aiolabs/nostrmarket
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases 2 Packages Wiki Activity Actions

Compare commits

base: aiolabs:05ebf042acb0fd93fed7b03bd6bae44c87f2b051
Branches Tags
aiolabs:main
aiolabs:signer-abstraction
aiolabs:v1.1.0-aio.3
aiolabs:v1.1.0-aio.2
aiolabs:v1.1.0-aio.1
aiolabs:v0.0.1
aiolabs:v1.1.0
aiolabs:1.1.0
aiolabs:v1.0.0
aiolabs:v0.7.1
aiolabs:v0.7.0
aiolabs:v0.6.0
aiolabs:v0.6
aiolabs:v0.5.1
aiolabs:v0.5.0
aiolabs:v0.4.5
aiolabs:v0.4.4
aiolabs:v0.4.3
aiolabs:v0.4.2
aiolabs:v0.4.1
aiolabs:v0.4.0
aiolabs:v0.4
aiolabs:v0.3.6
aiolabs:v0.3.5
aiolabs:v0.3.4
aiolabs:v0.3.3
aiolabs:v0.3.2
aiolabs:v0.3.1
aiolabs:v0.3.1-beta.02
aiolabs:v0.3.1-beta.01
aiolabs:v0.3.0
aiolabs:v0.2.8
aiolabs:v0.2.7.1
aiolabs:v0.2.7
aiolabs:v0.2.6
aiolabs:v0.2.5
aiolabs:v0.2.4
aiolabs:v0.2.3
aiolabs:v0.2.test1
aiolabs:v0.2.1
aiolabs:v0.2
aiolabs:v0.1
...
compare: aiolabs:16e50d67f9479b7084e23a1081619d38cc41fafb
Branches Tags
aiolabs:main
aiolabs:signer-abstraction
aiolabs:v1.1.0-aio.3
aiolabs:v1.1.0-aio.2
aiolabs:v1.1.0-aio.1
aiolabs:v0.0.1
aiolabs:v1.1.0
aiolabs:1.1.0
aiolabs:v1.0.0
aiolabs:v0.7.1
aiolabs:v0.7.0
aiolabs:v0.6.0
aiolabs:v0.6
aiolabs:v0.5.1
aiolabs:v0.5.0
aiolabs:v0.4.5
aiolabs:v0.4.4
aiolabs:v0.4.3
aiolabs:v0.4.2
aiolabs:v0.4.1
aiolabs:v0.4.0
aiolabs:v0.4
aiolabs:v0.3.6
aiolabs:v0.3.5
aiolabs:v0.3.4
aiolabs:v0.3.3
aiolabs:v0.3.2
aiolabs:v0.3.1
aiolabs:v0.3.1-beta.02
aiolabs:v0.3.1-beta.01
aiolabs:v0.3.0
aiolabs:v0.2.8
aiolabs:v0.2.7.1
aiolabs:v0.2.7
aiolabs:v0.2.6
aiolabs:v0.2.5
aiolabs:v0.2.4
aiolabs:v0.2.3
aiolabs:v0.2.test1
aiolabs:v0.2.1
aiolabs:v0.2
aiolabs:v0.1

14 commits
05ebf042ac ... 16e50d67f9

Author SHA1 Message Date
Padreug
16e50d67f9 Extract provision_merchant() service for shared use
Some checks failed
ci.yml / Extract provision_merchant() service for shared use (pull_request) Failing after 0s
Details 
Both _auto_create_merchant (lazy GET fallback in views_api) and
LNbits' _create_default_merchant (eager signup hook) used to
reimplement merchant + zone + stall creation independently. Moves the
canonical implementation to services.provision_merchant() so both
call sites stay in lockstep — future changes (NIP-17 kind 10050 relay
list, additional default zones, etc.) only happen in one place.

- services.provision_merchant(user_id, wallet_id, public_key,
  private_key, display_name, config): creates merchant if absent,
  default 'Online' zone, default '<username>'s Store' stall, and
  publishes the kind 30017 stall event. Idempotent on the merchant
  pubkey: returns the existing merchant unchanged if one exists.
- views_api._auto_create_merchant: now a 10-line wrapper that loads
  the account, generates fallback keys if missing, then delegates.

The LNbits-side hook (lnbits/core/services/users.py:_create_default_merchant)
will be updated in a companion commit to also call this service.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-03 16:19:52 +02:00
Padreug
83e9660ae5 Auto-create + publish default stall, republish stall on product publish
Some checks failed
ci.yml / Auto-create + publish default stall, republish stall on product publish (pull_request) Failing after 0s
Details 
Two complementary fixes for the "Unknown Stall" bug, where a customer
sees a product on the relay but the parent stall is missing.

1. _auto_create_merchant() now creates a default "<username>'s Store"
   stall and publishes its kind 30017 event before returning. New users
   land with a fully-published merchant identity, so the very first
   product they create has a known parent stall on relays.

