tag v1.1.1

fixes https://github.com/nbd-wtf/nostr-tools/issues/78

README.md

@@ -2,7 +2,7 @@
 
 Tools for developing [Nostr](https://github.com/fiatjaf/nostr) clients.
 
-Very lean on dependencies.
+Only depends on _@scure_ and _@noble_ packages.
 
 ## Usage
 
@@ -30,15 +30,15 @@ let event = {
   kind: 1,
   created_at: Math.floor(Date.now() / 1000),
   tags: [],
-  content: 'hello'
+  content: 'hello',
+  pubkey: getPublicKey(privateKey)
 }
 
 event.id = getEventHash(event)
-event.pubkey = getPublicKey(privateKey)
+event.sig = signEvent(event, privateKey)
-event.sig = await signEvent(event, privateKey)
 
 let ok = validateEvent(event)
-let veryOk = await verifySignature(event)
+let veryOk = verifySignature(event)
 ```
 
 ### Interacting with a relay
@@ -98,17 +98,17 @@ let event = {
   content: 'hello world'
 }
 event.id = getEventHash(event)
-event.sig = await signEvent(event, sk)
+event.sig = signEvent(event, sk)
 
 let pub = relay.publish(event)
 pub.on('ok', () => {
-  console.log(`{relay.url} has accepted our event`)
+  console.log(`${relay.url} has accepted our event`)
 })
 pub.on('seen', () => {
-  console.log(`we saw the event on {relay.url}`)
+  console.log(`we saw the event on ${relay.url}`)
 })
 pub.on('failed', reason => {
-  console.log(`failed to publish to {relay.url}: ${reason}`)
+  console.log(`failed to publish to ${relay.url}: ${reason}`)
 })
 
 await relay.close()
@@ -202,6 +202,41 @@ sub.on('event', (event) => {
 })
 ```
 
+### Performing and checking for delegation
+
+```js
+import {nip26, getPublicKey, generatePrivateKey} from 'nostr-tools'
+
+// delegator
+let sk1 = generatePrivateKey()
+let pk1 = getPublicKey(sk1)
+
+// delegatee
+let sk2 = generatePrivateKey()
+let pk2 = getPublicKey(sk2)
+
+// generate delegation
+let delegation = nip26.createDelegation(sk1, {
+  pubkey: pk2,
+  kind: 1,
+  since: Math.round(Date.now() / 1000),
+  until: Math.round(Date.now() / 1000) + 60 * 60 * 24 * 30 /* 30 days */
+})
+
+// the delegatee uses the delegation when building an event
+let event = {
+  pubkey: pk2,
+  kind: 1,
+  created_at: Math.round(Date.now() / 1000),
+  content: 'hello from a delegated key',
+  tags: [['delegation', delegation.from, delegation.cond, delegation.sig]]
+}
+
+// finally any receiver of this event can check for the presence of a valid delegation tag
+let delegator = nip26.getDelegator(event)
+assert(delegator === pk1) // will be null if there is no delegation tag or if it is invalid
+```
+
 Please consult the tests or [the source code](https://github.com/fiatjaf/nostr-tools) for more information that isn't available here.
 
 ### Using from the browser (if you don't want to use a bundler)

event.test.js

@@ -4,7 +4,6 @@ const {
   validateEvent,
   verifySignature,
   signEvent,
-  getEventHash,
   getPublicKey
 } = require('./lib/nostr.cjs')
 
@@ -35,15 +34,15 @@ test('validate event', () => {
 })
 
 test('check signature', async () => {
-  expect(await verifySignature(event)).toBeTruthy()
+  expect(verifySignature(event)).toBeTruthy()
 })
 
 test('sign event', async () => {
-  let sig = await signEvent(unsigned, privateKey)
-  let hash = getEventHash(unsigned)
   let pubkey = getPublicKey(privateKey)
+  let authored = {...unsigned, pubkey}
 
-  let signed = {...unsigned, id: hash, sig, pubkey}
+  let sig = signEvent(authored, privateKey)
+  let signed = {...authored, sig}
 
-  expect(await verifySignature(signed)).toBeTruthy()
+  expect(verifySignature(signed)).toBeTruthy()
 })

event.ts

@@ -3,10 +3,26 @@ import {sha256} from '@noble/hashes/sha256'
 
 import {utf8Encoder} from './utils'
 
