diff --git a/Dockerfile b/Dockerfile index f2dde5ec..999c0efc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,12 @@ FROM denoland/deno:1.44.2 -EXPOSE 4036 +EXPOSE 5000 + +ENV PORT 5000 + WORKDIR /app RUN mkdir -p data && chown -R deno data -USER deno COPY . . RUN deno cache src/server.ts +RUN apt-get update && apt-get install -y unzip curl +RUN deno task soapbox CMD deno task start diff --git a/deno.json b/deno.json index ab2acc2a..b081f323 100644 --- a/deno.json +++ b/deno.json @@ -15,14 +15,22 @@ "admin:event": "deno run -A scripts/admin-event.ts", "admin:role": "deno run -A scripts/admin-role.ts", "setup": "deno run -A scripts/setup.ts", + "setup:kind0": "deno run -A scripts/setup-kind0.ts", "stats:recompute": "deno run -A scripts/stats-recompute.ts", "soapbox": "curl -O https://dl.soapbox.pub/main/soapbox.zip && mkdir -p public && mv soapbox.zip public/ && cd public/ && unzip -o soapbox.zip && rm soapbox.zip", "trends": "deno run -A scripts/trends.ts", "clean:deps": "deno cache --reload src/app.ts", "db:populate-search": "deno run -A scripts/db-populate-search.ts" }, - "unstable": ["cron", "ffi", "kv", "worker-options"], - "exclude": ["./public"], + "unstable": [ + "cron", + "ffi", + "kv", + "worker-options" + ], + "exclude": [ + "./public" + ], "imports": { "@/": "./src/", "@b-fuze/deno-dom": "jsr:@b-fuze/deno-dom@^0.1.47", @@ -67,10 +75,10 @@ "linkify-string": "npm:linkify-string@^4.1.1", "linkifyjs": "npm:linkifyjs@^4.1.1", "lru-cache": "npm:lru-cache@^10.2.2", - "nostr-relaypool": "npm:nostr-relaypool2@0.6.34", "nostr-tools": "npm:nostr-tools@2.5.1", "nostr-wasm": "npm:nostr-wasm@^0.1.0", "path-to-regexp": "npm:path-to-regexp@^7.1.0", + "png-to-ico": "npm:png-to-ico@^2.1.8", "postgres": "https://gitlab.com/soapbox-pub/postgres.js/-/raw/e79d7d2039446fbf7a37d4eca0d17e94a94b8b53/deno/mod.js", "prom-client": "npm:prom-client@^15.1.2", "question-deno": "https://raw.githubusercontent.com/ocpu/question-deno/10022b8e52555335aa510adb08b0a300df3cf904/mod.ts", @@ -82,14 +90,24 @@ "~/fixtures/": "./fixtures/" }, "lint": { - "include": ["src/", "scripts/"], + "include": [ + "src/", + "scripts/" + ], "rules": { - "tags": ["recommended"], - "exclude": ["no-explicit-any"] + "tags": [ + "recommended" + ], + "exclude": [ + "no-explicit-any" + ] } }, "fmt": { - "include": ["src/", "scripts/"], + "include": [ + "src/", + "scripts/" + ], "useTabs": false, "lineWidth": 120, "indentWidth": 2, diff --git a/deno.lock b/deno.lock index 7aa234d8..7b7e7d1c 100644 --- a/deno.lock +++ b/deno.lock @@ -97,12 +97,12 @@ "npm:lint-staged": "npm:lint-staged@15.2.2", "npm:lru-cache@^10.2.0": "npm:lru-cache@10.2.2", "npm:lru-cache@^10.2.2": "npm:lru-cache@10.2.2", - "npm:nostr-relaypool2@0.6.34": "npm:nostr-relaypool2@0.6.34", "npm:nostr-tools@2.5.1": "npm:nostr-tools@2.5.1", "npm:nostr-tools@^2.5.0": "npm:nostr-tools@2.5.1", "npm:nostr-tools@^2.7.0": "npm:nostr-tools@2.7.0", "npm:nostr-wasm@^0.1.0": "npm:nostr-wasm@0.1.0", "npm:path-to-regexp@^7.1.0": "npm:path-to-regexp@7.1.0", + "npm:png-to-ico@^2.1.8": "npm:png-to-ico@2.1.8", "npm:postgres@3.4.4": "npm:postgres@3.4.4", "npm:prom-client@^15.1.2": "npm:prom-client@15.1.2", "npm:tldts@^6.0.14": "npm:tldts@6.1.18", @@ -582,10 +582,6 @@ "integrity": "sha512-RQgQ4uQ+pLbqXfOmieB91ejmLwvSgv9nLx6sT6sD83s7umBypgg+OIBOBbEUiJXrfpnp9j0mRhYYdzp9uqq3lA==", "dependencies": {} }, - "@noble/ciphers@0.2.0": { - "integrity": "sha512-6YBxJDAapHSdd3bLDv6x2wRPwq4QFMUaB3HvljNBUTThDd12eSm7/3F+2lnfzx2jvM+S6Nsy0jEt9QbPqSwqRw==", - "dependencies": {} - }, "@noble/ciphers@0.5.3": { "integrity": "sha512-B0+6IIHiqEs3BPMT0hcRmHvEj2QHOLu+uwt+tqDDeVd0oyVzh7BPrDcPjRnV1PV/5LaknXJJQvOuRGR0zQJz+w==", "dependencies": {} @@ -672,6 +668,10 @@ "@types/trusted-types": "@types/trusted-types@2.0.7" } }, + "@types/node@17.0.45": { + "integrity": "sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw==", + "dependencies": {} + }, "@types/node@18.16.19": { "integrity": "sha512-IXl7o+R9iti9eBW4Wg2hx1xQDig183jj7YLn8F7udNceyfkbn1ZxmzZXuak20gR40D7pIkIY1kYGx5VIGbaHKA==", "dependencies": {} @@ -983,12 +983,6 @@ "jsdom": "jsdom@24.0.0" } }, - "isomorphic-ws@5.0.0_ws@8.17.0": { - "integrity": "sha512-muId7Zzn9ywDsyXgTIafTry2sV3nySZeUDe6YedVd1Hvuuep5AsIlqK+XefWpYTyJG5e503F2xIuT2lcU6rCSw==", - "dependencies": { - "ws": "ws@8.17.0" - } - }, "jsdom@24.0.0": { "integrity": "sha512-UDS2NayCvmXSXVP6mpTj+73JnNQadZlr9N68189xib2tx5Mls7swlTNao26IoHv46BZJFvXygyRtyXd1feAk1A==", "dependencies": { @@ -1131,6 +1125,10 @@ "integrity": "sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==", "dependencies": {} }, + "minimist@1.2.8": { + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dependencies": {} + }, "ms@2.1.2": { "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dependencies": {} @@ -1145,25 +1143,6 @@ "whatwg-url": "whatwg-url@5.0.0" } }, - "nostr-relaypool2@0.6.34": { - "integrity": "sha512-e3FDh9w/wQkY513mvoJps1Hc/Y5wiWXeBM6MD+YKSyAg+px+/8uHSSHAuHhlavw7oOEOvEsIGlMDMc57DG3MOA==", - "dependencies": { - "isomorphic-ws": "isomorphic-ws@5.0.0_ws@8.17.0", - "nostr-tools": "nostr-tools@1.17.0", - "safe-stable-stringify": "safe-stable-stringify@2.4.3" - } - }, - "nostr-tools@1.17.0": { - "integrity": "sha512-LZmR8GEWKZeElbFV5Xte75dOeE9EFUW/QLI1Ncn3JKn0kFddDKEfBbFN8Mu4TMs+L4HR/WTPha2l+PPuRnJcMw==", - "dependencies": { - "@noble/ciphers": "@noble/ciphers@0.2.0", - "@noble/curves": "@noble/curves@1.1.0", - "@noble/hashes": "@noble/hashes@1.3.1", - "@scure/base": "@scure/base@1.1.1", - "@scure/bip32": "@scure/bip32@1.3.1", - "@scure/bip39": "@scure/bip39@1.2.1" - } - }, "nostr-tools@2.5.1": { "integrity": "sha512-bpkhGGAhdiCN0irfV+xoH3YP5CQeOXyXzUq7SYeM6D56xwTXZCPEmBlUGqFVfQidvRsoVeVxeAiOXW2c2HxoRQ==", "dependencies": { @@ -1240,6 +1219,18 @@ "integrity": "sha512-eG2dWTVw5bzqGRztnHExczNxt5VGsE6OwTeCG3fdUf9KBsZzO3R5OIIIzWR+iZA0NtZ+RDVdaoE2dK1cn6jH4g==", "dependencies": {} }, + "png-to-ico@2.1.8": { + "integrity": "sha512-Nf+IIn/cZ/DIZVdGveJp86NG5uNib1ZXMiDd/8x32HCTeKSvgpyg6D/6tUBn1QO/zybzoMK0/mc3QRgAyXdv9w==", + "dependencies": { + "@types/node": "@types/node@17.0.45", + "minimist": "minimist@1.2.8", + "pngjs": "pngjs@6.0.0" + } + }, + "pngjs@6.0.0": { + "integrity": "sha512-TRzzuFRRmEoSW/p1KVAmiOgPco2Irlah+bGFCeNfJXxxYGwSw7YwAOAcd7X28K/m5bjBWKsC29KyoMfHbypayg==", + "dependencies": {} + }, "postgres@3.4.4": { "integrity": "sha512-IbyN+9KslkqcXa8AO9fxpk97PA4pzewvpi2B3Dwy9u4zpV32QicaEdgmF3eSQUzdRk7ttDHQejNgAEr4XoeH4A==", "dependencies": {} @@ -1282,10 +1273,6 @@ "integrity": "sha512-APM0Gt1KoXBz0iIkkdB/kfvGOwC4UuJFeG/c+yV7wSc7q96cG/kJ0HiYCnzivD9SB53cLV1MlHFNfOuPaadYSw==", "dependencies": {} }, - "safe-stable-stringify@2.4.3": { - "integrity": "sha512-e2bDA2WJT0wxseVd4lsDP4+3ONX6HpMXQa1ZhFQ7SU+GjvORCmShbCMltrtIDfkYhVHrOcPtj+KhmDBdPdZD1g==", - "dependencies": {} - }, "safer-buffer@2.1.2": { "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", "dependencies": {} @@ -2162,10 +2149,10 @@ "npm:linkify-string@^4.1.1", "npm:linkifyjs@^4.1.1", "npm:lru-cache@^10.2.2", - "npm:nostr-relaypool2@0.6.34", "npm:nostr-tools@2.5.1", "npm:nostr-wasm@^0.1.0", "npm:path-to-regexp@^7.1.0", + "npm:png-to-ico@^2.1.8", "npm:prom-client@^15.1.2", "npm:tldts@^6.0.14", "npm:tseep@^1.2.1", diff --git a/scripts/setup-kind0.ts b/scripts/setup-kind0.ts new file mode 100644 index 00000000..c62cc706 --- /dev/null +++ b/scripts/setup-kind0.ts @@ -0,0 +1,70 @@ +import { AdminSigner } from '@/signers/AdminSigner.ts'; +import { Command } from 'commander'; +import { NostrEvent } from 'nostr-tools'; +import { nostrNow } from '@/utils.ts'; +import { Buffer } from 'node:buffer'; +import { Conf } from '@/config.ts'; +import pngToIco from 'png-to-ico'; +import { Storages } from '@/storages.ts'; + +function die(code: number, ...args: any[]) { + console.error(...args); + Deno.exit(code); +} + +if (import.meta.main) { + const kind0 = new Command() + .name('setup:kind0') + .description('Set up / change the kind 0 for a Ditto instance.') + .version('0.1.0') + .showHelpAfterError(); + + kind0 + .argument('', 'The name of the Ditto instance. Can just be your hostname.') + .option( + '-l --lightning ', + 'Lightning address for the server. Can just be your own lightning address.', + ) + .option('-a --about ', 'About text. This shows up whenever a description for your server is needed.') + .option('-i --image ', 'Image URL to use for OpenGraph previews and favicon.') + .action(async (name, args) => { + const { lightning, about, image } = args; + const content: Record = {}; + if (!name || !name.trim()) die(1, 'You must atleast supply a name!'); + content.bot = true; + content.about = about; + content.lud16 = lightning; + content.name = name; + content.picture = image; + content.website = Conf.localDomain; + + const signer = new AdminSigner(); + const bare: Omit = { + created_at: nostrNow(), + kind: 0, + tags: [], + content: JSON.stringify(content), + }; + const signed = await signer.signEvent(bare); + if (image) { + try { + await fetch(image) + .then((res) => { + if (!res.ok) throw new Error('Error attempting to fetch favicon.'); + if (res.headers.get('content-type') !== 'image/png') throw new Error('Non-png images are not supported!'); + return res.blob(); + }) + .then(async (blob) => + await pngToIco(Buffer.from(await blob.arrayBuffer())) + .then(async (buf) => await Deno.writeFile('./public/favicon.ico', buf)) + ); + } catch (e) { + die(1, `Error generating favicon from url ${image}: "${e}". Please check this or try again without --image.`); + } + } + console.log({ content, signed }); + await Storages.db().then((store) => store.event(signed)); + }); + + await kind0.parseAsync(); +} diff --git a/scripts/trends.ts b/scripts/trends.ts index 6600f7e2..627fb332 100644 --- a/scripts/trends.ts +++ b/scripts/trends.ts @@ -1,4 +1,5 @@ import { z } from 'zod'; +import '@/config.ts'; import { updateTrendingEvents, diff --git a/src/config.ts b/src/config.ts index 21fbbe01..ae841997 100644 --- a/src/config.ts +++ b/src/config.ts @@ -1,4 +1,5 @@ import os from 'node:os'; +import ISO6391, { LanguageCode } from 'iso-639-1'; import * as dotenv from '@std/dotenv'; import { getPublicKey, nip19 } from 'nostr-tools'; import { z } from 'zod'; @@ -247,6 +248,10 @@ class Conf { static get zapSplitsEnabled(): boolean { return optionalBooleanSchema.parse(Deno.env.get('ZAP_SPLITS_ENABLED')) ?? false; } + /** Languages this server wishes to highlight. Used when querying trends.