add nak git demo to README.

add example of compilation with -tags debug to README.
req: fix infinite loop when events channel is exhausted.
2025-12-08 16:48:51 +00:00 · 2025-12-05 22:15:08 -03:00 · 2025-12-05 22:09:22 -03:00 · 2025-12-04 13:21:43 -03:00 · 2025-12-04 09:24:36 -03:00 · 2025-12-04 08:46:20 -03:00
7 changed files with 416 additions and 12 deletions
--- a/README.md
+++ b/README.md
--- a/dekey.go
+++ b/dekey.go
@@ -0,0 +1,282 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"slices"
+
+	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/nip44"
+	"github.com/urfave/cli/v3"
+)
+
+var dekey = &cli.Command{
+	Name:                      "dekey",
+	Usage:                     "handles NIP-4E decoupled encryption keys",
+	Description:               "maybe this picture will explain better than I can do here for now: https://cdn.azzamo.net/89c543d261ad0d665c1dea78f91e527c2e39e7fe503b440265a3c47e63c9139f.png",
+	DisableSliceFlagSeparator: true,
+	Flags: append(defaultKeyFlags,
+		&cli.StringFlag{
+			Name:  "device-name",
+			Usage: "name of this device that will be published and displayed on other clients",
+			Value: func() string {
+				if hostname, err := os.Hostname(); err == nil {
+					return "nak@" + hostname
+				}
+				return "nak@unknown"
+			}(),
+		},
+	),
+	Action: func(ctx context.Context, c *cli.Command) error {
+		kr, _, err := gatherKeyerFromArguments(ctx, c)
+		if err != nil {
+			return err
+		}
+
+		userPub, err := kr.GetPublicKey(ctx)
+		if err != nil {
+			return fmt.Errorf("failed to get user public key: %w", err)
+		}
+
+		configPath := c.String("config-path")
+		deviceName := c.String("device-name")
+
+		// check if we already have a local-device secret key
+		deviceKeyPath := filepath.Join(configPath, "dekey", "device-key")
+		var deviceSec nostr.SecretKey
+		if data, err := os.ReadFile(deviceKeyPath); err == nil {
+			deviceSec, err = nostr.SecretKeyFromHex(string(data))
+			if err != nil {
+				return fmt.Errorf("invalid device key in %s: %w", deviceKeyPath, err)
+			}
+		} else {
+			// create one
+			deviceSec = nostr.Generate()
+			os.MkdirAll(filepath.Dir(deviceKeyPath), 0700)
+			if err := os.WriteFile(deviceKeyPath, []byte(deviceSec.Hex()), 0600); err != nil {
+				return fmt.Errorf("failed to write device key: %w", err)
+			}
+		}
+		devicePub := deviceSec.Public()
+
+		// get relays for the user
+		relays := sys.FetchWriteRelays(ctx, userPub)
+		relayList := connectToAllRelays(ctx, c, relays, nil, nostr.PoolOptions{})
+		if len(relayList) == 0 {
+			return fmt.Errorf("no relays to use")
+		}
+
+		// check if kind:4454 is already published
+		events := sys.Pool.FetchMany(ctx, relays, nostr.Filter{
+			Kinds:   []nostr.Kind{4454},
+			Authors: []nostr.PubKey{userPub},
+			Tags: nostr.TagMap{
+				"pubkey": []string{devicePub.Hex()},
+			},
+		}, nostr.SubscriptionOptions{Label: "nak-nip4e"})
+		if len(events) == 0 {
+			// publish kind:4454
+			evt := nostr.Event{
+				Kind:      4454,
+				Content:   "",
+				CreatedAt: nostr.Now(),
+				Tags: nostr.Tags{
+					{"client", deviceName},
+					{"pubkey", devicePub.Hex()},
+				},
+			}
+
+			// sign with main key
+			if err := kr.SignEvent(ctx, &evt); err != nil {