+/* eslint-disable no-unused-vars */
+export enum Kind {
+  Metadata = 0,
+  Text = 1,
+  RecommendRelay = 2,
+  Contacts = 3,
+  EncryptedDirectMessage = 4,
+  EventDeletion = 5,
+  Reaction = 7,
+  ChannelCreation = 40,
+  ChannelMetadata = 41,
+  ChannelMessage = 42,
+  ChannelHideMessage = 43,
+  ChannelMuteUser = 44
+}
+
 export type Event = {
   id?: string
   sig?: string
-  kind: number
+  kind: Kind
   tags: string[][]
   pubkey: string
   content: string
@@ -24,6 +40,9 @@ export function getBlankEvent(): Event {
 }
 
 export function serializeEvent(evt: Event): string {
+  if (!validateEvent(evt))
+    throw new Error("can't serialize event with wrong or missing properties")
+
   return JSON.stringify([
     0,
     evt.pubkey,
@@ -40,9 +59,10 @@ export function getEventHash(event: Event): string {
 }
 
 export function validateEvent(event: Event): boolean {
-  if (event.id !== getEventHash(event)) return false
   if (typeof event.content !== 'string') return false
   if (typeof event.created_at !== 'number') return false
+  if (typeof event.pubkey !== 'string') return false
+  if (!event.pubkey.match(/^[a-f0-9]{64}$/)) return false
 
   if (!Array.isArray(event.tags)) return false
   for (let i = 0; i < event.tags.length; i++) {
@@ -56,14 +76,16 @@ export function validateEvent(event: Event): boolean {
   return true
 }
 
-export function verifySignature(
+export function verifySignature(event: Event & {sig: string}): boolean {
-  event: Event & {id: string; sig: string}
+  return secp256k1.schnorr.verifySync(
-): Promise<boolean> {
+    event.sig,
-  return secp256k1.schnorr.verify(event.sig, event.id, event.pubkey)
+    getEventHash(event),
-}
+    event.pubkey
-
+  )
-export async function signEvent(event: Event, key: string): Promise<string> {
+}
-  return secp256k1.utils.bytesToHex(
+
-    await secp256k1.schnorr.sign(getEventHash(event), key)
+export function signEvent(event: Event, key: string): string {
+  return secp256k1.utils.bytesToHex(
+    secp256k1.schnorr.signSync(getEventHash(event), key)
   )
 }

index.ts

@@ -7,3 +7,13 @@ export * as nip04 from './nip04'
 export * as nip05 from './nip05'
 export * as nip06 from './nip06'
 export * as nip19 from './nip19'
+export * as nip26 from './nip26'
+
+// monkey patch secp256k1
+import * as secp256k1 from '@noble/secp256k1'
+import {hmac} from '@noble/hashes/hmac'
+import {sha256} from '@noble/hashes/sha256'
+secp256k1.utils.hmacSha256Sync = (key, ...msgs) =>
+  hmac(sha256, key, secp256k1.utils.concatBytes(...msgs))
+secp256k1.utils.sha256Sync = (...msgs) =>
+  sha256(secp256k1.utils.concatBytes(...msgs))

nip04.ts

@@ -1,6 +1,6 @@
 import {randomBytes} from '@noble/hashes/utils'
 import * as secp256k1 from '@noble/secp256k1'
-import {encode as b64encode, decode as b64decode} from 'base64-arraybuffer'
+import {base64} from '@scure/base'
 
 import {utf8Decoder, utf8Encoder} from './utils'
 
@@ -26,8 +26,8 @@ export async function encrypt(
     cryptoKey,
     plaintext
   )
-  let ctb64 = b64encode(ciphertext)
+  let ctb64 = base64.encode(new Uint8Array(ciphertext))
-  let ivb64 = b64encode(iv.buffer)
+  let ivb64 = base64.encode(new Uint8Array(iv.buffer))
 
   return `${ctb64}?iv=${ivb64}`
 }
@@ -48,8 +48,8 @@ export async function decrypt(
     false,
     ['decrypt']
   )
-  let ciphertext = b64decode(ctb64)
+  let ciphertext = base64.decode(ctb64)
-  let iv = b64decode(ivb64)
+  let iv = base64.decode(ivb64)
 
   let plaintext = await crypto.subtle.decrypt(
     {name: 'AES-CBC', iv},

nip19.ts

@@ -1,5 +1,5 @@
 import * as secp256k1 from '@noble/secp256k1'
-import {bech32} from 'bech32'
+import {bech32} from '@scure/base'
 
 import {utf8Decoder, utf8Encoder} from './utils'
 