*/ + static get preferredLanguages(): LanguageCode[] | undefined { + return Deno.env.get('DITTO_LANGUAGES')?.split(',')?.filter(ISO6391.validate) as LanguageCode[]; + } /** Cache settings. */ static caches = { /** NIP-05 cache settings. */ diff --git a/src/controllers/api/oauth.ts b/src/controllers/api/oauth.ts index 94aaeecd..c4c3eca4 100644 --- a/src/controllers/api/oauth.ts +++ b/src/controllers/api/oauth.ts @@ -1,14 +1,14 @@ import { NConnectSigner, NSchema as n, NSecSigner } from '@nostrify/nostrify'; -import { bech32 } from '@scure/base'; import { escape } from 'entities'; -import { generateSecretKey, getPublicKey } from 'nostr-tools'; +import { generateSecretKey } from 'nostr-tools'; import { z } from 'zod'; import { AppController } from '@/app.ts'; import { Conf } from '@/config.ts'; +import { Storages } from '@/storages.ts'; import { nostrNow } from '@/utils.ts'; import { parseBody } from '@/utils/api.ts'; -import { Storages } from '@/storages.ts'; +import { encryptSecretKey, generateToken } from '@/utils/auth.ts'; const passwordGrantSchema = z.object({ grant_type: z.literal('password'), @@ -82,38 +82,30 @@ async function getToken( { pubkey, secret, relays = [] }: { pubkey: string; secret?: string; relays?: string[] }, ): Promise<`token1${string}`> { const kysely = await Storages.kysely(); - const token = generateToken(); + const { token, hash } = await generateToken(); - const serverSeckey = generateSecretKey(); - const serverPubkey = getPublicKey(serverSeckey); + const nip46Seckey = generateSecretKey(); const signer = new NConnectSigner({ pubkey, - signer: new NSecSigner(serverSeckey), + signer: new NSecSigner(nip46Seckey), relay: await Storages.pubsub(), // TODO: Use the relays from the request. timeout: 60_000, }); await signer.connect(secret); - await kysely.insertInto('nip46_tokens').values({ - api_token: token, - user_pubkey: pubkey, - server_seckey: serverSeckey, - server_pubkey: serverPubkey, - relays: JSON.stringify(relays), - connected_at: new Date(), + await kysely.insertInto('auth_tokens').values({ + token_hash: hash, + pubkey, + nip46_sk_enc: await encryptSecretKey(Conf.seckey, nip46Seckey), + nip46_relays: relays, + created_at: new Date(), }).execute(); return token; } -/** Generate a bech32 token for the API. */ -function generateToken(): `token1${string}` { - const words = bech32.toWords(generateSecretKey()); - return bech32.encode('token', words); -} - /** Display the OAuth form. */ const oauthController: AppController = (c) => { const encodedUri = c.req.query('redirect_uri'); diff --git a/src/controllers/api/statuses.ts b/src/controllers/api/statuses.ts index 486ea28b..19907895 100644 --- a/src/controllers/api/statuses.ts +++ b/src/controllers/api/statuses.ts @@ -88,14 +88,28 @@ const createStatusController: AppController = async (c) => { return c.json({ error: 'Original post not found.' }, 404); } - const root = ancestor.tags.find((tag) => tag[0] === 'e' && tag[3] === 'root')?.[1] ?? ancestor.id; + const rootId = ancestor.tags.find((tag) => tag[0] === 'e' && tag[3] === 'root')?.[1] ?? ancestor.id; + const root = rootId === ancestor.id ? ancestor : await getEvent(rootId); - tags.push(['e', root, Conf.relay, 'root']); - tags.push(['e', data.in_reply_to_id, Conf.relay, 'reply']); + if (root) { + tags.push(['e', root.id, Conf.relay, 'root', root.pubkey]); + } else { + tags.push(['e', rootId, Conf.relay, 'root']); + } + + tags.push(['e', ancestor.id, Conf.relay, 'reply', ancestor.pubkey]); } + let quoted: DittoEvent | undefined; + if (data.quote_id) { - tags.push(['q', data.quote_id]); + quoted = await getEvent(data.quote_id); + + if (!quoted) { + return c.json({ error: 'Quoted post not found.' }, 404); + } + + tags.push(['q', quoted.id, Conf.relay, '', quoted.pubkey]); } if (data.sensitive && data.spoiler_text) { @@ -143,7 +157,7 @@ const createStatusController: AppController = async (c) => { } try { - return `nostr:${nip19.npubEncode(pubkey)}`; + return `nostr:${nip19.nprofileEncode({ pubkey, relays: [Conf.relay] })}`; } catch { return match; } @@ -159,7 +173,7 @@ const createStatusController: AppController = async (c) => { } for (const pubkey of pubkeys) { - tags.push(['p', pubkey]); + tags.push(['p', pubkey, Conf.relay]); } for (const link of linkify.find(data.status ?? '')) { @@ -175,10 +189,16 @@ const createStatusController: AppController = async (c) => { .map(({ url }) => url) .filter((url): url is string => Boolean(url)); - const quoteCompat = data.quote_id ? `\n\nnostr:${nip19.noteEncode(data.quote_id)}` : ''; + const quoteCompat = quoted + ? `\n\nnostr:${ + nip19.neventEncode({ id: quoted.id, kind: quoted.kind, author: quoted.pubkey, relays: [Conf.relay] }) + }` + : ''; + const mediaCompat = mediaUrls.length ? `\n\n${mediaUrls.join('\n')}` : ''; - const author = await getAuthor(await c.get('signer')?.getPublicKey()!); + const pubkey = await c.get('signer')?.getPublicKey()!; + const author = pubkey ? await getAuthor(pubkey) : undefined; if (Conf.zapSplitsEnabled) { const meta = n.json().pipe(n.metadata()).catch({}).parse(author?.content); @@ -191,7 +211,7 @@ const createStatusController: AppController = async (c) => { tags.push(['zap', pubkey, Conf.relay, dittoZapSplit[pubkey].weight.toString(), dittoZapSplit[pubkey].message]); } if (totalSplit) { - tags.push(['zap', author?.pubkey as string, Conf.relay, Math.max(0, 100 - totalSplit).toString()]); + tags.push(['zap', pubkey, Conf.relay, Math.max(0, 100 - totalSplit).toString()]); } } } @@ -223,7 +243,7 @@ const deleteStatusController: AppController = async (c) => { if (event.pubkey === pubkey) { await createEvent({ kind: 5, - tags: [['e', id, Conf.relay]], + tags: [['e', id, Conf.relay, '', pubkey]], }, c); const author = await getAuthor(event.pubkey); @@ -281,7 +301,7 @@ const favouriteController: AppController = async (c) => { kind: 7, content: '+', tags: [ - ['e', target.id, Conf.relay], + ['e', target.id, Conf.relay, '', target.pubkey], ['p', target.pubkey, Conf.relay], ], }, c); @@ -324,7 +344,7 @@ const reblogStatusController: AppController = async (c) => { const reblogEvent = await createEvent({ kind: 6, tags: [ - ['e', event.id, Conf.relay], + ['e', event.id, Conf.relay, '', event.pubkey], ['p', event.pubkey, Conf.relay], ], }, c); @@ -361,7 +381,7 @@ const unreblogStatusController: AppController = async (c) => { await createEvent({ kind: 5, - tags: [['e', repostEvent.id, Conf.relay]], + tags: [['e', repostEvent.id, Conf.relay, '', repostEvent.pubkey]], }, c); return c.json(await renderStatus(event, { viewerPubkey: pubkey })); @@ -413,7 +433,7 @@ const bookmarkController: AppController = async (c) => { if (event) { await updateListEvent( { kinds: [10003], authors: [pubkey], limit: 1 }, - (tags) => addTag(tags, ['e', eventId, Conf.relay]), + (tags) => addTag(tags, ['e', event.id, Conf.relay, '', event.pubkey]), c, ); @@ -440,7 +460,7 @@ const unbookmarkController: AppController = async (c) => { if (event) { await updateListEvent( { kinds: [10003], authors: [pubkey], limit: 1 }, - (tags) => deleteTag(tags, ['e', eventId, Conf.relay]), + (tags) => deleteTag(tags, ['e', event.id, Conf.relay, '', event.pubkey]), c, ); @@ -467,7 +487,7 @@ const pinController: AppController = async (c) => { if (event) { await updateListEvent( { kinds: [10001], authors: [pubkey], limit: 1 }, - (tags) => addTag(tags, ['e', eventId, Conf.relay]), + (tags) => addTag(tags, ['e', event.id, Conf.relay, '', event.pubkey]), c, ); @@ -496,7 +516,7 @@ const unpinController: AppController = async (c) => { if (event) { await updateListEvent( { kinds: [10001], authors: [pubkey], limit: 1 }, - (tags) => deleteTag(tags, ['e', eventId, Conf.relay]), + (tags) => deleteTag(tags, ['e', event.id, Conf.relay, '', event.pubkey]), c, ); @@ -540,8 +560,8 @@ const zapController: AppController = async (c) => { lnurl = getLnurl(meta); if (target && lnurl) { tags.push( - ['e', target.id, Conf.relay], - ['p', target.pubkey], + ['e', target.id, Conf.relay, '', target.pubkey], + ['p', target.pubkey, Conf.relay], ['amount', amount.toString()], ['relays', Conf.relay], ['lnurl', lnurl], @@ -553,7 +573,7 @@ const zapController: AppController = async (c) => { lnurl = getLnurl(meta); if (target && lnurl) { tags.push( - ['p', target.pubkey], + ['p', target.pubkey, Conf.relay], ['amount', amount.toString()], ['relays', Conf.relay], ['lnurl', lnurl], diff --git a/src/controllers/api/streaming.ts b/src/controllers/api/streaming.ts index cee7c57e..9693a16c 100644 --- a/src/controllers/api/streaming.ts +++ b/src/controllers/api/streaming.ts @@ -14,6 +14,7 @@ import { MuteListPolicy } from '@/policies/MuteListPolicy.ts'; import { getFeedPubkeys } from '@/queries.ts'; import { hydrateEvents } from '@/storages/hydrate.ts'; import { Storages } from '@/storages.ts'; +import { getTokenHash } from '@/utils/auth.ts'; import { bech32ToPubkey, Time } from '@/utils.ts'; import { renderReblog, renderStatus } from '@/views/mastodon/statuses.ts'; import { renderNotification } from '@/views/mastodon/notifications.ts'; @@ -233,14 +234,15 @@ async function topicToFilter( async function getTokenPubkey(token: string): Promise { if (token.startsWith('token1')) { const kysely = await Storages.kysely(); + const tokenHash = await getTokenHash(token as `token1${string}`); - const { user_pubkey } = await kysely - .selectFrom('nip46_tokens') - .select(['user_pubkey', 'server_seckey', 'relays']) - .where('api_token', '=', token) + const { pubkey } = await kysely + .selectFrom('auth_tokens') + .select('pubkey') + .where('token_hash', '=', tokenHash) .executeTakeFirstOrThrow(); - return user_pubkey; + return pubkey; } else { return bech32ToPubkey(token); } diff --git a/src/db/DittoTables.ts b/src/db/DittoTables.ts index c05ffe66..b6fa93f4 100644 --- a/src/db/DittoTables.ts +++ b/src/db/DittoTables.ts @@ -4,7 +4,7 @@ import { NPostgresSchema } from '@nostrify/db'; export interface DittoTables extends NPostgresSchema { nostr_events: NostrEventsRow; - nip46_tokens: NIP46TokenRow; + auth_tokens: AuthTokenRow; author_stats: AuthorStatsRow; event_stats: EventStatsRow; pubkey_domains: PubkeyDomainRow; @@ -33,13 +33,12 @@ interface EventStatsRow { zaps_amount: number; } -interface NIP46TokenRow { - api_token: string; - user_pubkey: string; - server_seckey: Uint8Array; - server_pubkey: string; - relays: string; - connected_at: Date; +interface AuthTokenRow { + token_hash: Uint8Array; + pubkey: string; + nip46_sk_enc: Uint8Array; + nip46_relays: string[]; + created_at: Date; } interface PubkeyDomainRow { diff --git a/src/db/migrations/037_auth_tokens.ts b/src/db/migrations/037_auth_tokens.ts new file mode 100644 index 00000000..71e971d3 --- /dev/null +++ b/src/db/migrations/037_auth_tokens.ts @@ -0,0 +1,62 @@ +import { Kysely, sql } from 'kysely'; + +import { encryptSecretKey, getTokenHash } from '@/utils/auth.ts'; +import { Conf } from '@/config.ts'; + +interface DB { + nip46_tokens: { + api_token: `token1${string}`; + user_pubkey: string; + server_seckey: Uint8Array; + server_pubkey: string; + relays: string; + connected_at: Date; + }; + auth_tokens: { + token_hash: Uint8Array; + pubkey: string; + nip46_sk_enc: Uint8Array; + nip46_relays: string[]; + created_at: Date; + }; +} + +export async function up(db: Kysely): Promise { + await db.schema + .createTable('auth_tokens') + .addColumn('token_hash', 'bytea', (col) => col.primaryKey()) + .addColumn('pubkey', 'char(64)', (col) => col.notNull()) + .addColumn('nip46_sk_enc', 'bytea', (col) => col.notNull()) + .addColumn('nip46_relays', 'jsonb', (col) => col.defaultTo('[]')) + .addColumn('created_at', 'timestamp', (col) => col.defaultTo(sql`CURRENT_TIMESTAMP`)) + .execute(); + + // There are probably not that many tokens in the database yet, so this should be fine. + const tokens = await db.selectFrom('nip46_tokens').selectAll().execute(); + + for (const token of tokens) { + await db.insertInto('auth_tokens').values({ + token_hash: await getTokenHash(token.api_token), + pubkey: token.user_pubkey, + nip46_sk_enc: await encryptSecretKey(Conf.seckey, token.server_seckey), + nip46_relays: JSON.parse(token.relays), + created_at: token.connected_at, + }).execute(); + } + + await db.schema.dropTable('nip46_tokens').execute(); +} + +export async function down(db: Kysely): Promise { + await db.schema.dropTable('auth_tokens').execute(); + + await db.schema + .createTable('nip46_tokens') + .addColumn('api_token', 'text', (col) => col.primaryKey().unique().notNull()) + .addColumn('user_pubkey', 'text', (col) => col.notNull()) + .addColumn('server_seckey', 'bytea', (col) => col.notNull()) + .addColumn('server_pubkey', 'text', (col) => col.notNull()) + .addColumn('relays', 'text', (col) => col.defaultTo('[]')) + .addColumn('connected_at', 'timestamp', (col) => col.defaultTo(sql`CURRENT_TIMESTAMP`)) + .execute(); +} diff --git a/src/middleware/signerMiddleware.ts b/src/middleware/signerMiddleware.ts index 344e14ef..8200ae1d 100644 --- a/src/middleware/signerMiddleware.ts +++ b/src/middleware/signerMiddleware.ts @@ -3,9 +3,11 @@ import { NSecSigner } from '@nostrify/nostrify'; import { nip19 } from 'nostr-tools'; import { AppMiddleware } from '@/app.ts'; +import { Conf } from '@/config.ts'; import { ConnectSigner } from '@/signers/ConnectSigner.ts'; import { ReadOnlySigner } from '@/signers/ReadOnlySigner.ts'; import { Storages } from '@/storages.ts'; +import { decryptSecretKey, getTokenHash } from '@/utils/auth.ts'; /** We only accept "Bearer" type. */ const BEARER_REGEX = new RegExp(`^Bearer (${nip19.BECH32_REGEX.source})$`); @@ -21,14 +23,17 @@ export const signerMiddleware: AppMiddleware = async (c, next) => { if (bech32.startsWith('token1')) { try { const kysely = await Storages.kysely(); + const tokenHash = await getTokenHash(bech32 as `token1${string}`); - const { user_pubkey, server_seckey, relays } = await kysely - .selectFrom('nip46_tokens') - .select(['user_pubkey', 'server_seckey', 'relays']) - .where('api_token', '=', bech32) + const { pubkey, nip46_sk_enc, nip46_relays } = await kysely + .selectFrom('auth_tokens') + .select(['pubkey', 'nip46_sk_enc', 'nip46_relays']) + .where('token_hash', '=', tokenHash) .executeTakeFirstOrThrow(); - c.set('signer', new ConnectSigner(user_pubkey, new NSecSigner(server_seckey), JSON.parse(relays))); + const nep46Seckey = await decryptSecretKey(Conf.seckey, nip46_sk_enc); + + c.set('signer', new ConnectSigner(pubkey, new NSecSigner(nep46Seckey), nip46_relays)); } catch { throw new HTTPException(401); } diff --git a/src/trends.test.ts b/src/trends.test.ts new file mode 100644 index 00000000..66cae23b --- /dev/null +++ b/src/trends.test.ts @@ -0,0 +1,105 @@ +import { assertEquals } from '@std/assert'; +import { generateSecretKey, NostrEvent } from 'nostr-tools'; + +import { getTrendingTagValues } from '@/trends.ts'; +import { createTestDB, genEvent } from '@/test.ts'; + +Deno.test("getTrendingTagValues(): 'e' tag and WITHOUT language parameter", async () => { + await using db = await createTestDB(); + + const events: NostrEvent[] = []; + + let sk = generateSecretKey(); + const post1 = genEvent({ kind: 1, content: 'SHOW ME THE MONEY' }, sk); + const numberOfAuthorsWhoLikedPost1 = 100; + const post1multiplier = 2; + const post1uses = numberOfAuthorsWhoLikedPost1 * post1multiplier; + for (let i = 0; i < numberOfAuthorsWhoLikedPost1; i++) { + const sk = generateSecretKey(); + events.push( + genEvent({ kind: 7, content: '+', tags: Array(post1multiplier).fill([...