, next) => {
   const upgrade = c.req.header('upgrade');
 

src/db/DittoTables.ts

@@ -2,6 +2,7 @@ export interface DittoTables {
   nostr_events: EventRow;
   nostr_tags: TagRow;
   nostr_fts5: EventFTSRow;
+  nip46_tokens: NIP46TokenRow;
   unattached_media: UnattachedMediaRow;
   author_stats: AuthorStatsRow;
   event_stats: EventStatsRow;
@@ -44,6 +45,15 @@ interface TagRow {
   value: string;
 }
 
+interface NIP46TokenRow {
+  api_token: string;
+  user_pubkey: string;
+  server_seckey: Uint8Array;
+  server_pubkey: string;
+  relays: string;
+  connected_at: Date;
+}
+
 interface UnattachedMediaRow {
   id: string;
   pubkey: string;

src/db/migrations/023_add_nip46_tokens.ts

@@ -0,0 +1,17 @@
+import { Kysely, sql } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  await db.schema
+    .createTable('nip46_tokens')
+    .addColumn('api_token', 'text', (col) => col.primaryKey().unique().notNull())
+    .addColumn('user_pubkey', 'text', (col) => col.notNull())
+    .addColumn('server_seckey', 'bytea', (col) => col.notNull())
+    .addColumn('server_pubkey', 'text', (col) => col.notNull())
+    .addColumn('relays', 'text', (col) => col.defaultTo('[]'))
+    .addColumn('connected_at', 'timestamp', (col) => col.defaultTo(sql`CURRENT_TIMESTAMP`))
+    .execute();
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await db.schema.dropTable('nip46_tokens').execute();
+}

src/filter.ts

@@ -1,6 +1,5 @@
-import { NostrEvent, NostrFilter, NSchema as n } from '@nostrify/nostrify';
+import { NKinds, NostrEvent, NostrFilter, NSchema as n } from '@nostrify/nostrify';
 import stringifyStable from 'fast-stable-stringify';
-import { getFilterLimit } from 'nostr-tools';
 import { z } from 'zod';
 
 /** Microfilter to get one specific event by ID. */
@@ -65,6 +64,25 @@ function normalizeFilters<F extends NostrFilter>(filters: F[]): F[] {
   }, []);
 }
 
+/** Calculate the intrinsic limit of a filter. This function may return `Infinity`. */
+function getFilterLimit(filter: NostrFilter): number {
+  if (filter.ids && !filter.ids.length) return 0;
+  if (filter.kinds && !filter.kinds.length) return 0;
+  if (filter.authors && !filter.authors.length) return 0;
+
+  for (const [key, value] of Object.entries(filter)) {
+    if (key[0] === '#' && Array.isArray(value) && !value.length) return 0;
+  }
+
+  return Math.min(
+    Math.max(0, filter.limit ?? Infinity),
+    filter.ids?.length ?? Infinity,
+    filter.authors?.length && filter.kinds?.every((kind) => NKinds.replaceable(kind))
+      ? filter.authors.length * filter.kinds.length
+      : Infinity,
+  );
+}
+
 export {
   type AuthorMicrofilter,
   canFilter,

src/middleware/auth98Middleware.ts

@@ -3,7 +3,7 @@ import { HTTPException } from 'hono';
 
 import { type AppContext, type AppMiddleware } from '@/app.ts';
 import { findUser, User } from '@/db/users.ts';
-import { ConnectSigner } from '@/signers/ConnectSigner.ts';
+import { ReadOnlySigner } from '@/signers/ReadOnlySigner.ts';
 import { localRequest } from '@/utils/api.ts';
 import {
   buildAuthEventTemplate,
@@ -22,7 +22,7 @@ function auth98Middleware(opts: ParseAuthRequestOpts = {}): AppMiddleware {
     const result = await parseAuthRequest(req, opts);
 
     if (result.success) {
-      c.set('signer', new ConnectSigner(result.data.pubkey));
+      c.set('signer', new ReadOnlySigner(result.data.pubkey));
       c.set('proof', result.data);
     }
 