+				return fmt.Errorf("failed to sign device event: %w", err)
+			}
+
+			// publish
+			if err := publishFlow(ctx, c, kr, evt, relayList); err != nil {
+				return err
+			}
+		}
+
+		// check for kind:10044
+		userKeyEventDate := nostr.Now()
+		userKeyResult := sys.Pool.FetchManyReplaceable(ctx, relays, nostr.Filter{
+			Kinds:   []nostr.Kind{10044},
+			Authors: []nostr.PubKey{userPub},
+		}, nostr.SubscriptionOptions{Label: "nak-nip4e"})
+		var eSec nostr.SecretKey
+		var ePub nostr.PubKey
+		if userKeyEvent, ok := userKeyResult.Load(nostr.ReplaceableKey{PubKey: userPub, D: ""}); !ok {
+			// generate main secret key
+			eSec = nostr.Generate()
+			ePub := eSec.Public()
+
+			// store it
+			eKeyPath := filepath.Join(configPath, "dekey", "e", ePub.Hex())
+			os.MkdirAll(filepath.Dir(eKeyPath), 0700)
+			if err := os.WriteFile(eKeyPath, []byte(eSec.Hex()), 0600); err != nil {
+				return fmt.Errorf("failed to write user encryption key: %w", err)
+			}
+
+			// publish kind:10044
+			evt10044 := nostr.Event{
+				Kind:      10044,
+				Content:   "",
+				CreatedAt: userKeyEventDate,
+				Tags: nostr.Tags{
+					{"n", ePub.Hex()},
+				},
+			}
+			if err := kr.SignEvent(ctx, &evt10044); err != nil {
+				return fmt.Errorf("failed to sign kind:10044: %w", err)
+			}
+
+			if err := publishFlow(ctx, c, kr, evt10044, relayList); err != nil {
+				return err
+			}
+		} else {
+			userKeyEventDate = userKeyEvent.CreatedAt
+
+			// get the pub from the tag
+			for _, tag := range userKeyEvent.Tags {
+				if len(tag) >= 2 && tag[0] == "n" {
+					ePub, _ = nostr.PubKeyFromHex(tag[1])
+					break
+				}
+			}
+			if ePub == nostr.ZeroPK {
+				return fmt.Errorf("invalid kind:10044 event, no 'n' tag")
+			}
+
+			// check if we have the key
+			eKeyPath := filepath.Join(configPath, "dekey", "e", ePub.Hex())
+			if data, err := os.ReadFile(eKeyPath); err == nil {
+				eSec, err = nostr.SecretKeyFromHex(string(data))
+				if err != nil {
+					return fmt.Errorf("invalid main key: %w", err)
+				}
+				if eSec.Public() != ePub {
+					return fmt.Errorf("stored user encryption key is corrupted: %w", err)
+				}
+			} else {
+				// try to decrypt from kind:4455
+				for eKeyMsg := range sys.Pool.FetchMany(ctx, relays, nostr.Filter{
+					Kinds: []nostr.Kind{4455},
+					Tags: nostr.TagMap{
+						"p": []string{devicePub.Hex()},
+					},
+				}, nostr.SubscriptionOptions{Label: "nak-nip4e"}) {
+					var senderPub nostr.PubKey
+					for _, tag := range eKeyMsg.Tags {
+						if len(tag) >= 2 && tag[0] == "P" {
+							senderPub, _ = nostr.PubKeyFromHex(tag[1])
+							break
+						}
+					}
+					if senderPub == nostr.ZeroPK {
+						continue
+					}
+					ss, err := nip44.GenerateConversationKey(senderPub, deviceSec)
+					if err != nil {
+						continue
+					}
+					eSecHex, err := nip44.Decrypt(eKeyMsg.Content, ss)
+					if err != nil {
+						continue
+					}
+					eSec, err = nostr.SecretKeyFromHex(eSecHex)
+					if err != nil {
+						continue
+					}
+					// check if it matches mainPub
+					if eSec.Public() == ePub {
+						// store it
+						os.MkdirAll(filepath.Dir(eKeyPath), 0700)
+						os.WriteFile(eKeyPath, []byte(eSecHex), 0600)
+						break
+					}
+				}
+			}
+		}
+
+		if eSec == [32]byte{} {
