max keys 256.

fixes https://github.com/nbd-wtf/nostr-tools/issues/169

.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.eslintrc.json

@@ -22,6 +22,7 @@
 
   "globals": {
     "document": false,
+    "BigInt": false,
     "navigator": false,
     "window": false,
     "crypto": false,

event.ts

@@ -13,6 +13,7 @@ export enum Kind {
   EncryptedDirectMessage = 4,
   EventDeletion = 5,
   Reaction = 7,
+  StatelessRevocation = 13,
   ChannelCreation = 40,
   ChannelMetadata = 41,
   ChannelMessage = 42,

index.ts

@@ -8,9 +8,11 @@ export * from './references'
 export * as nip04 from './nip04'
 export * as nip05 from './nip05'
 export * as nip06 from './nip06'
+export * as nip10 from './nip10'
 export * as nip19 from './nip19'
 export * as nip26 from './nip26'
 export * as nip39 from './nip39'
+export * as nip41 from './nip41'
 export * as nip57 from './nip57'
 
 export * as fj from './fakejson'

nip10.test.js

@@ -0,0 +1,353 @@
+/* eslint-env jest */
+
+const {nip10} = require('./lib/nostr.cjs')
+
+describe('parse NIP10-referenced events', () => {
+  test('legacy + a lot of events', () => {
+    let event = {
+      tags: [
+        [
+          'e',
+          'b857504288c18a15950dd05b9e8772c62ca6289d5aac373c0a8ee5b132e94e7c'
+        ],
+        [
+          'e',
+          'bbd72f0ae14374aa8fb166b483cfcf99b57d7f4cf1600ccbf17c350040834631'
+        ],
+        [
+          'e',
+          '5e081ebb19153357d7c31e8a10b9ceeef29313f58dc8d701f66727fab02aef64'
+        ],
+        [
+          'e',
+          '49aff7ae6daeaaa2777931b90f9bb29f6cb01c5a3d7d88c8ba82d890f264afb4'
+        ],
+        [
+          'e',
+          '567b7c11f0fe582361e3cea6fcc7609a8942dfe196ee1b98d5604c93fbeea976'
+        ],
+        [
+          'e',
+          '090c037b2e399ee74d9f134758928948dd9154413ca1a1acb37155046e03a051'
+        ],
+        [
+          'e',
+          '89f220b63465c93542b1a78caa3a952cf4f196e91a50596493c8093c533ebc4d'
+        ],
+        [
+          'p',
+          '77ce56f89d1228f7ff3743ce1ad1b254857b9008564727ebd5a1f317362f6ca7'
+        ],
+        [
+          'p',
+          '534780e44da7b494485e85cd4cca6af4f6caa1627472432b6f2a4ece0e9e54ec'
+        ],
+        [
+          'p',
+          '4ca4f5533e40da5e0508796d409e6bb35a50b26fc304345617ab017183d83ac0'
+        ]
+      ]
+    }
+
+    expect(nip10.parse(event)).toEqual({
+      mentions: [
+        {
+          id: 'bbd72f0ae14374aa8fb166b483cfcf99b57d7f4cf1600ccbf17c350040834631',
+          relays: []
+        },
+        {
+          id: '5e081ebb19153357d7c31e8a10b9ceeef29313f58dc8d701f66727fab02aef64',
+          relays: []
+        },
+        {
+          id: '49aff7ae6daeaaa2777931b90f9bb29f6cb01c5a3d7d88c8ba82d890f264afb4',
+          relays: []
+        },
+        {
+          id: '567b7c11f0fe582361e3cea6fcc7609a8942dfe196ee1b98d5604c93fbeea976',
+          relays: []
+        },
+        {
+          id: '090c037b2e399ee74d9f134758928948dd9154413ca1a1acb37155046e03a051',
+          relays: []
+        }
+      ],
+      profiles: [
+        {
+          pubkey:
+            '77ce56f89d1228f7ff3743ce1ad1b254857b9008564727ebd5a1f317362f6ca7',
+          relays: []
+        },
+        {
+          pubkey:
+            '534780e44da7b494485e85cd4cca6af4f6caa1627472432b6f2a4ece0e9e54ec',
+          relays: []
+        },
+        {
+          pubkey:
+            '4ca4f5533e40da5e0508796d409e6bb35a50b26fc304345617ab017183d83ac0',
+          relays: []
+        }
+      ],
+      reply: {
+        id: '89f220b63465c93542b1a78caa3a952cf4f196e91a50596493c8093c533ebc4d',
+        relays: []
+      },
+      root: {
+        id: 'b857504288c18a15950dd05b9e8772c62ca6289d5aac373c0a8ee5b132e94e7c',
+        relays: []
+      }
+    })
+  })
+
+  test('legacy + 3 events', () => {
+    let event = {
+      tags: [
+        [
+          'e',
+          'b857504288c18a15950dd05b9e8772c62ca6289d5aac373c0a8ee5b132e94e7c'
+        ],
+        [
+          'e',
+          'bbd72f0ae14374aa8fb166b483cfcf99b57d7f4cf1600ccbf17c350040834631'
+        ],
+        [
+          'e',
+          '5e081ebb19153357d7c31e8a10b9ceeef29313f58dc8d701f66727fab02aef64'
+        ],
+        [
+          'p',
+          '77ce56f89d1228f7ff3743ce1ad1b254857b9008564727ebd5a1f317362f6ca7'
+        ],
+        [
+          'p',
+          '534780e44da7b494485e85cd4cca6af4f6caa1627472432b6f2a4ece0e9e54ec'
+        ],
+        [
+          'p',
+          '4ca4f5533e40da5e0508796d409e6bb35a50b26fc304345617ab017183d83ac0'
+        ]
+      ]
+    }
+
+    expect(nip10.parse(event)).toEqual({
+      mentions: [
+        {
+          id: 'bbd72f0ae14374aa8fb166b483cfcf99b57d7f4cf1600ccbf17c350040834631',
+          relays: []
+        }
+      ],
+      profiles: [
+        {
+          pubkey:
+            '77ce56f89d1228f7ff3743ce1ad1b254857b9008564727ebd5a1f317362f6ca7',
+          relays: []
+        },
+        {
+          pubkey:
+            '534780e44da7b494485e85cd4cca6af4f6caa1627472432b6f2a4ece0e9e54ec',
+          relays: []
+        },
+        {
+          pubkey:
+            '4ca4f5533e40da5e0508796d409e6bb35a50b26fc304345617ab017183d83ac0',
+          relays: []
+        }
+      ],
+      reply: {
+        id: '5e081ebb19153357d7c31e8a10b9ceeef29313f58dc8d701f66727fab02aef64',
+        relays: []