@@ -70,7 +70,8 @@ function withProof(
   opts?: ParseAuthRequestOpts,
 ): AppMiddleware {
   return async (c, next) => {
-    const pubkey = await c.get('signer')?.getPublicKey();
+    const signer = c.get('signer');
+    const pubkey = await signer?.getPublicKey();
     const proof = c.get('proof') || await obtainProof(c, opts);
 
     // Prevent people from accidentally using the wrong account. This has no other security implications.
@@ -79,8 +80,12 @@ function withProof(
     }
 
     if (proof) {
-      c.set('signer', new ConnectSigner(proof.pubkey));
       c.set('proof', proof);
+
+      if (!signer) {
+        c.set('signer', new ReadOnlySigner(proof.pubkey));
+      }
+
       await handler(c, proof, next);
     } else {
       throw new HTTPException(401, { message: 'No proof' });

src/middleware/signerMiddleware.ts

@@ -1,11 +1,11 @@
 import { NSecSigner } from '@nostrify/nostrify';
-import { Stickynotes } from '@soapbox/stickynotes';
 import { nip19 } from 'nostr-tools';
 
 import { AppMiddleware } from '@/app.ts';
 import { ConnectSigner } from '@/signers/ConnectSigner.ts';
-
-const console = new Stickynotes('ditto:signerMiddleware');
+import { ReadOnlySigner } from '@/signers/ReadOnlySigner.ts';
+import { HTTPException } from 'hono';
+import { DittoDB } from '@/db/DittoDB.ts';
 
 /** We only accept "Bearer" type. */
 const BEARER_REGEX = new RegExp(`^Bearer (${nip19.BECH32_REGEX.source})$`);
@@ -18,22 +18,38 @@ export const signerMiddleware: AppMiddleware = async (c, next) => {
   if (match) {
     const [_, bech32] = match;
 
-    try {
-      const decoded = nip19.decode(bech32!);
+    if (bech32.startsWith('token1')) {
+      try {
+        const kysely = await DittoDB.getInstance();
 
-      switch (decoded.type) {
-        case 'npub':
-          c.set('signer', new ConnectSigner(decoded.data));
-          break;
-        case 'nprofile':
-          c.set('signer', new ConnectSigner(decoded.data.pubkey, decoded.data.relays));
-          break;
-        case 'nsec':
-          c.set('signer', new NSecSigner(decoded.data));
-          break;
+        const { user_pubkey, server_seckey, relays } = await kysely
+          .selectFrom('nip46_tokens')
+          .select(['user_pubkey', 'server_seckey', 'relays'])
+          .where('api_token', '=', bech32)
+          .executeTakeFirstOrThrow();
+
+        c.set('signer', new ConnectSigner(user_pubkey, new NSecSigner(server_seckey), JSON.parse(relays)));
+      } catch {
+        throw new HTTPException(401);
+      }
+    } else {
+      try {
+        const decoded = nip19.decode(bech32!);
+
+        switch (decoded.type) {
+          case 'npub':
+            c.set('signer', new ReadOnlySigner(decoded.data));
+            break;
+          case 'nprofile':
+            c.set('signer', new ReadOnlySigner(decoded.data.pubkey));
+            break;
+          case 'nsec':
+            c.set('signer', new NSecSigner(decoded.data));
+            break;
+        }
+      } catch {
+        throw new HTTPException(401);
       }
-    } catch {
-      console.debug('The user is not logged in');
     }
   }
 