2. POST /api/v1/product (api_create_product) now republishes the parent
   stall before publishing the product. NIP-33 parameterized replaceable
   events make this idempotent, but it self-heals every existing case
   where the stall publish failed or never happened (transient relay
   issues, accounts that pre-date the auto-publish flow, manual stall
   creation that didn't reach all relays).

This complements the LNbits-side fix in core/services/users.py
(_create_default_merchant publishes the stall on signup) and the
webapp self-heal in useMarketStallSelfHeal.ts. With all three layers,
"Unknown Stall" should disappear from the customer view.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-03 16:11:15 +02:00
Padreug
3208e89e19 Remove orphaned key import/generate UI
Some checks failed
ci.yml / Remove orphaned key import/generate UI (pull_request) Failing after 0s
Details 
Phase 3 (auto-provision merchant from account keypair) removed the
generateKeys / importKeys methods and the dialog data fields, but
left the dialog templates and dropdown menu items behind. They
referenced importKeyDialog.show and generateKeyDialog.show, which
were now undefined — breaking the merchant dashboard with
"Cannot read properties of undefined (reading 'show')".

Removes:
- The Import Key and Generate New Key dialogs from index.html
- The corresponding dropdown items from merchant-tab.html
- The 'import-key' and 'generate-key' emits from merchant-tab.js
- The dangling @import-key / @generate-key listeners in index.html

Merchants are auto-provisioned from the account keypair on first
GET; key rotation is handled by the migrate-keys feature instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-05-03 15:51:54 +02:00
Padreug
e2fb28e90e Add keypair rotation detection and migration feature
Some checks failed
ci.yml / Add keypair rotation detection and migration feature (pull_request) Failing after 0s
Details 
When a user rotates their Nostr keypair in account settings, the
merchant still holds the old key. This adds:

- key_mismatch flag on MerchantConfig (runtime, not persisted) -
  detected on each GET /api/v1/merchant by comparing account vs
  merchant pubkey
- POST /api/v1/merchant/{id}/migrate-keys endpoint that updates
  the merchant keys, republishes all stalls/products under the new
  identity, and resubscribes
- Warning banner in the UI with a "Migrate Keys" button and
  confirmation dialog
- update_merchant_keys() crud function

Orders and DM history are preserved since they reference customer
pubkeys. Old stall/product events on relays become orphaned.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-27 12:38:00 +02:00
Padreug
8606dce908 Auto-provision merchant from account keypair on first access
Some checks failed
ci.yml / Auto-provision merchant from account keypair on first access (pull_request) Failing after 0s
Details 
The LNbits user account IS the merchant identity. GET /api/v1/merchant
now auto-creates the merchant record using the account's existing Nostr
keypair if one doesn't exist yet, so the extension is immediately
usable without any setup screen.

- Extract _auto_create_merchant() helper used by both GET and POST
- Remove welcome/key-generation screen (replaced with loading spinner)
- Remove dead frontend code (generateKeys, importKeys dialogs)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-27 12:14:40 +02:00
Padreug
1b39744daa Replace NIP-04 messaging with NIP-17 (NIP-44 + NIP-59 gift wrapping)
Some checks failed
ci.yml / Replace NIP-04 messaging with NIP-17 (NIP-44 + NIP-59 gift wrapping) (pull_request) Failing after 0s
Details 
Modernize the entire customer-merchant communication layer from deprecated
NIP-04 (kind 4, AES-256-CBC) to NIP-17 private direct messages using
NIP-44 v2 encryption (ChaCha20 + HMAC-SHA256) and NIP-59 gift wrapping
(rumor/seal/gift-wrap protocol). No backwards compatibility retained.

New modules:
- nostr/nip44.py: NIP-44 v2 encryption verified against official spec vectors
- nostr/nip59.py: NIP-59 gift wrap with wrap/unwrap convenience functions
- tests/: 44 unit tests for NIP-44 and NIP-59

Key changes:
- Subscription filters: kind 4 → kind 1059 gift wraps
- Message handler: _handle_nip04_message → _handle_gift_wrap (unwrap + route)
- send_dm/reply_to_structured_dm: NIP-59 gift wrap to recipient + self-archive
- Merchant model: removed NIP-04 crypto methods (decrypt/encrypt/build_dm_event)
- helpers.py: removed NIP-04 functions, kept Schnorr signing + key normalization
- views_api.py: consolidated DM sending through send_dm() service function

Reliability improvements:
- Event deduplication via bounded LRU set in NostrClient
- Subscription health monitor (resubscribes after 120s of silence)
- Preserved 5-minute lenient time window from prior work

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-27 08:16:55 +02:00
padreug
f85cbaa65e Refactors type hints for clarity
Some checks failed
CI / lint (push) Has been cancelled
Details
/ release (push) Has been cancelled
Details
/ pullrequest (push) Has been cancelled
Details 
Updates type hints in `crud.py`, `helpers.py`, and `models.py` for improved readability and maintainability.

