Skip to content

Commit 143b451

Browse files
committed
Add granular persistent NIP-07 permission system
1 parent 8576076 commit 143b451

1 file changed

Lines changed: 58 additions & 4 deletions

File tree

src/main/index.js

Lines changed: 58 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,29 @@ function summarizeNostrEvent(event) {
5858
`Tags: ${tags}`,
5959
].join('\n')
6060
}
61+
function summarizeNostrRequest(action, payload) {
62+
if (action === 'getPublicKey') {
63+
return 'The site wants to read your public Nostr identity.'
64+
}
65+
66+
if (action === 'nip04.encrypt') {
67+
return [
68+
'The site wants to encrypt a NIP-04 message.',
69+
`Target pubkey: ${payload?.pubkey || 'unknown'}`,
70+
`Text length: ${payload?.text?.length || 0} chars`,
71+
].join('\n')
72+
}
6173

74+
if (action === 'nip04.decrypt') {
75+
return [
76+
'The site wants to decrypt a NIP-04 message.',
77+
`Sender/target pubkey: ${payload?.pubkey || 'unknown'}`,
78+
`Ciphertext length: ${payload?.text?.length || 0} chars`,
79+
].join('\n')
80+
}
81+
82+
return summarizeNostrEvent(payload)
83+
}
6284
async function confirmNostrPermission(ipcEvent, action, nostrEvent) {
6385
const origin = getIpcOrigin(ipcEvent)
6486

@@ -80,7 +102,7 @@ async function confirmNostrPermission(ipcEvent, action, nostrEvent) {
80102
`Origin: ${origin}`,
81103
`Action: ${action}`,
82104
'',
83-
summarizeNostrEvent(nostrEvent),
105+
summarizeNostrRequest(action, nostrEvent),
84106
'',
85107
'Only approve this request if you trust this website.',
86108
].join('\n'),
@@ -441,7 +463,15 @@ ipcMain.handle('nostr-get-relays', () => nostr.getRelays())
441463
ipcMain.handle('nostr-sign-event', (_, { event }) => nostr.signEvent(DB, event))
442464
ipcMain.handle('nostr-get-pubkey', () => nostr.getPubkey(DB))
443465
// NIP-07 aliases — same implementation, separate IPC channels for clarity
444-
ipcMain.handle('nostr-get-pubkey-nip07', () => nostr.getPubkey(DB))
466+
ipcMain.handle('nostr-get-pubkey-nip07', async (ipcEvent) => {
467+
const allowed = await confirmNostrPermission(ipcEvent, 'getPublicKey', null)
468+
469+
if (!allowed) {
470+
throw new Error('Nostr public key request denied by user')
471+
}
472+
473+
return nostr.getPubkey(DB)
474+
})
445475
ipcMain.handle('nostr-sign-event-nip07', async (ipcEvent, { event: e }) => {
446476
const allowed = await confirmNostrPermission(ipcEvent, 'signEvent', e)
447477

@@ -452,22 +482,46 @@ ipcMain.handle('nostr-sign-event-nip07', async (ipcEvent, { event: e }) => {
452482
return nostr.signEvent(DB, e)
453483
})
454484
ipcMain.handle('nostr-get-relays-nip07', () => nostr.getRelays())
455-
ipcMain.handle('nostr-nip04-encrypt', async (_, { pubkey, text }) => {
485+
ipcMain.handle('nostr-nip04-encrypt', async (ipcEvent, { pubkey, text }) => {
486+
const allowed = await confirmNostrPermission(ipcEvent, 'nip04.encrypt', {
487+
pubkey,
488+
text,
489+
})
490+
491+
if (!allowed) {
492+
throw new Error('Nostr NIP-04 encrypt request denied by user')
493+
}
494+
456495
const { nip04 } = require('nostr-tools')
457496
const keychain = require('./keychain')
458497
const row = DB._db().prepare('SELECT encrypted_nsec FROM nostr_profile WHERE id=1').get()
498+
459499
if (!row) throw new Error('No Nostr profile found')
500+
460501
const key = await keychain.getOrCreateKey()
461502
const privKeyHex = keychain.decrypt(row.encrypted_nsec, key)
503+
462504
return nip04.encrypt(privKeyHex, pubkey, text)
463505
})
464-
ipcMain.handle('nostr-nip04-decrypt', async (_, { pubkey, text }) => {
506+
ipcMain.handle('nostr-nip04-decrypt', async (ipcEvent, { pubkey, text }) => {
507+
const allowed = await confirmNostrPermission(ipcEvent, 'nip04.decrypt', {
508+
pubkey,
509+
text,
510+
})
511+
512+
if (!allowed) {
513+
throw new Error('Nostr NIP-04 decrypt request denied by user')
514+
}
515+
465516
const { nip04 } = require('nostr-tools')
466517
const keychain = require('./keychain')
467518
const row = DB._db().prepare('SELECT encrypted_nsec FROM nostr_profile WHERE id=1').get()
519+
468520
if (!row) throw new Error('No Nostr profile found')
521+
469522
const key = await keychain.getOrCreateKey()
470523
const privKeyHex = keychain.decrypt(row.encrypted_nsec, key)
524+
471525
return nip04.decrypt(privKeyHex, pubkey, text)
472526
})
473527

0 commit comments

Comments
 (0)