['e', post1.id]]) }, sk), + ); + } + events.push(post1); + + sk = generateSecretKey(); + const post2 = genEvent({ kind: 1, content: 'Ithaca' }, sk); + const numberOfAuthorsWhoLikedPost2 = 100; + const post2multiplier = 1; + const post2uses = numberOfAuthorsWhoLikedPost2 * post2multiplier; + for (let i = 0; i < numberOfAuthorsWhoLikedPost2; i++) { + const sk = generateSecretKey(); + events.push( + genEvent({ kind: 7, content: '+', tags: Array(post2multiplier).fill([...['e', post2.id]]) }, sk), + ); + } + events.push(post2); + + for (const event of events) { + await db.store.event(event); + } + + const trends = await getTrendingTagValues(db.kysely, ['e'], { kinds: [1, 7] }); + + const expected = [{ value: post1.id, authors: numberOfAuthorsWhoLikedPost1, uses: post1uses }, { + value: post2.id, + authors: numberOfAuthorsWhoLikedPost2, + uses: post2uses, + }]; + + assertEquals(trends, expected); +}); + +Deno.test("getTrendingTagValues(): 'e' tag and WITH language parameter", async () => { + await using db = await createTestDB(); + + const events: NostrEvent[] = []; + + let sk = generateSecretKey(); + const post1 = genEvent({ kind: 1, content: 'Irei cortar o cabelo.' }, sk); + const numberOfAuthorsWhoLikedPost1 = 100; + const post1multiplier = 2; + const post1uses = numberOfAuthorsWhoLikedPost1 * post1multiplier; + for (let i = 0; i < numberOfAuthorsWhoLikedPost1; i++) { + const sk = generateSecretKey(); + events.push( + genEvent({ kind: 7, content: '+', tags: Array(post1multiplier).fill([...['e', post1.id]]) }, sk), + ); + } + events.push(post1); + + sk = generateSecretKey(); + const post2 = genEvent({ kind: 1, content: 'Ithaca' }, sk); + const numberOfAuthorsWhoLikedPost2 = 100; + const post2multiplier = 1; + for (let i = 0; i < numberOfAuthorsWhoLikedPost2; i++) { + const sk = generateSecretKey(); + events.push( + genEvent({ kind: 7, content: '+', tags: Array(post2multiplier).fill([...['e', post2.id]]) }, sk), + ); + } + events.push(post2); + + for (const event of events) { + await db.store.event(event); + } + + await db.kysely.updateTable('nostr_events') + .set('language', 'pt') + .where('id', '=', post1.id) + .execute(); + + await db.kysely.updateTable('nostr_events') + .set('language', 'en') + .where('id', '=', post2.id) + .execute(); + + const languagesIds = (await db.store.query([{ search: 'language:pt' }])).map((event) => event.id); + + const trends = await getTrendingTagValues(db.kysely, ['e'], { kinds: [1, 7] }, languagesIds); + + // portuguese post + const expected = [{ value: post1.id, authors: numberOfAuthorsWhoLikedPost1, uses: post1uses }]; + + assertEquals(trends, expected); +}); diff --git a/src/trends.ts b/src/trends.ts index 23f7ea4d..cf4f7c96 100644 --- a/src/trends.ts +++ b/src/trends.ts @@ -19,6 +19,8 @@ export async function getTrendingTagValues( tagNames: string[], /** Filter of eligible events. */ filter: NostrFilter, + /** If present, only tag values in this list are permitted to trend. */ + values?: string[], ): Promise<{ value: string; authors: number; uses: number }[]> { let query = kysely .selectFrom([ @@ -33,7 +35,7 @@ export async function getTrendingTagValues( ]) .where('kv.key', '=', (eb) => eb.fn.any(eb.val(tagNames))) .groupBy((eb) => eb.fn('lower', ['element.value'])) - .orderBy((eb) => eb.fn.agg('count', ['nostr_events.pubkey']).distinct(), 'desc'); + .orderBy('authors desc').orderBy('uses desc'); if (filter.kinds) { query = query.where('nostr_events.kind', '=', ({ fn, val }) => fn.any(val(filter.kinds))); @@ -47,6 +49,9 @@ export async function getTrendingTagValues( if (typeof filter.until === 'number') { query = query.where('nostr_events.created_at', '<=', filter.until); } + if (values) { + query = query.where('element.value', 'in', values); + } if (typeof filter.limit === 'number') { query = query.limit(filter.limit); } @@ -68,6 +73,7 @@ export async function updateTrendingTags( limit: number, extra = '', aliases?: string[], + values?: string[], ) { console.info(`Updating trending ${l}...`); const kysely = await Storages.kysely(); @@ -84,8 +90,9 @@ export async function updateTrendingTags( since: yesterday, until: now, limit, - }); + }, values); + console.log(trends); if (!trends.length) { console.info(`No trending ${l} found. Skipping.`); return; @@ -122,8 +129,31 @@ export function updateTrendingZappedEvents(): Promise { } /** Update trending events. */ -export function updateTrendingEvents(): Promise { - return updateTrendingTags('#e', 'e', [1, 6, 7, 9735], 40, Conf.relay, ['q']); +export async function updateTrendingEvents(): Promise { + const results: Promise[] = [ + updateTrendingTags('#e', 'e', [1, 6, 7, 9735], 40, Conf.relay, ['q']), + ]; + + const kysely = await Storages.kysely(); + + for (const language of Conf.preferredLanguages ?? []) { + const yesterday = Math.floor((Date.now() - Time.days(1)) / 1000); + const now = Math.floor(Date.now() / 1000); + + const rows = await kysely + .selectFrom('nostr_events') + .select('nostr_events.id') + .where('nostr_events.language', '=', language) + .where('nostr_events.created_at', '>=', yesterday) + .where('nostr_events.created_at', '<=', now) + .execute(); + + const ids = rows.map((row) => row.id); + + results.push(updateTrendingTags(`#e.