Display all users in nostr.json

fix logging default config

See merge request soapbox-pub/ditto!735

.gitlab-ci.yml

@@ -1,4 +1,4 @@
-image: denoland/deno:2.1.1
+image: denoland/deno:2.2.2
 
 default:
   interruptible: true
@@ -8,11 +8,12 @@ stages:
 
 test:
   stage: test
+  timeout: 2 minutes
   script:
     - deno fmt --check
-    - deno lint
+    - deno task lint
     - deno task check
-    - deno task test --coverage=cov_profile
+    - deno task test --ignore=packages/transcode --coverage=cov_profile
     - deno coverage cov_profile
   coverage: /All files[^\|]*\|[^\|]*\s+([\d\.]+)/
   services:

.goosehints

@@ -0,0 +1,45 @@
+# Ditto
+
+This project is called Ditto, a self-hosted social media server written in TypeScript with Deno. It implements the [Nostr Protocol](https://raw.githubusercontent.com/nostr-protocol/nips/refs/heads/master/README.md), and parts of the [Mastodon API](https://docs.joinmastodon.org/methods/) and [Pleroma API](https://git.pleroma.social/pleroma/pleroma/-/raw/develop/docs/development/API/pleroma_api.md).
+
+## Project Structure
+
+Ditto is a monorepo with a `packages` directory. The main package is `packages/ditto`, and the main API definition is in `packages/ditto/app.ts`.
+
+## Deno, npm, and jsr
+
+Ditto uses Deno 2.x
+
+Dependencies are managed in `deno.json`, which are added with the `deno add` command. This command also updates the `deno.lock` file. npm packages can be added by using `deno add` and prefixing the package name with an `npm:` protocol. For example, `deno add npm:kysely` would add the `kysely` package from npm.
+
+[jsr](https://jsr.io/) is a modern alternative to npm. It's a completely different registry with different packages available. jsr packages can be added by using `deno add` and prefixing the package name with a `jsr:` protocol. For example, `deno add jsr:@std/assert` would add the `@std/assert` package from jsr.
+
+## Nostr
+
+Nostr is a decentralized social media protocol involving clients, relays, keys, and a unified Nostr event format.
+
+Specifications on Nostr are called "NIPs". NIP stands for "Nostr Implementation Possibilities". NIPs are numbered like `NIP-XX` where `XX` are two capitalized hexadecimal digits, eg `NIP-01` and `NIP-C7`.
+
+To learn about Nostr, use the fetch tool to read [NIP-01](https://raw.githubusercontent.com/nostr-protocol/nips/refs/heads/master/01.md).
+
+To read a specific NIP, construct the NIP URL following this template: `https://raw.githubusercontent.com/nostr-protocol/nips/refs/heads/master/{nip}.md` (replace `{nip}` in the URL template with the relevant NIP name, eg `07` for NIP-07, or `C7` for NIP-C7). Then use the fetch tool to read the URL.
+
+To read the definition of a specific kind, construct a URL following this template: `https://nostrbook.dev/kinds/{kind}.md` (replace `{kind}` in the template with the kind number, eg `https://nostrbook.dev/kinds/0.md` for kind 0).
+
+To discover the full list of NIPs, use the fetch tool to read the [NIPs README](https://raw.githubusercontent.com/nostr-protocol/nips/refs/heads/master/README.md).
+
+It's important that Ditto conforms to Nostr standards. Please read as much of the NIPs as you need to have a full understanding before adding or modifying Nostr events and filters. It is possible to add new ideas to Nostr that don't exist yet in the NIPs, but only after other options have been explored. Care must be taken when adding new Nostr ideas, to ensure they fit seamlessly within the existing Nostr ecosystem.
+
+## How Ditto uses Nostr and Mastodon API
+
+Ditto implements a full Nostr relay, available at `/relay` of the Ditto server.
+
+Mastodon API functionality, available at `/api/*`, is built around the Nostr relay's storage implementation.
+
+Ditto's goal is to enable Mastodon API clients to interact directly with Nostr. It achieves this by implementing most of Mastodon's API, and "pretending" to be a Mastodon server to client applications, while in actuality it uses Nostr as its decentralized protocol layer.
+
+## Testing Changes
+
+After making changes, please run `deno task check` to check for type errors. If there are any type errors, please try to fix them.
+
+Afterwards, run `deno fmt` to format the code, and then you are done. Please do not try to run the server, or run any other tests.

.tool-versions

@@ -1 +1 @@
-deno 2.1.1
+deno 2.2.2

.vscode/launch.json

@@ -8,7 +8,7 @@
       "request": "launch",
       "name": "Launch Program",
       "type": "node",
-      "program": "${workspaceFolder}/src/server.ts",
+      "program": "${workspaceFolder}/packages/ditto/server.ts",
       "cwd": "${workspaceFolder}",
       "runtimeExecutable": "deno",
       "runtimeArgs": [

.vscode/settings.json

@@ -2,5 +2,8 @@
   "deno.enable": true,
   "deno.lint": true,
   "editor.defaultFormatter": "denoland.vscode-deno",
-  "path-intellisense.extensionOnImport": true
+  "path-intellisense.extensionOnImport": true,
+  "files.associations": {
+    ".goosehints": "markdown"
+  }
 }

Dockerfile

@@ -1,10 +1,10 @@
-FROM denoland/deno:2.1.1
+FROM denoland/deno:2.2.2
 ENV PORT 5000
 
 WORKDIR /app
 RUN mkdir -p data && chown -R deno data
 COPY . .
-RUN deno cache --allow-import src/server.ts
+RUN deno cache --allow-import packages/ditto/server.ts
 RUN apt-get update && apt-get install -y unzip curl
 RUN deno task soapbox
 CMD deno task start

ansible/playbook.yml

@@ -1,30 +0,0 @@
----
-- name: Update Ditto
-  hosts: all
-  become: true
-  tasks:
-    - name: Update Deno
-      shell:
-        cmd: curl -fsSL https://deno.land/x/install/install.sh | sh
-      environment:
-        DENO_INSTALL: /usr/local
-      become_user: root
-
-    - name: Update Soapbox
-      shell:
-        cmd: deno task soapbox
-        chdir: /opt/ditto
-      become_user: ditto
-
-    - name: Update ditto from the main branch
-      git:
-        repo: 'https://gitlab.com/soapbox-pub/ditto.git'
-        dest: '/opt/ditto'
-        version: main
-      become_user: ditto
-
-    - name: Restart ditto service
-      systemd:
-        name: ditto
-        state: restarted
-      become_user: root

deno.json

@@ -1,17 +1,34 @@
 {
   "version": "1.1.0",
+  "workspace": [
+    "./packages/captcha",
+    "./packages/conf",
+    "./packages/db",
+    "./packages/ditto",
+    "./packages/lang",
+    "./packages/mastoapi",
+    "./packages/metrics",
+    "./packages/nip98",
+    "./packages/policies",
+    "./packages/ratelimiter",
+    "./packages/transcode",
+    "./packages/translators",
+    "./packages/uploaders",
+    "./packages/cashu"
+  ],
   "tasks": {
-    "start": "deno run -A --env-file --deny-read=.env src/server.ts",
-    "dev": "deno run -A --env-file --deny-read=.env --watch src/server.ts",
+    "start": "deno run -A --env-file --deny-read=.env packages/ditto/server.ts",
+    "dev": "deno run -A --env-file --deny-read=.env --watch packages/ditto/server.ts",
     "hook": "deno run --allow-read --allow-run --allow-write https://deno.land/x/deno_hooks@0.1.1/mod.ts",
     "db:export": "deno run -A --env-file --deny-read=.env scripts/db-export.ts",
     "db:import": "deno run -A --env-file --deny-read=.env scripts/db-import.ts",
     "db:cleanup": "deno run -A --env-file --deny-read=.env scripts/db-policy.ts",
     "db:migrate": "deno run -A --env-file --deny-read=.env scripts/db-migrate.ts",
     "nostr:pull": "deno run -A --env-file --deny-read=.env scripts/nostr-pull.ts",
-    "debug": "deno run -A --env-file --deny-read=.env --inspect src/server.ts",
+    "debug": "deno run -A --env-file --deny-read=.env --inspect packages/ditto/server.ts",
     "test": "deno test -A --env-file=.env.test --deny-read=.env --junit-path=./deno-test.xml",
     "check": "deno check --allow-import .",
+    "lint": "deno lint --allow-import",
     "nsec": "deno run scripts/nsec.ts",
     "admin:event": "deno run -A --env-file --deny-read=.env scripts/admin-event.ts",
     "admin:role": "deno run -A --env-file --deny-read=.env scripts/admin-role.ts",
@@ -20,9 +37,11 @@
     "stats:recompute": "deno run -A --env-file --deny-read=.env scripts/stats-recompute.ts",
     "soapbox": "curl -O https://dl.soapbox.pub/main/soapbox.zip && mkdir -p public && mv soapbox.zip public/ && cd public/ && unzip -o soapbox.zip && rm soapbox.zip",
     "trends": "deno run -A --env-file --deny-read=.env scripts/trends.ts",
-    "clean:deps": "deno cache --reload src/app.ts",
+    "clean:deps": "deno cache --reload packages/ditto/app.ts",
+    "db:populate:nip05": "deno run -A --env-file --deny-read=.env scripts/db-populate-nip05.ts",
     "db:populate-search": "deno run -A --env-file --deny-read=.env scripts/db-populate-search.ts",
     "db:populate-extensions": "deno run -A --env-file --deny-read=.env scripts/db-populate-extensions.ts",
+    "db:streak:recompute": "deno run -A --env-file --deny-read=.env scripts/db-streak-recompute.ts",
     "vapid": "deno run scripts/vapid.ts"
   },
   "unstable": [
@@ -35,19 +54,19 @@
     "./public"
   ],
   "imports": {
-    "@/": "./src/",
     "@b-fuze/deno-dom": "jsr:@b-fuze/deno-dom@^0.1.47",
     "@bradenmacdonald/s3-lite-client": "jsr:@bradenmacdonald/s3-lite-client@^0.7.4",
+    "@cashu/cashu-ts": "npm:@cashu/cashu-ts@^2.2.0",
+    "@core/asyncutil": "jsr:@core/asyncutil@^1.2.0",
     "@electric-sql/pglite": "npm:@electric-sql/pglite@^0.2.8",
     "@esroyo/scoped-performance": "jsr:@esroyo/scoped-performance@^3.1.0",
     "@gfx/canvas-wasm": "jsr:@gfx/canvas-wasm@^0.4.2",
     "@hono/hono": "jsr:@hono/hono@^4.4.6",
     "@isaacs/ttlcache": "npm:@isaacs/ttlcache@^1.4.1",
-    "@lambdalisue/async": "jsr:@lambdalisue/async@^2.1.1",
     "@negrel/webpush": "jsr:@negrel/webpush@^0.3.0",
     "@noble/secp256k1": "npm:@noble/secp256k1@^2.0.0",
-    "@nostrify/db": "jsr:@nostrify/db@^0.37.3",
-    "@nostrify/nostrify": "jsr:@nostrify/nostrify@^0.38.0",
+    "@nostrify/db": "jsr:@nostrify/db@^0.39.4",
+    "@nostrify/nostrify": "jsr:@nostrify/nostrify@^0.39.1",
     "@nostrify/policies": "jsr:@nostrify/policies@^0.36.1",
     "@nostrify/types": "jsr:@nostrify/types@^0.36.0",
     "@scure/base": "npm:@scure/base@^1.1.6",
@@ -56,6 +75,7 @@
     "@soapbox/logi": "jsr:@soapbox/logi@^0.3.0",
     "@soapbox/safe-fetch": "jsr:@soapbox/safe-fetch@^2.0.0",
     "@std/assert": "jsr:@std/assert@^0.225.1",
+    "@std/async": "jsr:@std/async@^1.0.10",
     "@std/cli": "jsr:@std/cli@^0.223.0",
     "@std/crypto": "jsr:@std/crypto@^0.224.0",
     "@std/encoding": "jsr:@std/encoding@^0.224.0",
@@ -63,11 +83,11 @@
     "@std/json": "jsr:@std/json@^0.223.0",
     "@std/media-types": "jsr:@std/media-types@^0.224.1",
     "@std/streams": "jsr:@std/streams@^0.223.0",
+    "@std/testing": "jsr:@std/testing@^1.0.9",
     "blurhash": "npm:blurhash@2.0.5",
     "comlink": "npm:comlink@^4.4.1",
     "comlink-async-generator": "npm:comlink-async-generator@^0.0.1",
     "commander": "npm:commander@12.1.0",
-    "deno.json": "./deno.json",
     "entities": "npm:entities@^4.5.0",
     "fast-stable-stringify": "npm:fast-stable-stringify@^1.0.0",
     "formdata-helper": "npm:formdata-helper@^0.3.0",
@@ -85,7 +105,6 @@
     "nostr-tools": "npm:nostr-tools@2.5.1",
     "nostr-wasm": "npm:nostr-wasm@^0.1.0",
     "path-to-regexp": "npm:path-to-regexp@^7.1.0",
-    "png-to-ico": "npm:png-to-ico@^2.1.8",
     "postgres": "https://gitlab.com/soapbox-pub/postgres.js/-/raw/e79d7d2039446fbf7a37d4eca0d17e94a94b8b53/deno/mod.js",
     "prom-client": "npm:prom-client@^15.1.2",
     "question-deno": "https://raw.githubusercontent.com/ocpu/question-deno/10022b8e52555335aa510adb08b0a300df3cf904/mod.ts",
@@ -97,16 +116,6 @@
     "zod": "npm:zod@^3.23.8",
     "~/fixtures/": "./fixtures/"
   },
-  "lint": {
-    "rules": {
-      "tags": [
-        "recommended"
-      ],
-      "exclude": [
-        "no-explicit-any"
-      ]
-    }
-  },
   "fmt": {
     "useTabs": false,
     "lineWidth": 120,