src/pipeline.ts

@@ -1,5 +1,4 @@
-import { NKinds, NostrEvent, NPolicy, NSchema as n } from '@nostrify/nostrify';
-import { LNURL } from '@nostrify/nostrify/ln';
+import { NKinds, NostrEvent, NSchema as n } from '@nostrify/nostrify';
 import { PipePolicy } from '@nostrify/nostrify/policies';
 import Debug from '@soapbox/stickynotes/debug';
 import { sql } from 'kysely';
@@ -12,15 +11,12 @@ import { DittoEvent } from '@/interfaces/DittoEvent.ts';
 import { DVM } from '@/pipeline/DVM.ts';
 import { MuteListPolicy } from '@/policies/MuteListPolicy.ts';
 import { RelayError } from '@/RelayError.ts';
-import { hydrateEvents, purifyEvent } from '@/storages/hydrate.ts';
+import { hydrateEvents } from '@/storages/hydrate.ts';
 import { Storages } from '@/storages.ts';
-import { eventAge, nostrDate, nostrNow, parseNip05, Time } from '@/utils.ts';
-import { fetchWorker } from '@/workers/fetch.ts';
+import { eventAge, nostrDate, parseNip05, Time } from '@/utils.ts';
 import { policyWorker } from '@/workers/policy.ts';
 import { TrendsWorker } from '@/workers/trends.ts';
 import { verifyEventWorker } from '@/workers/verify.ts';
-import { AdminSigner } from '@/signers/AdminSigner.ts';
-import { lnurlCache } from '@/utils/lnurl.ts';
 import { nip05Cache } from '@/utils/nip05.ts';
 import { updateStats } from '@/utils/stats.ts';
 import { getTagSet } from '@/utils/tags.ts';
@@ -32,6 +28,13 @@ const debug = Debug('ditto:pipeline');
  * It is idempotent, so it can be called multiple times for the same event.
  */
 async function handleEvent(event: DittoEvent, signal: AbortSignal): Promise<void> {
+  // Integer max value for Postgres. TODO: switch to a bigint in 2038.
+  if (event.created_at >= 2_147_483_647) {
+    throw new RelayError('blocked', 'event too far in the future');
+  }
+  if (event.kind >= 2_147_483_647) {
+    throw new RelayError('blocked', 'event kind too large');
+  }
   if (!(await verifyEventWorker(event))) return;
   if (encounterEvent(event)) return;
   debug(`NostrEvent<${event.kind}> ${event.id}`);
@@ -48,7 +51,6 @@ async function handleEvent(event: DittoEvent, signal: AbortSignal): Promise<void
     DVM.event(event),
     trackHashtags(event),
     processMedia(event),
-    payZap(event, signal),
     streamOut(event),
   ]);
 }
@@ -56,24 +58,10 @@ async function handleEvent(event: DittoEvent, signal: AbortSignal): Promise<void
 async function policyFilter(event: NostrEvent): Promise<void> {
   const debug = Debug('ditto:policy');
 
-  const policies: NPolicy[] = [
+  const policy = new PipePolicy([
     new MuteListPolicy(Conf.pubkey, await Storages.admin()),
-  ];
-
-  try {
-    await policyWorker.import(Conf.policy);
-    policies.push(policyWorker);
-    debug(`Using custom policy: ${Conf.policy}`);
-  } catch (e) {
-    if (e.message.includes('Module not found')) {
-      debug('Custom policy not found <https://docs.soapbox.pub/ditto/policies/>');
-    } else {
-      console.error(`DITTO_POLICY (error importing policy): ${Conf.policy}`, e);
-      throw new RelayError('blocked', 'policy could not be loaded');
-    }
-  }
-
-  const policy = new PipePolicy(policies.reverse());
+    policyWorker,
+  ]);
 
   try {
     const result = await policy.call(event);
@@ -189,53 +177,6 @@ function processMedia({ tags, pubkey, user }: DittoEvent) {
   }
 }
 
-/** Emit Nostr Wallet Connect event from zaps so users may pay. */
-async function payZap(event: DittoEvent, signal: AbortSignal) {
-  if (event.kind !== 9734 || !event.user) return;
-
-  const lnurl = event.tags.find(([name]) => name === 'lnurl')?.[1];
-  const amount = Number(event.tags.find(([name]) => name === 'amount')?.[1]);
-
-  if (!lnurl || !amount) return;
-
-  try {
-    const details = await lnurlCache.fetch(lnurl, { signal });
-
-    if (details.tag !== 'payRequest' || !details.allowsNostr || !details.nostrPubkey) {
-      throw new Error('invalid lnurl');
-    }
-
-    if (amount > details.maxSendable || amount < details.minSendable) {
-      throw new Error('amount out of range');
-    }
-
-    const { pr } = await LNURL.callback(
-      details.callback,
-      { amount, nostr: purifyEvent(event), lnurl },
-      { fetch: fetchWorker, signal },
-    );
-
-    const signer = new AdminSigner();
-
-    const nwcRequestEvent = await signer.signEvent({
-      kind: 23194,
-      content: await signer.nip04.encrypt(
-        event.pubkey,
-        JSON.stringify({ method: 'pay_invoice', params: { invoice: pr } }),
-      ),
-      created_at: nostrNow(),
-      tags: [
-        ['p', event.pubkey],
-        ['e', event.id],
-      ],
-    });
-
-    await handleEvent(nwcRequestEvent, signal);
-  } catch (e) {
-    debug('lnurl error:', e);
-  }
-}
-
 /** Determine if the event is being received in a timely manner. */
 function isFresh(event: NostrEvent): boolean {
   return eventAge(event) < Time.seconds(10);