+      },
+      root: {
+        id: 'b857504288c18a15950dd05b9e8772c62ca6289d5aac373c0a8ee5b132e94e7c',
+        relays: []
+      }
+    })
+  })
+
+  test('legacy + 2 events', () => {
+    let event = {
+      tags: [
+        [
+          'e',
+          'b857504288c18a15950dd05b9e8772c62ca6289d5aac373c0a8ee5b132e94e7c'
+        ],
+        [
+          'e',
+          'bbd72f0ae14374aa8fb166b483cfcf99b57d7f4cf1600ccbf17c350040834631'
+        ],
+        [
+          'p',
+          '77ce56f89d1228f7ff3743ce1ad1b254857b9008564727ebd5a1f317362f6ca7'
+        ],
+        [
+          'p',
+          '534780e44da7b494485e85cd4cca6af4f6caa1627472432b6f2a4ece0e9e54ec'
+        ],
+        [
+          'p',
+          '4ca4f5533e40da5e0508796d409e6bb35a50b26fc304345617ab017183d83ac0'
+        ]
+      ]
+    }
+
+    expect(nip10.parse(event)).toEqual({
+      mentions: [],
+      profiles: [
+        {
+          pubkey:
+            '77ce56f89d1228f7ff3743ce1ad1b254857b9008564727ebd5a1f317362f6ca7',
+          relays: []
+        },
+        {
+          pubkey:
+            '534780e44da7b494485e85cd4cca6af4f6caa1627472432b6f2a4ece0e9e54ec',
+          relays: []
+        },
+        {
+          pubkey:
+            '4ca4f5533e40da5e0508796d409e6bb35a50b26fc304345617ab017183d83ac0',
+          relays: []
+        }
+      ],
+      reply: {
+        id: 'bbd72f0ae14374aa8fb166b483cfcf99b57d7f4cf1600ccbf17c350040834631',
+        relays: []
+      },
+      root: {
+        id: 'b857504288c18a15950dd05b9e8772c62ca6289d5aac373c0a8ee5b132e94e7c',
+        relays: []
+      }
+    })
+  })
+
+  test('legacy + 1 event', () => {
+    let event = {
+      tags: [
+        [
+          'e',
+          '9abbfd9b9ac5ecdab45d14b8bf8d746139ea039e931a1b376d19a239f1946590'
+        ],
+        [
+          'p',
+          '534780e44da7b494485e85cd4cca6af4f6caa1627472432b6f2a4ece0e9e54ec'
+        ]
+      ]
+    }
+
+    expect(nip10.parse(event)).toEqual({
+      mentions: [],
+      profiles: [
+        {
+          pubkey:
+            '534780e44da7b494485e85cd4cca6af4f6caa1627472432b6f2a4ece0e9e54ec',
+          relays: []
+        }
+      ],
+      reply: undefined,
+      root: {
+        id: '9abbfd9b9ac5ecdab45d14b8bf8d746139ea039e931a1b376d19a239f1946590',
+        relays: []
+      }
+    })
+  })
+
+  test.todo('recommended + a lot of events')
+  test.todo('recommended + 3 events')
+  test.todo('recommended + 2 events')
+
+  test('recommended + 1 event', () => {
+    let event = {
+      tags: [
+        [
+          'p',
+          'a8c21fcd8aa1f4befba14d72fc7a012397732d30d8b3131af912642f3c726f52',
+          'wss://relay.mostr.pub'
+        ],
+        [
+          'p',
+          '003d7fd21fd09ff7f6f63a75daf194dd99feefbe6919cc376b7359d5090aa9a6',
+          'wss://relay.mostr.pub'
+        ],
+        [
+          'p',
+          '2f6fbe452edd3987d3c67f3b034c03ec5bcf4d054c521c3a954686f89f03212e',
+          'wss://relay.mostr.pub'
+        ],
+        [
+          'p',
+          '44c7c74668ff222b0e0b30579c49fc6e22dafcdeaad091036c947f9856590f1e',
+          'wss://relay.mostr.pub'
+        ],
+        [
+          'p',
+          'c5cf39149caebda4cdd61771c51f6ba91ef5645919004e5c4998a4ea69f00512',
+          'wss://relay.mostr.pub'
+        ],
+        [
+          'p',
+          '094d44bb1e812696c57f57ad1c0c707812dedbe72c07e538b80639032c236a9e',
+          'wss://relay.mostr.pub'
+        ],
+        [
+          'p',
+          'a1ba0ac9b6ec098f726a3c11ec654df4a32cbb84b5377e8788395e9c27d9ecda',
+          'wss://relay.mostr.pub'
+        ],
+        [
+          'e',
+          'f9472913904ab7e9da008dcb2d85fd4af2d2993ada483d00c646d0c4481d031d',
+          'wss://relay.mostr.pub',
+          'reply'
+        ],
+        ['mostr', 'https://poa.st/objects/dc50684b-6364-4264-ab16-49f4622f05ea']
+      ]
+    }
+
+    expect(nip10.parse(event)).toEqual({
+      mentions: [],
+      profiles: [
+        {
+          pubkey:
+            'a8c21fcd8aa1f4befba14d72fc7a012397732d30d8b3131af912642f3c726f52',
+          relays: ['wss://relay.mostr.pub']
+        },
+        {
+          pubkey:
+            '003d7fd21fd09ff7f6f63a75daf194dd99feefbe6919cc376b7359d5090aa9a6',
+          relays: ['wss://relay.mostr.pub']
+        },
+        {
+          pubkey:
+            '2f6fbe452edd3987d3c67f3b034c03ec5bcf4d054c521c3a954686f89f03212e',
+          relays: ['wss://relay.mostr.pub']
+        },
+        {
+          pubkey:
+            '44c7c74668ff222b0e0b30579c49fc6e22dafcdeaad091036c947f9856590f1e',
+          relays: ['wss://relay.mostr.pub']
+        },
+        {
+          pubkey:
+            'c5cf39149caebda4cdd61771c51f6ba91ef5645919004e5c4998a4ea69f00512',
+          relays: ['wss://relay.mostr.pub']
+        },
+        {
+          pubkey:
+            '094d44bb1e812696c57f57ad1c0c707812dedbe72c07e538b80639032c236a9e',
+          relays: ['wss://relay.mostr.pub']
+        },
+        {
+          pubkey:
+            'a1ba0ac9b6ec098f726a3c11ec654df4a32cbb84b5377e8788395e9c27d9ecda',
+          relays: ['wss://relay.mostr.pub']
+        }
+      ],
+      reply: {
+        id: 'f9472913904ab7e9da008dcb2d85fd4af2d2993ada483d00c646d0c4481d031d',
+        relays: ['wss://relay.mostr.pub']
+      },
+      root: undefined
+    })
+  })
+})