deno.lock

@@ -3,6 +3,7 @@
   "specifiers": {
     "jsr:@b-fuze/deno-dom@~0.1.47": "0.1.48",
     "jsr:@bradenmacdonald/s3-lite-client@~0.7.4": "0.7.6",
+    "jsr:@core/asyncutil@^1.2.0": "1.2.0",
     "jsr:@denosaurs/plug@1.0.3": "1.0.3",
     "jsr:@esroyo/scoped-performance@^3.1.0": "3.1.0",
     "jsr:@gfx/canvas-wasm@~0.4.2": "0.4.2",
@@ -27,24 +28,30 @@
     "jsr:@gleasonator/policy@0.9.2": "0.9.2",
     "jsr:@gleasonator/policy@0.9.3": "0.9.3",
     "jsr:@gleasonator/policy@0.9.4": "0.9.4",
+    "jsr:@gleasonator/policy@0.9.5": "0.9.5",
+    "jsr:@gleasonator/policy@0.9.6": "0.9.6",
+    "jsr:@gleasonator/policy@0.9.7": "0.9.7",
+    "jsr:@gleasonator/policy@0.9.8": "0.9.8",
     "jsr:@hono/hono@^4.4.6": "4.6.15",
-    "jsr:@lambdalisue/async@^2.1.1": "2.1.1",
     "jsr:@negrel/http-ece@0.6.0": "0.6.0",
     "jsr:@negrel/webpush@0.3": "0.3.0",
-    "jsr:@nostrify/db@~0.37.3": "0.37.3",
+    "jsr:@nostrify/db@~0.39.4": "0.39.4",
     "jsr:@nostrify/nostrify@0.31": "0.31.0",
     "jsr:@nostrify/nostrify@0.32": "0.32.0",
     "jsr:@nostrify/nostrify@0.36": "0.36.2",
-    "jsr:@nostrify/nostrify@0.38": "0.38.0",
+    "jsr:@nostrify/nostrify@0.39": "0.39.1",
     "jsr:@nostrify/nostrify@~0.22.1": "0.22.5",
     "jsr:@nostrify/nostrify@~0.22.4": "0.22.4",
     "jsr:@nostrify/nostrify@~0.22.5": "0.22.5",
+    "jsr:@nostrify/nostrify@~0.39.1": "0.39.1",
+    "jsr:@nostrify/nostrify@~0.46.3": "0.46.3",
     "jsr:@nostrify/policies@0.33": "0.33.0",
     "jsr:@nostrify/policies@0.33.1": "0.33.1",
     "jsr:@nostrify/policies@0.34": "0.34.0",
     "jsr:@nostrify/policies@0.36": "0.36.0",
     "jsr:@nostrify/policies@~0.33.1": "0.33.1",
     "jsr:@nostrify/policies@~0.36.1": "0.36.1",
+    "jsr:@nostrify/policies@~0.36.2": "0.36.2",
     "jsr:@nostrify/types@0.30": "0.30.1",
     "jsr:@nostrify/types@0.35": "0.35.0",
     "jsr:@nostrify/types@0.36": "0.36.0",
@@ -54,8 +61,10 @@
     "jsr:@soapbox/safe-fetch@2": "2.0.0",
     "jsr:@std/assert@0.223": "0.223.0",
     "jsr:@std/assert@0.224": "0.224.0",
+    "jsr:@std/assert@^1.0.10": "1.0.11",
     "jsr:@std/assert@~0.213.1": "0.213.1",
     "jsr:@std/assert@~0.225.1": "0.225.3",
+    "jsr:@std/async@^1.0.10": "1.0.10",
     "jsr:@std/bytes@0.223": "0.223.0",
     "jsr:@std/bytes@0.224": "0.224.0",
     "jsr:@std/bytes@0.224.0": "0.224.0",
@@ -65,6 +74,7 @@
     "jsr:@std/bytes@^1.0.2-rc.3": "1.0.2",
     "jsr:@std/cli@0.223": "0.223.0",
     "jsr:@std/crypto@0.224": "0.224.0",
+    "jsr:@std/data-structures@^1.0.6": "1.0.6",
     "jsr:@std/encoding@0.213.1": "0.213.1",
     "jsr:@std/encoding@0.224": "0.224.3",
     "jsr:@std/encoding@0.224.0": "0.224.0",
@@ -72,8 +82,10 @@
     "jsr:@std/encoding@~0.224.1": "0.224.3",
     "jsr:@std/fmt@0.213.1": "0.213.1",
     "jsr:@std/fs@0.213.1": "0.213.1",
+    "jsr:@std/fs@^1.0.9": "1.0.11",
     "jsr:@std/fs@~0.229.3": "0.229.3",
     "jsr:@std/internal@1": "1.0.5",
+    "jsr:@std/internal@^1.0.5": "1.0.5",
     "jsr:@std/io@0.223": "0.223.0",
     "jsr:@std/io@0.224": "0.224.9",
     "jsr:@std/json@0.223": "0.223.0",
@@ -82,8 +94,11 @@
     "jsr:@std/path@0.213.1": "0.213.1",
     "jsr:@std/path@0.224.0": "0.224.0",
     "jsr:@std/path@1.0.0-rc.1": "1.0.0-rc.1",
+    "jsr:@std/path@^1.0.8": "1.0.8",
     "jsr:@std/path@~0.213.1": "0.213.1",
     "jsr:@std/streams@0.223": "0.223.0",
+    "jsr:@std/testing@^1.0.9": "1.0.9",
+    "npm:@cashu/cashu-ts@^2.2.0": "2.2.0",
     "npm:@electric-sql/pglite@~0.2.8": "0.2.8",
     "npm:@isaacs/ttlcache@^1.4.1": "1.4.1",
     "npm:@noble/hashes@^1.4.0": "1.4.0",
@@ -91,7 +106,7 @@
     "npm:@scure/base@^1.1.6": "1.1.6",
     "npm:@scure/bip32@^1.4.0": "1.4.0",
     "npm:@scure/bip39@^1.3.0": "1.3.0",
-    "npm:@types/node@*": "18.16.19",
+    "npm:@types/node@*": "22.5.4",
     "npm:blurhash@2.0.5": "2.0.5",
     "npm:comlink-async-generator@*": "0.0.1",
     "npm:comlink-async-generator@^0.0.1": "0.0.1",
@@ -117,11 +132,11 @@
     "npm:lru-cache@^10.2.2": "10.2.2",
     "npm:nostr-tools@2.5.1": "2.5.1",
     "npm:nostr-tools@^2.10.4": "2.10.4",
+    "npm:nostr-tools@^2.13.0": "2.14.2",
     "npm:nostr-tools@^2.5.0": "2.5.1",
     "npm:nostr-tools@^2.7.0": "2.7.0",
     "npm:nostr-wasm@0.1": "0.1.0",
     "npm:path-to-regexp@^7.1.0": "7.1.0",
-    "npm:png-to-ico@^2.1.8": "2.1.8",
     "npm:postgres@3.4.4": "3.4.4",
     "npm:prom-client@^15.1.2": "15.1.2",
     "npm:sharp@~0.33.5": "0.33.5",
@@ -131,6 +146,7 @@
     "npm:type-fest@^4.3.0": "4.18.2",
     "npm:unfurl.js@^6.4.0": "6.4.0",
     "npm:websocket-ts@^2.1.5": "2.1.5",
+    "npm:websocket-ts@^2.2.1": "2.2.1",
     "npm:zod@^3.23.8": "3.23.8"
   },
   "jsr": {
@@ -152,6 +168,9 @@
         "jsr:@std/io@0.224"
       ]
     },
+    "@core/asyncutil@1.2.0": {
+      "integrity": "9967f15190c60df032c13f72ce5ac73d185c34f31c53dc918d8800025854c118"
+    },
     "@denosaurs/plug@1.0.3": {
       "integrity": "b010544e386bea0ff3a1d05e0c88f704ea28cbd4d753439c2f1ee021a85d4640",
       "dependencies": [
@@ -306,6 +325,34 @@
         "jsr:@nostrify/policies@~0.36.1"
       ]
     },
+    "@gleasonator/policy@0.9.5": {
+      "integrity": "8ce76ad719b5d002bb1799c60f2deb4d450b32d590e0f4c211919aa68f1ea963",
+      "dependencies": [
+        "jsr:@nostrify/nostrify@0.36",
+        "jsr:@nostrify/policies@~0.36.1"
+      ]
+    },
+    "@gleasonator/policy@0.9.6": {
+      "integrity": "5bbd04f2d986344509547d480b5202e5f42832a4216b5be66c161e638f5e6672",
+      "dependencies": [
+        "jsr:@nostrify/nostrify@0.36",
+        "jsr:@nostrify/policies@~0.36.1"
+      ]
+    },
+    "@gleasonator/policy@0.9.7": {
+      "integrity": "e4f45032683e7433f9b8fb8a38e1ca767bbfb75513dd0600230f85d06d2956d6",
+      "dependencies": [
+        "jsr:@nostrify/nostrify@0.36",
+        "jsr:@nostrify/policies@~0.36.1"
+      ]
+    },
+    "@gleasonator/policy@0.9.8": {
+      "integrity": "a972b1bc797f5a38f2e71458194c37af075c85e941c04048d208b858100efc52",
+      "dependencies": [
+        "jsr:@nostrify/nostrify@~0.46.3",
+        "jsr:@nostrify/policies@~0.36.2"
+      ]
+    },
     "@hono/hono@4.4.6": {
       "integrity": "aa557ca9930787ee86b9ca1730691f1ce1c379174c2cb244d5934db2b6314453"
     },
@@ -336,9 +383,6 @@
     "@hono/hono@4.6.15": {
       "integrity": "935b3b12e98e4b22bcd1aa4dbe6587321e431c79829eba61f535b4ede39fd8b1"
     },
-    "@lambdalisue/async@2.1.1": {
-      "integrity": "1fc9bc6f4ed50215cd2f7217842b18cea80f81c25744f88f8c5eb4be5a1c9ab4"
-    },
     "@negrel/http-ece@0.6.0": {
       "integrity": "7afdd81b86ea5b21a9677b323c01c3338705e11cc2bfed250870f5349d8f86f7",
       "dependencies": [
@@ -356,10 +400,10 @@
         "jsr:@std/path@0.224.0"
       ]
     },
-    "@nostrify/db@0.37.3": {
-      "integrity": "fe7cacd67bb817f10fb44587e832cfb042a3a0d32db29b24a487b7d006438623",
+    "@nostrify/db@0.39.4": {
+      "integrity": "53fecea3b67394cf4f52795f89d1d065bdeb0627b8655cc7fc3a89d6b21adf01",
       "dependencies": [
-        "jsr:@nostrify/nostrify@0.38",
+        "jsr:@nostrify/nostrify@0.39",
         "jsr:@nostrify/types@0.36",
         "npm:kysely@~0.27.3",
         "npm:nostr-tools@^2.10.4"
@@ -376,7 +420,7 @@
         "npm:kysely@~0.27.3",
         "npm:lru-cache@^10.2.0",
         "npm:nostr-tools@^2.5.0",
-        "npm:websocket-ts",
+        "npm:websocket-ts@^2.1.5",
         "npm:zod"
       ]
     },
@@ -390,7 +434,7 @@
         "npm:kysely@~0.27.3",
         "npm:lru-cache@^10.2.0",
         "npm:nostr-tools@^2.7.0",
-        "npm:websocket-ts",
+        "npm:websocket-ts@^2.1.5",
         "npm:zod"
       ]
     },
@@ -405,7 +449,7 @@
         "npm:@scure/bip39",
         "npm:lru-cache@^10.2.0",
         "npm:nostr-tools@^2.7.0",
-        "npm:websocket-ts",
+        "npm:websocket-ts@^2.1.5",
         "npm:zod"
       ]
     },
@@ -418,7 +462,7 @@
         "npm:@scure/bip39",
         "npm:lru-cache@^10.2.0",
         "npm:nostr-tools@^2.7.0",
-        "npm:websocket-ts",
+        "npm:websocket-ts@^2.1.5",
         "npm:zod"
       ]
     },
@@ -431,7 +475,7 @@
         "npm:@scure/bip39",
         "npm:lru-cache@^10.2.0",
         "npm:nostr-tools@^2.7.0",
-        "npm:websocket-ts",
+        "npm:websocket-ts@^2.1.5",
         "npm:zod"
       ]
     },
@@ -446,7 +490,7 @@
         "npm:@scure/bip39",
         "npm:lru-cache@^10.2.0",
         "npm:nostr-tools@^2.7.0",
-        "npm:websocket-ts",
+        "npm:websocket-ts@^2.1.5",
         "npm:zod"
       ]
     },
@@ -459,7 +503,7 @@
         "npm:@scure/bip39",
         "npm:lru-cache@^10.2.0",
         "npm:nostr-tools@^2.7.0",
-        "npm:websocket-ts",
+        "npm:websocket-ts@^2.1.5",
         "npm:zod"
       ]
     },
@@ -474,7 +518,51 @@
         "npm:@scure/bip39",
         "npm:lru-cache@^10.2.0",
         "npm:nostr-tools@^2.10.4",
-        "npm:websocket-ts",
+        "npm:websocket-ts@^2.1.5",
+        "npm:zod"
+      ]
+    },
+    "@nostrify/nostrify@0.39.0": {
+      "integrity": "f7e052c32b8b9bafe0f2517dcf090e7d3df5aed38452a0cf61ade817d34067ee",
+      "dependencies": [
+        "jsr:@nostrify/nostrify@0.39",
+        "jsr:@nostrify/types@0.36",
+        "jsr:@std/crypto",
+        "jsr:@std/encoding@~0.224.1",
+        "npm:@scure/base",
+        "npm:@scure/bip32",
+        "npm:@scure/bip39",
+        "npm:lru-cache@^10.2.0",
+        "npm:nostr-tools@^2.10.4",
+        "npm:websocket-ts@^2.2.1",
+        "npm:zod"
+      ]
+    },
+    "@nostrify/nostrify@0.39.1": {
+      "integrity": "84f98c815a07f4151bd02188a3525e438c416e9de632c79c9da9edbfca580d7f",
+      "dependencies": [
+        "jsr:@nostrify/nostrify@~0.39.1",
+        "jsr:@nostrify/types@0.36",
+        "jsr:@std/crypto",
+        "jsr:@std/encoding@~0.224.1",
+        "npm:@scure/base",
+        "npm:@scure/bip32",
+        "npm:@scure/bip39",
+        "npm:lru-cache@^10.2.0",
+        "npm:nostr-tools@^2.10.4",
+        "npm:websocket-ts@^2.2.1",
+        "npm:zod"
+      ]
+    },
+    "@nostrify/nostrify@0.46.3": {
+      "integrity": "a809b83219c483dff4c87420f54bef7e0f98a438450283be26a167698114fec5",
+      "dependencies": [
+        "jsr:@nostrify/nostrify@~0.46.3",
+        "jsr:@nostrify/types@0.36",
+        "jsr:@std/encoding@~0.224.1",
+        "npm:lru-cache@^10.2.0",
+        "npm:nostr-tools@^2.13.0",
+        "npm:websocket-ts@^2.2.1",
         "npm:zod"
       ]
     },
@@ -516,6 +604,14 @@
         "npm:nostr-tools@^2.7.0"
       ]
     },
+    "@nostrify/policies@0.36.2": {
+      "integrity": "b62c99fadf2d451e68d24ac1643844b953785c45cc170d3aee62b57c60ab9829",
+      "dependencies": [
+        "jsr:@nostrify/nostrify@~0.46.3",
+        "jsr:@nostrify/types@0.36",
+        "npm:nostr-tools@^2.13.0"
+      ]
+    },
     "@nostrify/types@0.30.0": {
       "integrity": "1f38fa849cff930bd709edbf94ef9ac02f46afb8b851f86c8736517b354616da"
     },
@@ -555,9 +651,18 @@
     "@std/assert@0.225.3": {
       "integrity": "b3c2847aecf6955b50644cdb9cf072004ea3d1998dd7579fc0acb99dbb23bd4f",
       "dependencies": [
-        "jsr:@std/internal"
+        "jsr:@std/internal@1"
       ]
     },
+    "@std/assert@1.0.11": {
+      "integrity": "2461ef3c368fe88bc60e186e7744a93112f16fd110022e113a0849e94d1c83c1",
+      "dependencies": [
+        "jsr:@std/internal@^1.0.5"
+      ]
+    },
+    "@std/async@1.0.10": {
+      "integrity": "2ff1b1c7d33d1416159989b0f69e59ec7ee8cb58510df01e454def2108b3dbec"
+    },
     "@std/bytes@0.223.0": {
       "integrity": "84b75052cd8680942c397c2631318772b295019098f40aac5c36cead4cba51a8"
     },
@@ -586,6 +691,9 @@
         "jsr:@std/encoding@0.224"
       ]
     },
+    "@std/data-structures@1.0.6": {
+      "integrity": "76a7fd8080c66604c0496220a791860492ab21a04a63a969c0b9a0609bbbb760"
+    },
     "@std/dotenv@0.224.0": {
       "integrity": "d9234cdf551507dcda60abb6c474289843741d8c07ee8ce540c60f5c1b220a1d"
     },
@@ -617,6 +725,12 @@
         "jsr:@std/path@1.0.0-rc.1"
       ]
     },
+    "@std/fs@1.0.11": {
+      "integrity": "ba674672693340c5ebdd018b4fe1af46cb08741f42b4c538154e97d217b55bdd",
+      "dependencies": [
+        "jsr:@std/path@^1.0.8"
+      ]
+    },
     "@std/internal@1.0.0": {
       "integrity": "ac6a6dfebf838582c4b4f61a6907374e27e05bedb6ce276e0f1608fe84e7cd9a"
     },
@@ -714,6 +828,9 @@
     "@std/path@1.0.0-rc.1": {
       "integrity": "b8c00ae2f19106a6bb7cbf1ab9be52aa70de1605daeb2dbdc4f87a7cbaf10ff6"
     },
+    "@std/path@1.0.8": {
+      "integrity": "548fa456bb6a04d3c1a1e7477986b6cffbce95102d0bb447c67c4ee70e0364be"
+    },
     "@std/streams@0.223.0": {
       "integrity": "d6b28e498ced3960b04dc5d251f2dcfc1df244b5ec5a48dc23a8f9b490be3b99",
       "dependencies": [
@@ -721,9 +838,38 @@
         "jsr:@std/bytes@0.223",
         "jsr:@std/io@0.223"
       ]
+    },
+    "@std/testing@1.0.9": {
+      "integrity": "9bdd4ac07cb13e7594ac30e90f6ceef7254ac83a9aeaa089be0008f33aab5cd4",
+      "dependencies": [
+        "jsr:@std/assert@^1.0.10",
+        "jsr:@std/data-structures",
+        "jsr:@std/fs@^1.0.9",
+        "jsr:@std/internal@^1.0.5",
+        "jsr:@std/path@^1.0.8"
+      ]
     }
   },
   "npm": {
+    "@cashu/cashu-ts@2.2.0": {
+      "integrity": "sha512-7b6pGyjjpm3uAJvmOL+ztpRxqp1qnmzGpydp+Pu30pOjxj93EhejPTJVrZMDJ0P35y6u5+5jIjHF4k0fpovvmg==",
+      "dependencies": [
+        "@cashu/crypto",
+        "@noble/curves@1.4.0",
+        "@noble/hashes@1.4.0",
+        "buffer"
+      ]
+    },
+    "@cashu/crypto@0.3.4": {
+      "integrity": "sha512-mfv1Pj4iL1PXzUj9NKIJbmncCLMqYfnEDqh/OPxAX0nNBt6BOnVJJLjLWFlQeYxlnEfWABSNkrqPje1t5zcyhA==",
+      "dependencies": [
+        "@noble/curves@1.8.1",
+        "@noble/hashes@1.7.1",
+        "@scure/bip32@1.6.2",
+        "@scure/bip39@1.5.4",
+        "buffer"
+      ]
+    },
     "@electric-sql/pglite@0.2.8": {
       "integrity": "sha512-0wSmQu22euBRzR5ghqyIHnBH4MfwlkL5WstOrrA3KOsjEWEglvoL/gH92JajEUA6Ufei/+qbkB2hVloC/K/RxQ=="
     },
@@ -841,6 +987,12 @@
         "@noble/hashes@1.4.0"
       ]
     },
+    "@noble/curves@1.8.1": {
+      "integrity": "sha512-warwspo+UYUPep0Q+vtdVB4Ugn8GGQj8iyB3gnRWsztmUHTI3S1nhdiWNsPUGL0vud7JlRRk1XEu7Lq1KGTnMQ==",
+      "dependencies": [
+        "@noble/hashes@1.7.1"
+      ]
+    },
     "@noble/hashes@1.3.1": {
       "integrity": "sha512-EbqwksQwz9xDRGfDST86whPBgM65E0OH/pCgqW0GBVzO22bNE+NuIbeTb714+IfSjU3aRk47EUvXIb5bTsenKA=="
     },
@@ -850,6 +1002,9 @@
     "@noble/hashes@1.4.0": {
       "integrity": "sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg=="
     },
+    "@noble/hashes@1.7.1": {
+      "integrity": "sha512-B8XBPsn4vT/KJAGqDzbwztd+6Yte3P4V7iafm24bxgDe/mlRuK6xmWPuCNrKt2vDafZ8MfJLlchDG/vYafQEjQ=="
+    },
     "@noble/secp256k1@2.1.0": {
       "integrity": "sha512-XLEQQNdablO0XZOIniFQimiXsZDNwaYgL96dZwC54Q30imSbAOFf3NKtepc+cXyuZf5Q1HCgbqgZ2UFFuHVcEw=="
     },
@@ -862,6 +1017,9 @@
     "@scure/base@1.1.6": {
       "integrity": "sha512-ok9AWwhcgYuGG3Zfhyqg+zwl+Wn5uE+dwC0NV/2qQkx4dABbb/bx96vWu8NSj+BNjjSjno+JRYRjle1jV08k3g=="
     },
+    "@scure/base@1.2.4": {
+      "integrity": "sha512-5Yy9czTO47mqz+/J8GM6GIId4umdCk1wc1q8rKERQulIoc8VP9pzDcghv10Tl2E7R96ZUx/PhND3ESYUQX8NuQ=="
+    },
     "@scure/bip32@1.3.1": {
       "integrity": "sha512-osvveYtyzdEVbt3OfwwXFr4P2iVBL5u1Q3q4ONBfDY/UpOuXmOlbgwc1xECEboY8wIays8Yt6onaWMUdUbfl0A==",
       "dependencies": [
@@ -878,6 +1036,14 @@
         "@scure/base@1.1.6"
       ]
     },
+    "@scure/bip32@1.6.2": {
+      "integrity": "sha512-t96EPDMbtGgtb7onKKqxRLfE5g05k7uHnHRM2xdE6BP/ZmxaLtPek4J4KfVn/90IQNrU1IOAqMgiDtUdtbe3nw==",
+      "dependencies": [
+        "@noble/curves@1.8.1",
+        "@noble/hashes@1.7.1",
+        "@scure/base@1.2.4"
+      ]
+    },
     "@scure/bip39@1.2.1": {
       "integrity": "sha512-Z3/Fsz1yr904dduJD0NpiyRHhRYHdcnyh73FZWiV+/qhWi83wNJ3NWolYqCEN+ZWsUz2TWwajJggcRE9r1zUYg==",
       "dependencies": [
@@ -892,17 +1058,24 @@
         "@scure/base@1.1.6"
       ]
     },
+    "@scure/bip39@1.5.4": {
+      "integrity": "sha512-TFM4ni0vKvCfBpohoh+/lY05i9gRbSwXWngAsF4CABQxoaOHijxuaZ2R6cStDQ5CHtHO9aGJTr4ksVJASRRyMA==",
+      "dependencies": [
+        "@noble/hashes@1.7.1",
+        "@scure/base@1.2.4"
+      ]
+    },
     "@types/dompurify@3.0.5": {
       "integrity": "sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==",
       "dependencies": [
         "@types/trusted-types"
       ]
     },
-    "@types/node@17.0.45": {
-      "integrity": "sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw=="
-    },
-    "@types/node@18.16.19": {
-      "integrity": "sha512-IXl7o+R9iti9eBW4Wg2hx1xQDig183jj7YLn8F7udNceyfkbn1ZxmzZXuak20gR40D7pIkIY1kYGx5VIGbaHKA=="
+    "@types/node@22.5.4": {
+      "integrity": "sha512-FDuKUJQm/ju9fT/SeX/6+gBzoPzlVCzfzmGkwKvRHQVxi4BntVbyIwf6a4Xn62mrvndLiml6z/UBXIdEVjQLXg==",
+      "dependencies": [
+        "undici-types"
+      ]
     },
     "@types/trusted-types@2.0.7": {
       "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw=="
@@ -928,6 +1101,9 @@
     "asynckit@0.4.0": {
       "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
     },
+    "base64-js@1.5.1": {
+      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA=="
+    },
     "bintrees@1.0.2": {
       "integrity": "sha512-VOMgTMwjAaUG580SXn3LacVgjurrbMme7ZZNYGSSV7mmtY6QQRh0Eg3pwIcntQ77DErK1L0NxkbetjcoXzVwKw=="
     },
@@ -940,6 +1116,13 @@
         "fill-range"
       ]
     },
+    "buffer@6.0.3": {
+      "integrity": "sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==",
+      "dependencies": [
+        "base64-js",
+        "ieee754"
+      ]
+    },
     "chalk@5.3.0": {
       "integrity": "sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w=="
     },
@@ -1178,6 +1361,9 @@
         "safer-buffer"
       ]
     },
+    "ieee754@1.2.1": {
+      "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="
+    },
     "image-size@1.1.1": {
       "integrity": "sha512-541xKlUw6jr/6gGuk92F+mYM5zaFAc5ahphvkqvNe2bQ6gVBkd6bfrmVJ2t4KDAfikAYZyIqTnktX3i6/aQDrQ==",
       "dependencies": [
@@ -1382,6 +1568,18 @@
         "nostr-wasm"
       ]
     },
+    "nostr-tools@2.14.2": {
+      "integrity": "sha512-YOIOn5EdJ2Kq5sQW5Zh4wOcqzR6kUyrCDHG4+mVD2szzthsyOTpiWX0yrwaRZGlHJG6q83vkhg95qc2W201XTQ==",
+      "dependencies": [
+        "@noble/ciphers",
+        "@noble/curves@1.2.0",
+        "@noble/hashes@1.3.1",
+        "@scure/base@1.1.1",
+        "@scure/bip32@1.3.1",
+        "@scure/bip39@1.2.1",
+        "nostr-wasm"
+      ]
+    },
     "nostr-tools@2.5.1": {
       "integrity": "sha512-bpkhGGAhdiCN0irfV+xoH3YP5CQeOXyXzUq7SYeM6D56xwTXZCPEmBlUGqFVfQidvRsoVeVxeAiOXW2c2HxoRQ==",
       "dependencies": [
@@ -1451,14 +1649,6 @@
     "pidtree@0.6.0": {
       "integrity": "sha512-eG2dWTVw5bzqGRztnHExczNxt5VGsE6OwTeCG3fdUf9KBsZzO3R5OIIIzWR+iZA0NtZ+RDVdaoE2dK1cn6jH4g=="
     },
-    "png-to-ico@2.1.8": {
-      "integrity": "sha512-Nf+IIn/cZ/DIZVdGveJp86NG5uNib1ZXMiDd/8x32HCTeKSvgpyg6D/6tUBn1QO/zybzoMK0/mc3QRgAyXdv9w==",
-      "dependencies": [
-        "@types/node@17.0.45",
-        "minimist",
-        "pngjs"
-      ]
-    },
     "pngjs@6.0.0": {
       "integrity": "sha512-TRzzuFRRmEoSW/p1KVAmiOgPco2Irlah+bGFCeNfJXxxYGwSw7YwAOAcd7X28K/m5bjBWKsC29KyoMfHbypayg=="
     },
@@ -1660,6 +1850,9 @@
     "type-fest@4.18.2": {
       "integrity": "sha512-+suCYpfJLAe4OXS6+PPXjW3urOS4IoP9waSiLuXfLgqZODKw/aWwASvzqE886wA0kQgGy0mIWyhd87VpqIy6Xg=="
     },
+    "undici-types@6.19.8": {
+      "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw=="
+    },
     "unfurl.js@6.4.0": {
       "integrity": "sha512-DogJFWPkOWMcu2xPdpmbcsL+diOOJInD3/jXOv6saX1upnWmMK8ndAtDWUfJkuInqNI9yzADud4ID9T+9UeWCw==",
       "dependencies": [
@@ -1685,6 +1878,9 @@
     "websocket-ts@2.1.5": {
       "integrity": "sha512-rCNl9w6Hsir1azFm/pbjBEFzLD/gi7Th5ZgOxMifB6STUfTSovYAzryWw0TRvSZ1+Qu1Z5Plw4z42UfTNA9idA=="
     },
+    "websocket-ts@2.2.1": {
+      "integrity": "sha512-YKPDfxlK5qOheLZ2bTIiktZO1bpfGdNCPJmTEaPW7G9UXI1GKjDdeacOrsULUS000OPNxDVOyAuKLuIWPqWM0Q=="
+    },
     "whatwg-encoding@3.1.1": {
       "integrity": "sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==",
       "dependencies": [
@@ -2351,19 +2547,20 @@
     "dependencies": [
       "jsr:@b-fuze/deno-dom@~0.1.47",
       "jsr:@bradenmacdonald/s3-lite-client@~0.7.4",
+      "jsr:@core/asyncutil@^1.2.0",
       "jsr:@esroyo/scoped-performance@^3.1.0",
       "jsr:@gfx/canvas-wasm@~0.4.2",
       "jsr:@hono/hono@^4.4.6",
-      "jsr:@lambdalisue/async@^2.1.1",
       "jsr:@negrel/webpush@0.3",
-      "jsr:@nostrify/db@~0.37.3",
-      "jsr:@nostrify/nostrify@0.38",
+      "jsr:@nostrify/db@~0.39.4",
+      "jsr:@nostrify/nostrify@~0.39.1",
       "jsr:@nostrify/policies@~0.36.1",
       "jsr:@nostrify/types@0.36",
       "jsr:@soapbox/kysely-pglite@1",
       "jsr:@soapbox/logi@0.3",
       "jsr:@soapbox/safe-fetch@2",
       "jsr:@std/assert@~0.225.1",
+      "jsr:@std/async@^1.0.10",
       "jsr:@std/cli@0.223",
       "jsr:@std/crypto@0.224",
       "jsr:@std/encoding@0.224",
@@ -2371,6 +2568,8 @@
       "jsr:@std/json@0.223",
       "jsr:@std/media-types@~0.224.1",
       "jsr:@std/streams@0.223",
+      "jsr:@std/testing@^1.0.9",
+      "npm:@cashu/cashu-ts@^2.2.0",
       "npm:@electric-sql/pglite@~0.2.8",
       "npm:@isaacs/ttlcache@^1.4.1",
       "npm:@noble/secp256k1@2",
@@ -2396,7 +2595,6 @@
       "npm:nostr-tools@2.5.1",
       "npm:nostr-wasm@0.1",
       "npm:path-to-regexp@^7.1.0",
-      "npm:png-to-ico@^2.1.8",
       "npm:prom-client@^15.1.2",
       "npm:sharp@~0.33.5",
       "npm:tldts@^6.0.14",