src/signers/ConnectSigner.ts

@@ -1,7 +1,6 @@
 // deno-lint-ignore-file require-await
 import { NConnectSigner, NostrEvent, NostrSigner } from '@nostrify/nostrify';
 
-import { AdminSigner } from '@/signers/AdminSigner.ts';
 import { Storages } from '@/storages.ts';
 
 /**
@@ -12,17 +11,17 @@ import { Storages } from '@/storages.ts';
 export class ConnectSigner implements NostrSigner {
   private signer: Promise<NConnectSigner>;
 
-  constructor(private pubkey: string, private relays?: string[]) {
-    this.signer = this.init();
+  constructor(private pubkey: string, signer: NostrSigner, private relays?: string[]) {
+    this.signer = this.init(signer);
   }
 
-  async init(): Promise<NConnectSigner> {
+  async init(signer: NostrSigner): Promise<NConnectSigner> {
     return new NConnectSigner({
       pubkey: this.pubkey,
       // TODO: use a remote relay for `nprofile` signing (if present and `Conf.relay` isn't already in the list)
       relay: await Storages.pubsub(),
-      signer: new AdminSigner(),
-      timeout: 60000,
+      signer,
+      timeout: 60_000,
     });
   }
 

src/signers/ReadOnlySigner.ts

@@ -0,0 +1,17 @@
+// deno-lint-ignore-file require-await
+import { NostrEvent, NostrSigner } from '@nostrify/nostrify';
+import { HTTPException } from 'hono';
+
+export class ReadOnlySigner implements NostrSigner {
+  constructor(private pubkey: string) {}
+
+  async signEvent(): Promise<NostrEvent> {
+    throw new HTTPException(401, {
+      message: 'Log out and back in',
+    });
+  }
+
+  async getPublicKey(): Promise<string> {
+    return this.pubkey;
+  }
+}

src/storages/EventsDB.ts

@@ -96,6 +96,20 @@ class EventsDB implements NStore {
   async query(filters: NostrFilter[], opts: { signal?: AbortSignal; limit?: number } = {}): Promise<NostrEvent[]> {
     filters = await this.expandFilters(filters);
 
+    for (const filter of filters) {
+      if (filter.since && filter.since >= 2_147_483_647) {
+        throw new Error('since filter too far into the future');
+      }
+      if (filter.until && filter.until >= 2_147_483_647) {
+        throw new Error('until filter too far into the future');
+      }
+      for (const kind of filter.kinds ?? []) {
+        if (kind >= 2_147_483_647) {
+          throw new Error('kind filter too far into the future');
+        }
+      }
+    }
+
     if (opts.signal?.aborted) return Promise.resolve([]);
     if (!filters.length) return Promise.resolve([]);
 

src/utils/api.ts

@@ -138,8 +138,8 @@ async function parseBody(req: Request): Promise<unknown> {
 
 /** Schema to parse pagination query params. */
 const paginationSchema = z.object({
-  since: z.coerce.number().optional().catch(undefined),
-  until: z.coerce.number().optional().catch(undefined),
+  since: z.coerce.number().nonnegative().optional().catch(undefined),
+  until: z.coerce.number().nonnegative().optional().catch(undefined),
   limit: z.coerce.number().catch(20).transform((value) => Math.min(Math.max(value, 0), 40)),
 });
 
@@ -179,6 +179,48 @@ function paginated(c: AppContext, events: NostrEvent[], entities: (Entity | unde
   return c.json(results, 200, headers);
 }
 
