tag v1.2.0

refactor previous commit a little, add fakejson module for simple parsing that doesn't use regex.
incoming message queue, alreadyHaveEvent check, msg.send catch
2025-12-08 16:28:49 +00:00 · 2023-01-22 10:34:04 -03:00 · 2023-01-22 10:32:33 -03:00 · 2023-01-21 07:03:12 -03:00 · 2023-01-20 17:00:48 -03:00 · 2023-01-18 17:31:37 -03:00
13 changed files with 159 additions and 54 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,8 +1,7 @@
 name: test every commit
 on:
-  push:
-    branches:
-      - master
+  - push
+  - pull_request

 jobs:
  test:
--- a/README.md
+++ b/README.md
@@ -30,11 +30,11 @@ let event = {
  kind: 1,
  created_at: Math.floor(Date.now() / 1000),
  tags: [],
-  content: 'hello'
+  content: 'hello',
+  pubkey: getPublicKey(privateKey)
 }

 event.id = getEventHash(event)
-event.pubkey = getPublicKey(privateKey)
 event.sig = signEvent(event, privateKey)

 let ok = validateEvent(event)
@@ -102,13 +102,13 @@ event.sig = signEvent(event, sk)

 let pub = relay.publish(event)
 pub.on('ok', () => {
-  console.log(`{relay.url} has accepted our event`)
+  console.log(`${relay.url} has accepted our event`)
 })
 pub.on('seen', () => {
-  console.log(`we saw the event on {relay.url}`)
+  console.log(`we saw the event on ${relay.url}`)
 })
 pub.on('failed', reason => {
-  console.log(`failed to publish to {relay.url}: ${reason}`)
+  console.log(`failed to publish to ${relay.url}: ${reason}`)
 })

 await relay.close()
@@ -182,7 +182,7 @@ let pk2 = getPublicKey(sk2)

 // on the sender side
 let message = 'hello'
-let ciphertext = await nip04.encrypt(sk1, pk2, 'hello')
+let ciphertext = await nip04.encrypt(sk1, pk2, message)

 let event = {
  kind: 4,
@@ -196,7 +196,7 @@ sendEvent(event)

 // on the receiver side
 sub.on('event', (event) => {
-  let sender = event.tags.find(([k, v]) => k === 'p' && && v && v !== '')[1]
+  let sender = event.tags.find(([k, v]) => k === 'p' && v && v !== '')[1]
  pk1 === sender
  let plaintext = await nip04.decrypt(sk2, pk1, event.content)
 })
--- a/event.test.js
+++ b/event.test.js
@@ -4,7 +4,6 @@ const {
  validateEvent,
  verifySignature,
  signEvent,
-  getEventHash,
  getPublicKey
 } = require('./lib/nostr.cjs')

@@ -35,15 +34,15 @@ test('validate event', () => {
 })

 test('check signature', async () => {
-  expect(await verifySignature(event)).toBeTruthy()
+  expect(verifySignature(event)).toBeTruthy()
 })

 test('sign event', async () => {
-  let sig = await signEvent(unsigned, privateKey)
-  let hash = getEventHash(unsigned)
  let pubkey = getPublicKey(privateKey)
+  let authored = {...unsigned, pubkey}

-  let signed = {...unsigned, id: hash, sig, pubkey}
+  let sig = signEvent(authored, privateKey)
+  let signed = {...authored, sig}

-  expect(await verifySignature(signed)).toBeTruthy()
+  expect(verifySignature(signed)).toBeTruthy()
 })
--- a/event.ts
+++ b/event.ts
@@ -3,7 +3,6 @@ import {sha256} from '@noble/hashes/sha256'

 import {utf8Encoder} from './utils'

