Merge pull request 'feat(signer): nostr publish via resolve_for_wallet + door-scanner stats endpoint' (#24 ) from signer-abstraction into main

Reviewed-on: #24
chore: bump config.json version to 1.6.1-aio.5
2026-06-07 17:11:43 +00:00 · 2026-06-03 19:48:18 +02:00 · 2026-06-03 19:47:49 +02:00 · 2026-05-27 21:55:56 +02:00
4 changed files with 94 additions and 27 deletions
--- a/config.json
+++ b/config.json
@ -1,6 +1,6 @@
 {
  "id": "events",
-  "version": "1.6.1-aio.3",
+  "version": "1.6.1-aio.5",
  "name": "Events",
  "repo": "https://git.atitlan.io/aiolabs/events",
  "short_description": "Sell and register event tickets",
--- a/nostr_hooks.py
+++ b/nostr_hooks.py
@ -15,25 +15,30 @@ from .nostr_publisher import publish_event_to_nostr
 async def publish_or_delete_nostr_event(event: Event, *, delete: bool = False) -> None:
    """Publish or delete the NIP-52 calendar event for `event`.

-    Pulls the wallet owner's pubkey/prvkey to sign with the user's identity.
-    Failures are logged and swallowed so a Nostr outage doesn't break the
-    HTTP flow that triggered the publish.
+    Resolves a `NostrSigner` for the wallet owner — backend-agnostic
+    (LocalSigner / RemoteBunkerSigner / ClientSideOnlySigner). The
+    signer abstraction handles the actual key material; this hook
+    only needs `signer.pubkey` for event construction and
+    `await signer.sign_event(...)` for signing. Failures are logged
+    and swallowed so a Nostr outage doesn't break the HTTP flow that
+    triggered the publish.
    """
    try:
-        from lnbits.core.crud.users import get_account
-        from lnbits.core.crud.wallets import get_wallet
+        from lnbits.core.signers import resolve_for_wallet

        from . import nostr_client

-        wallet_obj = await get_wallet(event.wallet)
-        if not wallet_obj:
-            return
-        account = await get_account(wallet_obj.user)
-        if not account or not account.pubkey or not account.prvkey:
+        signer = await resolve_for_wallet(event.wallet)
+        if signer is None:
+            # Wallet missing, account missing, unclassified row, or
+            # ClientSideOnlySigner account (server can't sign for them).
+            # Soft-fail: skip the publish silently. The user can still
+            # publish kind-31922/31923 events client-side once we have
+            # that path.
            return

        nostr_event = await publish_event_to_nostr(
-            nostr_client, event, account.pubkey, account.prvkey, delete=delete
+            nostr_client, event, signer, delete=delete
        )
        if nostr_event and not delete:
            event.nostr_event_id = nostr_event.id
--- a/nostr_publisher.py
+++ b/nostr_publisher.py
@ -1,8 +1,9 @@
 """
 NIP-52 calendar event publishing for the events extension.

-Builds NIP-52 calendar events from the Event model, signs them with the
-creator's Account keypair, and publishes via the NostrClient.
+Builds NIP-52 calendar events from the Event model, signs them via the
+core `NostrSigner` abstraction (backend-agnostic: LocalSigner,
+RemoteBunkerSigner, etc.), and publishes via the NostrClient.

 Kind 31922 is used for date-only events; kind 31923 (time-based) is used
 when event_start_date / event_end_date include a time component.
@ -13,7 +14,7 @@ Reference: https://github.com/nostr-protocol/nips/blob/master/52.md
 import time
 from datetime import datetime, timezone

-import coincurve
+from lnbits.core.signers import NostrSigner
 from loguru import logger

 from .models import Event
@ -142,23 +143,20 @@ def build_nip52_delete_event(event: Event, pubkey: str) -> NostrEvent:
    return nostr_event


-def sign_nostr_event(nostr_event: NostrEvent, private_key_hex: str) -> None:
-    """Sign a NostrEvent in-place using Schnorr signature."""
-    privkey = coincurve.PrivateKey(bytes.fromhex(private_key_hex))
-    sig = privkey.sign_schnorr(bytes.fromhex(nostr_event.id))
-    nostr_event.sig = sig.hex()
-
-
 async def publish_event_to_nostr(
    nostr_client,
    event: Event,
-    account_pubkey: str,
-    account_prvkey: str,
+    signer: NostrSigner,
    delete: bool = False,
 ) -> NostrEvent | None:
    """
    Build, sign, and publish a NIP-52 calendar event (or delete event).

