nip46: fix checking event that comes from bunker call sign_event and bump version.

kinds.ts

@@ -78,6 +78,7 @@ export const ClientAuth = 22242
 export const NWCWalletRequest = 23194
 export const NWCWalletResponse = 23195
 export const NostrConnect = 24133
+export const NostrConnectAdmin = 24134
 export const HTTPAuth = 27235
 export const Followsets = 30000
 export const Genericlists = 30001

nip05.ts

@@ -7,7 +7,7 @@ import { ProfilePointer } from './nip19.ts'
  * - 1: name (optional)
  * - 2: domain
  */
-export const NIP05_REGEX = /^(?:([\w.+-]+)@)?([\w.-]+)$/
+export const NIP05_REGEX = /^(?:([\w.+-]+)@)?([\w_-]+(\.[\w_-]+)+)$/
 
 var _fetch: any
 
@@ -21,9 +21,10 @@ export function useFetchImplementation(fetchImplementation: any) {
 
 export async function searchDomain(domain: string, query = ''): Promise<{ [name: string]: string }> {
   try {
-    let res = await (await _fetch(`https://${domain}/.well-known/nostr.json?name=${query}`)).json()
+    const url = `https://${domain}/.well-known/nostr.json?name=${query}`
-
+    const res = await _fetch(url, { redirect: 'error' })
-    return res.names
+    const json = await res.json()
+    return json.names
   } catch (_) {
     return {}
   }
@@ -36,46 +37,17 @@ export async function queryProfile(fullname: string): Promise<ProfilePointer | n
   const [_, name = '_', domain] = match
 
   try {
-    const res = await _fetch(`https://${domain}/.well-known/nostr.json?name=${name}`)
+    const url = `https://${domain}/.well-known/nostr.json?name=${name}`
-    const { names, relays } = parseNIP05Result(await res.json())
+    const res = await (await _fetch(url, { redirect: 'error' })).json()
 
-    const pubkey = names[name]
+    let pubkey = res.names[name]
-    return pubkey ? { pubkey, relays: relays?.[pubkey] } : null
+    return pubkey ? { pubkey, relays: res.relays?.[pubkey] } : null
   } catch (_e) {
     return null
   }
 }
 
-/** nostr.json result. */
+export async function isValid(pubkey: string, nip05: string): Promise<boolean> {
-export interface NIP05Result {
+  let res = await queryProfile(nip05)
-  names: {
+  return res ? res.pubkey === pubkey : false
-    [name: string]: string
-  }
-  relays?: {
-    [pubkey: string]: string[]
-  }
-}
-
-/** Parse the nostr.json and throw if it's not valid. */
-function parseNIP05Result(json: any): NIP05Result {
-  const result: NIP05Result = {
-    names: {},
-  }
-
-  for (const [name, pubkey] of Object.entries(json.names)) {
-    if (typeof name === 'string' && typeof pubkey === 'string') {
-      result.names[name] = pubkey
-    }
-  }
-
-  if (json.relays) {
-    result.relays = {}
-    for (const [pubkey, relays] of Object.entries(json.relays)) {
-      if (typeof pubkey === 'string' && Array.isArray(relays)) {
-        result.relays[pubkey] = relays.filter((relay: unknown) => typeof relay === 'string')
-      }
-    }
-  }
-
-  return result
 }

nip19.ts

@@ -3,7 +3,7 @@ import { bech32 } from '@scure/base'
 
 import { utf8Decoder, utf8Encoder } from './utils.ts'
 
-const Bech32MaxSize = 5000
+export const Bech32MaxSize = 5000
 
 /**
  * Bech32 regex.
@@ -175,7 +175,7 @@ function encodeBech32<Prefix extends string>(prefix: Prefix, data: Uint8Array):
   return bech32.encode(prefix, words, Bech32MaxSize) as `${Prefix}1${string}`
 }
 