Replaces `Merchant | None` with `Optional[Merchant]` and `list[X]` with `List[X]` for consistency with standard Python typing practices.
 2025-12-31 12:07:51 +01:00
padreug
e0fdada15c Improves Nostr message handling and error logging 
Enhances the processing of Nostr messages by adding more robust error handling and logging, providing better insights into potential issues.

Specifically:
- Improves the checks on the websocket connection to log errors and debug information.
- Implements more comprehensive error logging for failed product quantity checks.
- Enhances logging and validation of EVENT messages to prevent potential errors.
- Implements a more robust merchant lookup logic to avoid double processing of events.
- Implements a more lenient time window for direct message subscriptions.
 2025-12-31 12:06:07 +01:00
padreug
1fd01f8c06 Adds order discovery analysis document 
Adds a document analyzing the order discovery mechanism in Nostrmarket.

The document identifies the reasons merchants need to manually refresh to see new orders, instead of receiving them automatically. It analyzes timing window issues, connection stability, subscription state management, and event processing delays. It proposes solutions such as enhanced persistent subscriptions, periodic auto-refresh, WebSocket health monitoring, and event gap detection.
 2025-12-31 12:06:07 +01:00
padreug
61c2db8e80 Enhances websocket connection robustness 
Improves websocket connection reliability by predefining the websocket URL and handling potential queueing errors.

This change also updates the websocket close message for clarity.
 2025-12-31 12:06:07 +01:00
padreug
0fec454006 TEMP: set merchant active to True by default 2025-12-31 12:06:07 +01:00
padreug
7245123e49 Improve merchant creation with automatic keypair generation 
Enhance the merchant creation process by automatically generating Nostr keypairs
for users who don't have them, and streamline the API interface.

Changes:
- Add CreateMerchantRequest model to simplify merchant creation API
- Auto-generate Nostr keypairs for users without existing keys
- Update merchant creation endpoint to use user account keypairs
- Improve error handling and validation in merchant creation flow
- Clean up frontend JavaScript for merchant creation

This ensures all merchants have proper Nostr keypairs for marketplace
functionality without requiring manual key management from users.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-31 12:04:22 +01:00
padreug
7c7d6c7953 interactive rebase commit, clean logs 2025-12-31 11:55:28 +01:00
padreug
631675d2a0 add DEBUG logs 2025-12-31 11:55:28 +01:00
19 changed files with 1672 additions and 536 deletions
Download patch file Download diff file Expand all files Collapse all files

17
__init__.py
View file

@ -27,7 +27,11 @@ def nostrmarket_renderer():
nostr_client: NostrClient = NostrClient()
from .tasks import wait_for_nostr_events, wait_for_paid_invoices # noqa
from .tasks import ( # noqa
subscription_health_monitor,
wait_for_nostr_events,
wait_for_paid_invoices,
)
from .views import * # noqa
from .views_api import * # noqa
@ -65,4 +69,13 @@ def nostrmarket_start():
task3 = create_permanent_unique_task(
"ext_nostrmarket_wait_for_events", _wait_for_nostr_events
)
scheduled_tasks.extend([task1, task2, task3])
async def _health_monitor():
# start after the subscription is active
await asyncio.sleep(20)
await subscription_health_monitor(nostr_client)
task4 = create_permanent_unique_task(
"ext_nostrmarket_health_monitor", _health_monitor
)
scheduled_tasks.extend([task1, task2, task3, task4])