docs/auth.md

@@ -1,23 +0,0 @@
-# Authentication in Ditto
-
-One of the main benefits of Nostr is that users control their keys. Instead of a username and password, the user has a public key (`npub` or `pubkey`) and private key (`nsec`). The public key is a globally-unique identifier for the user, and the private key can be used to sign events, producing a signature that only the pubkey could have produced.
-
-With keys, users have full control over their identity. They can move between servers freely, and post to multiple servers at once. But with such power comes great responsibilities. Users cannot lose control of their key, or they'll lose control over their account forever.
-
-## Managing Keys
-
-There are several ways to manage keys in Nostr, and they all come with trade-offs. It's new territory, and people are still coming up with new ideas.
-
-The main concerns are how to **conveniently log in on multiple devices**, and **who/what to trust with your key.**
-
-### Current Solutions
-
-1. **Private key text.** Users copy their key between devices/apps, giving apps full control over their key. Users might email the key to themselves, or better yet use a password manager, or apps might even provide a QR code for other apps to scan. This method is convenient, but it's not secure. Keys can get compromised in transit, or by a malicious or vulnerable app.
-
-2. **Browser extension.** For web clients, an extension can expose `getPublicKey` and `signEvent` functions to web-pages without exposing the private key directly. This option is secure, but it only works well for laptop/desktop devices. On mobile, only FireFox can do it, with no support from Safari or Chrome. It also offers no way to share a key across devices on its own.
-
-3. **Remote signer**. Users can run a remote signer program and then connect apps to it. The signer should be running 24/7, so it's best suited for running on a server. This idea has evolved into the creation of "bunker" services. Bunkers allow users to have a traditional username and password and login from anywhere. This method solves a lot of problems, but it also creates some problems. Users have to create an account on a separate website before they can log into your website. This makes it an option for more advanced users. Also, it's concerning that the administrator of the bunker server has full control over your keys. None of this is a problem if you run your own remote signer, but it's not a mainstream option.
-
-4. **Custodial**. Apps which make you log you in with a username/password, and then keep Nostr keys for each user in their database. You might not even be able to export your keys. This option may be easier for users at first, but it puts a whole lot of liability on the server, since leaks can cause permanent damage. It also gives up a lot of the benefits of Nostr.
-
-Each of these ideas could be improved upon greatly with new experiments and technical progress. But to Ditto, user freedom matters the most, so we're focusing on non-custodial solution. Even though there are security risks to copying around keys, the onus is on the user. The user may fall victim to a targeted attack (or make a stupid mistake), whereas custodial servers have the ability to wipe out entire demographics of users at once. Therefore we believe that custodial solutions are actually _less_ secure than users copying around keys. Users must take precautions about which apps to trust with their private key until we improve upon the area to make it more secure (likely with better support of browser extensions, OS key management, and more).

docs/debugging.md

@@ -1,27 +0,0 @@
-# Debugging Ditto
-
-Running the command `deno task debug` will start the Ditto server in debug mode, making it possible to inspect with Chromium-based browsers by visiting `chrome://inspect`.
-
-From there, go to the "Performance" tab and click "Start profiling". Perform the actions you want to profile, then click "Stop profiling". You can then inspect the call stack and see where the time is being spent.
-
-## Remote debugging
-
-If the Ditto server is on a separate machine, you will first need to put it into debug mode. Edit its systemd file (usually located at `/etc/systemd/system/ditto.service`) and change `deno task start` to `deno task debug` in the `ExecStart` line. Then run `systemctl daemon-reload` and `systemctl restart ditto`.
-
-To access the debugger remotely, you can use SSH port forwarding. Run this command on your local machine, replacing `<user>@<host>` with the SSH login for the remote machine:
-
-```sh
-ssh -L 9229:localhost:9229 <user>@<host>
-```
-
-Then, in Chromium, go to `chrome://inspect` and the Ditto server should be available.
-
-## SQL performance
-
-To track slow queries, first set `DEBUG=ditto:sql` in the environment so only SQL logs are shown.
-
-Then, grep for any logs above 0.001s:
-
-```sh
-journalctl -fu ditto | grep -v '(0.00s)'
-```

docs/installation.md

@@ -1,15 +0,0 @@
-# Installing Ditto
-
-First, install Deno:
-
-```sh
-curl -fsSL https://deno.land/x/install/install.sh | sudo DENO_INSTALL=/usr/local sh
-```
-
-Now, run Ditto:
-
-```sh
-deno run -A https://gitlab.com/soapbox-pub/ditto/-/raw/main/src/server.ts
-```
-
-That's it! Ditto is now running on your machine.

docs/mastodon-api.md

@@ -1,9 +0,0 @@
-# Mastodon API
-
-Ditto implements Mastodon's client-server API, a REST API used by Mastodon mobile apps and frontends to interact with Mastodon servers. While it was originally designed for Mastodon, it has been adopted by other ActivityPub servers such as Pleroma, Mitra, Friendica, and many others.
-
-Note that Mastodon API is **not** ActivityPub. It is not the API used to federate between servers. Instead, it enables user interfaces, mobile apps, bots, and other clients to interact with Mastodon servers.
-
-Mastodon is built in Ruby on Rails, and its API is inspired by Twitter's legacy REST API. Rails, being an MVC framework, has "models", which it maps directly to "Entities" in its API.
-
-Endpoints return either a single Entity, or an array of Entities. Entities Entities are JSON objects with a specific structure, and are documented in the [Mastodon API documentation](https://docs.joinmastodon.org/api/).

packages/captcha/assets.test.ts

@@ -0,0 +1,9 @@
+import { assert } from '@std/assert';
+
+import { getCaptchaImages } from './assets.ts';
+
+Deno.test('getCaptchaImages', async () => {
+  // If this function runs at all, it most likely worked.
+  const { bgImages } = await getCaptchaImages();
+  assert(bgImages.length);
+});

packages/captcha/assets.ts

@@ -0,0 +1,36 @@
+import { type Image, loadImage } from '@gfx/canvas-wasm';
+
+export interface CaptchaImages {
+  bgImages: Image[];
+  puzzleMask: Image;
+  puzzleHole: Image;
+}
+
+export async function getCaptchaImages(): Promise<CaptchaImages> {
+  const bgImages = await getBackgroundImages();
+
+  const puzzleMask = await loadImage(
+    await Deno.readFile(new URL('./assets/puzzle/puzzle-mask.png', import.meta.url)),
+  );
+  const puzzleHole = await loadImage(
+    await Deno.readFile(new URL('./assets/puzzle/puzzle-hole.png', import.meta.url)),
+  );
+
+  return { bgImages, puzzleMask, puzzleHole };
+}
+
+async function getBackgroundImages(): Promise<Image[]> {
+  const path = new URL('./assets/bg/', import.meta.url);
+
+  const images: Image[] = [];
+
+  for await (const dirEntry of Deno.readDir(path)) {
+    if (dirEntry.isFile && dirEntry.name.endsWith('.jpg')) {
+      const file = await Deno.readFile(new URL(dirEntry.name, path));
+      const image = await loadImage(file);
+      images.push(image);
+    }
+  }
+
+  return images;
+}

packages/captcha/canvas.test.ts

@@ -0,0 +1,22 @@
+import { createCanvas } from '@gfx/canvas-wasm';
+import { assertNotEquals } from '@std/assert';
+import { encodeHex } from '@std/encoding/hex';
+
+import { addNoise } from './canvas.ts';
+
+// This is almost impossible to truly test,
+// but we can at least check that the image on the canvas changes.
+Deno.test('addNoise', async () => {
+  const canvas = createCanvas(100, 100);
+  const ctx = canvas.getContext('2d');
+
+  const dataBefore = ctx.getImageData(0, 0, canvas.width, canvas.height);
+  const hashBefore = await crypto.subtle.digest('SHA-256', dataBefore.data);
+
+  addNoise(ctx, canvas.width, canvas.height);
+
+  const dataAfter = ctx.getImageData(0, 0, canvas.width, canvas.height);
+  const hashAfter = await crypto.subtle.digest('SHA-256', dataAfter.data);
+
+  assertNotEquals(encodeHex(hashBefore), encodeHex(hashAfter));
+});

packages/captcha/canvas.ts

@@ -0,0 +1,21 @@
+import type { CanvasRenderingContext2D } from '@gfx/canvas-wasm';
+
+/**
+ * Add a small amount of noise to the image.
+ * This protects against an attacker pregenerating every possible solution and then doing a reverse-lookup.
+ */
+export function addNoise(ctx: CanvasRenderingContext2D, width: number, height: number): void {
+  const imageData = ctx.getImageData(0, 0, width, height);
+
+  // Loop over every pixel.
+  for (let i = 0; i < imageData.data.length; i += 4) {
+    // Add/subtract a small amount from each color channel.
+    // We skip i+3 because that's the alpha channel, which we don't want to modify.
+    for (let j = 0; j < 3; j++) {
+      const alteration = Math.floor(Math.random() * 11) - 5; // Vary between -5 and +5
+      imageData.data[i + j] = Math.min(Math.max(imageData.data[i + j] + alteration, 0), 255);
+    }
+  }
+
+  ctx.putImageData(imageData, 0, 0);
+}

packages/captcha/captcha.test.ts

@@ -0,0 +1,12 @@
+import { getCaptchaImages } from './assets.ts';
+import { generateCaptcha, verifyCaptchaSolution } from './captcha.ts';
+
+Deno.test('generateCaptcha', async () => {
+  const images = await getCaptchaImages();
+  generateCaptcha(images, { w: 370, h: 400 }, { w: 65, h: 65 });
+});
+
+Deno.test('verifyCaptchaSolution', () => {
+  verifyCaptchaSolution({ w: 65, h: 65 }, { x: 0, y: 0 }, { x: 0, y: 0 });
+  verifyCaptchaSolution({ w: 65, h: 65 }, { x: 0, y: 0 }, { x: 10, y: 10 });
+});