-function encodeBytes<Prefix extends string>(prefix: Prefix, bytes: Uint8Array): `${Prefix}1${string}` {
+export function encodeBytes<Prefix extends string>(prefix: Prefix, bytes: Uint8Array): `${Prefix}1${string}` {
   return encodeBech32(prefix, bytes)
 }
 

nip29.ts

@@ -1,8 +1,114 @@
-import type { Event } from './pure'
+import { AbstractSimplePool } from './abstract-pool'
+import { Subscription } from './abstract-relay'
+import { decode } from './nip19'
+import type { Event } from './core'
+import { fetchRelayInformation } from './nip11'
+import { normalizeURL } from './utils'
+import { AddressPointer } from './nip19'
+
+export function subscribeRelayGroups(
+  pool: AbstractSimplePool,
+  url: string,
+  params: {
+    ongroups: (_: Group[]) => void
+    onerror: (_: Error) => void
+    onconnect?: () => void
+  },
+): () => void {
+  let normalized = normalizeURL(url)
+  let sub: Subscription
+  let groups: Group[] = []
+
+  fetchRelayInformation(normalized)
+    .then(async info => {
+      let rl = await pool.ensureRelay(normalized)
+      params.onconnect?.()
+      sub = rl.prepareSubscription(
+        [
+          {
+            kinds: [39000],
+            limit: 50,
+            authors: [info.pubkey],
+          },
+        ],
+        {
+          onevent(event: Event) {
+            groups.push(parseGroup(event, normalized))
+          },
+          oneose() {
+            params.ongroups(groups)
+            sub.onevent = (event: Event) => {
+              groups.push(parseGroup(event, normalized))
+              params.ongroups(groups)
+            }
+          },
+        },
+      )
+      sub.fire()
+    })
+    .catch(params.onerror)
+
+  return () => sub.close()
+}
+
+export async function loadGroup(pool: AbstractSimplePool, gr: GroupReference): Promise<Group> {
+  let normalized = normalizeURL(gr.host)
+
+  let info = await fetchRelayInformation(normalized)
+  let event = await pool.get([normalized], {
+    kinds: [39000],
+    authors: [info.pubkey],
+    '#d': [gr.id],
+  })
+  if (!event) throw new Error(`group '${gr.id}' not found on ${gr.host}`)
+  return parseGroup(event, normalized)
+}
+
+export async function loadGroupFromCode(pool: AbstractSimplePool, code: string): Promise<Group> {
+  let gr = parseGroupCode(code)
+  if (!gr) throw new Error(`code "${code}" does not identify a group`)
+  return loadGroup(pool, gr)
+}
+
+export type GroupReference = {
+  id: string
+  host: string
+}
+
+export function parseGroupCode(code: string): null | GroupReference {
+  if (code.startsWith('naddr1')) {
+    try {
+      let { data } = decode(code)
+
+      let { relays, identifier } = data as AddressPointer
+      if (!relays || relays.length === 0) return null
+
+      let host = relays![0]
+      if (host.startsWith('wss://')) {
+        host = host.slice(6)
+      }
+      return { host, id: identifier }
+    } catch (err) {
+      return null
+    }
+  } else if (code.split("'").length === 2) {
+    let spl = code.split("'")
+    return { host: spl[0], id: spl[1] }
+  }
+
+  return null
+}
+
+export function encodeGroupReference(gr: GroupReference): string {
+  if (gr.host.startsWith('https://')) gr.host = gr.host.slice(8)
+  if (gr.host.startsWith('wss://')) gr.host = gr.host.slice(6)
+  return `${gr.host}'${gr.id}`
+}
 
 export type Group = {
   id: string
   relay: string
+  pubkey: string
   name?: string
   picture?: string
   about?: string
@@ -11,7 +117,7 @@ export type Group = {
 }
 
 export function parseGroup(event: Event, relay: string): Group {
-  const group: Partial<Group> = { relay }
+  const group: Partial<Group> = { relay, pubkey: event.pubkey }
   for (let i = 0; i < event.tags.length; i++) {
     const tag = event.tags[i]
     switch (tag[0]) {