89
crud.py
View file

@ -1,4 +1,5 @@
import json
from typing import List, Optional, Tuple
from lnbits.helpers import urlsafe_short_hash
@ -43,7 +44,7 @@ async def create_merchant(user_id: str, m: PartialMerchant) -> Merchant:
async def update_merchant(
user_id: str, merchant_id: str, config: MerchantConfig
) -> Merchant | None:
) -> Optional[Merchant]:
await db.execute(
f"""
UPDATE nostrmarket.merchants SET meta = :meta, time = {db.timestamp_now}
@ -54,7 +55,27 @@ async def update_merchant(
return await get_merchant(user_id, merchant_id)
async def touch_merchant(user_id: str, merchant_id: str) -> Merchant | None:
async def update_merchant_keys(
user_id: str, merchant_id: str, private_key: str, public_key: str
) -> Optional[Merchant]:
await db.execute(
f"""
UPDATE nostrmarket.merchants
SET private_key = :private_key, public_key = :public_key,
time = {db.timestamp_now}
WHERE id = :id AND user_id = :user_id
""",
{
"private_key": private_key,
"public_key": public_key,
"id": merchant_id,
"user_id": user_id,
},
)
return await get_merchant(user_id, merchant_id)
async def touch_merchant(user_id: str, merchant_id: str) -> Optional[Merchant]:
await db.execute(
f"""
UPDATE nostrmarket.merchants SET time = {db.timestamp_now}
@ -65,7 +86,7 @@ async def touch_merchant(user_id: str, merchant_id: str) -> Merchant | None:
return await get_merchant(user_id, merchant_id)
async def get_merchant(user_id: str, merchant_id: str) -> Merchant | None:
async def get_merchant(user_id: str, merchant_id: str) -> Optional[Merchant]:
row: dict = await db.fetchone(
"""SELECT * FROM nostrmarket.merchants WHERE user_id = :user_id AND id = :id""",
{
@ -77,7 +98,7 @@ async def get_merchant(user_id: str, merchant_id: str) -> Merchant | None:
return Merchant.from_row(row) if row else None
async def get_merchant_by_pubkey(public_key: str) -> Merchant | None:
async def get_merchant_by_pubkey(public_key: str) -> Optional[Merchant]:
row: dict = await db.fetchone(
"""SELECT * FROM nostrmarket.merchants WHERE public_key = :public_key""",
{"public_key": public_key},
@ -86,7 +107,7 @@ async def get_merchant_by_pubkey(public_key: str) -> Merchant | None:
return Merchant.from_row(row) if row else None
async def get_merchants_ids_with_pubkeys() -> list[tuple[str, str]]:
async def get_merchants_ids_with_pubkeys() -> List[Tuple[str, str]]:
rows: list[dict] = await db.fetchall(
"""SELECT id, public_key FROM nostrmarket.merchants""",
)
@ -94,7 +115,7 @@ async def get_merchants_ids_with_pubkeys() -> list[tuple[str, str]]:
return [(row["id"], row["public_key"]) for row in rows]
async def get_merchant_for_user(user_id: str) -> Merchant | None:
async def get_merchant_for_user(user_id: str) -> Optional[Merchant]:
row: dict = await db.fetchone(
"""SELECT * FROM nostrmarket.merchants WHERE user_id = :user_id """,
{"user_id": user_id},
@ -137,7 +158,7 @@ async def create_zone(merchant_id: str, data: Zone) -> Zone:
return zone
async def update_zone(merchant_id: str, z: Zone) -> Zone | None:
async def update_zone(merchant_id: str, z: Zone) -> Optional[Zone]:
await db.execute(
"""
UPDATE nostrmarket.zones
@ -156,7 +177,7 @@ async def update_zone(merchant_id: str, z: Zone) -> Zone | None:
return await get_zone(merchant_id, z.id)
async def get_zone(merchant_id: str, zone_id: str) -> Zone | None:
async def get_zone(merchant_id: str, zone_id: str) -> Optional[Zone]:
row: dict = await db.fetchone(
"SELECT * FROM nostrmarket.zones WHERE merchant_id = :merchant_id AND id = :id",
{
@ -167,7 +188,7 @@ async def get_zone(merchant_id: str, zone_id: str) -> Zone | None:
return Zone.from_row(row) if row else None
async def get_zones(merchant_id: str) -> list[Zone]:
async def get_zones(merchant_id: str) -> List[Zone]:
rows: list[dict] = await db.fetchall(
"SELECT * FROM nostrmarket.zones WHERE merchant_id = :merchant_id",
{"merchant_id": merchant_id},
@ -234,7 +255,7 @@ async def create_stall(merchant_id: str, data: Stall) -> Stall:
return stall
async def get_stall(merchant_id: str, stall_id: str) -> Stall | None:
async def get_stall(merchant_id: str, stall_id: str) -> Optional[Stall]:
row: dict = await db.fetchone(
"""
SELECT * FROM nostrmarket.stalls
@ -248,7 +269,7 @@ async def get_stall(merchant_id: str, stall_id: str) -> Stall | None:
return Stall.from_row(row) if row else None
async def get_stalls(merchant_id: str, pending: bool | None = False) -> list[Stall]:
async def get_stalls(merchant_id: str, pending: Optional[bool] = False) -> List[Stall]:
rows: list[dict] = await db.fetchall(
"""
SELECT * FROM nostrmarket.stalls
@ -273,7 +294,7 @@ async def get_last_stall_update_time() -> int:
return row["event_created_at"] or 0 if row else 0
async def update_stall(merchant_id: str, stall: Stall) -> Stall | None:
async def update_stall(merchant_id: str, stall: Stall) -> Optional[Stall]:
await db.execute(
"""
UPDATE nostrmarket.stalls
@ -397,7 +418,9 @@ async def update_product(merchant_id: str, product: Product) -> Product:
return updated_product
async def update_product_quantity(product_id: str, new_quantity: int) -> Product | None:
async def update_product_quantity(
product_id: str, new_quantity: int
) -> Optional[Product]:
await db.execute(
"""
UPDATE nostrmarket.products SET quantity = :quantity
@ -412,7 +435,7 @@ async def update_product_quantity(product_id: str, new_quantity: int) -> Product
return Product.from_row(row) if row else None
async def get_product(merchant_id: str, product_id: str) -> Product | None:
async def get_product(merchant_id: str, product_id: str) -> Optional[Product]:
row: dict = await db.fetchone(
"""
SELECT * FROM nostrmarket.products