packages/captcha/captcha.ts

@@ -0,0 +1,60 @@
+import { createCanvas, type EmulatedCanvas2D } from '@gfx/canvas-wasm';
+
+import { addNoise } from './canvas.ts';
+import { areIntersecting, type Dimensions, type Point } from './geometry.ts';
+
+import type { CaptchaImages } from './assets.ts';
+
+/** Generate a puzzle captcha, returning canvases for the board and piece. */
+export function generateCaptcha(
+  { bgImages, puzzleMask, puzzleHole }: CaptchaImages,
+  bgSize: Dimensions,
+  puzzleSize: Dimensions,
+): {
+  bg: EmulatedCanvas2D;
+  puzzle: EmulatedCanvas2D;
+  solution: Point;
+} {
+  const bg = createCanvas(bgSize.w, bgSize.h);
+  const puzzle = createCanvas(puzzleSize.w, puzzleSize.h);
+
+  const ctx = bg.getContext('2d');
+  const pctx = puzzle.getContext('2d');
+
+  const solution = generateSolution(bgSize, puzzleSize);
+  const bgImage = bgImages[Math.floor(Math.random() * bgImages.length)];
+
+  // Draw the background image.
+  ctx.drawImage(bgImage, 0, 0, bg.width, bg.height);
+  addNoise(ctx, bg.width, bg.height);
+
+  // Draw the puzzle piece.
+  pctx.drawImage(puzzleMask, 0, 0, puzzle.width, puzzle.height);
+  pctx.globalCompositeOperation = 'source-in';
+  pctx.drawImage(bg, solution.x, solution.y, puzzle.width, puzzle.height, 0, 0, puzzle.width, puzzle.height);
+
+  // Draw the hole.
+  ctx.globalCompositeOperation = 'source-atop';
+  ctx.drawImage(puzzleHole, solution.x, solution.y, puzzle.width, puzzle.height);
+
+  return {
+    bg,
+    puzzle,
+    solution,
+  };
+}
+
+export function verifyCaptchaSolution(puzzleSize: Dimensions, point: Point, solution: Point): boolean {
+  return areIntersecting(
+    { ...point, ...puzzleSize },
+    { ...solution, ...puzzleSize },
+  );
+}
+
+/** Random coordinates such that the piece fits within the canvas. */
+function generateSolution(bgSize: Dimensions, puzzleSize: Dimensions): Point {
+  return {
+    x: Math.floor(Math.random() * (bgSize.w - puzzleSize.w)),
+    y: Math.floor(Math.random() * (bgSize.h - puzzleSize.h)),
+  };
+}

packages/captcha/deno.json

@@ -0,0 +1,7 @@
+{
+  "name": "@ditto/captcha",
+  "version": "0.1.0",
+  "exports": {
+    ".": "./mod.ts"
+  }
+}

packages/captcha/geometry.test.ts

@@ -0,0 +1,8 @@
+import { assertEquals } from '@std/assert';
+
+import { areIntersecting } from './geometry.ts';
+
+Deno.test('areIntersecting', () => {
+  assertEquals(areIntersecting({ x: 0, y: 0, w: 10, h: 10 }, { x: 5, y: 5, w: 10, h: 10 }), true);
+  assertEquals(areIntersecting({ x: 0, y: 0, w: 10, h: 10 }, { x: 15, y: 15, w: 10, h: 10 }), false);
+});

packages/captcha/geometry.ts

@@ -0,0 +1,27 @@
+export interface Point {
+  x: number;
+  y: number;
+}
+
+export interface Dimensions {
+  w: number;
+  h: number;
+}
+
+type Rectangle = Point & Dimensions;
+
+/** Check if the two rectangles intersect by at least `threshold` percent. */
+export function areIntersecting(rect1: Rectangle, rect2: Rectangle, threshold = 0.5): boolean {
+  const r1cx = rect1.x + rect1.w / 2;
+  const r2cx = rect2.x + rect2.w / 2;
+
+  const r1cy = rect1.y + rect1.h / 2;
+  const r2cy = rect2.y + rect2.h / 2;
+
+  const dist = Math.sqrt((r2cx - r1cx) ** 2 + (r2cy - r1cy) ** 2);
+
+  const e1 = Math.sqrt(rect1.h ** 2 + rect1.w ** 2) / 2;
+  const e2 = Math.sqrt(rect2.h ** 2 + rect2.w ** 2) / 2;
+
+  return dist <= (e1 + e2) * threshold;
+}

packages/captcha/mod.ts

@@ -0,0 +1,2 @@
+export { getCaptchaImages } from './assets.ts';
+export { generateCaptcha, verifyCaptchaSolution } from './captcha.ts';

packages/cashu/cashu.test.ts

@@ -0,0 +1,457 @@
+import { type NostrFilter, NSecSigner } from '@nostrify/nostrify';
+import { NPostgres } from '@nostrify/db';
+import { genEvent } from '@nostrify/nostrify/test';
+
+import { generateSecretKey, getPublicKey } from 'nostr-tools';
+import { bytesToString, stringToBytes } from '@scure/base';
+import { assertEquals } from '@std/assert';
+
+import { DittoPolyPg, TestDB } from '@ditto/db';
+import { DittoConf } from '@ditto/conf';
+
+import { getLastRedeemedNutzap, getMintsToProofs, getWallet, organizeProofs, validateAndParseWallet } from './cashu.ts';
+
+Deno.test('validateAndParseWallet function returns valid data', async () => {
+  const conf = new DittoConf(Deno.env);
+  const orig = new DittoPolyPg(conf.databaseUrl);
+
+  await using db = new TestDB(orig);
+  await db.migrate();
+  await db.clear();
+
+  const store = new NPostgres(orig.kysely);
+
+  const sk = generateSecretKey();
+  const signer = new NSecSigner(sk);
+  const pubkey = await signer.getPublicKey();
+  const privkey = bytesToString('hex', sk);
+  const p2pk = getPublicKey(stringToBytes('hex', privkey));
+
+  // Wallet
+  const wallet = genEvent({
+    kind: 17375,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      JSON.stringify([
+        ['privkey', privkey],
+        ['mint', 'https://mint.soul.com'],
+      ]),
+    ),
+  }, sk);
+  await store.event(wallet);
+
+  // Nutzap information
+  const nutzapInfo = genEvent({
+    kind: 10019,
+    tags: [
+      ['pubkey', p2pk],
+      ['mint', 'https://mint.soul.com'],
+      ['relay', conf.relay],
+    ],
+  }, sk);
+  await store.event(nutzapInfo);
+
+  const { data, error } = await validateAndParseWallet(store, signer, pubkey);
+
+  assertEquals(error, null);
+  assertEquals(data, {
+    wallet,
+    nutzapInfo,
+    privkey,
+    p2pk,
+    mints: ['https://mint.soul.com'],
+    relays: [conf.relay],
+  });
+});
+
+Deno.test('organizeProofs function is working', async () => {
+  const conf = new DittoConf(Deno.env);
+  const orig = new DittoPolyPg(conf.databaseUrl);
+
+  await using db = new TestDB(orig);
+  await db.migrate();
+  await db.clear();
+
+  const store = new NPostgres(orig.kysely);
+
+  const sk = generateSecretKey();
+  const signer = new NSecSigner(sk);
+  const pubkey = await signer.getPublicKey();
+
+  const event1 = genEvent({
+    kind: 7375,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      JSON.stringify({
+        mint: 'https://mint.soul.com',
+        proofs: [
+          {
+            id: '005c2502034d4f12',
+            amount: 25,
+            secret: 'z+zyxAVLRqN9lEjxuNPSyRJzEstbl69Jc1vtimvtkPg=',
+            C: '0241d98a8197ef238a192d47edf191a9de78b657308937b4f7dd0aa53beae72c46',
+          },
+          {
+            id: '005c2502034d4f12',
+            amount: 25,
+            secret: 'z+zyxAVLRqN9lEjxuNPSyRJzEstbl69Jc1vtimvtkPg=',
+            C: '0241d98a8197ef238a192d47edf191a9de78b657308937b4f7dd0aa53beae72c46',
+          },
+          {
+            id: '005c2502034d4f12',
+            amount: 25,
+            secret: 'z+zyxAVLRqN9lEjxuNPSyRJzEstbl69Jc1vtimvtkPg=',
+            C: '0241d98a8197ef238a192d47edf191a9de78b657308937b4f7dd0aa53beae72c46',
+          },
+          {
+            id: '005c2502034d4f12',
+            amount: 25,
+            secret: 'z+zyxAVLRqN9lEjxuNPSyRJzEstbl69Jc1vtimvtkPg=',
+            C: '0241d98a8197ef238a192d47edf191a9de78b657308937b4f7dd0aa53beae72c46',
+          },
+        ],
+        del: [],
+      }),
+    ),
+  }, sk);
+  await store.event(event1);
+
+  const proof1 = {
+    'id': '004f7adf2a04356c',
+    'amount': 1,
+    'secret': '6780378b186cf7ada639ce4807803ad5e4a71217688430512f35074f9bca99c0',
+    'C': '03f0dd8df04427c8c53e4ae9ce8eb91c4880203d6236d1d745c788a5d7a47aaff3',
+    'dleq': {
+      'e': 'bd22fcdb7ede1edb52b9b8c6e1194939112928e7b4fc0176325e7671fb2bd351',
+      's': 'a9ad015571a0e538d62966a16d2facf806fb956c746a3dfa41fa689486431c67',
+      'r': 'b283980e30bf5a31a45e5e296e93ae9f20bf3a140c884b3b4cd952dbecc521df',
+    },
+  };
+  const token1 = JSON.stringify({
+    mint: 'https://mint-fashion.com',
+    proofs: [proof1],
+    del: [],
+  });
+
+  const event2 = genEvent({
+    kind: 7375,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      token1,
+    ),
+  }, sk);
+  await store.event(event2);
+
+  const proof2 = {
+    'id': '004f7adf2a04356c',
+    'amount': 123,
+    'secret': '6780378b186cf7ada639ce4807803ad5e4a71217688430512f35074f9bca99c0',
+    'C': '03f0dd8df04427c8c53e4ae9ce8eb91c4880203d6236d1d745c788a5d7a47aaff3',
+    'dleq': {
+      'e': 'bd22fcdb7ede1edb52b9b8c6e1194939112928e7b4fc0176325e7671fb2bd351',
+      's': 'a9ad015571a0e538d62966a16d2facf806fb956c746a3dfa41fa689486431c67',
+      'r': 'b283980e30bf5a31a45e5e296e93ae9f20bf3a140c884b3b4cd952dbecc521df',
+    },
+  };
+
+  const token2 = JSON.stringify({
+    mint: 'https://mint-fashion.com',
+    proofs: [proof2],
+    del: [],
+  });
+
+  const event3 = genEvent({
+    kind: 7375,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      token2,
+    ),
+  }, sk);
+  await store.event(event3);
+
+  const unspentProofs = await store.query([{ kinds: [7375], authors: [pubkey] }]);
+
+  const organizedProofs = await organizeProofs(unspentProofs, signer);
+
+  assertEquals(organizedProofs, {
+    'https://mint.soul.com': {
+      totalBalance: 100,
+      [event1.id]: { event: event1, balance: 100 },
+    },
+    'https://mint-fashion.com': {
+      totalBalance: 124,
+      [event2.id]: { event: event2, balance: 1 },
+      [event3.id]: { event: event3, balance: 123 },
+    },
+  });
+});
+
+Deno.test('getLastRedeemedNutzap function is working', async () => {
+  const conf = new DittoConf(Deno.env);
+  const orig = new DittoPolyPg(conf.databaseUrl);
+
+  await using db = new TestDB(orig);
+  await db.migrate();
+  await db.clear();
+
+  const store = new NPostgres(orig.kysely);
+
+  const sk = generateSecretKey();
+  const signer = new NSecSigner(sk);
+  const pubkey = await signer.getPublicKey();
+
+  const event1 = genEvent({
+    kind: 7376,
+    content: '<nip-44-encrypted>',
+    created_at: Math.floor(Date.now() / 1000), // now
+    tags: [
+      ['e', '<event-id-of-created-token>', '', 'redeemed'],
+    ],
+  }, sk);
+  await store.event(event1);
+
+  const event2 = genEvent({
+    kind: 7376,
+    content: '<nip-44-encrypted>',
+    created_at: Math.floor((Date.now() - 86400000) / 1000), // yesterday
+    tags: [
+      ['e', '<event-id-of-created-token>', '', 'redeemed'],
+    ],
+  }, sk);
+  await store.event(event2);
+
+  const event3 = genEvent({
+    kind: 7376,
+    content: '<nip-44-encrypted>',
+    created_at: Math.floor((Date.now() - 86400000) / 1000), // yesterday
+    tags: [
+      ['e', '<event-id-of-created-token>', '', 'redeemed'],
+    ],
+  }, sk);
+  await store.event(event3);
+
+  const event4 = genEvent({
+    kind: 7376,
+    content: '<nip-44-encrypted>',
+    created_at: Math.floor((Date.now() + 86400000) / 1000), // tomorrow
+    tags: [
+      ['e', '<event-id-of-created-token>', '', 'redeemed'],
+    ],
+  }, sk);
+  await store.event(event4);
+
+  const event = await getLastRedeemedNutzap(store, pubkey);
+
+  assertEquals(event, event4);
+});
+
+Deno.test('getMintsToProofs function is working', async () => {
+  const conf = new DittoConf(Deno.env);
+  const orig = new DittoPolyPg(conf.databaseUrl);
+
+  await using db = new TestDB(orig);
+  await db.migrate();
+  await db.clear();
+
+  const store = new NPostgres(orig.kysely);
+
+  const sk = generateSecretKey();
+  const signer = new NSecSigner(sk);
+  const pubkey = await signer.getPublicKey();
+
+  const redeemedNutzap = genEvent({
+    created_at: Math.floor(Date.now() / 1000), // now
+    kind: 9321,
+    content: 'Thanks buddy! Nice idea.',
+    tags: [
+      [
+        'proof',
+        JSON.stringify({
+          id: '005c2502034d4f12',
+          amount: 25,
+          secret: 'z+zyxAVLRqN9lEjxuNPSyRJzEstbl69Jc1vtimvtkPg=',
+          C: '0241d98a8197ef238a192d47edf191a9de78b657308937b4f7dd0aa53beae72c46',
+        }),
+      ],
+      ['u', 'https://mint.soul.com'],
+      ['e', 'nutzapped-post'],
+      ['p', '47259076c85f9240e852420d7213c95e95102f1de929fb60f33a2c32570c98c4'],
+    ],
+  }, sk);
+
+  await store.event(redeemedNutzap);
+
+  await new Promise((r) => setTimeout(r, 1000));
+
+  const history = genEvent({
+    created_at: Math.floor(Date.now() / 1000), // now
+    kind: 7376,
+    content: 'nip-44-encrypted',
+    tags: [
+      ['e', redeemedNutzap.id, conf.relay, 'redeemed'],
+      ['p', redeemedNutzap.pubkey],
+    ],
+  }, sk);
+
+  await store.event(history);
+
+  const nutzap = genEvent({
+    created_at: Math.floor(Date.now() / 1000), // now
+    kind: 9321,
+    content: 'Thanks buddy! Nice idea.',
+    tags: [
+      [
+        'proof',
+        JSON.stringify({
+          id: '005c2502034d4f12',
+          amount: 50,
+          secret: 'z+zyxAVLRqN9lEjxuNPSyRJzEstbl69Jc1vtimvtkPg=',
+          C: '0241d98a8197ef238a192d47edf191a9de78b657308937b4f7dd0aa53beae72c46',
+        }),
+      ],
+      ['u', 'https://mint.soul.com'],
+      ['e', 'nutzapped-post'],
+      ['p', '47259076c85f9240e852420d7213c95e95102f1de929fb60f33a2c32570c98c4'],
+    ],
+  }, sk);
+
+  await store.event(nutzap);
+
+  const nutzapsFilter: NostrFilter = {
+    kinds: [9321],
+    '#p': ['47259076c85f9240e852420d7213c95e95102f1de929fb60f33a2c32570c98c4'],
+    '#u': ['https://mint.soul.com'],
+  };
+
+  const lastRedeemedNutzap = await getLastRedeemedNutzap(store, pubkey);
+  if (lastRedeemedNutzap) {
+    nutzapsFilter.since = lastRedeemedNutzap.created_at;
+  }
+
+  const mintsToProofs = await getMintsToProofs(store, nutzapsFilter, conf.relay);
+
+  assertEquals(mintsToProofs, {
+    'https://mint.soul.com': {
+      proofs: [{
+        id: '005c2502034d4f12',
+        amount: 50,
+        secret: 'z+zyxAVLRqN9lEjxuNPSyRJzEstbl69Jc1vtimvtkPg=',
+        C: '0241d98a8197ef238a192d47edf191a9de78b657308937b4f7dd0aa53beae72c46',
+      }],
+      toBeRedeemed: [
+        ['e', nutzap.id, conf.relay, 'redeemed'],
+        ['p', nutzap.pubkey],
+      ],
+    },
+  });
+});
+
+Deno.test('getWallet function is working', async () => {
+  const conf = new DittoConf(Deno.env);
+  const orig = new DittoPolyPg(conf.databaseUrl);
+
+  await using db = new TestDB(orig);
+  await db.migrate();
+  await db.clear();
+
+  const sk = generateSecretKey();
+  const signer = new NSecSigner(sk);
+  const pubkey = await signer.getPublicKey();
+
+  const privkey = bytesToString('hex', sk);
+  const p2pk = getPublicKey(stringToBytes('hex', privkey));
+
+  const relay = new NPostgres(orig.kysely);
+
+  const proofs = genEvent({
+    kind: 7375,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      JSON.stringify({
+        mint: 'https://cuiaba.mint.com',
+        proofs: [
+          {
+            'id': '004f7adf2a04356c',
+            'amount': 2,
+            'secret': '700312ccba84cb15d6a008c1d01b0dbf00025d3f2cb01f030a756553aca52de3',
+            'C': '02f0ff21fdd19a547d66d9ca09df5573ad88d28e4951825130708ba53cbed19561',
+            'dleq': {
+              'e': '9c44a58cb429be619c474b97216009bd96ff1b7dd145b35828a14f180c03a86f',
+              's': 'a11b8f616dfee5157a2c7c36da0ee181fe71b28729bee56b789e472c027ceb3b',
+              'r': 'c51b9ade8cfd3939b78d509c9723f86b43b432680f55a6791e3e252b53d4b465',
+            },
+          },
+          {
+            'id': '004f7adf2a04356c',
+            'amount': 4,
+            'secret': '5936f22d486734c03bd50b89aaa34be8e99f20d199bcebc09da8716890e95fb3',
+            'C': '039b55f92c02243e31b04e964f2ad0bcd2ed3229e334f4c7a81037392b8411d6e7',
+            'dleq': {
+              'e': '7b7be700f2515f1978ca27bc1045d50b9d146bb30d1fe0c0f48827c086412b9e',
+              's': 'cf44b08c7e64fd2bd9199667327b10a29b7c699b10cb7437be518203b25fe3fa',
+              'r': 'ec0cf54ce2d17fae5db1c6e5e5fd5f34d7c7df18798b8d92bcb7cb005ec2f93b',
+            },
+          },
+          {
+            'id': '004f7adf2a04356c',
+            'amount': 16,
+            'secret': '89e2315c058f3a010972dc6d546b1a2e81142614d715c28d169c6afdba5326bd',
+            'C': '02bc1c3756e77563fe6c7769fc9d9bc578ea0b84bf4bf045cf31c7e2d3f3ad0818',
+            'dleq': {
+              'e': '8dfa000c9e2a43d35d2a0b1c7f36a96904aed35457ca308c6e7d10f334f84e72',
+              's': '9270a914b1a53e32682b1277f34c5cfa931a6fab701a5dbee5855b68ddf621ab',
+              'r': 'ae71e572839a3273b0141ea2f626915592b4b3f5f91b37bbeacce0d3396332c9',
+            },
+          },
+          {
+            'id': '004f7adf2a04356c',
+            'amount': 16,
+            'secret': '06f2209f313d92505ae5c72087263f711b7a97b1b29a71886870e672a1b180ac',
+            'C': '02fa2ad933b62449e2765255d39593c48293f10b287cf7036b23570c8f01c27fae',
+            'dleq': {
+              'e': 'e696d61f6259ae97f8fe13a5af55d47f526eea62a7998bf888626fd1ae35e720',
+              's': 'b9f1ef2a8aec0e73c1a4aaff67e28b3ca3bc4628a532113e0733643c697ed7ce',
+              'r': 'b66ed62852811d14e9bf822baebfda92ba47c5c4babc4f2499d9ce81fbbbd3f2',
+            },
+          },
+        ],
+        del: [],
+      }),
+    ),
+    created_at: Math.floor(Date.now() / 1000), // now
+  }, sk);
+
+  await relay.event(proofs);
+
+  await relay.event(genEvent({
+    kind: 10019,
+    tags: [
+      ['pubkey', p2pk],
+      ['mint', 'https://mint.soul.com'],
+      ['mint', 'https://cuiaba.mint.com'],
+      ['relay', conf.relay],
+    ],
+  }, sk));
+
+  const wallet = genEvent({
+    kind: 17375,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      JSON.stringify([
+        ['privkey', privkey],
+        ['mint', 'https://mint.soul.com'],
+      ]),
+    ),
+  }, sk);
+
+  await relay.event(wallet);
+
+  const { wallet: walletEntity } = await getWallet(relay, pubkey, signer);
+
+  assertEquals(walletEntity, {
+    balance: 38,
+    mints: ['https://mint.soul.com', 'https://cuiaba.mint.com'],
+    relays: [conf.relay],
+    pubkey_p2pk: p2pk,
+  });
+});