-
 /* eslint-disable no-unused-vars */
 export enum Kind {
  Metadata = 0,
@@ -17,7 +16,7 @@ export enum Kind {
  ChannelMetadata = 41,
  ChannelMessage = 42,
  ChannelHideMessage = 43,
-  ChannelMuteUser = 44,
+  ChannelMuteUser = 44
 }

 export type Event = {
@@ -41,6 +40,9 @@ export function getBlankEvent(): Event {
 }

 export function serializeEvent(evt: Event): string {
+  if (!validateEvent(evt))
+    throw new Error("can't serialize event with wrong or missing properties")
+
  return JSON.stringify([
    0,
    evt.pubkey,
@@ -57,9 +59,10 @@ export function getEventHash(event: Event): string {
 }

 export function validateEvent(event: Event): boolean {
-  if (event.id !== getEventHash(event)) return false
  if (typeof event.content !== 'string') return false
  if (typeof event.created_at !== 'number') return false
+  if (typeof event.pubkey !== 'string') return false
+  if (!event.pubkey.match(/^[a-f0-9]{64}$/)) return false

  if (!Array.isArray(event.tags)) return false
  for (let i = 0; i < event.tags.length; i++) {
@@ -73,10 +76,12 @@ export function validateEvent(event: Event): boolean {
  return true
 }

-export function verifySignature(
-  event: Event & {id: string; sig: string}
-): boolean {
-  return secp256k1.schnorr.verifySync(event.sig, event.id, event.pubkey)
+export function verifySignature(event: Event & {sig: string}): boolean {
+  return secp256k1.schnorr.verifySync(
+    event.sig,
+    getEventHash(event),
+    event.pubkey
+  )
 }

 export function signEvent(event: Event, key: string): string {
--- a/fakejson.test.js
+++ b/fakejson.test.js
@@ -0,0 +1,35 @@
+/* eslint-env jest */
+
+const {fj} = require('./lib/nostr.cjs')
+
+test('match id', () => {
+  expect(
+    fj.matchEventId(
+      `["EVENT","nostril-query",{"tags":[],"content":"so did we cut all corners and p2p stuff in order to make a decentralized social network that was fast and worked, but in the end what we got was a lot of very slow clients that can't handle the traffic of one jack dorsey tweet?","sig":"ca62629d189edebb8f0811cfa0ac53015013df5f305dcba3f411ba15cfc4074d8c2d517ee7d9e81c9eb72a7328bfbe31c9122156397565ac55e740404e2b1fe7","id":"fef2a50f7d9d3d5a5f38ee761bc087ec16198d3f0140df6d1e8193abf7c2b146","kind":1,"pubkey":"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d","created_at":1671150419}]`,
+      'fef2a50f7d9d3d5a5f38ee761bc087ec16198d3f0140df6d1e8193abf7c2b146'
+    )
+  ).toBeTruthy()
+
+  expect(
+    fj.matchEventId(
+      `["EVENT","nostril-query",{"content":"a bunch of mfs interacted with my post using what I assume were \"likes\": https://nostr.build/i/964.png","created_at":1672506879,"id":"f40bdd0905137ad60482537e260890ab50b0863bf16e67cf9383f203bd26c96f","kind":1,"pubkey":"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d","sig":"8b825d2d4096f0643b18ca39da59ec07a682cd8a3e717f119c845037573d98099f5bea94ec7ddedd5600c8020144a255ed52882a911f7f7ada6d6abb3c0a1eb4","tags":[]}]`,
+      'fef2a50f7d9d3d5a5f38ee761bc087ec16198d3f0140df6d1e8193abf7c2b146'
+    )
+  ).toBeFalsy()
+})
+
+test('match kind', () => {
+  expect(
+    fj.matchEventKind(
+      `["EVENT","nostril-query",{"tags":[],"content":"so did we cut all corners and p2p stuff in order to make a decentralized social network that was fast and worked, but in the end what we got was a lot of very slow clients that can't handle the traffic of one jack dorsey tweet?","sig":"ca62629d189edebb8f0811cfa0ac53015013df5f305dcba3f411ba15cfc4074d8c2d517ee7d9e81c9eb72a7328bfbe31c9122156397565ac55e740404e2b1fe7","id":"fef2a50f7d9d3d5a5f38ee761bc087ec16198d3f0140df6d1e8193abf7c2b146","kind":1,"pubkey":"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d","created_at":1671150419}]`,
+      1
+    )
+  ).toBeTruthy()
+
+  expect(
+    fj.matchEventKind(
+      `["EVENT","nostril-query",{"content":"{\"name\":\"fiatjaf\",\"about\":\"buy my merch at fiatjaf store\",\"picture\":\"https://fiatjaf.com/static/favicon.jpg\",\"nip05\":\"_@fiatjaf.com\"}","created_at":1671217411,"id":"b52f93f6dfecf9d81f59062827cd941412a0e8398dda60baf960b17499b88900","kind":12720,"pubkey":"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d","sig":"fc1ea5d45fa5ed0526faed06e8fc7a558e60d1b213e9714f440828584ee999b93407092f9b04deea7e504fa034fc0428f31f7f0f95417b3280ebe6004b80b470","tags":[]}]`,
+      12720
+    )
+  ).toBeTruthy()
+})
--- a/fakejson.ts
+++ b/fakejson.ts
@@ -0,0 +1,26 @@
+export function getHex64(json: string, field: string): string {
+  let len = field.length + 3
+  let idx = json.indexOf(`"${field}":`) + len
+  let s = json.slice(idx).indexOf(`"`) + idx + 1
+  return json.slice(s, s + 64)
+}
+
+export function getInt(json: string, field: string): number {
+  let len = field.length
+  let idx = json.indexOf(`"${field}":`) + len + 3
+  let sliced = json.slice(idx)
+  let end = Math.min(sliced.indexOf(','), sliced.indexOf('}'))
+  return parseInt(sliced.slice(0, end), 10)
+}
+
+export function matchEventId(json: string, id: string): boolean {
+  return id === getHex64(json, 'id')
+}
+
+export function matchEventPubkey(json: string, pubkey: string): boolean {
+  return pubkey === getHex64(json, 'pubkey')
+}
+
+export function matchEventKind(json: string, kind: number): boolean {
+  return kind === getInt(json, 'kind')
+}
--- a/index.ts
+++ b/index.ts
@@ -3,6 +3,8 @@ export * from './relay'
 export * from './event'
 export * from './filter'