@@ -17,7 +17,7 @@ export function decode(nip19: string): {
   type: string
   data: ProfilePointer | EventPointer | string
 } {
-  let {prefix, words} = bech32.decode(nip19, 1000)
+  let {prefix, words} = bech32.decode(nip19, 1500)
   let data = new Uint8Array(bech32.fromWords(words))
 
   if (prefix === 'nprofile') {
@@ -87,7 +87,7 @@ export function noteEncode(hex: string): string {
 function encodeBytes(prefix: string, hex: string): string {
   let data = secp256k1.utils.hexToBytes(hex)
   let words = bech32.toWords(data)
-  return bech32.encode(prefix, words, 1000)
+  return bech32.encode(prefix, words, 1500)
 }
 
 export function nprofileEncode(profile: ProfilePointer): string {
@@ -96,7 +96,7 @@ export function nprofileEncode(profile: ProfilePointer): string {
     1: (profile.relays || []).map(url => utf8Encoder.encode(url))
   })
   let words = bech32.toWords(data)
-  return bech32.encode('nprofile', words, 1000)
+  return bech32.encode('nprofile', words, 1500)
 }
 
 export function neventEncode(event: EventPointer): string {
@@ -105,7 +105,7 @@ export function neventEncode(event: EventPointer): string {
     1: (event.relays || []).map(url => utf8Encoder.encode(url))
   })
   let words = bech32.toWords(data)
-  return bech32.encode('nevent', words, 1000)
+  return bech32.encode('nevent', words, 1500)
 }
 
 function encodeTLV(tlv: TLV): Uint8Array {

nip26.test.js

@@ -0,0 +1,105 @@
+/* eslint-env jest */
+
+const {nip26, getPublicKey, generatePrivateKey} = require('./lib/nostr.cjs')
+
+test('parse good delegation from NIP', async () => {
+  expect(
+    nip26.getDelegator({
+      id: 'a080fd288b60ac2225ff2e2d815291bd730911e583e177302cc949a15dc2b2dc',
+      pubkey:
+        '62903b1ff41559daf9ee98ef1ae67cc52f301bb5ce26d14baba3052f649c3f49',
+      created_at: 1660896109,
+      kind: 1,
+      tags: [
+        [
+          'delegation',
+          '86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e',
+          'kind=1&created_at>1640995200',
+          'c33c88ba78ec3c760e49db591ac5f7b129e3887c8af7729795e85a0588007e5ac89b46549232d8f918eefd73e726cb450135314bfda419c030d0b6affe401ec1'
+        ]
+      ],
+      content: 'Hello world',
+      sig: 'cd4a3cd20dc61dcbc98324de561a07fd23b3d9702115920c0814b5fb822cc5b7c5bcdaf3fa326d24ed50c5b9c8214d66c75bae34e3a84c25e4d122afccb66eb6'
+    })
+  ).toEqual('86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e')
+})
+
+test('parse bad delegations', async () => {
+  expect(
+    nip26.getDelegator({
+      id: 'a080fd288b60ac2225ff2e2d815291bd730911e583e177302cc949a15dc2b2dc',
+      pubkey:
+        '62903b1ff41559daf9ee98ef1ae67cc52f301bb5ce26d14baba3052f649c3f49',
+      created_at: 1660896109,
+      kind: 1,
+      tags: [
+        [
+          'delegation',
+          '86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42f',
+          'kind=1&created_at>1640995200',
+          'c33c88ba78ec3c760e49db591ac5f7b129e3887c8af7729795e85a0588007e5ac89b46549232d8f918eefd73e726cb450135314bfda419c030d0b6affe401ec1'
+        ]
+      ],
+      content: 'Hello world',
+      sig: 'cd4a3cd20dc61dcbc98324de561a07fd23b3d9702115920c0814b5fb822cc5b7c5bcdaf3fa326d24ed50c5b9c8214d66c75bae34e3a84c25e4d122afccb66eb6'
+    })
+  ).toEqual(null)
+
+  expect(
+    nip26.getDelegator({
+      id: 'a080fd288b60ac2225ff2e2d815291bd730911e583e177302cc949a15dc2b2dc',
+      pubkey:
+        '62903b1ff41559daf9ee98ef1ae67cc52f301bb5ce26d14baba3052f649c3f49',
+      created_at: 1660896109,
+      kind: 1,
+      tags: [
+        [
+          'delegation',
+          '86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e',
+          'kind=1&created_at>1740995200',
+          'c33c88ba78ec3c760e49db591ac5f7b129e3887c8af7729795e85a0588007e5ac89b46549232d8f918eefd73e726cb450135314bfda419c030d0b6affe401ec1'
+        ]
+      ],
+      content: 'Hello world',
+      sig: 'cd4a3cd20dc61dcbc98324de561a07fd23b3d9702115920c0814b5fb822cc5b7c5bcdaf3fa326d24ed50c5b9c8214d66c75bae34e3a84c25e4d122afccb66eb6'
+    })
+  ).toEqual(null)
+
+  expect(
+    nip26.getDelegator({
+      id: 'a080fd288b60ac2225ff2e2d815291bd730911e583e177302cc949a15dc2b2dc',
+      pubkey:
+        '62903b1ff41559daf9ee98ef1ae67c152f301bb5ce26d14baba3052f649c3f49',
+      created_at: 1660896109,
+      kind: 1,
+      tags: [
+        [
+          'delegation',
+          '86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e',
+          'kind=1&created_at>1640995200',
+          'c33c88ba78ec3c760e49db591ac5f7b129e3887c8af7729795e85a0588007e5ac89b46549232d8f918eefd73e726cb450135314bfda419c030d0b6affe401ec1'
+        ]
+      ],
+      content: 'Hello world',
+      sig: 'cd4a3cd20dc61dcbc98324de561a07fd23b3d9702115920c0814b5fb822cc5b7c5bcdaf3fa326d24ed50c5b9c8214d66c75bae34e3a84c25e4d122afccb66eb6'
+    })
+  ).toEqual(null)
+})
+
+test('create and verify delegation', async () => {
+  let sk1 = generatePrivateKey()
+  let pk1 = getPublicKey(sk1)
+  let sk2 = generatePrivateKey()
+  let pk2 = getPublicKey(sk2)
+  let delegation = nip26.createDelegation(sk1, {pubkey: pk2, kind: 1})
+  expect(delegation).toHaveProperty('from', pk1)
+  expect(delegation).toHaveProperty('to', pk2)
+  expect(delegation).toHaveProperty('cond', 'kind=1')
+
+  let event = {
+    kind: 1,
+    tags: [['delegation', delegation.from, delegation.cond, delegation.sig]],
+    pubkey: pk2
+  }
+  expect(nip26.getDelegator(event)).toEqual(pk1)
+})