packages/cashu/cashu.ts

@@ -0,0 +1,302 @@
+import type { Proof } from '@cashu/cashu-ts';
+import { type NostrEvent, type NostrFilter, type NostrSigner, NSchema as n, type NStore } from '@nostrify/nostrify';
+import { getPublicKey } from 'nostr-tools';
+import { stringToBytes } from '@scure/base';
+import { logi } from '@soapbox/logi';
+import type { SetRequired } from 'type-fest';
+import { z } from 'zod';
+
+import { proofSchema, tokenEventSchema, type Wallet } from './schemas.ts';
+
+type Data = {
+  wallet: NostrEvent;
+  nutzapInfo: NostrEvent;
+  privkey: string;
+  p2pk: string;
+  mints: string[];
+  relays: string[];
+};
+
+type CustomError =
+  | { message: 'Wallet not found'; code: 'wallet-not-found' }
+  | { message: 'Could not decrypt wallet content'; code: 'fail-decrypt-wallet' }
+  | { message: 'Could not parse wallet content'; code: 'fail-parse-wallet' }
+  | { message: 'Wallet does not contain privkey or privkey is not a valid nostr id'; code: 'privkey-missing' }
+  | { message: 'Nutzap information event not found'; code: 'nutzap-info-not-found' }
+  | {
+    message:
+      "You do not have a 'pubkey' tag in your nutzap information event or the one you have does not match the one derivated from the wallet.";
+    code: 'pubkey-mismatch';
+  }
+  | { message: 'You do not have any mints in your nutzap information event.'; code: 'mints-missing' };
+
+/** Ensures that the wallet event and nutzap information event are correct. */
+async function validateAndParseWallet(
+  store: NStore,
+  signer: SetRequired<NostrSigner, 'nip44'>,
+  pubkey: string,
+  opts?: { signal?: AbortSignal },
+): Promise<{ data: Data; error: null } | { data: null; error: CustomError }> {
+  const [wallet] = await store.query([{ authors: [pubkey], kinds: [17375] }], { signal: opts?.signal });
+  if (!wallet) {
+    return { error: { message: 'Wallet not found', code: 'wallet-not-found' }, data: null };
+  }
+
+  let decryptedContent: string;
+  try {
+    decryptedContent = await signer.nip44.decrypt(pubkey, wallet.content);
+  } catch (e) {
+    logi({
+      level: 'error',
+      ns: 'ditto.api.cashu.wallet',
+      id: wallet.id,
+      kind: wallet.kind,
+      error: errorJson(e),
+    });
+    return { data: null, error: { message: 'Could not decrypt wallet content', code: 'fail-decrypt-wallet' } };
+  }
+
+  let contentTags: string[][];
+  try {
+    contentTags = n.json().pipe(z.string().array().array()).parse(decryptedContent);
+  } catch {
+    return { data: null, error: { message: 'Could not parse wallet content', code: 'fail-parse-wallet' } };
+  }
+
+  const privkey = contentTags.find(([value]) => value === 'privkey')?.[1];
+  if (!privkey || !isNostrId(privkey)) {
+    return {
+      data: null,
+      error: { message: 'Wallet does not contain privkey or privkey is not a valid nostr id', code: 'privkey-missing' },
+    };
+  }
+  const p2pk = getPublicKey(stringToBytes('hex', privkey));
+
+  const [nutzapInfo] = await store.query([{ authors: [pubkey], kinds: [10019] }], { signal: opts?.signal });
+  if (!nutzapInfo) {
+    return { data: null, error: { message: 'Nutzap information event not found', code: 'nutzap-info-not-found' } };
+  }
+
+  const nutzapInformationPubkey = nutzapInfo.tags.find(([name]) => name === 'pubkey')?.[1];
+  if (!nutzapInformationPubkey || (nutzapInformationPubkey !== p2pk)) {
+    return {
+      data: null,
+      error: {
+        message:
+          "You do not have a 'pubkey' tag in your nutzap information event or the one you have does not match the one derivated from the wallet.",
+        code: 'pubkey-mismatch',
+      },
+    };
+  }
+
+  const mints = [...new Set(nutzapInfo.tags.filter(([name]) => name === 'mint').map(([_, value]) => value))];
+  if (mints.length < 1) {
+    return {
+      data: null,
+      error: { message: 'You do not have any mints in your nutzap information event.', code: 'mints-missing' },
+    };
+  }
+
+  const relays = [...new Set(nutzapInfo.tags.filter(([name]) => name === 'relay').map(([_, value]) => value))];
+
+  return { data: { wallet, nutzapInfo, privkey, p2pk, mints, relays }, error: null };
+}
+
+type OrganizedProofs = {
+  [mintUrl: string]: {
+    /** Total balance in this mint */
+    totalBalance: number;
+    /** Event id */
+    [eventId: string]: {
+      event: NostrEvent;
+      /** Total balance in this event */
+      balance: number;
+    } | number;
+  };
+};
+async function organizeProofs(
+  events: NostrEvent[],
+  signer: SetRequired<NostrSigner, 'nip44'>,
+): Promise<OrganizedProofs> {
+  const organizedProofs: OrganizedProofs = {};
+  const pubkey = await signer.getPublicKey();
+
+  for (const event of events) {
+    const decryptedContent = await signer.nip44.decrypt(pubkey, event.content);
+    const { data: token, success } = n.json().pipe(tokenEventSchema).safeParse(decryptedContent);
+    if (!success) {
+      continue;
+    }
+    const { mint, proofs } = token;
+
+    const balance = proofs.reduce((prev, current) => prev + current.amount, 0);
+
+    if (!organizedProofs[mint]) {
+      organizedProofs[mint] = { totalBalance: 0 };
+    }
+
+    organizedProofs[mint] = { ...organizedProofs[mint], [event.id]: { event, balance } };
+    organizedProofs[mint].totalBalance += balance;
+  }
+  return organizedProofs;
+}
+
+/** Returns a spending history event that contains the last redeemed nutzap. */
+async function getLastRedeemedNutzap(
+  store: NStore,
+  pubkey: string,
+  opts?: { signal?: AbortSignal },
+): Promise<NostrEvent | undefined> {
+  const events = await store.query([{ kinds: [7376], authors: [pubkey] }], { signal: opts?.signal });
+
+  for (const event of events) {
+    const nutzap = event.tags.find(([name]) => name === 'e');
+    const redeemed = nutzap?.[3];
+    if (redeemed === 'redeemed') {
+      return event;
+    }
+  }
+}
+
+/**
+ * toBeRedeemed are the nutzaps that will be redeemed into a kind 7375 and saved in the kind 7376 tags
+ * The tags format is: [
+ *   [ "e", "<9321-event-id>", "<relay-hint>", "redeemed" ], // nutzap event that has been redeemed
+ *   [ "p", "<sender-pubkey>" ] // pubkey of the author of the 9321 event (nutzap sender)
+ * ]
+ * https://github.com/nostr-protocol/nips/blob/master/61.md#updating-nutzap-redemption-history
+ */
+type MintsToProofs = { [key: string]: { proofs: Proof[]; toBeRedeemed: string[][] } };
+
+/**
+ * Gets proofs from nutzaps that have not been redeemed yet.
+ * Each proof is associated with a specific mint.
+ * @param store Store used to query for the nutzaps
+ * @param nutzapsFilter Filter used to query for the nutzaps, most useful when
+ * it contains a 'since' field so it saves time and resources
+ * @param relay Relay hint where the new kind 7376 will be saved
+ * @returns MintsToProofs An object where each key is a mint url and the values are an array of proofs
+ * and an array of redeemed tags in this format:
+ * ```
+ * [
+ *    ...,
+ *    [ "e", "<9321-event-id>", "<relay-hint>", "redeemed" ], // nutzap event that has been redeemed
+ *    [ "p", "<sender-pubkey>" ] // pubkey of the author of the 9321 event (nutzap sender)
+ * ]
+ * ```
+ */
+async function getMintsToProofs(
+  store: NStore,
+  nutzapsFilter: NostrFilter,
+  relay: string,
+  opts?: { signal?: AbortSignal },
+): Promise<MintsToProofs> {
+  const mintsToProofs: MintsToProofs = {};
+
+  const nutzaps = await store.query([nutzapsFilter], { signal: opts?.signal });
+
+  for (const event of nutzaps) {
+    try {
+      const mint = event.tags.find(([name]) => name === 'u')?.[1];
+      if (!mint) {
+        continue;
+      }
+
+      const proofs = event.tags.filter(([name]) => name === 'proof').map((tag) => tag[1]).filter(Boolean);
+      if (proofs.length < 1) {
+        continue;
+      }
+
+      if (!mintsToProofs[mint]) {
+        mintsToProofs[mint] = { proofs: [], toBeRedeemed: [] };
+      }
+
+      const parsed = n.json().pipe(
+        proofSchema,
+      ).array().safeParse(proofs);
+
+      if (!parsed.success) {
+        continue;
+      }
+
+      mintsToProofs[mint].proofs = [...mintsToProofs[mint].proofs, ...parsed.data];
+      mintsToProofs[mint].toBeRedeemed = [
+        ...mintsToProofs[mint].toBeRedeemed,
+        [
+          'e', // nutzap event that has been redeemed
+          event.id,
+          relay,
+          'redeemed',
+        ],
+        ['p', event.pubkey], // pubkey of the author of the 9321 event (nutzap sender)
+      ];
+    } catch (e) {
+      logi({ level: 'error', ns: 'ditto.api.cashu.wallet.swap', error: errorJson(e) });
+    }
+  }
+
+  return mintsToProofs;
+}
+
+/** Returns a wallet entity with the latest balance. */
+async function getWallet(
+  store: NStore,
+  pubkey: string,
+  signer: SetRequired<NostrSigner, 'nip44'>,
+  opts?: { signal?: AbortSignal },
+): Promise<{ wallet: Wallet; error: null } | { wallet: null; error: CustomError }> {
+  const { data, error } = await validateAndParseWallet(store, signer, pubkey, { signal: opts?.signal });
+
+  if (error) {
+    logi({ level: 'error', ns: 'ditto.cashu.get_wallet', error: errorJson(error) });
+    return { wallet: null, error };
+  }
+
+  const { p2pk, mints, relays } = data;
+
+  let balance = 0;
+
+  const tokens = await store.query([{ authors: [pubkey], kinds: [7375] }], { signal: opts?.signal });
+  for (const token of tokens) {
+    try {
+      const decryptedContent: { mint: string; proofs: Proof[] } = JSON.parse(
+        await signer.nip44.decrypt(pubkey, token.content),
+      );
+
+      if (!mints.includes(decryptedContent.mint)) {
+        mints.push(decryptedContent.mint);
+      }
+
+      balance += decryptedContent.proofs.reduce((accumulator, current) => {
+        return accumulator + current.amount;
+      }, 0);
+    } catch (e) {
+      logi({ level: 'error', ns: 'dtto.cashu.get_wallet', error: errorJson(e) });
+    }
+  }
+
+  // TODO: maybe change the 'Wallet' type data structure so each mint is a key and the value are the tokens associated with a given mint
+  const walletEntity: Wallet = {
+    pubkey_p2pk: p2pk,
+    mints,
+    relays,
+    balance,
+  };
+
+  return { wallet: walletEntity, error: null };
+}
+
+/** Serialize an error into JSON for JSON logging. */
+export function errorJson(error: unknown): Error | null {
+  if (error instanceof Error) {
+    return error;
+  } else {
+    return null;
+  }
+}
+
+function isNostrId(value: unknown): boolean {
+  return n.id().safeParse(value).success;
+}
+
+export { getLastRedeemedNutzap, getMintsToProofs, getWallet, organizeProofs, validateAndParseWallet };

packages/cashu/deno.json

@@ -0,0 +1,7 @@
+{
+  "name": "@ditto/cashu",
+  "version": "0.1.0",
+  "exports": {
+    ".": "./mod.ts"
+  }
+}

packages/cashu/mod.ts

@@ -0,0 +1,3 @@
+export { getLastRedeemedNutzap, getMintsToProofs, getWallet, organizeProofs, validateAndParseWallet } from './cashu.ts';
+export { proofSchema, tokenEventSchema, type Wallet, walletSchema } from './schemas.ts';
+export { renderTransaction, type Transaction } from './views.ts';

packages/cashu/schemas.test.ts

@@ -0,0 +1,39 @@
+import { NSchema as n } from '@nostrify/nostrify';
+import { assertEquals } from '@std/assert';
+
+import { proofSchema } from './schemas.ts';
+import { tokenEventSchema } from './schemas.ts';
+
+Deno.test('Parse proof', () => {
+  const proof =
+    '{"id":"004f7adf2a04356c","amount":1,"secret":"6780378b186cf7ada639ce4807803ad5e4a71217688430512f35074f9bca99c0","C":"03f0dd8df04427c8c53e4ae9ce8eb91c4880203d6236d1d745c788a5d7a47aaff3","dleq":{"e":"bd22fcdb7ede1edb52b9b8c6e1194939112928e7b4fc0176325e7671fb2bd351","s":"a9ad015571a0e538d62966a16d2facf806fb956c746a3dfa41fa689486431c67","r":"b283980e30bf5a31a45e5e296e93ae9f20bf3a140c884b3b4cd952dbecc521df"}}';
+
+  assertEquals(n.json().pipe(proofSchema).safeParse(proof).success, true);
+  assertEquals(n.json().pipe(proofSchema).safeParse(JSON.parse(proof)).success, false);
+  assertEquals(proofSchema.safeParse(JSON.parse(proof)).success, true);
+  assertEquals(proofSchema.safeParse(proof).success, false);
+});
+
+Deno.test('Parse token', () => {
+  const proof = {
+    'id': '004f7adf2a04356c',
+    'amount': 1,
+    'secret': '6780378b186cf7ada639ce4807803ad5e4a71217688430512f35074f9bca99c0',
+    'C': '03f0dd8df04427c8c53e4ae9ce8eb91c4880203d6236d1d745c788a5d7a47aaff3',
+    'dleq': {
+      'e': 'bd22fcdb7ede1edb52b9b8c6e1194939112928e7b4fc0176325e7671fb2bd351',
+      's': 'a9ad015571a0e538d62966a16d2facf806fb956c746a3dfa41fa689486431c67',
+      'r': 'b283980e30bf5a31a45e5e296e93ae9f20bf3a140c884b3b4cd952dbecc521df',
+    },
+  };
+  const token = JSON.stringify({
+    mint: 'https://mint-fashion.com',
+    proofs: [proof],
+    del: [],
+  });
+
+  assertEquals(n.json().pipe(tokenEventSchema).safeParse(token).success, true);
+  assertEquals(n.json().pipe(tokenEventSchema).safeParse(JSON.parse(token)).success, false);
+  assertEquals(tokenEventSchema.safeParse(JSON.parse(token)).success, true);
+  assertEquals(tokenEventSchema.safeParse(tokenEventSchema).success, false);
+});