nip10.ts

@@ -0,0 +1,96 @@
+import type {Event} from './event'
+import type {EventPointer, ProfilePointer} from './nip19'
+
+export type NIP10Result = {
+  /**
+   * Pointer to the root of the thread.
+   */
+  root: EventPointer | undefined
+
+  /**
+   * Pointer to a "parent" event that parsed event replies to (responded to).
+   */
+  reply: EventPointer | undefined
+
+  /**
+   * Pointers to events which may or may not be in the reply chain.
+   */
+  mentions: EventPointer[]
+
+  /**
+   * List of pubkeys that are involved in the thread in no particular order.
+   */
+  profiles: ProfilePointer[]
+}
+
+export function parse(event: Pick<Event, 'tags'>): NIP10Result {
+  const result: NIP10Result = {
+    reply: undefined,
+    root: undefined,
+    mentions: [],
+    profiles: []
+  }
+
+  const eTags: string[][] = []
+
+  for (const tag of event.tags) {
+    if (tag[0] === 'e' && tag[1]) {
+      eTags.push(tag)
+    }
+
+    if (tag[0] === 'p' && tag[1]) {
+      result.profiles.push({
+        pubkey: tag[1],
+        relays: tag[2] ? [tag[2]] : []
+      })
+    }
+  }
+
+  for (let eTagIndex = 0; eTagIndex < eTags.length; eTagIndex++) {
+    const eTag = eTags[eTagIndex]
+
+    const [_, eTagEventId, eTagRelayUrl, eTagMarker] = eTag as [
+      string,
+      string,
+      undefined | string,
+      undefined | string
+    ]
+
+    const eventPointer: EventPointer = {
+      id: eTagEventId,
+      relays: eTagRelayUrl ? [eTagRelayUrl] : []
+    }
+
+    const isFirstETag = eTagIndex === 0
+    const isLastETag = eTagIndex === eTags.length - 1
+
+    if (eTagMarker === 'root') {
+      result.root = eventPointer
+      continue
+    }
+
+    if (eTagMarker === 'reply') {
+      result.reply = eventPointer
+      continue
+    }
+
+    if (eTagMarker === 'mention') {
+      result.mentions.push(eventPointer)
+      continue
+    }
+
+    if (isFirstETag) {
+      result.root = eventPointer
+      continue
+    }
+
+    if (isLastETag) {
+      result.reply = eventPointer
+      continue
+    }
+
+    result.mentions.push(eventPointer)
+  }
+
+  return result
+}