nip46.ts

@@ -0,0 +1,300 @@
+import { NostrEvent, UnsignedEvent, VerifiedEvent } from './core.ts'
+import { generateSecretKey, finalizeEvent, getPublicKey, verifyEvent } from './pure.ts'
+import { AbstractSimplePool, SubCloser } from './abstract-pool.ts'
+import { decrypt, encrypt } from './nip04.ts'
+import { NIP05_REGEX } from './nip05.ts'
+import { SimplePool } from './pool.ts'
+import { Handlerinformation, NostrConnect, NostrConnectAdmin } from './kinds.ts'
+
+var _fetch: any
+
+try {
+  _fetch = fetch
+} catch {}
+
+export function useFetchImplementation(fetchImplementation: any) {
+  _fetch = fetchImplementation
+}
+
+export const BUNKER_REGEX = /^bunker:\/\/([0-9a-f]{64})\??([?\/\w:.=&%]*)$/
+const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
+
+export type BunkerPointer = {
+  relays: string[]
+  pubkey: string
+  secret: null | string
+}
+
+/** This takes either a bunker:// URL or a name@domain.com NIP-05 identifier
+    and returns a BunkerPointer -- or null in case of error */
+export async function parseBunkerInput(input: string): Promise<BunkerPointer | null> {
+  let match = input.match(BUNKER_REGEX)
+  if (match) {
+    try {
+      const pubkey = match[1]
+      const qs = new URLSearchParams(match[2])
+      return {
+        pubkey,
+        relays: qs.getAll('relay'),
+        secret: qs.get('secret'),
+      }
+    } catch (_err) {
+      /* just move to the next case */
+    }
+  }
+
+  return queryBunkerProfile(input)
+}
+
+async function queryBunkerProfile(nip05: string): Promise<BunkerPointer | null> {
+  const match = nip05.match(NIP05_REGEX)
+  if (!match) return null
+
+  const [_, name = '_', domain] = match
+
+  try {
+    const url = `https://${domain}/.well-known/nostr.json?name=${name}`
+    const res = await (await _fetch(url, { redirect: 'error' })).json()
+
+    let pubkey = res.names[name]
+    let relays = res.nip46[pubkey] || []
+
+    return { pubkey, relays, secret: null }
+  } catch (_err) {
+    return null
+  }
+}
+
+export type BunkerSignerParams = {
+  pool?: AbstractSimplePool
+  onauth?: (url: string) => void
+}
+
+export class BunkerSigner {
+  private pool: AbstractSimplePool
+  private subCloser: SubCloser
+  private relays: string[]
+  private isOpen: boolean
+  private serial: number
+  private idPrefix: string
+  private listeners: {
+    [id: string]: {
+      resolve: (_: string) => void
+      reject: (_: string) => void
+    }
+  }
+  private secretKey: Uint8Array
+  private connectionSecret: string
+  public remotePubkey: string
+
+  /**
+   * Creates a new instance of the Nip46 class.
+   * @param relays - An array of relay addresses.
+   * @param remotePubkey - An optional remote public key. This is the key you want to sign as.
+   * @param secretKey - An optional key pair.
+   */
+  public constructor(clientSecretKey: Uint8Array, bp: BunkerPointer, params: BunkerSignerParams = {}) {
+    if (bp.relays.length === 0) {
+      throw new Error('no relays are specified for this bunker')
+    }
+
+    this.pool = params.pool || new SimplePool()
+    this.secretKey = clientSecretKey
+    this.relays = bp.relays
+    this.remotePubkey = bp.pubkey
+    this.connectionSecret = bp.secret || ''
+    this.isOpen = false
+    this.idPrefix = Math.random().toString(36).substring(7)
+    this.serial = 0
+    this.listeners = {}
+
+    const listeners = this.listeners
+
+    this.subCloser = this.pool.subscribeMany(
+      this.relays,
+      [{ kinds: [NostrConnect, NostrConnectAdmin], '#p': [getPublicKey(this.secretKey)] }],
+      {
+        async onevent(event: NostrEvent) {
+          const { id, result, error } = JSON.parse(await decrypt(clientSecretKey, event.pubkey, event.content))
+
+          if (result === 'auth_url') {
+            if (params.onauth) {
+              params.onauth(error)
+            } else {
+              console.warn(
+                `nostr-tools/nip46: remote signer ${bp.pubkey} tried to send an "auth_url"='${error}' but there was no onauth() callback configured.`,
+              )
+            }
+            return
+          }
+
+          let handler = listeners[id]
+          if (handler) {
+            if (error) handler.reject(error)
+            else if (result) handler.resolve(result)
+            delete listeners[id]
+          }
+        },
+      },
+    )
+    this.isOpen = true
+  }
+
+  // closes the subscription -- this object can't be used anymore after this
+  async close() {
+    this.isOpen = false
+    this.subCloser.close()
+  }
+
+  async sendRequest(method: string, params: string[]): Promise<string> {
+    return new Promise(async (resolve, reject) => {
+      try {
+        if (!this.isOpen) throw new Error('this signer is not open anymore, create a new one')
+        this.serial++
+        const id = `${this.idPrefix}-${this.serial}`
+
+        const encryptedContent = await encrypt(
+          this.secretKey,