nip26.ts

@@ -0,0 +1,90 @@
+import * as secp256k1 from '@noble/secp256k1'
+import {sha256} from '@noble/hashes/sha256'
+
+import {Event} from './event'
+import {utf8Encoder} from './utils'
+import {getPublicKey} from './keys'
+
+export type Parameters = {
+  pubkey: string // the key to whom the delegation will be given
+  kind: number | undefined
+  until: number | undefined // delegation will only be valid until this date
+  since: number | undefined // delegation will be valid from this date on
+}
+
+export type Delegation = {
+  from: string // the pubkey who signed the delegation
+  to: string // the pubkey that is allowed to use the delegation
+  cond: string // the string of conditions as they should be included in the event tag
+  sig: string
+}
+
+export function createDelegation(
+  privateKey: string,
+  parameters: Parameters
+): Delegation {
+  let conditions = []
+  if ((parameters.kind || -1) >= 0) conditions.push(`kind=${parameters.kind}`)
+  if (parameters.until) conditions.push(`created_at<${parameters.until}`)
+  if (parameters.since) conditions.push(`created_at>${parameters.since}`)
+  let cond = conditions.join('&')
+
+  if (cond === '')
+    throw new Error('refusing to create a delegation without any conditions')
+
+  let sighash = sha256(
+    utf8Encoder.encode(`nostr:delegation:${parameters.pubkey}:${cond}`)
+  )
+
+  let sig = secp256k1.utils.bytesToHex(
+    secp256k1.schnorr.signSync(sighash, privateKey)
+  )
+
+  return {
+    from: getPublicKey(privateKey),
+    to: parameters.pubkey,
+    cond,
+    sig
+  }
+}
+
+export function getDelegator(event: Event): string | null {
+  // find delegation tag
+  let tag = event.tags.find(tag => tag[0] === 'delegation' && tag.length >= 4)
+  if (!tag) return null
+
+  let pubkey = tag[1]
+  let cond = tag[2]
+  let sig = tag[3]
+
+  // check conditions
+  let conditions = cond.split('&')
+  for (let i = 0; i < conditions.length; i++) {
+    let [key, operator, value] = conditions[i].split(/\b/)
+
+    // the supported conditions are just 'kind' and 'created_at' for now
+    if (key === 'kind' && operator === '=' && event.kind === parseInt(value))
+      continue
+    else if (
+      key === 'created_at' &&
+      operator === '<' &&
+      event.created_at < parseInt(value)
+    )
+      continue
+    else if (
+      key === 'created_at' &&
+      operator === '>' &&
+      event.created_at > parseInt(value)
+    )
+      continue
+    else return null // invalid condition
+  }
+
+  // check signature
+  let sighash = sha256(
+    utf8Encoder.encode(`nostr:delegation:${event.pubkey}:${cond}`)
+  )
+  if (!secp256k1.schnorr.verifySync(sig, sighash, pubkey)) return null
+
+  return pubkey
+}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "nostr-tools",
-  "version": "1.0.0-rc2",
+  "version": "1.1.1",
   "description": "Tools for making a Nostr client.",
   "repository": {
     "type": "git",
@@ -11,10 +11,9 @@
   "dependencies": {
     "@noble/hashes": "^0.5.7",
     "@noble/secp256k1": "^1.7.0",
+    "@scure/base": "^1.1.1",
     "@scure/bip32": "^1.1.1",
-    "@scure/bip39": "^1.1.0",
+    "@scure/bip39": "^1.1.0"
-    "base64-arraybuffer": "^1.0.2",
-    "bech32": "^2.0.0"
   },
   "keywords": [
     "decentralization",