nip41.test.js

@@ -0,0 +1,154 @@
+/* eslint-env jest */
+
+const secp256k1 = require('@noble/secp256k1')
+const {
+  getPublicKey,
+  validateEvent,
+  verifySignature,
+  generatePrivateKey,
+  nip41
+} = require('./lib/nostr.cjs')
+
+test('sanity', () => {
+  let sk = generatePrivateKey()
+
+  expect(getPublicKey(sk)).toEqual(secp256k1.Point.fromPrivateKey(sk).toHexX())
+})
+
+test('key arithmetics', () => {
+  expect(
+    secp256k1.utils.mod(secp256k1.CURVE.n + 1n, secp256k1.CURVE.n)
+  ).toEqual(1n)
+
+  let veryHighPoint = secp256k1.Point.fromPrivateKey(
+    (secp256k1.CURVE.n - 1n).toString(16).padStart(64, '0')
+  )
+  let pointAt2 = secp256k1.Point.fromPrivateKey(
+    2n.toString(16).padStart(64, '0')
+  )
+  let pointAt1 = secp256k1.Point.fromPrivateKey(
+    1n.toString(16).padStart(64, '0')
+  )
+  expect(veryHighPoint.add(pointAt2)).toEqual(pointAt1)
+
+  expect(
+    secp256k1.getPublicKey(1n.toString(16).padStart(64, '0'), true)
+  ).toEqual(pointAt1.toRawBytes(true))
+})
+
+test('testing getting child keys compatibility', () => {
+  let sk = '2222222222222222222222222222222222222222222222222222222222222222'
+  let pk = secp256k1.getPublicKey(sk, true)
+  let hsk = '3333333333333333333333333333333333333333333333333333333333333333'
+  let hpk = secp256k1.getPublicKey(hsk, true)
+
+  expect(secp256k1.utils.bytesToHex(nip41.getChildPublicKey(pk, hpk))).toEqual(
+    secp256k1.utils.bytesToHex(
+      secp256k1.getPublicKey(nip41.getChildPrivateKey(sk, hsk), true)
+    )
+  )
+})
+
+test('more testing child key derivation', () => {
+  ;[
+    {
+      sk: '448aedc74f93b71af69ed7c6860d95f148d796355517779c7631fdb64a085b26',
+      hsk: '00ee15a0a117e818073b92d7f3360029f6e091035534348f713a23d440bd8f58',
+      pk: '02e3990b0eb40452a8ffbd9fe99037deb7beeb6ab26020e8c0e8284f3009a56d0c',
+      hpk: '029e9cb07f3a3b8abcad629920d4a5460aefb6b7c08704b7f1ced8648b007ef65f'
+    },
+    {
+      sk: '778aedc74f93b71af69ed7c6860d95f148d796355517779c7631fdb64a085b26',
+      hsk: '99ee15a0a117e818073b92d7f3360029f6e091035534348f713a23d440bd8f58',
+      pk: '020d09894e321f53a7ac8bc003cb1563a4857d57ea69c39ab7189e2cccedc17d1b',
+      hpk: '0358fe19e14c78c4a8c0037a2b9d3e3a714717f2a2d8dd54a5e88d283440dcb28a'
+    },
+    {
+      sk: '2eb5edc74f93b71af69ed7c6860d95f148d796355517779c7631fdb64a085b26',
+      hsk: '65d515a0a117e818073b92d7f3360029f6e091035534348f713a23d440bd8f58',
+      pk: '03dd651a07dc6c9a54b596f6492c9623a595cb48e31af04f8c322d4ce81accb2b0',
+      hpk: '03b8c98d920141a1e168d21e9315cf933a601872ebf57751b30797fb98526c2f4f'
+    }
+  ].forEach(({pk, hpk, sk, hsk}) => {
+    expect(
+      secp256k1.utils.bytesToHex(secp256k1.getPublicKey(sk, true))
+    ).toEqual(pk)
+    expect(
+      secp256k1.utils.bytesToHex(secp256k1.getPublicKey(hsk, true))
+    ).toEqual(hpk)
+
+    expect(
+      secp256k1.utils.bytesToHex(
+        nip41.getChildPublicKey(
+          secp256k1.utils.hexToBytes(pk),
+          secp256k1.utils.hexToBytes(hpk)
+        )
+      )
+    ).toEqual(
+      secp256k1.utils.bytesToHex(
+        secp256k1.getPublicKey(nip41.getChildPrivateKey(sk, hsk), true)
+      )
+    )
+  })
+})
+
+test('generating a revocation event and validating it', () => {
+  const mnemonic =
+    'air property excess weird rare rival fade intact brave office mirror wait'
+
+  const firstKey = nip41.getPrivateKeyAtIndex(mnemonic, 9)
+  // expect(firstKey).toEqual(
+  //   '8495ba55f56485d378aa275604a45e76abbcae177e374fa06af5770c3b8e24af'
+  // )
+  const firstPubkey = getPublicKey(firstKey)
+  // expect(firstPubkey).toEqual(
+  //   '35246813a0dd45e74ce22ecdf052cca8ed47759c8f8d412c281dc2755110956f'
+  // )
+
+  // first key is compromised, revoke it
+  let {parentPrivateKey, event} = nip41.buildRevocationEvent(
+    mnemonic,
+    firstPubkey
+  )
+
+  const secondKey = nip41.getPrivateKeyAtIndex(mnemonic, 8)
+  expect(parentPrivateKey).toEqual(secondKey)
+  expect(secondKey).toEqual(
+    '1b311655ef73bed3bbebc83d0cb3eef42c6aff45f944e3a0c263eb6fdf98c617'
+  )
+
+  expect(event).toHaveProperty('kind', 13)
+  expect(event.tags).toHaveLength(2)
+  expect(event.tags[0]).toHaveLength(2)
+  expect(event.tags[1]).toHaveLength(2)
+  expect(event.tags[0][0]).toEqual('p')
+  expect(event.tags[1][0]).toEqual('hidden-key')
+
+  let hiddenKey = secp256k1.utils.hexToBytes(event.tags[1][1])
+
+  let pubkeyAlt1 = secp256k1.utils
+    .bytesToHex(
+      nip41.getChildPublicKey(
+        secp256k1.utils.hexToBytes('02' + event.pubkey),
+        hiddenKey
+      )
+    )
+    .slice(2)
+  let pubkeyAlt2 = secp256k1.utils
+    .bytesToHex(
+      nip41.getChildPublicKey(
+        secp256k1.utils.hexToBytes('03' + event.pubkey),
+        hiddenKey
+      )
+    )
+    .slice(2)
+
+  expect([pubkeyAlt1, pubkeyAlt2]).toContain(event.tags[0][1])
+
+  // receiver of revocation event can validate it
+  let secondPubkey = getPublicKey(secondKey)
+  expect(event.pubkey).toEqual(secondPubkey)
+  expect(validateEvent(event)).toBeTruthy()
+  expect(verifySignature(event)).toBeTruthy()
+  expect(nip41.validateRevocation(event)).toBeTruthy()
+})