+          this.remotePubkey,
+          JSON.stringify({ id, method, params }),
+        )
+
+        // the request event
+        const verifiedEvent: VerifiedEvent = finalizeEvent(
+          {
+            kind: method === 'create_account' ? NostrConnectAdmin : NostrConnect,
+            tags: [['p', this.remotePubkey]],
+            content: encryptedContent,
+            created_at: Math.floor(Date.now() / 1000),
+          },
+          this.secretKey,
+        )
+
+        // setup callback listener
+        this.listeners[id] = { resolve, reject }
+
+        // publish the event
+        await Promise.any(this.pool.publish(this.relays, verifiedEvent))
+      } catch (err) {
+        reject(err)
+      }
+    })
+  }
+
+  /**
+   * Sends a ping request to the remote server.
+   * Requires permission/access rights to bunker.
+   * @returns "Pong" if successful. The promise will reject if the response is not "pong".
+   */
+  async ping(): Promise<void> {
+    let resp = await this.sendRequest('ping', [])
+    if (resp !== 'pong') throw new Error(`result is not pong: ${resp}`)
+  }
+
+  /**
+   * Connects to a remote server using the provided keys and remote public key.
+   * Optionally, a secret can be provided for additional authentication.
+   *
+   * @param remotePubkey - Optional the remote public key to connect to.
+   * @param secret - Optional secret for additional authentication.
+   * @returns "ack" if successful. The promise will reject if the response is not "ack".
+   */
+  async connect(): Promise<void> {
+    await this.sendRequest('connect', [getPublicKey(this.secretKey), this.connectionSecret])
+  }
+
+  /**
+   * Signs an event using the remote private key.
+   * @param event - The event to sign.
+   * @returns A Promise that resolves to the signed event.
+   */
+  async signEvent(event: UnsignedEvent): Promise<VerifiedEvent> {
+    let resp = await this.sendRequest('sign_event', [JSON.stringify(event)])
+    let signed: NostrEvent = JSON.parse(resp)
+    if (signed.pubkey === this.remotePubkey && verifyEvent(signed)) {
+      return signed
+    } else {
+      throw new Error(`event returned from bunker is improperly signed: ${JSON.stringify(signed)}`)
+    }
+  }
+}
+
+/**
+ * Creates an account with the specified username, domain, and optional email.
+ * @param bunkerPubkey - The public key of the bunker to use for the create_account call.
+ * @param username - The username for the account.
+ * @param domain - The domain for the account.
+ * @param email - The optional email for the account.
+ * @throws Error if the email is present but invalid.
+ * @returns A Promise that resolves to the auth_url that the client should follow to create an account.
+ */
+export async function createAccount(
+  bunker: BunkerProfile,
+  params: BunkerSignerParams,
+  username: string,
+  domain: string,
+  email?: string,
+): Promise<BunkerSigner> {
+  if (email && !EMAIL_REGEX.test(email)) throw new Error('Invalid email')
+
+  let sk = generateSecretKey()
+  let rpc = new BunkerSigner(sk, bunker.bunkerPointer, params)
+
+  let pubkey = await rpc.sendRequest('create_account', [username, domain, email || ''])
+
+  // once we get the newly created pubkey back, we hijack this signer instance
+  // and turn it into the main instance for this newly created pubkey
+  rpc.remotePubkey = pubkey
+  await rpc.connect()
+
+  return rpc
+}
+
+/**
+ * Fetches info on available providers that announce themselves using NIP-89 events.
+ * @returns A promise that resolves to an array of available bunker objects.
+ */
+export async function fetchCustodialbunkers(pool: AbstractSimplePool, relays: string[]): Promise<BunkerProfile[]> {
+  const events = await pool.querySync(relays, {
+    kinds: [Handlerinformation],
+    '#k': [NostrConnect.toString()],
+  })
+
+  // validate bunkers by checking their NIP-05 and pubkey
+  // map to a more useful object
+  const validatedBunkers = await Promise.all(
+    events.map(async event => {
+      try {
+        const content = JSON.parse(event.content)
+        const bp = await queryBunkerProfile(content.nip05)
+        if (bp && bp.pubkey === event.pubkey && bp.relays.length) {
+          return {
+            bunkerPointer: bp,
+            nip05: content.nip05,
+            domain: content.nip05.split('@')[1],
+            name: content.name || content.display_name,
+            picture: content.picture,
+            about: content.about,
+            website: content.website,
+            local: false,
+          }
+        }
+      } catch (err) {
+        return undefined
+      }
+    }),
+  )
+
+  return validatedBunkers.filter(b => b !== undefined) as BunkerProfile[]
+}
+
+export type BunkerProfile = {
+  bunkerPointer: BunkerPointer
+  domain: string
+  nip05: string
+  name: string
+  picture: string
+  about: string
+  website: string
+  local: boolean
+}

