From 17727d3e316fcf7a181ac568626b6a136f1ed253 Mon Sep 17 00:00:00 2001 From: Patrick Mulligan Date: Wed, 1 Apr 2026 13:25:19 -0400 Subject: [PATCH] fix(nip05): add redirect prevention docs and zap field validation Gap #5: Document NIP-05 spec requirement that /.well-known/nostr.json MUST NOT return HTTP redirects. The extension already complies (always returns direct responses), but reverse proxy deployments need awareness. Gap #7: Log a warning when getLnurlPayInfo() response is missing allowsNostr or nostrPubkey fields required by NIP-57 for zap support. This surfaces misconfiguration early instead of silently breaking zaps. Co-Authored-By: Claude Opus 4.6 (1M context) --- src/extensions/nip05/index.ts | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/extensions/nip05/index.ts b/src/extensions/nip05/index.ts index a8c1a7fd..c74c0bf5 100644 --- a/src/extensions/nip05/index.ts +++ b/src/extensions/nip05/index.ts @@ -189,6 +189,12 @@ export default class Nip05Extension implements Extension { * "relays": { "": ["wss://..."] } * } */ + /** + * NIP-05 spec: "The /.well-known/nostr.json endpoint MUST NOT return any + * HTTP redirects." This extension always returns direct 200/4xx/5xx responses. + * Deployment note: ensure reverse proxies do not add 3xx redirects on this path + * (e.g. HTTP→HTTPS or trailing-slash redirects). + */ private async handleNostrJson(req: HttpRequest): Promise { try { // Get application ID from request context @@ -272,6 +278,11 @@ export default class Nip05Extension implements Extension { description: `Pay to ${username}` }) + // NIP-57: ensure zap support fields are present for wallet compatibility + if (!lnurlPayInfo.allowsNostr || !lnurlPayInfo.nostrPubkey) { + this.ctx.log('warn', `LNURL-pay response for ${username} missing zap fields (allowsNostr=${lnurlPayInfo.allowsNostr}, nostrPubkey=${!!lnurlPayInfo.nostrPubkey}). Zaps will not work.`) + } + return { status: 200, body: lnurlPayInfo,