nip41.ts

@@ -0,0 +1,160 @@
+import * as secp256k1 from '@noble/secp256k1'
+import {sha256} from '@noble/hashes/sha256'
+import {mnemonicToSeedSync} from '@scure/bip39'
+import {HARDENED_OFFSET, HDKey} from '@scure/bip32'
+
+import {getPublicKey} from './keys'
+import {Event, getEventHash, Kind, signEvent, verifySignature} from './event'
+
+const MaxKeys = 256
+
+function getRootFromMnemonic(mnemonic: string): HDKey {
+  return HDKey.fromMasterSeed(mnemonicToSeedSync(mnemonic)).derive(
+    `m/44'/1237'/41'`
+  )
+}
+
+export function getPrivateKeyAtIndex(
+  mnemonic: string,
+  targetIdx: number
+): string {
+  let root = getRootFromMnemonic(mnemonic)
+  let rootPrivateKey = secp256k1.utils.bytesToHex(root.privateKey as Uint8Array)
+  let currentPrivateKey = rootPrivateKey
+
+  for (let idx = 1; idx <= targetIdx; idx++) {
+    let hiddenPrivateKey = secp256k1.utils.bytesToHex(
+      root.deriveChild(idx + HARDENED_OFFSET).privateKey as Uint8Array
+    )
+    currentPrivateKey = getChildPrivateKey(currentPrivateKey, hiddenPrivateKey)
+  }
+
+  return currentPrivateKey
+}
+
+export function getPublicKeyAtIndex(
+  root: HDKey,
+  targetIdx: number
+): Uint8Array {
+  let rootPublicKey = root.publicKey as Uint8Array
+
+  let currentPublicKey = rootPublicKey
+  for (let idx = 1; idx <= targetIdx; idx++) {
+    let hiddenPublicKey = root.deriveChild(idx + HARDENED_OFFSET)
+      .publicKey as Uint8Array
+    currentPublicKey = getChildPublicKey(currentPublicKey, hiddenPublicKey)
+  }
+
+  return currentPublicKey
+}
+
+function getIndexOfPublicKey(root: HDKey, publicKey: string): number {
+  let rootPublicKey = root.publicKey as Uint8Array
+  if (secp256k1.utils.bytesToHex(rootPublicKey).slice(2) === publicKey) return 0
+
+  let currentPublicKey = rootPublicKey
+  for (let idx = 1; idx <= MaxKeys; idx++) {
+    let hiddenPublicKey = root.deriveChild(idx + HARDENED_OFFSET)
+      .publicKey as Uint8Array
+    let pubkeyAtIndex = getChildPublicKey(currentPublicKey, hiddenPublicKey)
+    if (secp256k1.utils.bytesToHex(pubkeyAtIndex).slice(2) === publicKey)
+      return idx
+
+    currentPublicKey = pubkeyAtIndex
+  }
+
+  throw new Error(
+    `public key ${publicKey} not in the set of the first ${MaxKeys} public keys`
+  )
+}
+
+export function getChildPublicKey(
+  parentPublicKey: Uint8Array,
+  hiddenPublicKey: Uint8Array
+): Uint8Array {
+  if (parentPublicKey.length !== 33 || hiddenPublicKey.length !== 33)
+    throw new Error(
+      'getChildPublicKey() requires public keys with the leading differentiator byte.'
+    )
+
+  let hash = sha256(
+    secp256k1.utils.concatBytes(hiddenPublicKey, parentPublicKey)
+  )
+  let hashPoint = secp256k1.Point.fromPrivateKey(hash)
+  let point = secp256k1.Point.fromHex(hiddenPublicKey).add(hashPoint)
+  return point.toRawBytes(true)
+}
+
+export function getChildPrivateKey(
+  parentPrivateKey: string,
+  hiddenPrivateKey: string
+): string {
+  let parentPublicKey = secp256k1.getPublicKey(parentPrivateKey, true)
+  let hiddenPublicKey = secp256k1.getPublicKey(hiddenPrivateKey, true)
+  let hash = sha256(
+    secp256k1.utils.concatBytes(hiddenPublicKey, parentPublicKey)
+  )
+  let hashScalar = BigInt(`0x${secp256k1.utils.bytesToHex(hash)}`)
+  let hiddenPrivateKeyScalar = BigInt(`0x${hiddenPrivateKey}`)
+  let sumScalar = hiddenPrivateKeyScalar + hashScalar
+  let modulo = secp256k1.utils.mod(sumScalar, secp256k1.CURVE.n)
+  return modulo.toString(16).padStart(64, '0')
+}
+
+export function buildRevocationEvent(
+  mnemonic: string,
+  compromisedKey: string,
+  content = ''
+): {
+  parentPrivateKey: string
+  event: Event
+} {
+  let root = getRootFromMnemonic(mnemonic)
+  let idx = getIndexOfPublicKey(root, compromisedKey)
+  let hiddenKey = secp256k1.utils.bytesToHex(
+    root.deriveChild(idx + HARDENED_OFFSET).publicKey as Uint8Array
+  )
+  let parentPrivateKey = getPrivateKeyAtIndex(mnemonic, idx - 1)
+  let parentPublicKey = getPublicKey(parentPrivateKey)
+
+  let event: Event = {
+    kind: 13,
+    tags: [
+      ['p', compromisedKey],
+      ['hidden-key', hiddenKey]
+    ],
+    created_at: Math.round(Date.now() / 1000),
+    content,
+    pubkey: parentPublicKey
+  }
+
+  event.sig = signEvent(event, parentPrivateKey)
+  event.id = getEventHash(event)
+
+  return {parentPrivateKey, event}
+}
+
+export function validateRevocation(event: Event): boolean {
+  if (event.kind !== Kind.StatelessRevocation) return false
+  if (!verifySignature(event)) return false
+
+  let invalidKeyTag = event.tags.find(([t, v]) => t === 'p' && v)
+  if (!invalidKeyTag) return false
+  let invalidKey = invalidKeyTag[1]
+
+  let hiddenKeyTag = event.tags.find(([t, v]) => t === 'hidden-key' && v)
+  if (!hiddenKeyTag) return false
+  let hiddenKey = secp256k1.utils.hexToBytes(hiddenKeyTag[1])
+  if (hiddenKey.length !== 33) return false
+
+  let currentKeyAlt1 = secp256k1.utils.hexToBytes('02' + event.pubkey)
+  let currentKeyAlt2 = secp256k1.utils.hexToBytes('03' + event.pubkey)
+  let childKeyAlt1 = secp256k1.utils
+    .bytesToHex(getChildPublicKey(currentKeyAlt1, hiddenKey))
+    .slice(2)
+  let childKeyAlt2 = secp256k1.utils
+    .bytesToHex(getChildPublicKey(currentKeyAlt2, hiddenKey))
+    .slice(2)
+
+  return childKeyAlt1 === invalidKey || childKeyAlt2 === invalidKey
+}