nip49.test.ts

@@ -0,0 +1,88 @@
+import { test, expect } from 'bun:test'
+import { decrypt, encrypt } from './nip49'
+import { hexToBytes } from '@noble/hashes/utils'
+
+test('encrypt and decrypt', () => {
+  for (let i = 0; i < vectors.length; i++) {
+    let [password, secret, logn, ksb, ncryptsec] = vectors[i]
+    let sec = hexToBytes(secret)
+    let there = encrypt(sec, password, logn, ksb)
+    let back = decrypt(there, password)
+    let again = decrypt(ncryptsec, password)
+    expect(back).toEqual(again)
+    expect(again).toEqual(sec)
+  }
+})
+
+const vectors: [string, string, number, 0x00 | 0x01 | 0x02, string][] = [
+  [
+    '.ksjabdk.aselqwe',
+    '14c226dbdd865d5e1645e72c7470fd0a17feb42cc87b750bab6538171b3a3f8a',
+    1,
+    0x00,
+    'ncryptsec1qgqeya6cggg2chdaf48s9evsr0czq3dw059t2khf5nvmq03yeckywqmspcc037l9ajjsq2p08480afuc5hq2zq3rtt454c2epjqxcxll0eff3u7ln2t349t7rc04029q63u28mkeuj4tdazsqqk6p5ky',
+  ],
+  [
+    'skjdaklrnçurbç l',
+    'f7f2f77f98890885462764afb15b68eb5f69979c8046ecb08cad7c4ae6b221ab',
+    2,
+    0x01,
+    'ncryptsec1qgp86t7az0u5w0wp8nrjnxu9xhullqt39wvfsljz8289gyxg0thrlzv3k40dsqu32vcqza3m7srzm27mkg929gmv6hv5ctay59jf0h8vsj5pjmylvupkdtvy7fy88et3fhe6m3d84t9m8j2umq0j75lw',
+  ],
+  [
+    '777z7z7z7z7z7z7z',
+    '11b25a101667dd9208db93c0827c6bdad66729a5b521156a7e9d3b22b3ae8944',
+    3,
+    0x02,
+    'ncryptsec1qgpc7jmmzmds376r8slazywlagrm5eerlrx7njnjenweggq2atjl0h9vmpk8f9gad0tqy3pwch8e49kyj5qtehp4mjwpzlshx5f5cce8feukst08w52zf4a7gssdqvt3eselup7x4zzezlme3ydxpjaf',
+  ],
+  [
+    '.ksjabdk.aselqwe',
+    '14c226dbdd865d5e1645e72c7470fd0a17feb42cc87b750bab6538171b3a3f8a',
+    7,
+    0x00,
+    'ncryptsec1qgrss6ycqptee05e5anq33x2vz6ljr0rqunsy9xj5gypkp0lucatdf8yhexrztqcy76sqweuzk8yqzep9mugp988vznz5df8urnyrmaa7l7fvvskp4t0ydjtz0zeajtumul8cnsjcksp68xhxggmy4dz',
+  ],
+  [
+    'skjdaklrnçurbç l',
+    'f7f2f77f98890885462764afb15b68eb5f69979c8046ecb08cad7c4ae6b221ab',
+    8,
+    0x01,
+    'ncryptsec1qgy0gg98z4wvl35eqlraxf7cyxhfs4968teq59vm97e94gpycmcy6znsc8z82dy5rk8sz0r499ue7xfmd0yuyvzxagtfyxtnwcrcsjavkch8lfseejukwdq7mdcpm43znffngw7texdc5pdujywszhrr',
+  ],
+  [
+    '777z7z7z7z7z7z7z',
+    '11b25a101667dd9208db93c0827c6bdad66729a5b521156a7e9d3b22b3ae8944',
+    9,
+    0x02,
+    'ncryptsec1qgyskhh7mpr0zspg95kv4eefm8233hyz46xyr6s52s6qvan906c2u24gl3dc5f7wytzq9njx7sqksd7snagce3kqth7tv4ug4avlxd5su4vthsh54vk62m88whkazavyc6yefnegf4tx473afssxw4p9',
+  ],
+  [
+    '',
+    'f7f2f77f98890885462764afb15b68eb5f69979c8046ecb08cad7c4ae6b221ab',
+    4,
+    0x00,
+    'ncryptsec1qgzv73a9ktnwmgyvv24x2xtr6grup2v6an96xgs64z3pmh5etg2k4yryachtlu3tpqwqphhm0pjnq9zmftr0qf4p5lmah4rlz02ucjkawr2s9quau67p3jq3d7yp3kreghs0wdcqpf6pkc8jcgsqrn5l',
+  ],
+  [
+    '',
+    '11b25a101667dd9208db93c0827c6bdad66729a5b521156a7e9d3b22b3ae8944',
+    5,
+    0x01,
+    'ncryptsec1qgzs50vjjhewdrxnm0z4y77w7juycf6crny9q0kzeg7vxv3erw77qpauthaf7sfwsgnszjzcqh7zql74m8yxnhcj07dry3v5fgr5x42mpzxvfl76gpuayccvk2nczc7ner3q842rj9v033nykvja6cql',
+  ],
+  [
+    '',
+    'f7f2f77f98890885462764afb15b68eb5f69979c8046ecb08cad7c4ae6b221ab',
+    1,
+    0x00,
+    'ncryptsec1qgqnx59n7duv6ec3hhrvn33q25u2qfd7m69vv6plsg7spnw6d4r9hq0ayjsnlw99eghqqzj8ps7vfwx40nqp9gpw7yzyy09jmwkq3a3z8q0ph5jahs2hap5k6h2wfrme7w2nuek4jnwpzfht4q3u79ra',
+  ],
+  [
+    '',
+    '11b25a101667dd9208db93c0827c6bdad66729a5b521156a7e9d3b22b3ae8944',
+    9,
+    0x01,
+    'ncryptsec1qgylzyeunu2j85au05ae0g0sly03xu54tgnjemr6g9w0eqwuuczya7k0f4juqve64vzsrlxqxmcekzrpvg2a8qu4q6wtjxe0dvy3xkjh5smmz4uy59jg0jay9vnf28e3rc6jq2kd26h6g3fejyw6cype',
+  ],
+]

