package main import ( "context" "fmt" "os" "strings" "fiatjaf.com/nostr" "fiatjaf.com/nostr/keyer" "fiatjaf.com/nostr/nip19" "fiatjaf.com/nostr/nip46" "fiatjaf.com/nostr/nip49" "github.com/chzyer/readline" "github.com/fatih/color" "github.com/urfave/cli/v3" ) var defaultKeyFlags = []cli.Flag{ &cli.StringFlag{ Name: "sec", Usage: "secret key to sign the event, as nsec, ncryptsec or hex, or a bunker URL, it is more secure to use the environment variable NOSTR_SECRET_KEY than this flag", DefaultText: "the key '1'", Aliases: []string{"connect"}, Category: CATEGORY_SIGNER, }, &cli.BoolFlag{ Name: "prompt-sec", Usage: "prompt the user to paste a hex or nsec with which to sign the event", Category: CATEGORY_SIGNER, }, &cli.StringFlag{ Name: "connect-as", Usage: "private key to use when communicating with nip46 bunkers", DefaultText: "a random key", Category: CATEGORY_SIGNER, Sources: cli.EnvVars("NOSTR_CLIENT_KEY"), }, } func gatherKeyerFromArguments(ctx context.Context, c *cli.Command) (nostr.Keyer, nostr.SecretKey, error) { key, bunker, err := gatherSecretKeyOrBunkerFromArguments(ctx, c) if err != nil { return nil, nostr.SecretKey{}, err } var kr nostr.Keyer if bunker != nil { kr = keyer.NewBunkerSignerFromBunkerClient(bunker) } else { kr, err = keyer.NewPlainKeySigner(key) } return kr, key, err } func gatherSecretKeyOrBunkerFromArguments(ctx context.Context, c *cli.Command) (nostr.SecretKey, *nip46.BunkerClient, error) { var err error sec := c.String("sec") if strings.HasPrefix(sec, "bunker://") { // it's a bunker bunkerURL := sec clientKeyHex := c.String("connect-as") var clientKey nostr.SecretKey if clientKeyHex != "" { clientKey, err = nostr.SecretKeyFromHex(sec) } else { clientKey = nostr.Generate() } bunker, err := nip46.ConnectBunker(ctx, clientKey, bunkerURL, nil, func(s string) { log(color.CyanString("[nip46]: open the following URL: %s"), s) }) return nostr.SecretKey{}, bunker, err } // take private from flags, environment variable or default to 1 if sec == "" { if key, ok := os.LookupEnv("NOSTR_SECRET_KEY"); ok { sec = key } else { sec = "0000000000000000000000000000000000000000000000000000000000000001" } } if c.Bool("prompt-sec") { if isPiped() { return nostr.SecretKey{}, nil, fmt.Errorf("can't prompt for a secret key when processing data from a pipe, try again without --prompt-sec") } sec, err = askPassword("type your secret key as ncryptsec, nsec or hex: ", nil) if err != nil { return nostr.SecretKey{}, nil, fmt.Errorf("failed to get secret key: %w", err) } } if strings.HasPrefix(sec, "ncryptsec1") { sk, err := promptDecrypt(sec) if err != nil { return nostr.SecretKey{}, nil, fmt.Errorf("failed to decrypt: %w", err) } return sk, nil, nil } if prefix, ski, err := nip19.Decode(sec); err == nil && prefix == "nsec" { return ski.(nostr.SecretKey), nil, nil } sk, err := nostr.SecretKeyFromHex(sec) if err != nil { return nostr.SecretKey{}, nil, fmt.Errorf("invalid secret key") } return sk, nil, nil } func promptDecrypt(ncryptsec string) (nostr.SecretKey, error) { for i := 1; i < 4; i++ { var attemptStr string if i > 1 { attemptStr = fmt.Sprintf(" [%d/3]", i) } password, err := askPassword("type the password to decrypt your secret key"+attemptStr+": ", nil) if err != nil { return nostr.SecretKey{}, err } sec, err := nip49.Decrypt(ncryptsec, password) if err != nil { continue } return sec, nil } return nostr.SecretKey{}, fmt.Errorf("couldn't decrypt private key") } func askPassword(msg string, shouldAskAgain func(answer string) bool) (string, error) { config := &readline.Config{ Stdout: color.Error, Prompt: color.YellowString(msg), InterruptPrompt: "^C", DisableAutoSaveHistory: true, EnableMask: true, MaskRune: '*', } rl, err := readline.NewEx(config) if err != nil { return "", err } for { answer, err := rl.Readline() if err != nil { return "", err } answer = strings.TrimSpace(answer) if shouldAskAgain != nil && shouldAskAgain(answer) { continue } return answer, err } }