nip57.test.js

@@ -0,0 +1,335 @@
+const {bech32} = require('@scure/base')
+const {
+  nip57,
+  generatePrivateKey,
+  getPublicKey,
+  finishEvent
+} = require('./lib/nostr.cjs')
+
+describe('getZapEndpoint', () => {
+  test('returns null if neither lud06 nor lud16 is present', async () => {
+    const metadata = {content: '{}'}
+    const result = await nip57.getZapEndpoint(metadata)
+
+    expect(result).toBeNull()
+  })
+
+  test('returns null if fetch fails', async () => {
+    const fetchImplementation = jest.fn(() => Promise.reject(new Error()))
+    nip57.useFetchImplementation(fetchImplementation)
+
+    const metadata = {content: '{"lud16": "name@domain"}'}
+    const result = await nip57.getZapEndpoint(metadata)
+
+    expect(result).toBeNull()
+    expect(fetchImplementation).toHaveBeenCalledWith(
+      'https://domain/.well-known/lnurlp/name'
+    )
+  })
+
+  test('returns null if the response does not allow Nostr payments', async () => {
+    const fetchImplementation = jest.fn(() =>
+      Promise.resolve({json: () => ({allowsNostr: false})})
+    )
+    nip57.useFetchImplementation(fetchImplementation)
+
+    const metadata = {content: '{"lud16": "name@domain"}'}
+    const result = await nip57.getZapEndpoint(metadata)
+
+    expect(result).toBeNull()
+    expect(fetchImplementation).toHaveBeenCalledWith(
+      'https://domain/.well-known/lnurlp/name'
+    )
+  })
+
+  test('returns the callback URL if the response allows Nostr payments', async () => {
+    const fetchImplementation = jest.fn(() =>
+      Promise.resolve({
+        json: () => ({
+          allowsNostr: true,
+          nostrPubkey: 'pubkey',
+          callback: 'callback'
+        })
+      })
+    )
+    nip57.useFetchImplementation(fetchImplementation)
+
+    const metadata = {content: '{"lud16": "name@domain"}'}
+    const result = await nip57.getZapEndpoint(metadata)
+
+    expect(result).toBe('callback')
+    expect(fetchImplementation).toHaveBeenCalledWith(
+      'https://domain/.well-known/lnurlp/name'
+    )
+  })
+})
+
+describe('makeZapRequest', () => {
+  test('throws an error if amount is not given', () => {
+    expect(() =>
+      nip57.makeZapRequest({
+        profile: 'profile',
+        event: null,
+        relays: [],
+        comment: ''
+      })
+    ).toThrow()
+  })
+
+  test('throws an error if profile is not given', () => {
+    expect(() =>
+      nip57.makeZapRequest({
+        event: null,
+        amount: 100,
+        relays: [],
+        comment: ''
+      })
+    ).toThrow()
+  })
+
+  test('returns a valid Zap request', () => {
+    const result = nip57.makeZapRequest({
+      profile: 'profile',
+      event: 'event',
+      amount: 100,
+      relays: ['relay1', 'relay2'],
+      comment: 'comment'
+    })
+    expect(result.kind).toBe(9734)
+    expect(result.created_at).toBeCloseTo(Date.now() / 1000, 0)
+    expect(result.content).toBe('comment')
+    expect(result.tags).toEqual(
+      expect.arrayContaining([
+        ['p', 'profile'],
+        ['amount', '100'],
+        ['relays', 'relay1', 'relay2']
+      ])
+    )
+    expect(result.tags).toContainEqual(['e', 'event'])
+  })
+})
+
+describe('validateZapRequest', () => {
+  test('returns an error message for invalid JSON', () => {
+    expect(nip57.validateZapRequest('invalid JSON')).toBe(
+      'Invalid zap request JSON.'
+    )
+  })
+
+  test('returns an error message if the Zap request is not a valid Nostr event', () => {
+    const zapRequest = {
+      kind: 1234,
+      created_at: Date.now() / 1000,
+      content: 'content',
+      tags: [
+        ['p', 'profile'],
+        ['amount', '100'],
+        ['relays', 'relay1', 'relay2']
+      ]
+    }
+
+    expect(nip57.validateZapRequest(JSON.stringify(zapRequest))).toBe(
+      'Zap request is not a valid Nostr event.'
+    )
+  })
+
+  test('returns an error message if the signature on the Zap request is invalid', () => {
+    const privateKey = generatePrivateKey()
+    const publicKey = getPublicKey(privateKey)
+
+    const zapRequest = {
+      pubkey: publicKey,
+      kind: 9734,
+      created_at: Date.now() / 1000,
+      content: 'content',
+      tags: [
+        ['p', publicKey],
+        ['amount', '100'],
+        ['relays', 'relay1', 'relay2']
+      ]
+    }
+
+    expect(nip57.validateZapRequest(JSON.stringify(zapRequest))).toBe(
+      'Invalid signature on zap request.'
+    )
+  })
+
+  test('returns an error message if the Zap request does not have a "p" tag', () => {
+    const privateKey = generatePrivateKey()
+
+    const zapRequest = finishEvent(
+      {
+        kind: 9734,
+        created_at: Date.now() / 1000,
+        content: 'content',
+        tags: [
+          ['amount', '100'],