nip49.ts

@@ -0,0 +1,45 @@
+import { scrypt } from '@noble/hashes/scrypt'
+import { xchacha20poly1305 } from '@noble/ciphers/chacha'
+import { concatBytes, randomBytes } from '@noble/hashes/utils'
+import { Bech32MaxSize, encodeBytes } from './nip19'
+import { bech32 } from '@scure/base'
+
+export function encrypt(sec: Uint8Array, password: string, logn: number = 16, ksb: 0x00 | 0x01 | 0x02 = 0x02): string {
+  let salt = randomBytes(16)
+  let n = 2 ** logn
+  let key = scrypt(password, salt, { N: n, r: 8, p: 1, dkLen: 32 })
+  let nonce = randomBytes(24)
+  let aad = Uint8Array.from([ksb])
+  let xc2p1 = xchacha20poly1305(key, nonce, aad)
+  let ciphertext = xc2p1.encrypt(sec)
+  let b = concatBytes(Uint8Array.from([0x02]), Uint8Array.from([logn]), salt, nonce, aad, ciphertext)
+  return encodeBytes('ncryptsec', b)
+}
+
+export function decrypt(ncryptsec: string, password: string): Uint8Array {
+  let { prefix, words } = bech32.decode(ncryptsec, Bech32MaxSize)
+  if (prefix !== 'ncryptsec') {
+    throw new Error(`invalid prefix ${prefix}, expected 'ncryptsec'`)
+  }
+  let b = new Uint8Array(bech32.fromWords(words))
+
+  let version = b[0]
+  if (version !== 0x02) {
+    throw new Error(`invalid version ${version}, expected 0x02`)
+  }
+
+  let logn = b[1]
+  let n = 2 ** logn
+
+  let salt = b.slice(2, 2 + 16)
+  let nonce = b.slice(2 + 16, 2 + 16 + 24)
+  let ksb = b[2 + 16 + 24]
+  let aad = Uint8Array.from([ksb])
+  let ciphertext = b.slice(2 + 16 + 24 + 1)
+
+  let key = scrypt(password, salt, { N: n, r: 8, p: 1, dkLen: 32 })
+  let xc2p1 = xchacha20poly1305(key, nonce, aad)
+  let sec = xc2p1.decrypt(ciphertext)
+
+  return sec
+}