packages/cashu/schemas.ts

@@ -0,0 +1,50 @@
+import { NSchema as n } from '@nostrify/nostrify';
+import { z } from 'zod';
+
+export const proofSchema: z.ZodType<{
+  id: string;
+  amount: number;
+  secret: string;
+  C: string;
+  dleq?: { s: string; e: string; r?: string };
+  dleqValid?: boolean;
+}> = z.object({
+  id: z.string(),
+  amount: z.number(),
+  secret: z.string(),
+  C: z.string(),
+  dleq: z.object({ s: z.string(), e: z.string(), r: z.string().optional() })
+    .optional(),
+  dleqValid: z.boolean().optional(),
+});
+
+/** Decrypted content of a kind 7375 */
+export const tokenEventSchema: z.ZodType<{
+  mint: string;
+  proofs: Array<z.infer<typeof proofSchema>>;
+  del?: string[];
+}> = z.object({
+  mint: z.string().url(),
+  proofs: proofSchema.array(),
+  del: z.string().array().optional(),
+});
+
+/** Ditto Cashu wallet */
+export const walletSchema: z.ZodType<{
+  pubkey_p2pk: string;
+  mints: string[];
+  relays: string[];
+  balance: number;
+}> = z.object({
+  pubkey_p2pk: n.id(),
+  mints: z.array(z.string().url()).nonempty().transform((val) => {
+    return [...new Set(val)];
+  }),
+  relays: z.array(z.string()).nonempty().transform((val) => {
+    return [...new Set(val)];
+  }),
+  /** Unit in sats */
+  balance: z.number(),
+});
+
+export type Wallet = z.infer<typeof walletSchema>;

packages/cashu/views.test.ts

@@ -0,0 +1,85 @@
+import { NSecSigner } from '@nostrify/nostrify';
+import { NPostgres } from '@nostrify/db';
+import { genEvent } from '@nostrify/nostrify/test';
+
+import { generateSecretKey } from 'nostr-tools';
+import { assertEquals } from '@std/assert';
+
+import { DittoPolyPg, TestDB } from '@ditto/db';
+import { DittoConf } from '@ditto/conf';
+import { renderTransaction } from './views.ts';
+
+Deno.test('renderTransaction function is working', async () => {
+  const conf = new DittoConf(Deno.env);
+  const orig = new DittoPolyPg(conf.databaseUrl);
+
+  await using db = new TestDB(orig);
+  await db.migrate();
+  await db.clear();
+
+  const sk = generateSecretKey();
+  const signer = new NSecSigner(sk);
+  const pubkey = await signer.getPublicKey();
+
+  const relay = new NPostgres(orig.kysely);
+
+  const history1 = genEvent({
+    kind: 7376,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      JSON.stringify([
+        ['direction', 'in'],
+        ['amount', '33'],
+      ]),
+    ),
+    created_at: Math.floor(Date.now() / 1000), // now
+  }, sk);
+  await relay.event(history1);
+
+  const history2 = genEvent({
+    kind: 7376,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      JSON.stringify([
+        ['direction', 'out'],
+        ['amount', '29'],
+      ]),
+    ),
+    created_at: Math.floor(Date.now() / 1000) - 1, // now - 1 second
+  }, sk);
+  await relay.event(history2);
+
+  const history3 = genEvent({
+    kind: 7376,
+    content: await signer.nip44.encrypt(
+      pubkey,
+      JSON.stringify([
+        ['direction', 'ouch'],
+        ['amount', 'yolo'],
+      ]),
+    ),
+    created_at: Math.floor(Date.now() / 1000) - 2, // now - 2 second
+  }, sk);
+  await relay.event(history3);
+
+  const events = await relay.query([{ kinds: [7376], authors: [pubkey], since: history2.created_at }]);
+
+  const transactions = await Promise.all(
+    events.map((event) => {
+      return renderTransaction(event, pubkey, signer);
+    }),
+  );
+
+  assertEquals(transactions, [
+    {
+      direction: 'in',
+      amount: 33,
+      created_at: history1.created_at,
+    },
+    {
+      direction: 'out',
+      amount: 29,
+      created_at: history2.created_at,
+    },
+  ]);
+});

packages/cashu/views.ts

@@ -0,0 +1,44 @@
+import { type NostrEvent, type NostrSigner, NSchema as n } from '@nostrify/nostrify';
+import type { SetRequired } from 'type-fest';
+import { z } from 'zod';
+
+type Transaction = {
+  amount: number;
+  created_at: number;
+  direction: 'in' | 'out';
+};
+
+/** Renders one history of transaction. */
+async function renderTransaction(
+  event: NostrEvent,
+  viewerPubkey: string,
+  signer: SetRequired<NostrSigner, 'nip44'>,
+): Promise<Transaction | undefined> {
+  if (event.kind !== 7376) return;
+
+  const { data: contentTags, success } = n.json().pipe(z.coerce.string().array().min(2).array()).safeParse(
+    await signer.nip44.decrypt(viewerPubkey, event.content),
+  );
+
+  if (!success) {
+    return;
+  }
+
+  const direction = contentTags.find(([name]) => name === 'direction')?.[1];
+  if (direction !== 'out' && direction !== 'in') {
+    return;
+  }
+
+  const amount = parseInt(contentTags.find(([name]) => name === 'amount')?.[1] ?? '', 10);
+  if (isNaN(amount)) {
+    return;
+  }
+
+  return {
+    created_at: event.created_at,
+    direction,
+    amount,
+  };
+}
+
+export { renderTransaction, type Transaction };

packages/conf/DittoConf.test.ts

@@ -0,0 +1,54 @@
+import { assertEquals, assertThrows } from '@std/assert';
+
+import { DittoConf } from './DittoConf.ts';
+
+Deno.test('DittoConfig', async (t) => {
+  const env = new Map<string, string>([
+    ['DITTO_NSEC', 'nsec19shyxpuzd0cq2p5078fwnws7tyykypud6z205fzhlmlrs2vpz6hs83zwkw'],
+  ]);
+
+  const config = new DittoConf(env);
+
+  await t.step('signer', async () => {
+    assertEquals(
+      await config.signer.getPublicKey(),
+      '1ba0c5ed1bbbf3b7eb0d7843ba16836a0201ea68a76bafcba507358c45911ff6',
+    );
+  });
+});
+
+Deno.test('DittoConfig defaults', async (t) => {
+  const env = new Map<string, string>();
+  const config = new DittoConf(env);
+
+  await t.step('signer throws', () => {
+    assertThrows(() => config.signer);
+  });
+
+  await t.step('port', () => {
+    assertEquals(config.port, 4036);
+  });
+});
+
+Deno.test('DittoConfig with insecure media host', () => {
+  const env = new Map<string, string>([
+    ['LOCAL_DOMAIN', 'https://ditto.test'],
+    ['MEDIA_DOMAIN', 'https://ditto.test'],
+  ]);
+
+  assertThrows(
+    () => new DittoConf(env),
+    Error,
+    'For security reasons, MEDIA_DOMAIN cannot be on the same host as LOCAL_DOMAIN',
+  );
+});
+
+Deno.test('DittoConfig with insecure media host and precheck disabled', () => {
+  const env = new Map<string, string>([
+    ['LOCAL_DOMAIN', 'https://ditto.test'],
+    ['MEDIA_DOMAIN', 'https://ditto.test'],
+    ['DITTO_PRECHECK', 'false'],
+  ]);
+
+  new DittoConf(env);
+});

packages/conf/DittoConf.ts

@@ -0,0 +1,516 @@
+import os from 'node:os';
+import path from 'node:path';
+
+import { NSecSigner } from '@nostrify/nostrify';
+import { decodeBase64 } from '@std/encoding/base64';
+import { encodeBase64Url } from '@std/encoding/base64url';
+import ISO6391, { type LanguageCode } from 'iso-639-1';
+import { nip19 } from 'nostr-tools';
+
+import { getEcdsaPublicKey } from './utils/crypto.ts';
+import { optionalBooleanSchema, optionalNumberSchema } from './utils/schema.ts';
+import { mergeURLPath } from './utils/url.ts';
+
+/** Ditto application-wide configuration. */
+export class DittoConf {
+  constructor(private env: { get(key: string): string | undefined }) {
+    if (this.precheck) {
+      const mediaUrl = new URL(this.mediaDomain);
+
+      if (this.url.host === mediaUrl.host) {
+        throw new Error(
+          'For security reasons, MEDIA_DOMAIN cannot be on the same host as LOCAL_DOMAIN.\n\nTo disable this check, set DITTO_PRECHECK="false"',
+        );
+      }
+    }
+  }
+
+  /** Cached parsed admin signer. */
+  private _signer: NSecSigner | undefined;
+
+  /** Cached parsed VAPID public key value. */
+  private _vapidPublicKey: Promise<string | undefined> | undefined;
+
+  /**
+   * Ditto admin secret key in hex format.
+   * @deprecated Use `signer` instead. TODO: handle auth tokens.
+   */
+  get seckey(): Uint8Array {
+    const nsec = this.env.get('DITTO_NSEC');
+
+    if (!nsec) {
+      throw new Error('Missing DITTO_NSEC');
+    }
+
+    if (!nsec.startsWith('nsec1')) {
+      throw new Error('Invalid DITTO_NSEC');
+    }
+
+    return nip19.decode(nsec as `nsec1${string}`).data;
+  }
+
+  /** Ditto admin signer. */
+  get signer(): NSecSigner {
+    if (!this._signer) {
+      this._signer = new NSecSigner(this.seckey);
+    }
+    return this._signer;
+  }
+
+  /** Port to use when serving the HTTP server. */
+  get port(): number {
+    return parseInt(this.env.get('PORT') || '4036');
+  }
+
+  /** IP addresses not affected by rate limiting. */
+  get ipWhitelist(): string[] {
+    return this.env.get('IP_WHITELIST')?.split(',') || [];
+  }
+
+  /** Relay URL to the Ditto server's relay. */
+  get relay(): `wss://${string}` | `ws://${string}` {
+    const { protocol, host } = this.url;
+    return `${protocol === 'https:' ? 'wss:' : 'ws:'}//${host}/relay`;
+  }
+
+  /** Relay to use for NIP-50 `search` queries. */
+  get searchRelay(): string | undefined {
+    return this.env.get('SEARCH_RELAY');
+  }
+
+  /** Origin of the Ditto server, including the protocol and port. */
+  get localDomain(): string {
+    return this.env.get('LOCAL_DOMAIN') || `http://localhost:${this.port}`;
+  }
+
+  /** Link to an external nostr viewer. */
+  get externalDomain(): string {
+    return this.env.get('NOSTR_EXTERNAL') || 'https://njump.me';
+  }
+
+  /** Get a link to a nip19-encoded entity in the configured external viewer. */
+  external(path: string): string {
+    return new URL(path, this.externalDomain).toString();
+  }
+
+  /**
+   * Heroku-style database URL. This is used in production to connect to the
+   * database.
+   *
+   * Follows the format:
+   *
+   * ```txt
+   * protocol://username:password@host:port/database_name
+   * ```
+   */
+  get databaseUrl(): string {
+    return this.env.get('DATABASE_URL') ?? 'file://data/pgdata';
+  }
+
+  /** PGlite debug level. 0 disables logging. */
+  get pgliteDebug(): 0 | 1 | 2 | 3 | 4 | 5 {
+    return Number(this.env.get('PGLITE_DEBUG') || 0) as 0 | 1 | 2 | 3 | 4 | 5;
+  }
+
+  get vapidPublicKey(): Promise<string | undefined> {
+    if (!this._vapidPublicKey) {
+      this._vapidPublicKey = (async () => {
+        const keys = await this.vapidKeys;
+        if (keys) {
+          const { publicKey } = keys;
+          const bytes = await crypto.subtle.exportKey('raw', publicKey);
+          return encodeBase64Url(bytes);
+        }
+      })();
+    }
+
+    return this._vapidPublicKey;
+  }
+
+  get vapidKeys(): Promise<CryptoKeyPair | undefined> {
+    return (async () => {
+      const encoded = this.env.get('VAPID_PRIVATE_KEY');
+
+      if (!encoded) {
+        return;
+      }
+
+      const keyData = decodeBase64(encoded);
+
+      const privateKey = await crypto.subtle.importKey(
+        'pkcs8',
+        keyData,
+        { name: 'ECDSA', namedCurve: 'P-256' },
+        true,
+        ['sign'],
+      );
+      const publicKey = await getEcdsaPublicKey(privateKey, true);
+
+      return { privateKey, publicKey };
+    })();
+  }
+
+  get db(): { timeouts: { default: number; relay: number; timelines: number } } {
+    const env = this.env;
+    return {
+      /** Database query timeout configurations. */
+      timeouts: {
+        /** Default query timeout when another setting isn't more specific. */
+        get default(): number {
+          return Number(env.get('DB_TIMEOUT_DEFAULT') || 5_000);
+        },
+        /** Timeout used for queries made through the Nostr relay. */
+        get relay(): number {
+          return Number(env.get('DB_TIMEOUT_RELAY') || 1_000);
+        },
+        /** Timeout used for timelines such as home, notifications, hashtag, etc. */
+        get timelines(): number {
+          return Number(env.get('DB_TIMEOUT_TIMELINES') || 15_000);
+        },
+      },
+    };
+  }
+
+  /** Time-to-live for captchas in milliseconds. */
+  get captchaTTL(): number {
+    return Number(this.env.get('CAPTCHA_TTL') || 5 * 60 * 1000);
+  }
+
+  /** Character limit to enforce for posts made through Mastodon API. */
+  get postCharLimit(): number {
+    return Number(this.env.get('POST_CHAR_LIMIT') || 5000);
+  }
+
+  /** S3 media storage configuration. */
+  get s3(): {
+    endPoint?: string;
+    region?: string;
+    accessKey?: string;
+    secretKey?: string;
+    bucket?: string;
+    pathStyle?: boolean;
+    port?: number;
+    sessionToken?: string;
+    useSSL?: boolean;
+  } {
+    const env = this.env;
+
+    return {
+      get endPoint(): string | undefined {
+        return env.get('S3_ENDPOINT');
+      },
+      get region(): string | undefined {
+        return env.get('S3_REGION');
+      },
+      get accessKey(): string | undefined {
+        return env.get('S3_ACCESS_KEY');
+      },
+      get secretKey(): string | undefined {
+        return env.get('S3_SECRET_KEY');
+      },
+      get bucket(): string | undefined {
+        return env.get('S3_BUCKET');
+      },
+      get pathStyle(): boolean | undefined {
+        return optionalBooleanSchema.parse(env.get('S3_PATH_STYLE'));
+      },
+      get port(): number | undefined {
+        return optionalNumberSchema.parse(env.get('S3_PORT'));
+      },
+      get sessionToken(): string | undefined {
+        return env.get('S3_SESSION_TOKEN');
+      },
+      get useSSL(): boolean | undefined {
+        return optionalBooleanSchema.parse(env.get('S3_USE_SSL'));
+      },
+    };
+  }
+
+  /** IPFS uploader configuration. */
+  get ipfs(): { apiUrl: string } {
+    const env = this.env;
+
+    return {
+      /** Base URL for private IPFS API calls. */
+      get apiUrl(): string {
+        return env.get('IPFS_API_URL') || 'http://localhost:5001';
+      },
+    };
+  }
+
+  /**
+   * The logging configuration for the Ditto server. The config is derived from
+   * the DEBUG environment variable and it is parsed as follows:
+   *
+   * `DEBUG='<jsonl|pretty>:<minimum log level to show>:comma-separated scopes to show'`.
+   * If the scopes are empty (e.g. in 'pretty:warn:', then all scopes are shown.)
+   */
+  get logConfig(): {
+    fmt: 'jsonl' | 'pretty';
+    level: string;
+    scopes: string[];
+  } {
+    let [fmt, level, scopes] = (this.env.get('LOG_CONFIG') || '').split(':');
+    fmt ||= 'jsonl';
+    level ||= 'debug';
+    scopes ||= '';
+
+    if (fmt !== 'jsonl' && fmt !== 'pretty') fmt = 'jsonl';
+
+    return {
+      fmt: fmt as 'jsonl' | 'pretty',
+      level,
+      scopes: scopes.split(',').filter(Boolean),
+    };
+  }
+
+  /** nostr.build API endpoint when the `nostrbuild` uploader is used. */
+  get nostrbuildEndpoint(): string {
+    return this.env.get('NOSTRBUILD_ENDPOINT') || 'https://nostr.build/api/v2/upload/files';
+  }
+
+  /** Default Blossom servers to use when the `blossom` uploader is set. */
+  get blossomServers(): string[] {
+    return this.env.get('BLOSSOM_SERVERS')?.split(',') || ['https://blossom.primal.net/'];
+  }
+
+  /** Module to upload files with. */
+  get uploader(): string | undefined {
+    return this.env.get('DITTO_UPLOADER');
+  }
+
+  /** Location to use for local uploads. */
+  get uploadsDir(): string {
+    return this.env.get('UPLOADS_DIR') || 'data/uploads';
+  }
+
+  /** Media base URL for uploads. */
+  get mediaDomain(): string {
+    const value = this.env.get('MEDIA_DOMAIN');
+
+    if (!value) {
+      const url = this.url;
+      url.host = `media.${url.host}`;
+      return url.toString();
+    }
+
+    return value;
+  }
+
+  /**
+   * Whether to analyze media metadata with [blurhash](https://www.npmjs.com/package/blurhash) and [sharp](https://www.npmjs.com/package/sharp).
+   * This is prone to security vulnerabilities, which is why it's not enabled by default.
+   */
+  get mediaAnalyze(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('MEDIA_ANALYZE')) ?? false;
+  }
+
+  /** Whether to transcode uploaded video files with ffmpeg. */
+  get mediaTranscode(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('MEDIA_TRANSCODE')) ?? false;
+  }
+
+  /** Max upload size for files in number of bytes. Default 100MiB. */
+  get maxUploadSize(): number {
+    return Number(this.env.get('MAX_UPLOAD_SIZE') || 100 * 1024 * 1024);
+  }
+
+  /** Usernames that regular users cannot sign up with. */
+  get forbiddenUsernames(): string[] {
+    return this.env.get('FORBIDDEN_USERNAMES')?.split(',') || [
+      '_',
+      'admin',
+      'administrator',
+      'root',
+      'sysadmin',
+      'system',
+    ];
+  }
+
+  /** Domain of the Ditto server as a `URL` object, for easily grabbing the `hostname`, etc. */
+  get url(): URL {
+    return new URL(this.localDomain);
+  }
+
+  /** Merges the path with the localDomain. */
+  local(path: string): string {
+    return mergeURLPath(this.localDomain, path);
+  }
+
+  /** URL to send Sentry errors to. */
+  get sentryDsn(): string | undefined {
+    return this.env.get('SENTRY_DSN');
+  }
+
+  /** Postgres settings. */
+  get pg(): { poolSize: number } {
+    const env = this.env;
+
+    return {
+      /** Number of connections to use in the pool. */
+      get poolSize(): number {
+        return Number(env.get('PG_POOL_SIZE') ?? 20);
+      },
+    };
+  }
+
+  /** Whether to enable requesting events from known relays. */
+  get firehoseEnabled(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('FIREHOSE_ENABLED')) ?? true;
+  }
+
+  /** Number of events the firehose is allowed to process at one time before they have to wait in a queue. */
+  get firehoseConcurrency(): number {
+    return Math.ceil(Number(this.env.get('FIREHOSE_CONCURRENCY') ?? 1));
+  }
+
+  /** Nostr event kinds of events to listen for on the firehose. */
+  get firehoseKinds(): number[] {
+    return (this.env.get('FIREHOSE_KINDS') ?? '0, 1, 3, 5, 6, 7, 20, 9735, 10002')
+      .split(/[, ]+/g)
+      .map(Number);
+  }
+
+  /**
+   * Whether Ditto should subscribe to Nostr events from the Postgres database itself.
+   * This would make Nostr events inserted directly into Postgres available to the streaming API and relay.
+   */
+  get notifyEnabled(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('NOTIFY_ENABLED')) ?? true;
+  }
+
+  /** Whether to enable Ditto cron jobs. */
+  get cronEnabled(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('CRON_ENABLED')) ?? true;
+  }
+
+  /** User-Agent to use when fetching link previews. Pretend to be Facebook by default. */
+  get fetchUserAgent(): string {
+    return this.env.get('DITTO_FETCH_USER_AGENT') ?? 'facebookexternalhit';
+  }
+
+  /** Path to the custom policy module. Must be an absolute path, https:, npm:, or jsr: URI. */
+  get policy(): string {
+    return this.env.get('DITTO_POLICY') || path.join(this.dataDir, 'policy.ts');
+  }
+
+  /** Absolute path to the data directory used by Ditto. */
+  get dataDir(): string {
+    return this.env.get('DITTO_DATA_DIR') || path.join(Deno.cwd(), 'data');
+  }
+
+  /** Absolute path of the Deno directory. */
+  get denoDir(): string {
+    return this.env.get('DENO_DIR') || `${os.userInfo().homedir}/.cache/deno`;
+  }
+
+  /** Whether zap splits should be enabled. */
+  get zapSplitsEnabled(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('ZAP_SPLITS_ENABLED')) ?? false;
+  }
+
+  /** Languages this server wishes to highlight. Used when querying trends.*/
+  get preferredLanguages(): LanguageCode[] | undefined {
+    return this.env.get('DITTO_LANGUAGES')?.split(',')?.filter(ISO6391.validate);
+  }
+
+  /** Mints to be displayed in the UI when the user decides to create a wallet.*/
+  get cashuMints(): string[] {
+    return this.env.get('CASHU_MINTS')?.split(',') ?? [];
+  }
+
+  /** Translation provider used to translate posts. */
+  get translationProvider(): string | undefined {
+    return this.env.get('TRANSLATION_PROVIDER');
+  }
+
+  /** DeepL URL endpoint. */
+  get deeplBaseUrl(): string | undefined {
+    return this.env.get('DEEPL_BASE_URL');
+  }
+
+  /** DeepL API KEY. */
+  get deeplApiKey(): string | undefined {
+    return this.env.get('DEEPL_API_KEY');
+  }
+
+  /** LibreTranslate URL endpoint. */
+  get libretranslateBaseUrl(): string | undefined {
+    return this.env.get('LIBRETRANSLATE_BASE_URL');
+  }
+
+  /** LibreTranslate API KEY. */
+  get libretranslateApiKey(): string | undefined {
+    return this.env.get('LIBRETRANSLATE_API_KEY');
+  }
+
+  /** Cache settings. */
+  get caches(): {
+    nip05: { max: number; ttl: number };
+    favicon: { max: number; ttl: number };
+    translation: { max: number; ttl: number };
+  } {
+    const env = this.env;
+
+    return {
+      /** NIP-05 cache settings. */
+      get nip05(): { max: number; ttl: number } {
+        return {
+          max: Number(env.get('DITTO_CACHE_NIP05_MAX') || 3000),
+          ttl: Number(env.get('DITTO_CACHE_NIP05_TTL') || 1 * 60 * 60 * 1000),
+        };
+      },
+      /** Favicon cache settings. */
+      get favicon(): { max: number; ttl: number } {
+        return {
+          max: Number(env.get('DITTO_CACHE_FAVICON_MAX') || 500),
+          ttl: Number(env.get('DITTO_CACHE_FAVICON_TTL') || 1 * 60 * 60 * 1000),
+        };
+      },
+      /** Translation cache settings. */
+      get translation(): { max: number; ttl: number } {
+        return {
+          max: Number(env.get('DITTO_CACHE_TRANSLATION_MAX') || 1000),
+          ttl: Number(env.get('DITTO_CACHE_TRANSLATION_TTL') || 6 * 60 * 60 * 1000),
+        };
+      },
+    };
+  }
+
+  /** Custom profile fields configuration. */
+  get profileFields(): { maxFields: number; nameLength: number; valueLength: number } {
+    const env = this.env;
+
+    return {
+      get maxFields(): number {
+        return Number(env.get('PROFILE_FIELDS_MAX_FIELDS') || 10);
+      },
+      get nameLength(): number {
+        return Number(env.get('PROFILE_FIELDS_NAME_LENGTH') || 255);
+      },
+      get valueLength(): number {
+        return Number(env.get('PROFILE_FIELDS_VALUE_LENGTH') || 2047);
+      },
+    };
+  }
+
+  /** Maximum time between events before a streak is broken, *in seconds*. */
+  get streakWindow(): number {
+    return Number(this.env.get('STREAK_WINDOW') || 129600);
+  }
+
+  /** Whether to perform security/configuration checks on startup. */
+  get precheck(): boolean {
+    return optionalBooleanSchema.parse(this.env.get('DITTO_PRECHECK')) ?? true;
+  }
+
+  /** Path to `ffmpeg` executable. */
+  get ffmpegPath(): string {
+    return this.env.get('FFMPEG_PATH') || 'ffmpeg';
+  }
+
+  /** Path to `ffprobe` executable. */
+  get ffprobePath(): string {
+    return this.env.get('FFPROBE_PATH') || 'ffprobe';
+  }
+}