+          ['relays', 'relay1', 'relay2']
+        ]
+      },
+      privateKey
+    )
+
+    expect(nip57.validateZapRequest(JSON.stringify(zapRequest))).toBe(
+      "Zap request doesn't have a 'p' tag."
+    )
+  })
+
+  test('returns an error message if the "p" tag on the Zap request is not valid hex', () => {
+    const privateKey = generatePrivateKey()
+
+    const zapRequest = finishEvent(
+      {
+        kind: 9734,
+        created_at: Date.now() / 1000,
+        content: 'content',
+        tags: [
+          ['p', 'invalid hex'],
+          ['amount', '100'],
+          ['relays', 'relay1', 'relay2']
+        ]
+      },
+      privateKey
+    )
+
+    expect(nip57.validateZapRequest(JSON.stringify(zapRequest))).toBe(
+      "Zap request 'p' tag is not valid hex."
+    )
+  })
+
+  test('returns an error message if the "e" tag on the Zap request is not valid hex', () => {
+    const privateKey = generatePrivateKey()
+    const publicKey = getPublicKey(privateKey)
+
+    const zapRequest = finishEvent(
+      {
+        kind: 9734,
+        created_at: Date.now() / 1000,
+        content: 'content',
+        tags: [
+          ['p', publicKey],
+          ['e', 'invalid hex'],
+          ['amount', '100'],
+          ['relays', 'relay1', 'relay2']
+        ]
+      },
+      privateKey
+    )
+
+    expect(nip57.validateZapRequest(JSON.stringify(zapRequest))).toBe(
+      "Zap request 'e' tag is not valid hex."
+    )
+  })
+
+  test('returns an error message if the Zap request does not have a relays tag', () => {
+    const privateKey = generatePrivateKey()
+    const publicKey = getPublicKey(privateKey)
+
+    const zapRequest = finishEvent(
+      {
+        kind: 9734,
+        created_at: Date.now() / 1000,
+        content: 'content',
+        tags: [
+          ['p', publicKey],
+          ['amount', '100']
+        ]
+      },
+      privateKey
+    )
+
+    expect(nip57.validateZapRequest(JSON.stringify(zapRequest))).toBe(
+      "Zap request doesn't have a 'relays' tag."
+    )
+  })
+
+  test('returns null for a valid Zap request', () => {
+    const privateKey = generatePrivateKey()
+    const publicKey = getPublicKey(privateKey)
+
+    const zapRequest = finishEvent(
+      {
+        kind: 9734,
+        created_at: Date.now() / 1000,
+        content: 'content',
+        tags: [
+          ['p', publicKey],
+          ['amount', '100'],
+          ['relays', 'relay1', 'relay2']
+        ]
+      },
+      privateKey
+    )
+
+    expect(nip57.validateZapRequest(JSON.stringify(zapRequest))).toBeNull()
+  })
+})
+
+describe('makeZapReceipt', () => {
+  test('returns a valid Zap receipt with a preimage', () => {
+    const privateKey = generatePrivateKey()
+    const publicKey = getPublicKey(privateKey)
+
+    const zapRequest = JSON.stringify(
+      finishEvent(
+        {
+          kind: 9734,
+          created_at: Date.now() / 1000,
+          content: 'content',
+          tags: [
+            ['p', publicKey],
+            ['amount', '100'],
+            ['relays', 'relay1', 'relay2']
+          ]
+        },
+        privateKey
+      )
+    )
+    const preimage = 'preimage'
+    const bolt11 = 'bolt11'
+    const paidAt = new Date()
+
+    const result = nip57.makeZapReceipt({zapRequest, preimage, bolt11, paidAt})
+
+    expect(result.kind).toBe(9735)
+    expect(result.created_at).toBeCloseTo(paidAt.getTime() / 1000, 0)
+    expect(result.content).toBe('')
+    expect(result.tags).toContainEqual(['bolt11', bolt11])
+    expect(result.tags).toContainEqual(['description', zapRequest])
+    expect(result.tags).toContainEqual(['p', publicKey])
+    expect(result.tags).toContainEqual(['preimage', preimage])
+  })
+
+  test('returns a valid Zap receipt without a preimage', () => {
+    const privateKey = generatePrivateKey()
+    const publicKey = getPublicKey(privateKey)
+
+    const zapRequest = JSON.stringify(
+      finishEvent(
+        {
+          kind: 9734,
+          created_at: Date.now() / 1000,
+          content: 'content',
+          tags: [
+            ['p', publicKey],
+            ['amount', '100'],
+            ['relays', 'relay1', 'relay2']
+          ]
+        },
+        privateKey
+      )
+    )
+    const bolt11 = 'bolt11'
+    const paidAt = new Date()
+
+    const result = nip57.makeZapReceipt({zapRequest, bolt11, paidAt})
+
+    expect(result.kind).toBe(9735)
+    expect(result.created_at).toBeCloseTo(paidAt.getTime() / 1000, 0)
+    expect(result.content).toBe('')
+    expect(result.tags).toContainEqual(['bolt11', bolt11])
+    expect(result.tags).toContainEqual(['description', zapRequest])
+    expect(result.tags).toContainEqual(['p', publicKey])
+    expect(result.tags).not.toContain('preimage')
+  })
+})