nip96.test.ts

@@ -296,7 +296,26 @@ describe('uploadFile', () => {
     server.close()
   })
 
-  it('should throw an error if response status is not ok', async () => {
+  it('should throw a proper error if response status is 413', async () => {
+    // setup mock server
+    const handler = http.post('http://example.com/upload', () => {
+      return new HttpResponse(null, { status: 413 })
+    })
+    const server = setupServer(handler)
+    server.listen()
+
+    const file = new File(['hello world'], 'hello.txt')
+    const serverUploadUrl = 'http://example.com/upload'
+    const nip98AuthorizationHeader = 'Nostr abcabc'
+
+    expect(uploadFile(file, serverUploadUrl, nip98AuthorizationHeader)).rejects.toThrow('File too large!')
+
+    // cleanup mock server
+    server.resetHandlers()
+    server.close()
+  })
+
+  it('should throw a proper error if response status is 400', async () => {
     // setup mock server
     const handler = http.post('http://example.com/upload', () => {
       return new HttpResponse(null, { status: 400 })
@@ -308,7 +327,70 @@ describe('uploadFile', () => {
     const serverUploadUrl = 'http://example.com/upload'
     const nip98AuthorizationHeader = 'Nostr abcabc'
 
-    expect(uploadFile(file, serverUploadUrl, nip98AuthorizationHeader)).rejects.toThrow()
+    expect(uploadFile(file, serverUploadUrl, nip98AuthorizationHeader)).rejects.toThrow(
+      'Bad request! Some fields are missing or invalid!',
+    )
+
+    // cleanup mock server
+    server.resetHandlers()
+    server.close()
+  })
+
+  it('should throw a proper error if response status is 403', async () => {
+    // setup mock server
+    const handler = http.post('http://example.com/upload', () => {
+      return new HttpResponse(null, { status: 403 })
+    })
+    const server = setupServer(handler)
+    server.listen()
+
+    const file = new File(['hello world'], 'hello.txt')
+    const serverUploadUrl = 'http://example.com/upload'
+    const nip98AuthorizationHeader = 'Nostr abcabc'
+
+    expect(uploadFile(file, serverUploadUrl, nip98AuthorizationHeader)).rejects.toThrow(
+      'Forbidden! Payload tag does not match the requested file!',
+    )
+
+    // cleanup mock server
+    server.resetHandlers()
+    server.close()
+  })
+
+  it('should throw a proper error if response status is 402', async () => {
+    // setup mock server
+    const handler = http.post('http://example.com/upload', () => {
+      return new HttpResponse(null, { status: 402 })
+    })
+    const server = setupServer(handler)
+    server.listen()
+
+    const file = new File(['hello world'], 'hello.txt')
+    const serverUploadUrl = 'http://example.com/upload'
+    const nip98AuthorizationHeader = 'Nostr abcabc'
+
+    expect(uploadFile(file, serverUploadUrl, nip98AuthorizationHeader)).rejects.toThrow('Payment required!')
+
+    // cleanup mock server
+    server.resetHandlers()
+    server.close()
+  })
+
+  it('should throw a proper error if response status is not 200, 400, 402, 403, 413', async () => {
+    // setup mock server
+    const handler = http.post('http://example.com/upload', () => {
+      return new HttpResponse(null, { status: 500 })
+    })
+    const server = setupServer(handler)
+    server.listen()
+
+    const file = new File(['hello world'], 'hello.txt')
+    const serverUploadUrl = 'http://example.com/upload'
+    const nip98AuthorizationHeader = 'Nostr abcabc'
+
+    expect(uploadFile(file, serverUploadUrl, nip98AuthorizationHeader)).rejects.toThrow(
+      'Unknown error in uploading file!',
+    )
 