packages/conf/deno.json

@@ -0,0 +1,7 @@
+{
+  "name": "@ditto/conf",
+  "version": "0.1.0",
+  "exports": {
+    ".": "./mod.ts"
+  }
+}

packages/conf/mod.ts

@@ -0,0 +1 @@
+export { DittoConf } from './DittoConf.ts';

packages/conf/utils/crypto.test.ts

@@ -1,6 +1,6 @@
 import { assertEquals } from '@std/assert';
 
-import { getEcdsaPublicKey } from '@/utils/crypto.ts';
+import { getEcdsaPublicKey } from './crypto.ts';
 
 Deno.test('getEcdsaPublicKey', async () => {
   const { publicKey, privateKey } = await crypto.subtle.generateKey(

packages/conf/utils/schema.test.ts

@@ -0,0 +1,17 @@
+import { assertEquals, assertThrows } from '@std/assert';
+
+import { optionalBooleanSchema, optionalNumberSchema } from './schema.ts';
+
+Deno.test('optionalBooleanSchema', () => {
+  assertEquals(optionalBooleanSchema.parse('true'), true);
+  assertEquals(optionalBooleanSchema.parse('false'), false);
+  assertEquals(optionalBooleanSchema.parse(undefined), undefined);
+
+  assertThrows(() => optionalBooleanSchema.parse('invalid'));
+});
+
+Deno.test('optionalNumberSchema', () => {
+  assertEquals(optionalNumberSchema.parse('123'), 123);
+  assertEquals(optionalNumberSchema.parse('invalid'), NaN); // maybe this should throw?
+  assertEquals(optionalNumberSchema.parse(undefined), undefined);
+});

packages/conf/utils/schema.ts

@@ -0,0 +1,11 @@
+import { z } from 'zod';
+
+export const optionalBooleanSchema = z
+  .enum(['true', 'false'])
+  .optional()
+  .transform((value) => value !== undefined ? value === 'true' : undefined);
+
+export const optionalNumberSchema = z
+  .string()
+  .optional()
+  .transform((value) => value !== undefined ? Number(value) : undefined);

packages/conf/utils/url.test.ts

@@ -0,0 +1,9 @@
+import { assertEquals } from '@std/assert';
+
+import { mergeURLPath } from './url.ts';
+
+Deno.test('mergeURLPath', () => {
+  assertEquals(mergeURLPath('https://mario.com', '/path'), 'https://mario.com/path');
+  assertEquals(mergeURLPath('https://mario.com', 'https://luigi.com/path'), 'https://mario.com/path');
+  assertEquals(mergeURLPath('https://mario.com', 'https://luigi.com/path?q=1'), 'https://mario.com/path?q=1');
+});

packages/conf/utils/url.ts

@@ -0,0 +1,23 @@
+/**
+ * Produce a URL whose origin is guaranteed to be the same as the base URL.
+ * The path is either an absolute path (starting with `/`), or a full URL. In either case, only its path is used.
+ */
+export function mergeURLPath(
+  /** Base URL. Result is guaranteed to use this URL's origin. */
+  base: string,
+  /** Either an absolute path (starting with `/`), or a full URL. If a full URL, its path */
+  path: string,
+): string {
+  const url = new URL(
+    path.startsWith('/') ? path : new URL(path).pathname,
+    base,
+  );
+
+  if (!path.startsWith('/')) {
+    // Copy query parameters from the original URL to the new URL
+    const originalUrl = new URL(path);
+    url.search = originalUrl.search;
+  }
+
+  return url.toString();
+}

packages/db/DittoDB.ts

@@ -1,15 +1,16 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-import { DittoTables } from '@/db/DittoTables.ts';
+import type { DittoTables } from './DittoTables.ts';
 
-export interface DittoDatabase {
+export interface DittoDB extends AsyncDisposable {
   readonly kysely: Kysely<DittoTables>;
   readonly poolSize: number;
   readonly availableConnections: number;
+  migrate(): Promise<void>;
   listen(channel: string, callback: (payload: string) => void): void;
 }
 
-export interface DittoDatabaseOpts {
+export interface DittoDBOpts {
   poolSize?: number;
   debug?: 0 | 1 | 2 | 3 | 4 | 5;
 }

packages/db/DittoPgMigrator.ts

@@ -0,0 +1,52 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+
+import { logi } from '@soapbox/logi';
+import { FileMigrationProvider, type Kysely, Migrator } from 'kysely';
+
+import type { JsonValue } from '@std/json';
+
+export class DittoPgMigrator {
+  private migrator: Migrator;
+
+  // deno-lint-ignore no-explicit-any
+  constructor(private kysely: Kysely<any>) {
+    this.migrator = new Migrator({
+      db: this.kysely,
+      provider: new FileMigrationProvider({
+        fs,
+        path,
+        migrationFolder: new URL(import.meta.resolve('./migrations')).pathname,
+      }),
+    });
+  }
+
+  async migrate(): Promise<void> {
+    logi({ level: 'info', ns: 'ditto.db.migration', msg: 'Running migrations...', state: 'started' });
+    const { results, error } = await this.migrator.migrateToLatest();
+
+    if (error) {
+      logi({
+        level: 'fatal',
+        ns: 'ditto.db.migration',
+        msg: 'Migration failed.',
+        state: 'failed',
+        results: results as unknown as JsonValue,
+        error: error instanceof Error ? error : null,
+      });
+      throw new Error('Migration failed.');
+    } else {
+      if (!results?.length) {
+        logi({ level: 'info', ns: 'ditto.db.migration', msg: 'Everything up-to-date.', state: 'skipped' });
+      } else {
+        logi({
+          level: 'info',
+          ns: 'ditto.db.migration',
+          msg: 'Migrations finished!',
+          state: 'migrated',
+          results: results as unknown as JsonValue,
+        });
+      }
+    }
+  }
+}

packages/db/DittoTables.ts

@@ -1,14 +1,17 @@
-import { Generated } from 'kysely';
+import type { NPostgresSchema } from '@nostrify/db';
+import type { Generated } from 'kysely';
 
-import { NPostgresSchema } from '@nostrify/db';
+import type { MastodonPreviewCard } from '@ditto/mastoapi/types';
 
 export interface DittoTables extends NPostgresSchema {
   auth_tokens: AuthTokenRow;
   author_stats: AuthorStatsRow;
+  domain_favicons: DomainFaviconRow;
   event_stats: EventStatsRow;
-  pubkey_domains: PubkeyDomainRow;
   event_zaps: EventZapRow;
   push_subscriptions: PushSubscriptionRow;
+  /** This is a materialized view of `author_stats` pre-sorted by followers_count. */
+  top_authors: Pick<AuthorStatsRow, 'pubkey' | 'followers_count' | 'search'>;
 }
 
 interface AuthorStatsRow {
@@ -17,6 +20,12 @@ interface AuthorStatsRow {
   following_count: number;
   notes_count: number;
   search: string;
+  streak_start: number | null;
+  streak_end: number | null;
+  nip05: string | null;
+  nip05_domain: string | null;
+  nip05_hostname: string | null;
+  nip05_last_verified_at: number | null;
 }
 
 interface EventStatsRow {
@@ -27,6 +36,8 @@ interface EventStatsRow {
   quotes_count: number;
   reactions: string;
   zaps_amount: number;
+  zaps_amount_cashu: number;
+  link_preview?: MastodonPreviewCard;
 }
 
 interface AuthTokenRow {
@@ -38,9 +49,9 @@ interface AuthTokenRow {
   created_at: Date;
 }
 
-interface PubkeyDomainRow {
-  pubkey: string;
+interface DomainFaviconRow {
   domain: string;
+  favicon: string;
   last_updated_at: number;
 }
 

packages/db/KyselyLogger.ts

@@ -0,0 +1,41 @@
+import { dbQueriesCounter, dbQueryDurationHistogram } from '@ditto/metrics';
+import { logi, type LogiValue } from '@soapbox/logi';
+
+import type { Logger } from 'kysely';
+
+/** Log the SQL for queries. */
+export const KyselyLogger: Logger = (event) => {
+  const { query, queryDurationMillis } = event;
+  const { parameters, sql } = query;
+
+  const duration = queryDurationMillis / 1000;
+
+  dbQueriesCounter.inc();
+  dbQueryDurationHistogram.observe(duration);
+
+  if (event.level === 'query') {
+    logi({ level: 'trace', ns: 'ditto.sql', sql, parameters: parameters as LogiValue, duration });
+  }
+
+  if (event.level === 'error') {
+    if (event.error instanceof Error) {
+      switch (event.error.message) {
+        case 'duplicate key value violates unique constraint "nostr_events_pkey"':
+        case 'duplicate key value violates unique constraint "author_stats_pkey"':
+        case 'duplicate key value violates unique constraint "event_stats_pkey"':
+        case 'duplicate key value violates unique constraint "event_zaps_pkey"':
+        case 'insert or update on table "event_stats" violates foreign key constraint "event_stats_event_id_fkey"':
+          return; // Don't log expected errors
+      }
+    }
+
+    logi({
+      level: 'error',
+      ns: 'ditto.sql',
+      sql,
+      parameters: parameters as LogiValue,
+      error: event.error instanceof Error ? event.error : null,
+      duration,
+    });
+  }
+};

packages/db/adapters/DittoPglite.test.ts

@@ -0,0 +1,22 @@
+import { assertEquals, assertRejects } from '@std/assert';
+
+import { DittoPglite } from './DittoPglite.ts';
+
+Deno.test('DittoPglite', async () => {
+  await using db = new DittoPglite('memory://');
+  await db.migrate();
+
+  assertEquals(db.poolSize, 1);
+  assertEquals(db.availableConnections, 1);
+});
+
+Deno.test('DittoPglite query after closing', async () => {
+  const db = new DittoPglite('memory://');
+  await db[Symbol.asyncDispose]();
+
+  await assertRejects(
+    () => db.kysely.selectFrom('nostr_events').selectAll().execute(),
+    Error,
+    'PGlite is closed',
+  );
+});

packages/db/adapters/DittoPglite.ts

@@ -0,0 +1,62 @@
+import { PGlite } from '@electric-sql/pglite';
+import { pg_trgm } from '@electric-sql/pglite/contrib/pg_trgm';
+import { PgliteDialect } from '@soapbox/kysely-pglite';
+import { Kysely } from 'kysely';
+
+import { KyselyLogger } from '../KyselyLogger.ts';
+import { DittoPgMigrator } from '../DittoPgMigrator.ts';
+import { isWorker } from '../utils/worker.ts';
+
+import type { DittoDB, DittoDBOpts } from '../DittoDB.ts';
+import type { DittoTables } from '../DittoTables.ts';
+
+export class DittoPglite implements DittoDB {
+  readonly poolSize = 1;
+  readonly availableConnections = 1;
+  readonly kysely: Kysely<DittoTables>;
+
+  private pglite: PGlite;
+  private migrator: DittoPgMigrator;
+
+  constructor(databaseUrl: string, opts?: DittoDBOpts) {
+    const url = new URL(databaseUrl);
+
+    if (url.protocol === 'file:' && isWorker()) {
+      throw new Error('PGlite is not supported in worker threads.');
+    }
+
+    this.pglite = new PGlite(databaseUrl, {
+      extensions: { pg_trgm },
+      debug: opts?.debug,
+    });
+
+    this.kysely = new Kysely<DittoTables>({
+      dialect: new PgliteDialect({ database: this.pglite }),
+      log: KyselyLogger,
+    });
+
+    this.migrator = new DittoPgMigrator(this.kysely);
+  }
+
+  listen(channel: string, callback: (payload: string) => void): void {
+    this.pglite.listen(channel, callback);
+  }
+
+  async migrate(): Promise<void> {
+    await this.migrator.migrate();
+  }
+
+  async [Symbol.asyncDispose](): Promise<void> {
+    try {
+      // FIXME: `kysely.destroy()` calls `pglite.close()` internally, but it doesn't work.
+      await this.pglite.close();
+      await this.kysely.destroy();
+    } catch (e) {
+      if (e instanceof Error && e.message === 'PGlite is closed') {
+        // Make dispose idempotent.
+      } else {
+        throw e;
+      }
+    }
+  }
+}