+			log("main secret key not available, must authorize on another device\n")
+			return nil
+		}
+
+		// now we have mainSec, check for other kind:4454 events newer than the 10044
+		keyMsgs := make([]string, 0, 5)
+		for keyOrDeviceEvt := range sys.Pool.FetchMany(ctx, relays, nostr.Filter{
+			Kinds:   []nostr.Kind{4454, 4455},
+			Authors: []nostr.PubKey{userPub},
+			Since:   userKeyEventDate,
+		}, nostr.SubscriptionOptions{Label: "nak-nip4e"}) {
+			if keyOrDeviceEvt.Kind == 4455 {
+				// key event
+
+				// skip ourselves
+				if keyOrDeviceEvt.Tags.FindWithValue("p", devicePub.Hex()) != nil {
+					continue
+				}
+
+				// assume a key msg will always come before its associated devicemsg
+				// so just store them here:
+				pubkeyTag := keyOrDeviceEvt.Tags.Find("p")
+				if pubkeyTag == nil {
+					continue
+				}
+				keyMsgs = append(keyMsgs, pubkeyTag[1])
+			} else if keyOrDeviceEvt.Kind == 4454 {
+				// device event
+
+				// skip ourselves
+				if keyOrDeviceEvt.Tags.FindWithValue("pubkey", devicePub.Hex()) != nil {
+					continue
+				}
+
+				// if this already has a corresponding keyMsg then skip it
+				pubkeyTag := keyOrDeviceEvt.Tags.Find("pubkey")
+				if pubkeyTag == nil {
+					continue
+				}
+				if slices.Contains(keyMsgs, pubkeyTag[1]) {
+					continue
+				}
+
+				// here we know we're dealing with a deviceMsg without a corresponding keyMsg
+				// so we have to build a keyMsg for them
+				theirDevice, err := nostr.PubKeyFromHex(pubkeyTag[1])
+				if err != nil {
+					continue
+				}
+
+				ss, err := nip44.GenerateConversationKey(theirDevice, deviceSec)
+				if err != nil {
+					continue
+				}
+				ciphertext, err := nip44.Encrypt(eSec.Hex(), ss)
+				if err != nil {
+					continue
+				}
+
+				evt4455 := nostr.Event{
+					Kind:      4455,
+					Content:   ciphertext,
+					CreatedAt: nostr.Now(),
+					Tags: nostr.Tags{
+						{"p", theirDevice.Hex()},
+						{"P", devicePub.Hex()},
+					},
+				}
+				if err := kr.SignEvent(ctx, &evt4455); err != nil {
+					continue
+				}
+
+				publishFlow(ctx, c, kr, evt4455, relayList)
+			}
+		}
+
+		return nil
+	},
+}
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.25

 require (
 	fiatjaf.com/lib v0.3.1
-	fiatjaf.com/nostr v0.0.0-20251201232830-91548fa0a157
+	fiatjaf.com/nostr v0.0.0-20251204122254-07061404918d
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/bep/debounce v1.2.1
 	github.com/btcsuite/btcd/btcec/v2 v2.3.6
--- a/go.sum
+++ b/go.sum
@@ -2,6 +2,8 @@ fiatjaf.com/lib v0.3.1 h1:/oFQwNtFRfV+ukmOCxfBEAuayoLwXp4wu2/fz5iHpwA=
 fiatjaf.com/lib v0.3.1/go.mod h1:Ycqq3+mJ9jAWu7XjbQI1cVr+OFgnHn79dQR5oTII47g=
 fiatjaf.com/nostr v0.0.0-20251201232830-91548fa0a157 h1:14yLsO2HwpS2CLIKFvLMDp8tVEDahwdC8OeG6NGaL+M=
 fiatjaf.com/nostr v0.0.0-20251201232830-91548fa0a157/go.mod h1:ue7yw0zHfZj23Ml2kVSdBx0ENEaZiuvGxs/8VEN93FU=
+fiatjaf.com/nostr v0.0.0-20251204122254-07061404918d h1:xROmiuT7LrZk+/iGGeTqRI4liqJZrc87AWjsyHtbqDg=
+fiatjaf.com/nostr v0.0.0-20251204122254-07061404918d/go.mod h1:ue7yw0zHfZj23Ml2kVSdBx0ENEaZiuvGxs/8VEN93FU=
 github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=
 github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