relay.test.js

@@ -9,7 +9,7 @@ const {
   signEvent
 } = require('./lib/nostr.cjs')
 
-let relay = relayInit('wss://nostr-pub.semisol.dev/')
+let relay = relayInit('wss://nostr-dev.wellorder.net/')
 
 beforeAll(() => {
   relay.connect()
@@ -98,7 +98,7 @@ test('listening (twice) and publishing', async () => {
     content: 'nostr-tools test suite'
   }
   event.id = getEventHash(event)
-  event.sig = await signEvent(event, sk)
+  event.sig = signEvent(event, sk)
 
   relay.publish(event)
   return expect(

relay.ts

@@ -3,15 +3,17 @@
 import {Event, verifySignature, validateEvent} from './event'
 import {Filter, matchFilters} from './filter'
 
+type RelayEvent = 'connect' | 'disconnect' | 'error' | 'notice'
+
 export type Relay = {
   url: string
   status: number
-  connect: () => void
+  connect: () => Promise<void>
-  close: () => void
+  close: () => Promise<void>
-  sub: (filters: Filter[], opts: SubscriptionOptions) => Sub
+  sub: (filters: Filter[], opts?: SubscriptionOptions) => Sub
   publish: (event: Event) => Pub
-  on: (type: 'connect' | 'disconnect' | 'notice', cb: any) => void
+  on: (type: RelayEvent, cb: any) => void
-  off: (type: 'connect' | 'disconnect' | 'notice', cb: any) => void
+  off: (type: RelayEvent, cb: any) => void
 }
 export type Pub = {
   on: (type: 'ok' | 'seen' | 'failed', cb: any) => void
@@ -73,7 +75,7 @@ export function relayInit(url: string): Relay {
       }
       ws.onclose = async () => {
         listeners.disconnect.forEach(cb => cb())
-        resolveClose()
+        resolveClose && resolveClose()
       }
 
       ws.onmessage = async e => {
@@ -185,7 +187,7 @@ export function relayInit(url: string): Relay {
     url,
     sub,
     on: (
-      type: 'connect' | 'disconnect' | 'error' | 'notice',
+      type: RelayEvent,
       cb: any
     ): void => {
       listeners[type].push(cb)
@@ -194,7 +196,7 @@ export function relayInit(url: string): Relay {
       }
     },
     off: (
-      type: 'connect' | 'disconnect' | 'error' | 'notice',
+      type: RelayEvent,
       cb: any
     ): void => {
       let index = listeners[type].indexOf(cb)
@@ -258,7 +260,7 @@ export function relayInit(url: string): Relay {
     connect,
     close(): Promise<void> {
       ws.close()
-      return new Promise(resolve => {
+      return new Promise<void>(resolve => {
         resolveClose = resolve
       })
     },