Merge branch 'nostrconnect' into 'main'

NIP-46 client auth first pass See merge request soapbox-pub/ditto!247
2024-05-12 21:57:15 +00:00 · 2024-05-12 21:57:15 +00:00 · 2010483089
parent 4b7804872c dc8010a78e
commit 2010483089
5 changed files with 99 additions and 37 deletions
--- a/src/controllers/api/instance.ts
+++ b/src/controllers/api/instance.ts
@ -1,25 +1,19 @@
-import { NSchema as n } from '@nostrify/nostrify';
-
-import { type AppController } from '@/app.ts';
+import { AppController } from '@/app.ts';
 import { Conf } from '@/config.ts';
-import { serverMetaSchema } from '@/schemas/nostr.ts';
-import { Storages } from '@/storages.ts';
+import { getInstanceMetadata } from '@/utils/instance.ts';

 const instanceController: AppController = async (c) => {
  const { host, protocol } = Conf.url;
-  const { signal } = c.req.raw;
-
-  const [event] = await Storages.db.query([{ kinds: [0], authors: [Conf.pubkey], limit: 1 }], { signal });
-  const meta = n.json().pipe(serverMetaSchema).catch({}).parse(event?.content);
+  const meta = await getInstanceMetadata(c.req.raw.signal);

  /** Protocol to use for WebSocket URLs, depending on the protocol of the `LOCAL_DOMAIN`. */
  const wsProtocol = protocol === 'http:' ? 'ws:' : 'wss:';

  return c.json({
    uri: host,
-    title: meta.name ?? 'Ditto',
-    description: meta.about ?? 'Nostr and the Fediverse',
-    short_description: meta.tagline ?? meta.about ?? 'Nostr and the Fediverse',
+    title: meta.name,
+    description: meta.about,
+    short_description: meta.tagline,
    registrations: true,
    max_toot_chars: Conf.postCharLimit,
    configuration: {
@ -59,7 +53,7 @@ const instanceController: AppController = async (c) => {
      streaming_api: `${wsProtocol}//${host}`,
    },
    version: '0.0.0 (compatible; Ditto 0.0.1)',
-    email: meta.email ?? `postmaster@${host}`,
+    email: meta.email,
    nostr: {
      pubkey: Conf.pubkey,
      relay: `${wsProtocol}//${host}/relay`,
--- a/src/controllers/api/oauth.ts
+++ b/src/controllers/api/oauth.ts
@ -1,10 +1,12 @@
+import { encodeBase64 } from '@std/encoding/base64';
 import { nip19 } from 'nostr-tools';
 import { z } from 'zod';

-import { lodash } from '@/deps.ts';
 import { AppController } from '@/app.ts';
+import { lodash } from '@/deps.ts';
 import { nostrNow } from '@/utils.ts';
 import { parseBody } from '@/utils/api.ts';
+import { getClientConnectUri } from '@/utils/connect.ts';

 const passwordGrantSchema = z.object({
  grant_type: z.literal('password'),
@ -60,25 +62,16 @@ const createTokenController: AppController = async (c) => {
 };

 /** Display the OAuth form. */
-const oauthController: AppController = (c) => {
+const oauthController: AppController = async (c) => {
  const encodedUri = c.req.query('redirect_uri');
  if (!encodedUri) {
    return c.text('Missing `redirect_uri` query param.', 422);
  }

  const redirectUri = maybeDecodeUri(encodedUri);
+  const connectUri = await getClientConnectUri(c.req.raw.signal);