+    Signing routes through the core `NostrSigner` abstraction —
+    `signer.pubkey` for the event identity, `await signer.sign_event(...)`
+    for the Schnorr signature. The signer backend (LocalSigner /
+    RemoteBunkerSigner) is transparent to this function.
+
    Returns the published NostrEvent for metadata storage, or None on failure.
    """
    if not nostr_client:
@ -167,11 +165,25 @@ async def publish_event_to_nostr(

    try:
        if delete:
-            nostr_event = build_nip52_delete_event(event, account_pubkey)
+            nostr_event = build_nip52_delete_event(event, signer.pubkey)
        else:
-            nostr_event = build_nip52_event(event, account_pubkey)
+            nostr_event = build_nip52_event(event, signer.pubkey)
+
+        # Hand the unsigned event to the signer — it fills in `id`,
+        # `pubkey`, and `sig`. The signer's serialization rules match
+        # NIP-01 (same as the local `event_id` property uses), so the
+        # returned id matches what we'd have computed locally.
+        unsigned = {
+            "kind": nostr_event.kind,
+            "created_at": nostr_event.created_at,
+            "tags": nostr_event.tags,
+            "content": nostr_event.content,
+        }
+        signed = await signer.sign_event(unsigned)
+        nostr_event.id = signed["id"]
+        nostr_event.pubkey = signed["pubkey"]
+        nostr_event.sig = signed["sig"]

-        sign_nostr_event(nostr_event, account_prvkey)
        await nostr_client.publish_nostr_event(nostr_event)