@ -428,8 +451,8 @@ async def get_product(merchant_id: str, product_id: str) -> Product | None:
async def get_products(
merchant_id: str, stall_id: str, pending: bool | None = False
) -> list[Product]:
merchant_id: str, stall_id: str, pending: Optional[bool] = False
) -> List[Product]:
rows: list[dict] = await db.fetchall(
"""
SELECT * FROM nostrmarket.products
@ -442,8 +465,8 @@ async def get_products(
async def get_products_by_ids(
merchant_id: str, product_ids: list[str]
) -> list[Product]:
merchant_id: str, product_ids: List[str]
) -> List[Product]:
# todo: revisit
keys = []
@ -464,7 +487,7 @@ async def get_products_by_ids(
return [Product.from_row(row) for row in rows]
async def get_wallet_for_product(product_id: str) -> str | None:
async def get_wallet_for_product(product_id: str) -> Optional[str]:
row: dict = await db.fetchone(
"""
SELECT s.wallet as wallet FROM nostrmarket.products p
@ -571,7 +594,7 @@ async def create_order(merchant_id: str, o: Order) -> Order:
return order
async def get_order(merchant_id: str, order_id: str) -> Order | None:
async def get_order(merchant_id: str, order_id: str) -> Optional[Order]:
row: dict = await db.fetchone(
"""
SELECT * FROM nostrmarket.orders
@ -585,7 +608,7 @@ async def get_order(merchant_id: str, order_id: str) -> Order | None:
return Order.from_row(row) if row else None
async def get_order_by_event_id(merchant_id: str, event_id: str) -> Order | None:
async def get_order_by_event_id(merchant_id: str, event_id: str) -> Optional[Order]:
row: dict = await db.fetchone(
"""
SELECT * FROM nostrmarket.orders
@ -599,7 +622,7 @@ async def get_order_by_event_id(merchant_id: str, event_id: str) -> Order | None
return Order.from_row(row) if row else None
async def get_orders(merchant_id: str, **kwargs) -> list[Order]:
async def get_orders(merchant_id: str, **kwargs) -> List[Order]:
q = " AND ".join(
[
f"{field[0]} = :{field[0]}"
@ -626,7 +649,7 @@ async def get_orders(merchant_id: str, **kwargs) -> list[Order]:
async def get_orders_for_stall(
merchant_id: str, stall_id: str, **kwargs
) -> list[Order]:
) -> List[Order]:
q = " AND ".join(
[
f"{field[0]} = :{field[0]}"
@ -652,7 +675,7 @@ async def get_orders_for_stall(
return [Order.from_row(row) for row in rows]
async def update_order(merchant_id: str, order_id: str, **kwargs) -> Order | None:
async def update_order(merchant_id: str, order_id: str, **kwargs) -> Optional[Order]:
q = ", ".join(
[
f"{field[0]} = :{field[0]}"
@ -676,7 +699,7 @@ async def update_order(merchant_id: str, order_id: str, **kwargs) -> Order | Non
return await get_order(merchant_id, order_id)
async def update_order_paid_status(order_id: str, paid: bool) -> Order | None:
async def update_order_paid_status(order_id: str, paid: bool) -> Optional[Order]:
await db.execute(
"UPDATE nostrmarket.orders SET paid = :paid WHERE id = :id",
{"paid": paid, "id": order_id},
@ -690,7 +713,7 @@ async def update_order_paid_status(order_id: str, paid: bool) -> Order | None:
async def update_order_shipped_status(
merchant_id: str, order_id: str, shipped: bool
) -> Order | None:
) -> Optional[Order]:
await db.execute(
"""
UPDATE nostrmarket.orders
@ -754,7 +777,7 @@ async def create_direct_message(
return msg
async def get_direct_message(merchant_id: str, dm_id: str) -> DirectMessage | None:
async def get_direct_message(merchant_id: str, dm_id: str) -> Optional[DirectMessage]:
row: dict = await db.fetchone(
"""
SELECT * FROM nostrmarket.direct_messages
@ -770,7 +793,7 @@ async def get_direct_message(merchant_id: str, dm_id: str) -> DirectMessage | No
async def get_direct_message_by_event_id(
merchant_id: str, event_id: str
) -> DirectMessage | None:
) -> Optional[DirectMessage]:
row: dict = await db.fetchone(
"""
SELECT * FROM nostrmarket.direct_messages
@ -784,7 +807,7 @@ async def get_direct_message_by_event_id(
return DirectMessage.from_row(row) if row else None
async def get_direct_messages(merchant_id: str, public_key: str) -> list[DirectMessage]:
async def get_direct_messages(merchant_id: str, public_key: str) -> List[DirectMessage]:
rows: list[dict] = await db.fetchall(
"""
SELECT * FROM nostrmarket.direct_messages
@ -796,7 +819,7 @@ async def get_direct_messages(merchant_id: str, public_key: str) -> list[DirectM
return [DirectMessage.from_row(row) for row in rows]
async def get_orders_from_direct_messages(merchant_id: str) -> list[DirectMessage]:
async def get_orders_from_direct_messages(merchant_id: str) -> List[DirectMessage]:
rows: list[dict] = await db.fetchall(
"""
SELECT * FROM nostrmarket.direct_messages
@ -857,7 +880,7 @@ async def create_customer(merchant_id: str, data: Customer) -> Customer:
return customer
async def get_customer(merchant_id: str, public_key: str) -> Customer | None:
async def get_customer(merchant_id: str, public_key: str) -> Optional[Customer]:
row: dict = await db.fetchone(
"""
SELECT * FROM nostrmarket.customers
@ -871,7 +894,7 @@ async def get_customer(merchant_id: str, public_key: str) -> Customer | None:
return Customer.from_row(row) if row else None
async def get_customers(merchant_id: str) -> list[Customer]:
async def get_customers(merchant_id: str) -> List[Customer]:
rows: list[dict] = await db.fetchall(
"SELECT * FROM nostrmarket.customers WHERE merchant_id = :merchant_id",
{"merchant_id": merchant_id},
@ -879,7 +902,7 @@ async def get_customers(merchant_id: str) -> list[Customer]:
return [Customer.from_row(row) for row in rows]
async def get_all_unique_customers() -> list[Customer]:
async def get_all_unique_customers() -> List[Customer]:
q = """
SELECT public_key, MAX(merchant_id) as merchant_id, MAX(event_created_at)
FROM nostrmarket.customers