-  c.res.headers.set(
-    'content-security-policy',
-    "default-src 'self' 'sha256-m2qD6rbE2Ixbo2Bjy2dgQebcotRIAawW7zbmXItIYAM='",
-  );
-
-  return c.html(`<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <title>Log in with Ditto</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
-    <script>
+  const script = `
      window.addEventListener('load', function() {
        if ('nostr' in window) {
          nostr.getPublicKey().then(function(pubkey) {
@ -87,7 +80,21 @@ const oauthController: AppController = (c) => {
          });
        }
      });
-    </script>
+    `;
+
+  const hash = encodeBase64(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(script)));
+
+  c.res.headers.set(
+    'content-security-policy',
+    `default-src 'self' 'sha256-${hash}'`,
+  );
+
+  return c.html(`<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <title>Log in with Ditto</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
+    <script>${script}</script>
  </head>
  <body>
    <form id="oauth_form" action="/oauth/authorize" method="post">
@ -96,6 +103,8 @@ const oauthController: AppController = (c) => {
      <input type="hidden" name="redirect_uri" id="redirect_uri" value="${lodash.escape(redirectUri)}">
      <button type="submit">Authorize</button>
    </form>
+    <br>
+    <a href="${lodash.escape(connectUri)}">Nostr Connect</a>
  </body>
 </html>
 `);
--- a/src/controllers/nostr/relay-info.ts
+++ b/src/controllers/nostr/relay-info.ts
@ -1,20 +1,15 @@
-import { NSchema as n } from '@nostrify/nostrify';
-
 import { AppController } from '@/app.ts';
 import { Conf } from '@/config.ts';
-import { serverMetaSchema } from '@/schemas/nostr.ts';
-import { Storages } from '@/storages.ts';
+import { getInstanceMetadata } from '@/utils/instance.ts';

 const relayInfoController: AppController = async (c) => {
-  const { signal } = c.req.raw;
-  const [event] = await Storages.db.query([{ kinds: [0], authors: [Conf.pubkey], limit: 1 }], { signal });
-  const meta = n.json().pipe(serverMetaSchema).catch({}).parse(event?.content);
+  const meta = await getInstanceMetadata(c.req.raw.signal);

  return c.json({
-    name: meta.name ?? 'Ditto',
-    description: meta.about ?? 'Nostr and the Fediverse.',
+    name: meta.name,
+    description: meta.about,
    pubkey: Conf.pubkey,
-    contact: `mailto:${meta.email ?? `postmaster@${Conf.url.host}`}`,
+    contact: meta.email,
    supported_nips: [1, 5, 9, 11, 16, 45, 50, 46, 98],
    software: 'Ditto',
    version: '0.0.0',
--- a/src/utils/connect.ts
+++ b/src/utils/connect.ts
@ -0,0 +1,27 @@
+import { Conf } from '@/config.ts';
+import { getInstanceMetadata } from '@/utils/instance.ts';
+
+/** NIP-46 client-connect metadata. */
+interface ConnectMetadata {
+  name: string;
+  description: string;
+  url: string;
+}
+
+/** Get NIP-46 `nostrconnect://` URI for the Ditto server. */
+export async function getClientConnectUri(signal?: AbortSignal): Promise<string> {
+  const uri = new URL('nostrconnect://');
+  const { name, tagline } = await getInstanceMetadata(signal);
+
+  const metadata: ConnectMetadata = {
+    name,
+    description: tagline,
+    url: Conf.localDomain,
+  };
+
+  uri.host = Conf.pubkey;
+  uri.searchParams.set('relay', Conf.relay);
+  uri.searchParams.set('metadata', JSON.stringify(metadata));
+
+  return uri.toString();
+}
--- a/src/utils/instance.ts
+++ b/src/utils/instance.ts
@ -0,0 +1,37 @@
+import { NostrEvent, NostrMetadata, NSchema as n } from '@nostrify/nostrify';
+
+import { Conf } from '@/config.ts';
+import { serverMetaSchema } from '@/schemas/nostr.ts';
+import { Storages } from '@/storages.ts';
+
+/** Like NostrMetadata, but some fields are required and also contains some extra fields. */
+export interface InstanceMetadata extends NostrMetadata {
+  name: string;
+  about: string;
+  tagline: string;
+  email: string;
+  event?: NostrEvent;
+}
+
+/** Get and parse instance metadata from the kind 0 of the admin user. */
+export async function getInstanceMetadata(signal?: AbortSignal): Promise<InstanceMetadata> {
+  const [event] = await Storages.db.query(
+    [{ kinds: [0], authors: [Conf.pubkey], limit: 1 }],
+    { signal },
+  );
+
+  const meta = n
+    .json()
+    .pipe(serverMetaSchema)
+    .catch({})
+    .parse(event?.content);
+
+  return {
+    ...meta,
+    name: meta.name ?? 'Ditto',
+    about: meta.about ?? 'Nostr community server',
+    tagline: meta.tagline ?? meta.about ?? 'Nostr community server',
+    email: meta.email ?? `postmaster@${Conf.url.host}`,
+    event,
+  };
+}