@@ -58,7 +58,29 @@ function summarizeNostrEvent(event) {
5858 `Tags: ${ tags } ` ,
5959 ] . join ( '\n' )
6060}
61+ function summarizeNostrRequest ( action , payload ) {
62+ if ( action === 'getPublicKey' ) {
63+ return 'The site wants to read your public Nostr identity.'
64+ }
65+
66+ if ( action === 'nip04.encrypt' ) {
67+ return [
68+ 'The site wants to encrypt a NIP-04 message.' ,
69+ `Target pubkey: ${ payload ?. pubkey || 'unknown' } ` ,
70+ `Text length: ${ payload ?. text ?. length || 0 } chars` ,
71+ ] . join ( '\n' )
72+ }
6173
74+ if ( action === 'nip04.decrypt' ) {
75+ return [
76+ 'The site wants to decrypt a NIP-04 message.' ,
77+ `Sender/target pubkey: ${ payload ?. pubkey || 'unknown' } ` ,
78+ `Ciphertext length: ${ payload ?. text ?. length || 0 } chars` ,
79+ ] . join ( '\n' )
80+ }
81+
82+ return summarizeNostrEvent ( payload )
83+ }
6284async function confirmNostrPermission ( ipcEvent , action , nostrEvent ) {
6385 const origin = getIpcOrigin ( ipcEvent )
6486
@@ -80,7 +102,7 @@ async function confirmNostrPermission(ipcEvent, action, nostrEvent) {
80102 `Origin: ${ origin } ` ,
81103 `Action: ${ action } ` ,
82104 '' ,
83- summarizeNostrEvent ( nostrEvent ) ,
105+ summarizeNostrRequest ( action , nostrEvent ) ,
84106 '' ,
85107 'Only approve this request if you trust this website.' ,
86108 ] . join ( '\n' ) ,
@@ -441,7 +463,15 @@ ipcMain.handle('nostr-get-relays', () => nostr.getRelays())
441463ipcMain . handle ( 'nostr-sign-event' , ( _ , { event } ) => nostr . signEvent ( DB , event ) )
442464ipcMain . handle ( 'nostr-get-pubkey' , ( ) => nostr . getPubkey ( DB ) )
443465// NIP-07 aliases — same implementation, separate IPC channels for clarity
444- ipcMain . handle ( 'nostr-get-pubkey-nip07' , ( ) => nostr . getPubkey ( DB ) )
466+ ipcMain . handle ( 'nostr-get-pubkey-nip07' , async ( ipcEvent ) => {
467+ const allowed = await confirmNostrPermission ( ipcEvent , 'getPublicKey' , null )
468+
469+ if ( ! allowed ) {
470+ throw new Error ( 'Nostr public key request denied by user' )
471+ }
472+
473+ return nostr . getPubkey ( DB )
474+ } )
445475ipcMain . handle ( 'nostr-sign-event-nip07' , async ( ipcEvent , { event : e } ) => {
446476 const allowed = await confirmNostrPermission ( ipcEvent , 'signEvent' , e )
447477
@@ -452,22 +482,46 @@ ipcMain.handle('nostr-sign-event-nip07', async (ipcEvent, { event: e }) => {
452482 return nostr . signEvent ( DB , e )
453483} )
454484ipcMain . handle ( 'nostr-get-relays-nip07' , ( ) => nostr . getRelays ( ) )
455- ipcMain . handle ( 'nostr-nip04-encrypt' , async ( _ , { pubkey, text } ) => {
485+ ipcMain . handle ( 'nostr-nip04-encrypt' , async ( ipcEvent , { pubkey, text } ) => {
486+ const allowed = await confirmNostrPermission ( ipcEvent , 'nip04.encrypt' , {
487+ pubkey,
488+ text,
489+ } )
490+
491+ if ( ! allowed ) {
492+ throw new Error ( 'Nostr NIP-04 encrypt request denied by user' )
493+ }
494+
456495 const { nip04 } = require ( 'nostr-tools' )
457496 const keychain = require ( './keychain' )
458497 const row = DB . _db ( ) . prepare ( 'SELECT encrypted_nsec FROM nostr_profile WHERE id=1' ) . get ( )
498+
459499 if ( ! row ) throw new Error ( 'No Nostr profile found' )
500+
460501 const key = await keychain . getOrCreateKey ( )
461502 const privKeyHex = keychain . decrypt ( row . encrypted_nsec , key )
503+
462504 return nip04 . encrypt ( privKeyHex , pubkey , text )
463505} )
464- ipcMain . handle ( 'nostr-nip04-decrypt' , async ( _ , { pubkey, text } ) => {
506+ ipcMain . handle ( 'nostr-nip04-decrypt' , async ( ipcEvent , { pubkey, text } ) => {
507+ const allowed = await confirmNostrPermission ( ipcEvent , 'nip04.decrypt' , {
508+ pubkey,
509+ text,
510+ } )
511+
512+ if ( ! allowed ) {
513+ throw new Error ( 'Nostr NIP-04 decrypt request denied by user' )
514+ }
515+
465516 const { nip04 } = require ( 'nostr-tools' )
466517 const keychain = require ( './keychain' )
467518 const row = DB . _db ( ) . prepare ( 'SELECT encrypted_nsec FROM nostr_profile WHERE id=1' ) . get ( )
519+
468520 if ( ! row ) throw new Error ( 'No Nostr profile found' )
521+
469522 const key = await keychain . getOrCreateKey ( )
470523 const privKeyHex = keychain . decrypt ( row . encrypted_nsec , key )
524+
471525 return nip04 . decrypt ( privKeyHex , pubkey , text )
472526} )
473527
0 commit comments