2
description.md
View file

@ -9,4 +9,4 @@ The Nostr Market extension includes:
- A merchant client to manage products, sales and communication with customers.
- A customer client to find and order products from merchants, communicate with merchants and track status of ordered products.
All communication happens over NIP04 encrypted DMs.
All communication happens over NIP-17 private direct messages (NIP-44 encryption + NIP-59 gift wrapping).

60
helpers.py
View file

@ -1,54 +1,5 @@
import base64
import secrets
import coincurve
from bech32 import bech32_decode, convertbits
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
def get_shared_secret(privkey: str, pubkey: str):
pk = coincurve.PublicKey(bytes.fromhex("02" + pubkey))
sk = coincurve.PrivateKey(bytes.fromhex(privkey))
shared_point = pk.multiply(sk.secret)
shared_point_bytes = shared_point.format(compressed=False)
x_coord = shared_point_bytes[1:33]
return x_coord
def decrypt_message(encoded_message: str, encryption_key) -> str:
encoded_data = encoded_message.split("?iv=")
if len(encoded_data) == 1:
return encoded_data[0]
encoded_content, encoded_iv = encoded_data[0], encoded_data[1]
iv = base64.b64decode(encoded_iv)
cipher = Cipher(algorithms.AES(encryption_key), modes.CBC(iv))
encrypted_content = base64.b64decode(encoded_content)
decryptor = cipher.decryptor()
decrypted_message = decryptor.update(encrypted_content) + decryptor.finalize()
unpadder = padding.PKCS7(128).unpadder()
unpadded_data = unpadder.update(decrypted_message) + unpadder.finalize()
return unpadded_data.decode()
def encrypt_message(message: str, encryption_key, iv: bytes | None = None) -> str:
padder = padding.PKCS7(128).padder()
padded_data = padder.update(message.encode()) + padder.finalize()
iv = iv if iv else secrets.token_bytes(16)
cipher = Cipher(algorithms.AES(encryption_key), modes.CBC(iv))
encryptor = cipher.encryptor()
encrypted_message = encryptor.update(padded_data) + encryptor.finalize()
base64_message = base64.b64encode(encrypted_message).decode()
base64_iv = base64.b64encode(iv).decode()
return f"{base64_message}?iv={base64_iv}"
def sign_message_hash(private_key: str, hash_: bytes) -> str:
@ -57,17 +8,6 @@ def sign_message_hash(private_key: str, hash_: bytes) -> str:
return sig.hex()
def test_decrypt_encrypt(encoded_message: str, encryption_key):
msg = decrypt_message(encoded_message, encryption_key)
# ecrypt using the same initialisation vector
iv = base64.b64decode(encoded_message.split("?iv=")[1])
ecrypted_msg = encrypt_message(msg, encryption_key, iv)
assert (
encoded_message == ecrypted_msg
), f"expected '{encoded_message}', but got '{ecrypted_msg}'"
def normalize_public_key(pubkey: str) -> str:
if pubkey.startswith("npub1"):
_, decoded_data = bech32_decode(pubkey)