package.json

@@ -1,6 +1,6 @@
 {
   "name": "nostr-tools",
-  "version": "1.8.0",
+  "version": "1.8.2",
   "description": "Tools for making a Nostr client.",
   "repository": {
     "type": "git",

pool.ts

@@ -26,22 +26,16 @@ export class SimplePool {
 
   async ensureRelay(url: string): Promise<Relay> {
     const nm = normalizeURL(url)
-    const existing = this._conn[nm]
-    if (existing && existing.status === 1) return existing
 
-    if (existing) {
-      await existing.connect()
-      return existing
+    if (!this._conn[nm]) {
+      this._conn[nm] = relayInit(nm, {
+        getTimeout: this.getTimeout * 0.9,
+        listTimeout: this.getTimeout * 0.9
+      })
     }
 
-    const relay = relayInit(nm, {
-      getTimeout: this.getTimeout * 0.9,
-      listTimeout: this.getTimeout * 0.9
-    })
-    this._conn[nm] = relay
-
+    const relay = this._conn[nm]
     await relay.connect()
-
     return relay
   }
 
@@ -55,7 +49,6 @@ export class SimplePool {
       let set = this._seenOn[id] || new Set()
       set.add(url)
       this._seenOn[id] = set
-      _knownIds.add(id)
       return _knownIds.has(id)
     }
 
@@ -81,6 +74,7 @@ export class SimplePool {
       if (!r) return
       let s = r.sub(filters, modifiedOpts)
       s.on('event', (event: Event) => {
+        _knownIds.add(event.id as string)
         for (let cb of eventListeners.values()) cb(event)
       })
       s.on('eose', () => {
@@ -165,22 +159,36 @@ export class SimplePool {
   }
 
   publish(relays: string[], event: Event): Pub {
-    const pubs: Pub[] = []
-    relays.forEach(async relay => {
+    const pubPromises: Promise<Pub>[] = relays.map(async relay => {
       let r
       try {
         r = await this.ensureRelay(relay)
-        pubs.push(r.publish(event))
-      } catch (_) {}
+        return r.publish(event)
+      } catch (_) {
+        return {on() {}, off() {}}
+      }
     })
+
+    const callbackMap = new Map()
+
     return {
       on(type, cb) {
-        pubs.forEach((pub, i) => {
-          pub.on(type, () => cb(relays[i]))
+        relays.forEach(async (relay, i) => {
+          let pub = await pubPromises[i]
+          let callback = () => cb(relay)
+          callbackMap.set(cb, callback)
+          pub.on(type, callback)
         })
       },
-      off() {
-        // do nothing here, FIXME
+
+      off(type, cb) {
+        relays.forEach(async (_, i) => {
+          let callback = callbackMap.get(cb)
+          if (callback) {
+            let pub = await pubPromises[i]
+            pub.off(type, callback)
+          }
+        })
       }
     }
   }

relay.ts

@@ -83,8 +83,10 @@ export function relayInit(
     }
   } = {}
 
+  var connectionPromise: Promise<void> | undefined
   async function connectRelay(): Promise<void> {
-    return new Promise((resolve, reject) => {
+    if (connectionPromise) return connectionPromise
+    connectionPromise = new Promise((resolve, reject) => {
       try {
         ws = new WebSocket(url)
       } catch (err) {
@@ -96,10 +98,12 @@ export function relayInit(
         resolve()
       }
       ws.onerror = () => {
+        connectionPromise = undefined
         listeners.error.forEach(cb => cb())
         reject()
       }
       ws.onclose = async () => {
+        connectionPromise = undefined
         listeners.disconnect.forEach(cb => cb())
       }
 
@@ -185,6 +189,8 @@ export function relayInit(
         }
       }
     })
+
+    return connectionPromise
   }
 
   function connected() {