     // cleanup mock server
     server.resetHandlers()

nip96.ts

@@ -382,6 +382,9 @@ export async function uploadFile(
     if (response.status === 402) {
       throw new Error('Payment required!')
     }
+
+    // unknown error
+    throw new Error('Unknown error in uploading file!')
   }
 
   try {

package.json

@@ -1,7 +1,7 @@
 {
   "type": "module",
   "name": "nostr-tools",
-  "version": "2.1.5",
+  "version": "2.1.7",
   "description": "Tools for making a Nostr client.",
   "repository": {
     "type": "git",
@@ -20,6 +20,11 @@
       "require": "./lib/cjs/index.js",
       "types": "./lib/types/index.d.ts"
     },
+    "./core": {
+      "import": "./lib/esm/core.js",
+      "require": "./lib/cjs/core.js",
+      "types": "./lib/types/core.d.ts"
+    },
     "./pure": {
       "import": "./lib/esm/pure.js",
       "require": "./lib/cjs/pure.js",
@@ -70,11 +75,6 @@
       "require": "./lib/cjs/nip04.js",
       "types": "./lib/types/nip04.d.ts"
     },
-    "./nip44": {
-      "import": "./lib/esm/nip44.js",
-      "require": "./lib/cjs/nip44.js",
-      "types": "./lib/types/nip44.d.ts"
-    },
     "./nip05": {
       "import": "./lib/esm/nip05.js",
       "require": "./lib/cjs/nip05.js",
@@ -150,16 +150,46 @@
       "require": "./lib/cjs/nip42.js",
       "types": "./lib/types/nip42.d.ts"
     },
+    "./nip44": {
+      "import": "./lib/esm/nip44.js",
+      "require": "./lib/cjs/nip44.js",
+      "types": "./lib/types/nip44.d.ts"
+    },
+    "./nip46": {
+      "import": "./lib/esm/nip46.js",
+      "require": "./lib/cjs/nip46.js",
+      "types": "./lib/types/nip46.d.ts"
+    },
+    "./nip49": {
+      "import": "./lib/esm/nip49.js",
+      "require": "./lib/cjs/nip49.js",
+      "types": "./lib/types/nip49.d.ts"
+    },
     "./nip57": {
       "import": "./lib/esm/nip57.js",
       "require": "./lib/cjs/nip57.js",
       "types": "./lib/types/nip57.d.ts"
     },
+    "./nip94": {
+      "import": "./lib/esm/nip94.js",
+      "require": "./lib/cjs/nip94.js",
+      "types": "./lib/types/nip94.d.ts"
+    },
+    "./nip96": {
+      "import": "./lib/esm/nip96.js",
+      "require": "./lib/cjs/nip96.js",
+      "types": "./lib/types/nip96.d.ts"
+    },
     "./nip98": {
       "import": "./lib/esm/nip98.js",
       "require": "./lib/cjs/nip98.js",
       "types": "./lib/types/nip98.d.ts"
     },
+    "./nip99": {
+      "import": "./lib/esm/nip99.js",
+      "require": "./lib/cjs/nip99.js",
+      "types": "./lib/types/nip99.d.ts"
+    },
     "./fakejson": {
       "import": "./lib/esm/fakejson.js",
       "require": "./lib/cjs/fakejson.js",
@@ -216,7 +246,6 @@
     "msw": "^2.1.4",
     "node-fetch": "^2.6.9",
     "prettier": "^3.0.3",
-    "tsd": "^0.22.0",
     "typescript": "^5.0.4"
   },
   "scripts": {

pure.ts

@@ -1,6 +1,6 @@
 import { schnorr } from '@noble/curves/secp256k1'
 import { bytesToHex } from '@noble/hashes/utils'
-import { Nostr, Event, EventTemplate, UnsignedEvent, VerifiedEvent, verifiedSymbol, validateEvent } from './core'
+import { Nostr, Event, EventTemplate, UnsignedEvent, VerifiedEvent, verifiedSymbol, validateEvent } from './core.ts'
 import { sha256 } from '@noble/hashes/sha256'
 
 import { utf8Encoder } from './utils.ts'