${language}`, 'e', [1, 6, 7, 9735], 40, Conf.relay, ['q'], ids)); + } + + await Promise.allSettled(results); } /** Update trending hashtags. */ diff --git a/src/utils.ts b/src/utils.ts index e361109d..ae257374 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -64,20 +64,6 @@ function findTag(tags: string[][], name: string): string[] | undefined { return tags.find((tag) => tag[0] === name); } -/** - * Get sha256 hash (hex) of some text. - * https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#converting_a_digest_to_a_hex_string - */ -async function sha256(message: string): Promise { - const msgUint8 = new TextEncoder().encode(message); - const hashBuffer = await crypto.subtle.digest('SHA-256', msgUint8); - const hashArray = Array.from(new Uint8Array(hashBuffer)); - const hashHex = hashArray - .map((b) => b.toString(16).padStart(2, '0')) - .join(''); - return hashHex; -} - /** Test whether the value is a Nostr ID. */ function isNostrId(value: unknown): boolean { return n.id().safeParse(value).success; @@ -88,6 +74,6 @@ function isURL(value: unknown): boolean { return z.string().url().safeParse(value).success; } -export { bech32ToPubkey, eventAge, findTag, isNostrId, isURL, type Nip05, nostrDate, nostrNow, parseNip05, sha256 }; +export { bech32ToPubkey, eventAge, findTag, isNostrId, isURL, type Nip05, nostrDate, nostrNow, parseNip05 }; export { Time } from '@/utils/time.ts'; diff --git a/src/utils/auth.bench.ts b/src/utils/auth.bench.ts new file mode 100644 index 00000000..8c3da7cf --- /dev/null +++ b/src/utils/auth.bench.ts @@ -0,0 +1,28 @@ +import { generateSecretKey } from 'nostr-tools'; + +import { decryptSecretKey, encryptSecretKey, generateToken, getTokenHash } from '@/utils/auth.ts'; + +Deno.bench('generateToken', async () => { + await generateToken(); +}); + +Deno.bench('getTokenHash', async (b) => { + const { token } = await generateToken(); + b.start(); + await getTokenHash(token); +}); + +Deno.bench('encryptSecretKey', async (b) => { + const sk = generateSecretKey(); + const decrypted = generateSecretKey(); + b.start(); + await encryptSecretKey(sk, decrypted); +}); + +Deno.bench('decryptSecretKey', async (b) => { + const sk = generateSecretKey(); + const decrypted = generateSecretKey(); + const encrypted = await encryptSecretKey(sk, decrypted); + b.start(); + await decryptSecretKey(sk, encrypted); +}); diff --git a/src/utils/auth.test.ts b/src/utils/auth.test.ts new file mode 100644 index 00000000..e9e610c1 --- /dev/null +++ b/src/utils/auth.test.ts @@ -0,0 +1,29 @@ +import { assertEquals } from '@std/assert'; +import { decodeHex, encodeHex } from '@std/encoding/hex'; +import { generateSecretKey } from 'nostr-tools'; + +import { decryptSecretKey, encryptSecretKey, generateToken, getTokenHash } from '@/utils/auth.ts'; + +Deno.test('generateToken', async () => { + const sk = decodeHex('a0968751df8fd42f362213f08751911672f2a037113b392403bbb7dd31b71c95'); + + const { token, hash } = await generateToken(sk); + + assertEquals(token, 'token15ztgw5wl3l2z7d3zz0cgw5v3zee09gphzyanjfqrhwma6vdhrj2sauwknd'); + assertEquals(encodeHex(hash), 'ab4c4ead4d1c72a38fffd45b999937b7e3f25f867b19aaf252df858e77b66a8a'); +}); + +Deno.test('getTokenHash', async () => { + const hash = await getTokenHash('token15ztgw5wl3l2z7d3zz0cgw5v3zee09gphzyanjfqrhwma6vdhrj2sauwknd'); + assertEquals(encodeHex(hash), 'ab4c4ead4d1c72a38fffd45b999937b7e3f25f867b19aaf252df858e77b66a8a'); +}); + +Deno.test('encryptSecretKey & decryptSecretKey', async () => { + const sk = generateSecretKey(); + const data = generateSecretKey(); + + const encrypted = await encryptSecretKey(sk, data); + const decrypted = await decryptSecretKey(sk, encrypted); + + assertEquals(encodeHex(decrypted), encodeHex(data)); +}); diff --git a/src/utils/auth.ts b/src/utils/auth.ts new file mode 100644 index 00000000..05e838a9 --- /dev/null +++ b/src/utils/auth.ts @@ -0,0 +1,54 @@ +import { bech32 } from '@scure/base'; +import { generateSecretKey } from 'nostr-tools'; + +/** + * Generate an auth token for the API. + * + * Returns a bech32 encoded API token and the SHA-256 hash of the bytes. + * The token should be presented to the user, but only the hash should be stored in the database. + */ +export async function generateToken(sk = generateSecretKey()): Promise<{ token: `token1${string}`; hash: Uint8Array }> { + const words = bech32.toWords(sk); + const token = bech32.encode('token', words); + + const buffer = await crypto.subtle.digest('SHA-256', sk); + const hash = new Uint8Array(buffer); + + return { token, hash }; +} + +/** + * Get the SHA-256 hash of an API token. + * First decodes from bech32 then hashes the bytes. + * Used to identify the user in the database by the hash of their token. + */ +export async function getTokenHash(token: `token1${string}`): Promise { + const { bytes: sk } = bech32.decodeToBytes(token); + const buffer = await crypto.subtle.digest('SHA-256', sk); + + return new Uint8Array(buffer); +} + +/** + * Encrypt a secret key with AES-GCM. + * This function is used to store the secret key in the database. + */ +export async function encryptSecretKey(sk: Uint8Array, decrypted: Uint8Array): Promise { + const secretKey = await crypto.subtle.importKey('raw', sk, { name: 'AES-GCM' }, false, ['encrypt']); + const iv = crypto.getRandomValues(new Uint8Array(12)); + const buffer = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, secretKey, decrypted); + + return