+export * as fj from './fakejson'
+
 export * as nip04 from './nip04'
 export * as nip05 from './nip05'
 export * as nip06 from './nip06'
--- a/nip06.test.js
+++ b/nip06.test.js
@@ -0,0 +1,15 @@
+/* eslint-env jest */
+const {nip06} = require('./lib/nostr.cjs')
+
+test('generate private key from a mnemonic', async () => {
+  const mnemonic = 'zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong'
+  const privateKey = nip06.privateKeyFromSeedWords(mnemonic)
+  expect(privateKey).toEqual('c26cf31d8ba425b555ca27d00ca71b5008004f2f662470f8c8131822ec129fe2')
+})
+
+test('generate private key from a mnemonic and passphrase', async () => {
+  const mnemonic = 'zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong'
+  const passphrase = '123'
+  const privateKey = nip06.privateKeyFromSeedWords(mnemonic, passphrase)
+  expect(privateKey).toEqual('55a22b8203273d0aaf24c22c8fbe99608e70c524b17265641074281c8b978ae4')
+})
--- a/nip06.ts
+++ b/nip06.ts
@@ -7,8 +7,8 @@ import {
 } from '@scure/bip39'
 import {HDKey} from '@scure/bip32'

-export function privateKeyFromSeedWords(mnemonic: string): string {
-  let root = HDKey.fromMasterSeed(mnemonicToSeedSync(mnemonic))
+export function privateKeyFromSeedWords(mnemonic: string, passphrase?: string): string {
+  let root = HDKey.fromMasterSeed(mnemonicToSeedSync(mnemonic, passphrase))
  let privateKey = root.derive(`m/44'/1237'/0'/0/0`).privateKey
  if (!privateKey) throw new Error('could not derive private key')
  return secp256k1.utils.bytesToHex(privateKey)
--- a/nip19.ts
+++ b/nip19.ts
@@ -3,6 +3,8 @@ import {bech32} from '@scure/base'

 import {utf8Decoder, utf8Encoder} from './utils'