+/** Query params for paginating a list. */
+const listPaginationSchema = z.object({
+  offset: z.coerce.number().nonnegative().catch(0),
+  limit: z.coerce.number().catch(20).transform((value) => Math.min(Math.max(value, 0), 40)),
+});
+
+/** Build HTTP Link header for paginating Nostr lists. */
+function buildListLinkHeader(url: string, params: { offset: number; limit: number }): string | undefined {
+  const { origin } = Conf.url;
+  const { pathname, search } = new URL(url);
+  const { offset, limit } = params;
+  const next = new URL(pathname + search, origin);
+  const prev = new URL(pathname + search, origin);
+
+  next.searchParams.set('offset', String(offset + limit));
+  prev.searchParams.set('offset', String(Math.max(offset - limit, 0)));
+
+  next.searchParams.set('limit', String(limit));
+  prev.searchParams.set('limit', String(limit));
+
+  return `<${next}>; rel="next", <${prev}>; rel="prev"`;
+}
+
+/** paginate a list of tags. */
+function paginatedList(
+  c: AppContext,
+  params: { offset: number; limit: number },
+  entities: (Entity | undefined)[],
+  headers: HeaderRecord = {},
+) {
+  const link = buildListLinkHeader(c.req.url, params);
+  const hasMore = entities.length > 0;
+
+  if (link) {
+    headers.link = hasMore ? link : link.split(', ').find((link) => link.endsWith('; rel="prev"'))!;
+  }
+
+  // Filter out undefined entities.
+  const results = entities.filter((entity): entity is Entity => Boolean(entity));
+  return c.json(results, 200, headers);
+}
+
 /** JSON-LD context. */
 type LDContext = (string | Record<string, string | Record<string, string>>)[];
 
@@ -209,8 +251,10 @@ export {
   createAdminEvent,
   createEvent,
   type EventStub,
+  listPaginationSchema,
   localRequest,
   paginated,
+  paginatedList,
   type PaginationParams,
   paginationSchema,
   parseBody,

src/utils/lnurl.ts

@@ -4,6 +4,7 @@ import Debug from '@soapbox/stickynotes/debug';
 import { SimpleLRU } from '@/utils/SimpleLRU.ts';
 import { Time } from '@/utils/time.ts';
 import { fetchWorker } from '@/workers/fetch.ts';
+import { NostrEvent } from '@nostrify/nostrify';
 
 const debug = Debug('ditto:lnurl');
 
@@ -38,4 +39,32 @@ function getLnurl({ lud06, lud16 }: { lud06?: string; lud16?: string }, limit?:
   }
 }
 
-export { getLnurl, lnurlCache };
+interface CallbackParams {
+  amount: number;
+  nostr: NostrEvent;
+  lnurl: string;
+}
+
+async function getInvoice(params: CallbackParams, signal?: AbortSignal): Promise<string> {
+  const { amount, lnurl } = params;
+
+  const details = await lnurlCache.fetch(lnurl, { signal });
+
+  if (details.tag !== 'payRequest' || !details.allowsNostr || !details.nostrPubkey) {
+    throw new Error('invalid lnurl');
+  }
+
+  if (amount > details.maxSendable || amount < details.minSendable) {
+    throw new Error('amount out of range');
+  }
+
+  const { pr } = await LNURL.callback(
+    details.callback,
+    params,
+    { fetch: fetchWorker, signal },
+  );
+
+  return pr;
+}
+
+export { getInvoice, getLnurl, lnurlCache };

src/utils/note.ts

@@ -46,7 +46,7 @@ interface ParsedNoteContent {
 /** Convert Nostr content to Mastodon API HTML. Also return parsed data. */
 function parseNoteContent(content: string): ParsedNoteContent {
   // Parsing twice is ineffecient, but I don't know how to do only once.
-  const html = linkifyStr(content, linkifyOpts);
+  const html = linkifyStr(content, linkifyOpts).replace(/\n+$/, '');
   const links = linkify.find(content).filter(isLinkURL);
   const firstUrl = links.find(isNonMediaLink)?.href;
 

src/views.ts

@@ -4,7 +4,7 @@ import { AppContext } from '@/app.ts';
 import { Storages } from '@/storages.ts';
 import { renderAccount } from '@/views/mastodon/accounts.ts';
 import { renderStatus } from '@/views/mastodon/statuses.ts';
-import { paginated, paginationSchema } from '@/utils/api.ts';
+import { listPaginationSchema, paginated, paginatedList, paginationSchema } from '@/utils/api.ts';
 import { hydrateEvents } from '@/storages/hydrate.ts';
 import { accountFromPubkey } from '@/views/mastodon/accounts.ts';
 