320
misc-docs/ORDER-DISCOVERY-ANALYSIS.md Normal file
View file

@ -0,0 +1,320 @@
# Nostrmarket Order Discovery Analysis
## Executive Summary
This document analyzes the order discovery mechanism in the Nostrmarket extension and identifies why merchants must manually refresh to see new orders instead of receiving them automatically through persistent subscriptions.
---
## Current Architecture
### Two Subscription Systems
The Nostrmarket extension implements two distinct subscription mechanisms for receiving Nostr events:
#### 1. **Persistent Subscriptions (Background Task)**
**Purpose**: Continuous monitoring for new orders, products, and merchant events
**Implementation**:
- Runs via `wait_for_nostr_events()` background task
- Initiated on extension startup (15-second delay)
- Creates subscription ID: `nostrmarket-{hash}`
- Monitors all merchant public keys continuously
**Code Location**: `/nostrmarket/tasks.py:37-49`
```python
async def wait_for_nostr_events(nostr_client: NostrClient):
while True:
try:
await subscribe_to_all_merchants()
while True:
message = await nostr_client.get_event()
await process_nostr_message(message)
```
**Subscription Filters**:
- Direct messages (kind 4) - for orders
- Stall events (kind 30017)
- Product events (kind 30018)
- Profile updates (kind 0)
#### 2. **Temporary Subscriptions (Manual Refresh)**
**Purpose**: Catch up on missed events when merchant clicks "Refresh from Nostr"
**Implementation**:
- Duration: 10 seconds only
- Triggered by user action
- Creates subscription ID: `merchant-{hash}`
- Fetches ALL events from time=0
**Code Location**: `/nostrmarket/nostr/nostr_client.py:100-120`
```python
async def merchant_temp_subscription(self, pk, duration=10):
dm_filters = self._filters_for_direct_messages([pk], 0)
# ... creates filters with time=0 (all history)
await self.send_req_queue.put(["REQ", subscription_id] + merchant_filters)
asyncio.create_task(unsubscribe_with_delay(subscription_id, duration))
```
---
## Problem Identification
### Why Manual Refresh is Required
#### **Issue 1: Timing Window Problem**
The persistent subscription uses timestamps from the last database update:
```python
async def subscribe_to_all_merchants():
last_dm_time = await get_last_direct_messages_created_at()
last_stall_time = await get_last_stall_update_time()
last_prod_time = await get_last_product_update_time()
await nostr_client.subscribe_merchants(
public_keys, last_dm_time, last_stall_time, last_prod_time, 0
)
```
**Problem**: Events that occur between:
- The last database update time
- When the subscription becomes active
...are potentially missed
#### **Issue 2: Connection Stability**
The WebSocket connection between components may be unstable:
```
[Nostrmarket] <--WebSocket--> [Nostrclient] <--WebSocket--> [Nostr Relays]
Extension Extension (Global)
```
**Potential failure points**:
1. Connection drops between nostrmarket → nostrclient
2. Connection drops between nostrclient → relays
3. Reconnection doesn't re-establish subscriptions
#### **Issue 3: Subscription State Management**
**Current behavior**:
- Single persistent subscription per merchant
- No automatic resubscription on failure
- No heartbeat/keepalive mechanism
- No verification that subscription is active
#### **Issue 4: Event Processing Delays**
The startup sequence has intentional delays:
```python
async def _subscribe_to_nostr_client():
await asyncio.sleep(10) # Wait for nostrclient
await nostr_client.run_forever()
async def _wait_for_nostr_events():
await asyncio.sleep(15) # Wait for extension init
await wait_for_nostr_events(nostr_client)
```
**Problem**: Orders arriving during initialization are missed
---
## Why Manual Refresh Works
The temporary subscription succeeds because:
1. **Fetches from time=0**: Gets ALL historical events
2. **Fresh connection**: Creates new subscription request
3. **Immediate processing**: No startup delays
4. **Direct feedback**: User sees results immediately
```python
# Temporary subscription uses time=0 (all events)
dm_filters = self._filters_for_direct_messages([pk], 0) # ← 0 means all time
# Persistent subscription uses last update time
dm_filters = self._filters_for_direct_messages(public_keys, dm_time) # ← can miss events
```
---
## Impact Analysis
### User Experience Issues
1. **Merchants miss orders** without manual refresh
2. **No real-time notifications** for new orders
3. **Uncertainty** about order status
4. **Extra manual steps** required
5. **Delayed order fulfillment**
### Technical Implications
1. **Not truly decentralized** - requires active monitoring
2. **Scalability concerns** - manual refresh doesn't scale
3. **Reliability issues** - depends on user action
4. **Performance overhead** - fetching all events repeatedly
---
## Recommended Solutions
### Solution A: Enhanced Persistent Subscriptions
**Implement redundant subscription mechanisms:**
```python
class EnhancedSubscriptionManager:
def __init__(self):
self.last_heartbeat = time.time()
self.subscription_active = False
async def maintain_subscription(self):
while True:
if not self.subscription_active or \
time.time() - self.last_heartbeat > 30:
await self.resubscribe_with_overlap()
await asyncio.sleep(10)
async def resubscribe_with_overlap(self):
# Use timestamp with 5-minute overlap
overlap_time = int(time.time()) - 300
await subscribe_to_all_merchants(since=overlap_time)
```
### Solution B: Periodic Auto-Refresh
**Add automatic temporary subscriptions:**
```python
async def auto_refresh_loop():
while True:
await asyncio.sleep(60) # Every minute
merchants = await get_all_active_merchants()
for merchant in merchants:
await merchant_temp_subscription(merchant.pubkey, duration=5)
```
### Solution C: WebSocket Health Monitoring
**Implement connection health checks:**
```python
class WebSocketHealthMonitor:
async def check_connection_health(self):
try:
# Send ping to nostrclient
response = await nostr_client.ping(timeout=5)
if not response:
await self.reconnect_and_resubscribe()
except Exception:
await self.reconnect_and_resubscribe()
```
### Solution D: Event Gap Detection
**Detect and fill gaps in event sequence:**
```python
async def detect_event_gaps():
# Check for gaps in event timestamps
last_known = await get_last_event_time()
current_time = int(time.time())
if current_time - last_known > 60: # 1 minute gap
# Perform temporary subscription to fill gap
await fetch_missing_events(since=last_known)
```
---
## Implementation Priority
### Phase 1: Quick Fixes (1-2 days)
1. [DONE] Increase temp subscription duration (10s → 30s)
2. [DONE] Add connection health logging
3. [DONE] Reduce startup delays
### Phase 2: Reliability (3-5 days)
1. [TODO] Implement subscription heartbeat
2. [TODO] Add automatic resubscription on failure
3. [TODO] Create event gap detection
### Phase 3: Full Solution (1-2 weeks)
1. [TODO] WebSocket connection monitoring
2. [TODO] Redundant subscription system
3. [TODO] Real-time order notifications
4. [TODO] Event deduplication logic
---
## Testing Recommendations
### Test Scenarios
1. **Order during startup**: Send order within 15 seconds of server start
2. **Long-running test**: Keep server running for 24 hours, send periodic orders
3. **Connection interruption**: Disconnect nostrclient, send order, reconnect
4. **High volume**: Send 100 orders rapidly
5. **Network latency**: Add artificial delay between components
### Monitoring Metrics
- Time between order sent → order discovered
- Percentage of orders requiring manual refresh
- WebSocket connection uptime
- Subscription success rate
- Event processing latency
---
## Conclusion
The current order discovery system relies on manual refresh due to:
1. **Timing gaps** in persistent subscriptions
2. **Connection stability** issues
3. **Lack of redundancy** in subscription management
4. **No automatic recovery** mechanisms
While the temporary subscription (manual refresh) provides a workaround, a proper solution requires implementing connection monitoring, subscription health checks, and automatic gap-filling mechanisms to ensure reliable real-time order discovery.
---
## Appendix: Code References
### Key Files
- `/nostrmarket/tasks.py` - Background task management
- `/nostrmarket/nostr/nostr_client.py` - Nostr client implementation
- `/nostrmarket/services.py` - Order processing logic
- `/nostrmarket/views_api.py` - API endpoints for refresh
### Relevant Functions
- `wait_for_nostr_events()` - Main event loop
- `subscribe_to_all_merchants()` - Persistent subscription
- `merchant_temp_subscription()` - Manual refresh
- `process_nostr_message()` - Event processing
---
_Document prepared: January 2025_
_Analysis based on: Nostrmarket v1.0_
_Status: Active Investigation_