+const Bech32MaxSize = 5000
+
 export type ProfilePointer = {
  pubkey: string // hex
  relays?: string[]
@@ -17,7 +19,7 @@ export function decode(nip19: string): {
  type: string
  data: ProfilePointer | EventPointer | string
 } {
-  let {prefix, words} = bech32.decode(nip19, 1000)
+  let {prefix, words} = bech32.decode(nip19, Bech32MaxSize)
  let data = new Uint8Array(bech32.fromWords(words))

  if (prefix === 'nprofile') {
@@ -87,7 +89,7 @@ export function noteEncode(hex: string): string {
 function encodeBytes(prefix: string, hex: string): string {
  let data = secp256k1.utils.hexToBytes(hex)
  let words = bech32.toWords(data)
-  return bech32.encode(prefix, words, 1000)
+  return bech32.encode(prefix, words, Bech32MaxSize)
 }

 export function nprofileEncode(profile: ProfilePointer): string {
@@ -96,7 +98,7 @@ export function nprofileEncode(profile: ProfilePointer): string {
    1: (profile.relays || []).map(url => utf8Encoder.encode(url))
  })
  let words = bech32.toWords(data)
-  return bech32.encode('nprofile', words, 1000)
+  return bech32.encode('nprofile', words, Bech32MaxSize)
 }

 export function neventEncode(event: EventPointer): string {
@@ -105,7 +107,7 @@ export function neventEncode(event: EventPointer): string {
    1: (event.relays || []).map(url => utf8Encoder.encode(url))
  })
  let words = bech32.toWords(data)
-  return bech32.encode('nevent', words, 1000)
+  return bech32.encode('nevent', words, Bech32MaxSize)
 }

 function encodeTLV(tlv: TLV): Uint8Array {
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "nostr-tools",
-  "version": "1.1.0",
+  "version": "1.2.0",
  "description": "Tools for making a Nostr client.",
  "repository": {
    "type": "git",
--- a/relay.test.js
+++ b/relay.test.js
@@ -98,7 +98,7 @@ test('listening (twice) and publishing', async () => {
    content: 'nostr-tools test suite'
  }
  event.id = getEventHash(event)
-  event.sig = await signEvent(event, sk)
+  event.sig = signEvent(event, sk)

  relay.publish(event)
  return expect(
--- a/relay.ts
+++ b/relay.ts
@@ -2,6 +2,7 @@

 import {Event, verifySignature, validateEvent} from './event'
 import {Filter, matchFilters} from './filter'
+import {getHex64} from './fakejson'

 type RelayEvent = 'connect' | 'disconnect' | 'error' | 'notice'

@@ -31,10 +32,16 @@ type SubscriptionOptions = {
  id?: string
 }

-export function relayInit(url: string): Relay {
+export function relayInit(
+  url: string,
+  alreadyHaveEvent: (id: string) => boolean = () => false
+): Relay {
  var ws: WebSocket
  var resolveClose: () => void
-  var untilOpen: Promise<void>
+  var setOpen: (value: PromiseLike<void> | void) => void
+  var untilOpen = new Promise<void>(resolve => {
+    setOpen = resolve
+  })
  var openSubs: {[id: string]: {filters: Filter[]} & SubscriptionOptions} = {}
  var listeners: {
    connect: Array<() => void>
@@ -67,6 +74,7 @@ export function relayInit(url: string): Relay {

      ws.onopen = () => {
        listeners.connect.forEach(cb => cb())
+        setOpen()
        resolve()
      }
      ws.onerror = () => {
@@ -78,19 +86,36 @@ export function relayInit(url: string): Relay {
        resolveClose && resolveClose()
      }

-      ws.onmessage = async e => {
-        var data
-        try {
-          data = JSON.parse(e.data)
-        } catch (err) {
-          data = e.data
+      let incomingMessageQueue: string[] = []
+      let handleNextInterval: any
+
+      ws.onmessage = e => {
+        incomingMessageQueue.push(e.data)
+        if (!handleNextInterval) {
+          handleNextInterval = setInterval(handleNext, 0)
+        }
+      }
+
+      function handleNext() {
+        if (incomingMessageQueue.length === 0) {
+          clearInterval(handleNextInterval)
+          handleNextInterval = null
+          return
        }