@@ -42,12 +42,14 @@ async function renderEventAccounts(c: AppContext, filters: NostrFilter[], opts?:
   return paginated(c, events, accounts);
 }
 
-async function renderAccounts(c: AppContext, authors: string[], signal = AbortSignal.timeout(1000)) {
-  const { since, until, limit } = paginationSchema.parse(c.req.query());
+async function renderAccounts(c: AppContext, pubkeys: string[]) {
+  const { offset, limit } = listPaginationSchema.parse(c.req.query());
+  const authors = pubkeys.reverse().slice(offset, offset + limit);
 
   const store = await Storages.db();
+  const signal = c.req.raw.signal;
 
-  const events = await store.query([{ kinds: [0], authors, since, until, limit }], { signal })
+  const events = await store.query([{ kinds: [0], authors }], { signal })
     .then((events) => hydrateEvents({ events, store, signal }));
 
   const accounts = await Promise.all(
@@ -61,7 +63,7 @@ async function renderAccounts(c: AppContext, authors: string[], signal = AbortSi
     }),
   );
 
-  return paginated(c, events, accounts);
+  return paginatedList(c, { offset, limit }, accounts);
 }
 
 /** Render statuses by event IDs. */

src/views/mastodon/accounts.ts

@@ -31,7 +31,13 @@ async function renderAccount(
     website,
   } = n.json().pipe(n.metadata()).catch({}).parse(event.content);
 
-  const npub = nip19.npubEncode(pubkey);
+  let npub: string;
+  try {
+    npub = nip19.npubEncode(pubkey);
+  } catch {
+    return;
+  }
+
   const parsed05 = await parseAndVerifyNip05(nip05, pubkey);
   const role = event.user?.tags.find(([name]) => name === 'role')?.[1] ?? 'user';
 

src/views/mastodon/statuses.ts

@@ -138,6 +138,8 @@ async function renderReblog(event: DittoEvent, opts: RenderStatusOpts) {
 
   return {
     ...status,
+    in_reply_to_id: null,
+    in_reply_to_account_id: null,
     reblog,
   };
 }

src/workers/policy.ts

@@ -1,8 +1,11 @@
+import { Stickynotes } from '@soapbox/stickynotes';
 import * as Comlink from 'comlink';
 
 import { Conf } from '@/config.ts';
 import type { CustomPolicy } from '@/workers/policy.worker.ts';
 
+const console = new Stickynotes('ditto:policy');
+
 export const policyWorker = Comlink.wrap<CustomPolicy>(
   new Worker(
     new URL('./policy.worker.ts', import.meta.url),
@@ -19,3 +22,14 @@ export const policyWorker = Comlink.wrap<CustomPolicy>(
     },
   ),
 );
+
+try {
+  await policyWorker.import(Conf.policy);
+  console.debug(`Using custom policy: ${Conf.policy}`);
+} catch (e) {
+  if (e.message.includes('Module not found')) {
+    console.debug('Custom policy not found <https://docs.soapbox.pub/ditto/policies/>');
+  } else {
+    throw new Error(`DITTO_POLICY (error importing policy): ${Conf.policy}`, e);
+  }
+}

src/workers/policy.worker.ts

@@ -1,6 +1,6 @@
 import 'deno-safe-fetch/load';
 import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/nostrify';
-import { ReadOnlyPolicy } from '@nostrify/nostrify/policies';
+import { NoOpPolicy, ReadOnlyPolicy } from '@nostrify/nostrify/policies';
 import * as Comlink from 'comlink';
 
 export class CustomPolicy implements NPolicy {
@@ -12,8 +12,15 @@ export class CustomPolicy implements NPolicy {
   }
 
   async import(path: string): Promise<void> {
-    const Policy = (await import(path)).default;
-    this.policy = new Policy();
+    try {
+      const Policy = (await import(path)).default;
+      this.policy = new Policy();
+    } catch (e) {
+      if (e.message.includes('Module not found')) {
+        this.policy = new NoOpPolicy();
+      }
+      throw e;
+    }
   }
 }