new Uint8Array([...iv, ...new Uint8Array(buffer)]); +} + +/** + * Decrypt a secret key with AES-GCM. + * This function is used to retrieve the secret key from the database. + */ +export async function decryptSecretKey(sk: Uint8Array, encrypted: Uint8Array): Promise { + const secretKey = await crypto.subtle.importKey('raw', sk, { name: 'AES-GCM' }, false, ['decrypt']); + const iv = encrypted.slice(0, 12); + const buffer = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, secretKey, encrypted.slice(12)); + + return new Uint8Array(buffer); +} diff --git a/src/utils/lnurl.ts b/src/utils/lnurl.ts index 64e10fe3..1dd99769 100644 --- a/src/utils/lnurl.ts +++ b/src/utils/lnurl.ts @@ -1,5 +1,5 @@ import { LNURL, LNURLDetails } from '@nostrify/nostrify/ln'; -import Debug from '@soapbox/stickynotes/debug'; +import { Stickynotes } from '@soapbox/stickynotes'; import { cachedLnurlsSizeGauge } from '@/metrics.ts'; import { SimpleLRU } from '@/utils/SimpleLRU.ts'; @@ -7,17 +7,17 @@ import { Time } from '@/utils/time.ts'; import { fetchWorker } from '@/workers/fetch.ts'; import { NostrEvent } from '@nostrify/nostrify'; -const debug = Debug('ditto:lnurl'); +const console = new Stickynotes('ditto:lnurl'); const lnurlCache = new SimpleLRU( async (lnurl, { signal }) => { - debug(`Lookup ${lnurl}`); + console.debug(`Lookup ${lnurl}`); try { const result = await LNURL.lookup(lnurl, { fetch: fetchWorker, signal }); - debug(`Found: ${lnurl}`); + console.debug(`Found: ${lnurl}`); return result; } catch (e) { - debug(`Not found: ${lnurl}`); + console.debug(`Not found: ${lnurl}`); throw e; } }, diff --git a/src/utils/media.test.ts b/src/utils/media.test.ts index e88e97da..39abed23 100644 --- a/src/utils/media.test.ts +++ b/src/utils/media.test.ts @@ -7,6 +7,10 @@ Deno.test('getUrlMediaType', () => { assertEquals(getUrlMediaType('https://example.com/index.html'), 'text/html'); assertEquals(getUrlMediaType('https://example.com/yolo'), undefined); assertEquals(getUrlMediaType('https://example.com/'), undefined); + assertEquals( + getUrlMediaType('https://gitlab.com/soapbox-pub/nostrify/-/blob/main/packages/policies/WoTPolicy.ts'), + 'application/typescript', + ); }); Deno.test('isPermittedMediaType', () => { diff --git a/src/utils/media.ts b/src/utils/media.ts index 9c0ea9e3..82c9832d 100644 --- a/src/utils/media.ts +++ b/src/utils/media.ts @@ -1,4 +1,4 @@ -import { typeByExtension } from '@std/media-types'; +import { typeByExtension as _typeByExtension } from '@std/media-types'; /** Get media type of the filename in the URL by its extension, if any. */ export function getUrlMediaType(url: string): string | undefined { @@ -22,3 +22,13 @@ export function isPermittedMediaType(mediaType: string, permitted: string[]): bo const [baseType, _subType] = mediaType.split('/'); return permitted.includes(baseType); } + +/** Custom type-by-extension with overrides. */ +function typeByExtension(ext: string): string | undefined { + switch (ext) { + case 'ts': + return 'application/typescript'; + default: + return _typeByExtension(ext); + } +} diff --git a/src/utils/nip98.ts b/src/utils/nip98.ts index c33da877..f83fcddb 100644 --- a/src/utils/nip98.ts +++ b/src/utils/nip98.ts @@ -1,9 +1,10 @@ import { NostrEvent, NSchema as n } from '@nostrify/nostrify'; +import { encodeHex } from '@std/encoding/hex'; import { EventTemplate, nip13 } from 'nostr-tools'; import { decode64Schema } from '@/schema.ts'; import { signedEventSchema } from '@/schemas/nostr.ts'; -import { eventAge, findTag, nostrNow, sha256 } from '@/utils.ts'; +import { eventAge, findTag, nostrNow } from '@/utils.ts'; import { Time } from '@/utils/time.ts'; /** Decode a Nostr event from a base64 encoded string. */ @@ -41,11 +42,10 @@ function validateAuthEvent(req: Request, event: NostrEvent, opts: ParseAuthReque .refine((event) => pow ? nip13.getPow(event.id) >= pow : true, 'Insufficient proof of work') .refine(validateBody, 'Event payload does not match request body'); - function validateBody(event: NostrEvent) { + async function validateBody(event: NostrEvent): Promise { if (!validatePayload) return true; - return req.clone().text() - .then(sha256) - .then((hash) => hash === tagValue(event, 'payload')); + const payload = await getPayload(req); + return payload === tagValue(event, 'payload'); } return schema.safeParseAsync(event); @@ -62,7 +62,7 @@ async function buildAuthEventTemplate(req: Request, opts: ParseAuthRequestOpts = ]; if (validatePayload) { - const payload = await req.clone().text().then(sha256); + const payload = await getPayload(req); tags.push(['payload', payload]); } @@ -74,6 +74,14 @@ async function buildAuthEventTemplate(req: Request, opts: ParseAuthRequestOpts = }; } +/** Get a SHA-256 hash of the request body encoded as a hex string. */ +async function getPayload(req: Request): Promise { + const text = await req.clone().text(); + const bytes = new TextEncoder().encode(text); + const buffer = await crypto.subtle.digest('SHA-256', bytes); + return encodeHex(buffer); +} + /** Get the value for the first matching tag name in the event. */ function tagValue(event: NostrEvent, tagName: string): string | undefined { return findTag(event.tags, tagName)?.[1];