-        if (data.length >= 1) {
+        var json = incomingMessageQueue.shift()
+        if (!json || alreadyHaveEvent(getHex64(json, 'id'))) {
+          return
+        }
+
+        try {
+          let data = JSON.parse(json)
+
+          // we won't do any checks against the data since all failures (i.e. invalid messages from relays)
+          // will naturally be caught by the encompassing try..catch block
+
          switch (data[0]) {
            case 'EVENT':
-              if (data.length !== 3) return // ignore empty or malformed EVENT
-
              let id = data[1]
              let event = data[2]
              if (
@@ -104,13 +129,11 @@ export function relayInit(url: string): Relay {
              }
              return
            case 'EOSE': {
-              if (data.length !== 2) return // ignore empty or malformed EOSE
              let id = data[1]
              ;(subListeners[id]?.eose || []).forEach(cb => cb())
              return
            }
            case 'OK': {
-              if (data.length < 3) return // ignore empty or malformed OK
              let id: string = data[1]
              let ok: boolean = data[2]
              let reason: string = data[3] || ''
@@ -119,11 +142,12 @@ export function relayInit(url: string): Relay {
              return
            }
            case 'NOTICE':
-              if (data.length !== 2) return // ignore empty or malformed NOTICE
              let notice = data[1]
              listeners.notice.forEach(cb => cb(notice))
              return
          }
+        } catch (err) {
+          return
        }
      }
    })
@@ -138,7 +162,11 @@ export function relayInit(url: string): Relay {
    let msg = JSON.stringify(params)

    await untilOpen
-    ws.send(msg)
+    try {
+      ws.send(msg)
+    } catch (err) {
+      console.log(err)
+    }
  }

  const sub = (
@@ -186,19 +214,13 @@ export function relayInit(url: string): Relay {
  return {
    url,
    sub,
-    on: (
-      type: RelayEvent,
-      cb: any
-    ): void => {
+    on: (type: RelayEvent, cb: any): void => {
      listeners[type].push(cb)
      if (type === 'connect' && ws?.readyState === 1) {
        cb()
      }
    },
-    off: (
-      type: RelayEvent,
-      cb: any
-    ): void => {
+    off: (type: RelayEvent, cb: any): void => {
      let index = listeners[type].indexOf(cb)
      if (index !== -1) listeners[type].splice(index, 1)
    },
Author	SHA1	Message	Date
fiatjaf	7f1bd4f4a8	tag v1.2.0	2023-01-22 10:34:04 -03:00
fiatjaf	26089ef958	refactor previous commit a little, add fakejson module for simple parsing that doesn't use regex.	2023-01-22 10:32:33 -03:00
Martti Malmi	2e305b7cd4	incoming message queue, alreadyHaveEvent check, msg.send catch	2023-01-21 07:03:12 -03:00
fiatjaf	51c1a54ddf	test every pull request.	2023-01-20 17:00:48 -03:00
fiatjaf	cb05ee188f	increase bech32 max size to 5000.	2023-01-18 17:31:37 -03:00
jaonoctus	fa9e169c46	test(nip06): add nip06	2023-01-17 08:15:55 -03:00
jaonoctus	bb1e3f2fa6	feat(nip06): add passphrase optional param	2023-01-17 08:15:55 -03:00
David Strayhorn	160987472f	Update README.md remove extra &&	2023-01-14 08:20:10 -03:00
Callum Macdonald	8b18341ebb	Minor typo fix	2023-01-09 15:00:28 -03:00
fiatjaf	901445dea1	tag v1.1.1	2023-01-04 10:16:15 -03:00
fiatjaf	91b67cd0d5	fix readme signing example. fixes https://github.com/nbd-wtf/nostr-tools/issues/78	2023-01-04 10:15:16 -03:00
bayernator	1e696e0f3b	increase nprofile, encodeBytes, nprofileEncode string length parameter to 1500	2023-01-03 16:20:42 -03:00
fiatjaf	4b36848b2d	fix signing functions to be more strict and correct.	2022-12-29 18:26:28 -03:00
pseudozach	3cb351a5f4	fix typo	2022-12-28 09:18:09 -03:00
François-Xavier Thoorens	5db1934fa4	fixed security issue around event verification the use of id has been removed and the hash is computed instead	2022-12-27 16:46:36 -03:00