packages/db/adapters/DittoPolyPg.test.ts

@@ -0,0 +1,6 @@
+import { DittoPolyPg } from './DittoPolyPg.ts';
+
+Deno.test('DittoPolyPg', async () => {
+  const db = new DittoPolyPg('memory://');
+  await db.migrate();
+});

packages/db/adapters/DittoPolyPg.ts

@@ -0,0 +1,53 @@
+import { DittoPglite } from './DittoPglite.ts';
+import { DittoPostgres } from './DittoPostgres.ts';
+
+import type { Kysely } from 'kysely';
+import type { DittoDB, DittoDBOpts } from '../DittoDB.ts';
+import type { DittoTables } from '../DittoTables.ts';
+
+/** Creates either a PGlite or Postgres connection depending on the databaseUrl. */
+export class DittoPolyPg implements DittoDB {
+  private adapter: DittoDB;
+
+  /** Open a new database connection. */
+  constructor(databaseUrl: string, opts?: DittoDBOpts) {
+    const { protocol } = new URL(databaseUrl);
+
+    switch (protocol) {
+      case 'file:':
+      case 'memory:':
+        this.adapter = new DittoPglite(databaseUrl, opts);
+        break;
+      case 'postgres:':
+      case 'postgresql:':
+        this.adapter = new DittoPostgres(databaseUrl, opts);
+        break;
+      default:
+        throw new Error('Unsupported database URL.');
+    }
+  }
+
+  get kysely(): Kysely<DittoTables> {
+    return this.adapter.kysely;
+  }
+
+  async migrate(): Promise<void> {
+    await this.adapter.migrate();
+  }
+
+  listen(channel: string, callback: (payload: string) => void): void {
+    this.adapter.listen(channel, callback);
+  }
+
+  get poolSize(): number {
+    return this.adapter.poolSize;
+  }
+
+  get availableConnections(): number {
+    return this.adapter.availableConnections;
+  }
+
+  async [Symbol.asyncDispose](): Promise<void> {
+    await this.adapter[Symbol.asyncDispose]();
+  }
+}

packages/db/adapters/DittoPostgres.test.ts

@@ -0,0 +1,22 @@
+import { DittoConf } from '@ditto/conf';
+
+import { DittoPostgres } from './DittoPostgres.ts';
+
+const conf = new DittoConf(Deno.env);
+const isPostgres = /^postgres(?:ql)?:/.test(conf.databaseUrl);
+
+Deno.test('DittoPostgres', { ignore: !isPostgres }, async () => {
+  await using db = new DittoPostgres(conf.databaseUrl);
+  await db.migrate();
+});
+
+// FIXME: There is a problem with postgres-js where queries just hang after the database is closed.
+
+// Deno.test('DittoPostgres query after closing', { ignore: !isPostgres }, async () => {
+//   const db = new DittoPostgres(conf.databaseUrl);
+//   await db[Symbol.asyncDispose]();
+//
+//   await assertRejects(
+//     () => db.kysely.selectFrom('nostr_events').selectAll().execute(),
+//   );
+// });

packages/db/adapters/DittoPostgres.ts

@@ -0,0 +1,79 @@
+import {
+  type BinaryOperationNode,
+  FunctionNode,
+  Kysely,
+  OperatorNode,
+  PostgresAdapter,
+  PostgresIntrospector,
+  PostgresQueryCompiler,
+  PrimitiveValueListNode,
+  ValueNode,
+} from 'kysely';
+import { type PostgresJSDialectConfig, PostgresJSDriver } from 'kysely-postgres-js';
+import postgres from 'postgres';
+
+import { DittoPgMigrator } from '../DittoPgMigrator.ts';
+import { KyselyLogger } from '../KyselyLogger.ts';
+
+import type { DittoDB, DittoDBOpts } from '../DittoDB.ts';
+import type { DittoTables } from '../DittoTables.ts';
+
+export class DittoPostgres implements DittoDB {
+  private pg: ReturnType<typeof postgres>;
+  private migrator: DittoPgMigrator;
+
+  readonly kysely: Kysely<DittoTables>;
+
+  constructor(databaseUrl: string, opts?: DittoDBOpts) {
+    this.pg = postgres(databaseUrl, { max: opts?.poolSize });
+
+    this.kysely = new Kysely<DittoTables>({
+      dialect: {
+        createAdapter: () => new PostgresAdapter(),
+        createDriver: () =>
+          new PostgresJSDriver({ postgres: this.pg as unknown as PostgresJSDialectConfig['postgres'] }),
+        createIntrospector: (db) => new PostgresIntrospector(db),
+        createQueryCompiler: () => new DittoPostgresQueryCompiler(),
+      },
+      log: KyselyLogger,
+    });
+
+    this.migrator = new DittoPgMigrator(this.kysely);
+  }
+
+  listen(channel: string, callback: (payload: string) => void): void {
+    this.pg.listen(channel, callback);
+  }
+
+  async migrate(): Promise<void> {
+    await this.migrator.migrate();
+  }
+
+  get poolSize(): number {
+    return this.pg.connections.open;
+  }
+
+  get availableConnections(): number {
+    return this.pg.connections.idle;
+  }
+
+  async [Symbol.asyncDispose](): Promise<void> {
+    await this.pg.end({ timeout: 0 }); // force-close the connections
+    await this.kysely.destroy();
+  }
+}
+
+/** Converts `in` queries to `any` to improve prepared statements on Postgres. */
+class DittoPostgresQueryCompiler extends PostgresQueryCompiler {
+  protected override visitBinaryOperation(node: BinaryOperationNode): void {
+    if (
+      OperatorNode.is(node.operator) && node.operator.operator === 'in' && PrimitiveValueListNode.is(node.rightOperand)
+    ) {
+      this.visitNode(node.leftOperand);
+      this.append(' = ');
+      this.visitNode(FunctionNode.create('any', [ValueNode.create(node.rightOperand.values)]));
+    } else {
+      super.visitBinaryOperation(node);
+    }
+  }
+}

packages/db/adapters/DummyDB.test.ts

@@ -0,0 +1,11 @@
+import { assertEquals } from '@std/assert';
+import { DummyDB } from './DummyDB.ts';
+
+Deno.test('DummyDB', async () => {
+  const db = new DummyDB();
+  await db.migrate();
+
+  const rows = await db.kysely.selectFrom('nostr_events').selectAll().execute();
+
+  assertEquals(rows, []);
+});

packages/db/adapters/DummyDB.ts

@@ -0,0 +1,33 @@
+import { DummyDriver, Kysely, PostgresAdapter, PostgresIntrospector, PostgresQueryCompiler } from 'kysely';
+
+import type { DittoDB } from '../DittoDB.ts';
+import type { DittoTables } from '../DittoTables.ts';
+
+export class DummyDB implements DittoDB {
+  readonly kysely: Kysely<DittoTables>;
+  readonly poolSize = 0;
+  readonly availableConnections = 0;
+
+  constructor() {
+    this.kysely = new Kysely<DittoTables>({
+      dialect: {
+        createAdapter: () => new PostgresAdapter(),
+        createDriver: () => new DummyDriver(),
+        createIntrospector: (db) => new PostgresIntrospector(db),
+        createQueryCompiler: () => new PostgresQueryCompiler(),
+      },
+    });
+  }
+
+  listen(): void {
+    // noop
+  }
+
+  migrate(): Promise<void> {
+    return Promise.resolve();
+  }
+
+  [Symbol.asyncDispose](): Promise<void> {
+    return Promise.resolve();
+  }
+}

packages/db/adapters/TestDB.test.ts

@@ -0,0 +1,25 @@
+import { DittoConf } from '@ditto/conf';
+import { NPostgres } from '@nostrify/db';
+import { genEvent } from '@nostrify/nostrify/test';
+import { assertEquals } from '@std/assert';
+
+import { DittoPolyPg } from './DittoPolyPg.ts';
+import { TestDB } from './TestDB.ts';
+
+Deno.test('TestDB', async () => {
+  const conf = new DittoConf(Deno.env);
+  const orig = new DittoPolyPg(conf.databaseUrl);
+
+  await using db = new TestDB(orig);
+  await db.migrate();
+  await db.clear();
+
+  const store = new NPostgres(orig.kysely);
+  await store.event(genEvent());
+
+  assertEquals((await store.count([{}])).count, 1);
+
+  await db.clear();
+
+  assertEquals((await store.count([{}])).count, 0);
+});

packages/db/adapters/TestDB.ts

@@ -0,0 +1,49 @@
+import { type Kysely, sql } from 'kysely';
+
+import type { DittoDB } from '../DittoDB.ts';
+import type { DittoTables } from '../DittoTables.ts';
+
+/** Wraps another DittoDB implementation to clear all data when disposed. */
+export class TestDB implements DittoDB {
+  constructor(private db: DittoDB) {}
+
+  get kysely(): Kysely<DittoTables> {
+    return this.db.kysely;
+  }
+
+  get poolSize(): number {
+    return this.db.poolSize;
+  }
+
+  get availableConnections(): number {
+    return this.db.availableConnections;
+  }
+
+  migrate(): Promise<void> {
+    return this.db.migrate();
+  }
+
+  listen(channel: string, callback: (payload: string) => void): void {
+    return this.db.listen(channel, callback);
+  }
+
+  /** Truncate all tables. */
+  async clear(): Promise<void> {
+    const query = sql<{ tablename: string }>`select tablename from pg_tables where schemaname = current_schema()`;
+
+    const { rows } = await query.execute(this.db.kysely);
+
+    for (const { tablename } of rows) {
+      if (tablename.startsWith('kysely_')) {
+        continue; // Skip Kysely's internal tables
+      } else {
+        await sql`truncate table ${sql.ref(tablename)} cascade`.execute(this.db.kysely);
+      }
+    }
+  }
+
+  async [Symbol.asyncDispose](): Promise<void> {
+    await this.clear();
+    await this.db[Symbol.asyncDispose]();
+  }
+}

packages/db/deno.json

@@ -0,0 +1,7 @@
+{
+  "name": "@ditto/db",
+  "version": "0.1.0",
+  "exports": {
+    ".": "./mod.ts"
+  }
+}

packages/db/migrations/000_create_events.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createTable('events')
     .addColumn('id', 'text', (col) => col.primaryKey())
@@ -52,7 +52,7 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropTable('events').execute();
   await db.schema.dropTable('tags').execute();
   await db.schema.dropTable('users').execute();

packages/db/migrations/001_add_relays.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createTable('relays')
     .addColumn('url', 'text', (col) => col.primaryKey())
@@ -9,6 +9,6 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropTable('relays').execute();
 }

packages/db/migrations/002_events_fts.ts

@@ -0,0 +1,8 @@
+import type { Kysely } from 'kysely';
+
+export async function up(_db: Kysely<unknown>): Promise<void> {
+  // This migration used to create an FTS table for SQLite, but SQLite support was removed.
+}
+
+export async function down(_db: Kysely<unknown>): Promise<void> {
+}

packages/db/migrations/003_events_admin.ts

@@ -0,0 +1,8 @@
+import type { Kysely } from 'kysely';
+
+export async function up(_db: Kysely<unknown>): Promise<void> {
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema.alterTable('users').dropColumn('admin').execute();
+}

packages/db/migrations/004_add_user_indexes.ts

@@ -0,0 +1,9 @@
+import type { Kysely } from 'kysely';
+
+export async function up(_db: Kysely<unknown>): Promise<void> {
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema.dropIndex('idx_users_pubkey').execute();
+  await db.schema.dropIndex('idx_users_username').execute();
+}

packages/db/migrations/005_rework_tags.ts

@@ -1,6 +1,6 @@
-import { Kysely, sql } from 'kysely';
+import { type Kysely, sql } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createTable('tags_new')
     .addColumn('tag', 'text', (col) => col.notNull())
@@ -42,7 +42,7 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropTable('tags').execute();
 
   await db.schema

packages/db/migrations/006_pragma.ts

@@ -0,0 +1,7 @@
+import type { Kysely } from 'kysely';
+
+export async function up(_db: Kysely<unknown>): Promise<void> {
+}
+
+export async function down(_db: Kysely<unknown>): Promise<void> {
+}

packages/db/migrations/007_unattached_media.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createTable('unattached_media')
     .addColumn('id', 'text', (c) => c.primaryKey())
@@ -29,6 +29,6 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropTable('unattached_media').execute();
 }

packages/db/migrations/008_wal.ts

@@ -0,0 +1,7 @@
+import type { Kysely } from 'kysely';
+
+export async function up(_db: Kysely<unknown>): Promise<void> {
+}
+
+export async function down(_db: Kysely<unknown>): Promise<void> {
+}

packages/db/migrations/009_add_stats.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createTable('author_stats')
     .addColumn('pubkey', 'text', (col) => col.primaryKey())
@@ -18,7 +18,7 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropTable('author_stats').execute();
   await db.schema.dropTable('event_stats').execute();
 }

packages/db/migrations/010_drop_users.ts

@@ -0,0 +1,8 @@
+import type { Kysely } from 'kysely';
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema.dropTable('users').ifExists().execute();
+}
+
+export async function down(_db: Kysely<unknown>): Promise<void> {
+}

packages/db/migrations/011_kind_author_index.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createIndex('idx_events_kind_pubkey_created_at')
     .on('events')
@@ -8,6 +8,6 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropIndex('idx_events_kind_pubkey_created_at').execute();
 }

packages/db/migrations/012_tags_composite_index.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropIndex('idx_tags_tag').execute();
   await db.schema.dropIndex('idx_tags_value').execute();
 
@@ -11,7 +11,7 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropIndex('idx_tags_tag_value').execute();
 
   await db.schema

packages/db/migrations/013_soft_deletion.ts

@@ -1,9 +1,9 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema.alterTable('events').addColumn('deleted_at', 'integer').execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.alterTable('events').dropColumn('deleted_at').execute();
 }

packages/db/migrations/014_stats_indexes.ts.ts

@@ -1,11 +1,11 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema.createIndex('idx_author_stats_pubkey').on('author_stats').column('pubkey').execute();
   await db.schema.createIndex('idx_event_stats_event_id').on('event_stats').column('event_id').execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropIndex('idx_author_stats_pubkey').on('author_stats').execute();
   await db.schema.dropIndex('idx_event_stats_event_id').on('event_stats').execute();
 }

packages/db/migrations/015_add_pubkey_domains.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createTable('pubkey_domains')
     .ifNotExists()
@@ -16,6 +16,6 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropTable('pubkey_domains').execute();
 }

packages/db/migrations/016_pubkey_domains_updated_at.ts

@@ -1,12 +1,12 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .alterTable('pubkey_domains')
     .addColumn('last_updated_at', 'integer', (col) => col.notNull().defaultTo(0))
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.alterTable('pubkey_domains').dropColumn('last_updated_at').execute();
 }

packages/db/migrations/017_rm_relays.ts

@@ -1,10 +1,10 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropTable('relays').execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createTable('relays')
     .addColumn('url', 'text', (col) => col.primaryKey())

packages/db/migrations/018_events_created_at_kind_index.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createIndex('idx_events_created_at_kind')
     .on('events')
@@ -9,6 +9,6 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropIndex('idx_events_created_at_kind').ifExists().execute();
 }

packages/db/migrations/019_ndatabase_schema.ts

@@ -1,12 +1,12 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema.alterTable('events').renameTo('nostr_events').execute();
   await db.schema.alterTable('tags').renameTo('nostr_tags').execute();
   await db.schema.alterTable('nostr_tags').renameColumn('tag', 'name').execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.alterTable('nostr_events').renameTo('events').execute();
   await db.schema.alterTable('nostr_tags').renameTo('tags').execute();
   await db.schema.alterTable('tags').renameColumn('name', 'tag').execute();

packages/db/migrations/020_drop_deleted_at.ts

@@ -1,10 +1,11 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
+// deno-lint-ignore no-explicit-any
 export async function up(db: Kysely<any>): Promise<void> {
   await db.deleteFrom('nostr_events').where('deleted_at', 'is not', null).execute();
   await db.schema.alterTable('nostr_events').dropColumn('deleted_at').execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.alterTable('nostr_events').addColumn('deleted_at', 'integer').execute();
 }

packages/db/migrations/020_pgfts.ts

@@ -1,6 +1,6 @@
-import { Kysely, sql } from 'kysely';
+import { type Kysely, sql } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema.createTable('nostr_pgfts')
     .ifNotExists()
     .addColumn('event_id', 'text', (c) => c.primaryKey().references('nostr_events.id').onDelete('cascade'))
@@ -8,6 +8,6 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropTable('nostr_pgfts').ifExists().execute();
 }

packages/db/migrations/021_pgfts_index.ts

@@ -1,6 +1,6 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .createIndex('nostr_pgfts_gin_search_vec')
     .ifNotExists()
@@ -10,6 +10,6 @@ export async function up(db: Kysely<any>): Promise<void> {
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.dropIndex('nostr_pgfts_gin_search_vec').ifExists().execute();
 }

packages/db/migrations/022_event_stats_reactions.ts

@@ -1,12 +1,12 @@
-import { Kysely } from 'kysely';
+import type { Kysely } from 'kysely';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: Kysely<unknown>): Promise<void> {
   await db.schema
     .alterTable('event_stats')
     .addColumn('reactions', 'text', (col) => col.defaultTo('{}'))
     .execute();
 }
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: Kysely<unknown>): Promise<void> {
   await db.schema.alterTable('event_stats').dropColumn('reactions').execute();
 }