 github.com/FastFilter/xorfilter v0.2.1 h1:lbdeLG9BdpquK64ZsleBS8B4xO/QW1IM0gMzF7KaBKc=
--- a/main.go
+++ b/main.go
@@ -40,6 +40,7 @@ var app = &cli.Command{
 		bunker,
 		serve,
 		blossomCmd,
+		dekey,
 		encrypt,
 		decrypt,
 		gift,
--- a/req.go
+++ b/req.go
@@ -227,6 +227,8 @@ example:
 					}
 				} else {
 					var results chan nostr.RelayEvent
+					var closeds chan nostr.RelayClosed
+
 					opts := nostr.SubscriptionOptions{
 						Label: "nak-req",
 					}
@@ -294,20 +296,35 @@ example:
 						errg.Wait()

 						if c.Bool("stream") {
-							results = sys.Pool.BatchedSubscribeMany(ctx, defs, opts)
+							results, closeds = sys.Pool.BatchedSubscribeManyNotifyClosed(ctx, defs, opts)
 						} else {
-							results = sys.Pool.BatchedQueryMany(ctx, defs, opts)
+							results, closeds = sys.Pool.BatchedQueryManyNotifyClosed(ctx, defs, opts)
 						}
 					} else {
 						if c.Bool("stream") {
-							results = sys.Pool.SubscribeMany(ctx, relayUrls, filter, opts)
+							results, closeds = sys.Pool.SubscribeManyNotifyClosed(ctx, relayUrls, filter, opts)
 						} else {
-							results = sys.Pool.FetchMany(ctx, relayUrls, filter, opts)
+							results, closeds = sys.Pool.FetchManyNotifyClosed(ctx, relayUrls, filter, opts)
 						}
 					}

-					for ie := range results {
+				readevents:
+					for {
+						select {
+						case ie, ok := <-results:
+							if !ok {
+								break readevents
+							}
 							stdout(ie.Event)
+						case closed := <-closeds:
+							if closed.HandledAuth {
+								logverbose("%s CLOSED: %s\n", closed.Relay.URL, closed.Reason)
+							} else {
+								log("%s CLOSED: %s\n", closed.Relay.URL, closed.Reason)
+							}
+						case <-ctx.Done():
+							break readevents
+						}
 					}
 				}
 			} else {
--- a/serve.go
+++ b/serve.go
@@ -51,6 +51,12 @@ var serve = &cli.Command{
 			Name:  "grasp",
 			Usage: "enable grasp server",
 		},
+		&cli.StringFlag{
+			Name:      "grasp-path",
+			Usage:     "where to store the repositories",
+			TakesFile: true,
+			Hidden:    true,
+		},
 		&cli.BoolFlag{
 			Name:  "blossom",
 			Usage: "enable blossom server",
@@ -135,11 +141,14 @@ var serve = &cli.Command{
 		}

 		if c.Bool("grasp") {
+			repoDir = c.String("grasp-path")
+			if repoDir == "" {
 				var err error
 				repoDir, err = os.MkdirTemp("", "nak-serve-grasp-repos-")
 				if err != nil {
 					return fmt.Errorf("failed to create grasp repos directory: %w", err)
 				}
+			}
 			g := grasp.New(rl, repoDir)
 			g.OnRead = func(ctx context.Context, pubkey nostr.PubKey, repo string) (reject bool, reason string) {
 				log("    got %s %s %s\n", color.CyanString("git read"), pubkey.Hex(), repo)
Author	SHA1	Message	Date
fiatjaf	a83b23d76b	add nak git demo to README.	2025-12-05 22:15:08 -03:00
fiatjaf	a288cc47a4	add example of compilation with `-tags debug` to README.	2025-12-05 22:09:22 -03:00
fiatjaf	5ee7670ba8	req: fix infinite loop when events channel is exhausted.	2025-12-04 13:21:43 -03:00
fiatjaf	b973b476bc	req: print CLOSED messages.	2025-12-04 09:24:36 -03:00
fiatjaf	252612b12f	add pee trick.	2025-12-04 08:46:20 -03:00
fiatjaf	4b8b6bb3de	dekey: nip4e (untested).	2025-12-03 23:08:59 -03:00
fiatjaf	df491be232	serve: --grasp-path (hidden).	2025-12-02 15:53:18 -03:00