        logger.info(
--- a/views_api.py
+++ b/views_api.py
@ -47,6 +47,7 @@ from .crud import (
    get_settings,
    get_ticket,
    get_tickets,
+    get_tickets_by_event,
    get_tickets_by_payment_hash,
    get_tickets_by_user_id,
    purge_unpaid_tickets,
@ -832,3 +833,52 @@ async def api_event_register_ticket(
    ticket.reg_timestamp = datetime.now(timezone.utc)
    ticket = await update_ticket(ticket)
    return ticket
+
+
+@tickets_api_router.get("/event/{event_id}/stats")
+async def api_event_ticket_stats(
+    event_id: str,
+    key_info: WalletTypeInfo = Depends(require_admin_key),
+) -> dict:
+    """Door-scanner roster + counts for one event, organizer-only.
+
+    Mirrors the `events_list_event_tickets` nostr-transport RPC for
+    callers that don't hold a raw user prvkey (the webapp post-#9, in
+    particular). Auth: wallet admin_key + the event's wallet must be
+    in the caller's wallet set.
+    """
+    event = await get_event(event_id)
+    if not event:
+        raise HTTPException(
+            status_code=HTTPStatus.NOT_FOUND, detail="Event does not exist."
+        )
+
+    user = await get_user(key_info.wallet.user)
+    owned_wallet_ids = user.wallet_ids if user else [key_info.wallet.id]
+    if event.wallet not in owned_wallet_ids:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="You do not own this event.",
+        )
+
+    tickets = await get_tickets_by_event(event_id)
+    paid_tickets = [t for t in tickets if t.paid]
+    registered_count = sum(1 for t in paid_tickets if t.registered)
+
+    return {
+        "event_id": event_id,
+        "sold": len(paid_tickets),
+        "registered": registered_count,
+        "remaining": len(paid_tickets) - registered_count,
+        "tickets": [
+            {
+                "id": t.id,
+                "name": t.name,
+                "registered": t.registered,
+                "registered_at": (
+                    t.reg_timestamp.isoformat() if t.reg_timestamp else None
+                ),
+            }
+            for t in paid_tickets
+        ],
+    }
Author	SHA1	Message	Date
padreug	fd12476b90	Merge pull request 'feat(signer): nostr publish via resolve_for_wallet + door-scanner stats endpoint' (#24 ) from signer-abstraction into main Some checks failed lint.yml / Merge pull request 'feat(signer): nostr publish via resolve_for_wallet + door-scanner stats endpoint' (#24) from signer-abstraction into main (push) Failing after 0s Details Reviewed-on: #24	2026-06-07 17:11:43 +00:00
Padreug	1fb96bfe3c	chore: bump config.json version to 1.6.1-aio.5 Some checks failed lint.yml / chore: bump config.json version to 1.6.1-aio.5 (pull_request) Failing after 0s Details Releases the door-scanner stats endpoint. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-03 19:48:18 +02:00
Padreug	4238b41f10	feat: GET /tickets/event/{event_id}/stats for door-scanner roster Mirrors the events_list_event_tickets nostr-transport RPC for callers that don't hold a raw user prvkey (the webapp post-#9, in particular — useTicketScanner.refreshStats now has a working HTTP path). Auth: wallet admin_key + the event's wallet must be in the caller's wallet set, matching the register endpoint's owner check. Without this endpoint the activities scanner page loaded its initial counts (via no-op fallbacks) but every post-scan refreshStats returned 404, leaving the Scanned counter stuck at 0 even though registrations landed correctly. Surfaced by aio-demo manual test on 2026-06-03. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-03 19:47:49 +02:00
Padreug	66076d6ca7	feat(signer): migrate Nostr publishing off account.prvkey → resolve_for_wallet (#23 ) Closes aiolabs/events#23. Pre-cascade prerequisite for aiolabs/lnbits#17 (signer abstraction phase 1), which lands an m002 startup job that NULLs the legacy `accounts.prvkey` column. After this migration, the events extension reads no plaintext nsec and works with any NostrSigner backend (LocalSigner / RemoteBunkerSigner / ClientSideOnlySigner). ## What changed ### nostr_hooks.py — publish_or_delete_nostr_event Was: pulled `(account.pubkey, account.prvkey)` from the wallet owner, passed both to `publish_event_to_nostr`. Hard-skipped publish when `account.prvkey` was None. Now: calls `await resolve_for_wallet(event.wallet)` (the DRY helper from aiolabs/lnbits#23 — wallet → account → signer → can_sign-check in one call, returns None on any soft-fail). Passes the resolved `NostrSigner` to the publisher. Soft-skip on None (wallet missing, account unclassified, or ClientSideOnlySigner where the server has no signing authority) — matching previous "no prvkey" behavior. ### nostr_publisher.py — publish_event_to_nostr Was: accepted `(account_pubkey, account_prvkey)` and signed via a local `sign_nostr_event` helper that called `coincurve.PrivateKey .sign_schnorr` directly on the plaintext nsec. Now: accepts `signer: NostrSigner`. Builds the unsigned event dict (`kind`/`created_at`/`tags`/`content`), hands it to `await signer.sign_event(...)`, reconstructs the local `NostrEvent` model from the signed dict (`id`/`pubkey`/`sig` fields). The signer backend (LocalSigner / RemoteBunkerSigner) is transparent. Removed the `sign_nostr_event` helper entirely — the signer abstraction handles all signing now. Dropped the `coincurve` import; no direct crypto in this extension. ## Acceptance - [x] keypair helper replaced (nostr_hooks no longer touches account.prvkey) - [x] publish_event_to_nostr accepts NostrSigner instead of (pubkey, prvkey) - [x] extension-local Schnorr code removed (sign_nostr_event gone) - [x] re-grep `events/`: zero `account.prvkey` references - [x] version bumped: 1.6.1-aio.3 → 1.6.1-aio.4 Manual smoke testing + tag + catalog entry follow the migration landing; will run against the regtest stack with lnbits on `issue-18-phase-2.3` (which validates both LocalSigner and RemoteBunkerSigner signing paths end-to-end). ## Cross-references - aiolabs/events#23 — issue this commit closes - aiolabs/lnbits#17 — the cascading signer-abstraction PR - aiolabs/lnbits#23 — the resolve_for_wallet helper this uses - aiolabs/lnbits#26 — phase 2.3 (sign_event over bunker, validated against aiolabs/nsecbunkerd@fb1c239) - aiolabs/lnbits#21 — umbrella audit identifying 5 affected extensions Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 21:55:56 +02:00