162
models.py
View file

@ -2,17 +2,12 @@ import json
import time
from abc import abstractmethod
from enum import Enum
from typing import Any
from typing import Any, List, Optional, Tuple
from lnbits.utils.exchange_rates import btc_price, fiat_amount_as_satoshis
from pydantic import BaseModel
from .helpers import (
decrypt_message,
encrypt_message,
get_shared_secret,
sign_message_hash,
)
from .helpers import sign_message_hash
from .nostr.event import NostrEvent
######################################## NOSTR ########################################
@ -32,21 +27,28 @@ class Nostrable:
class MerchantProfile(BaseModel):
name: str | None = None
display_name: str | None = None
about: str | None = None
picture: str | None = None
banner: str | None = None
website: str | None = None
nip05: str | None = None
lud16: str | None = None
name: Optional[str] = None
display_name: Optional[str] = None
about: Optional[str] = None
picture: Optional[str] = None
banner: Optional[str] = None
website: Optional[str] = None
nip05: Optional[str] = None
lud16: Optional[str] = None
class MerchantConfig(MerchantProfile):
event_id: str | None = None
event_id: Optional[str] = None
sync_from_nostr: bool = False
active: bool = False
restore_in_progress: bool | None = False
# TODO: switched to True for AIO demo; determine if we leave this as True
active: bool = True
restore_in_progress: Optional[bool] = False
# Set at runtime (not persisted) when account keypair != merchant keypair
key_mismatch: Optional[bool] = False
class CreateMerchantRequest(BaseModel):
config: MerchantConfig = MerchantConfig()
class PartialMerchant(BaseModel):
@ -57,33 +59,11 @@ class PartialMerchant(BaseModel):
class Merchant(PartialMerchant, Nostrable):
id: str
time: int | None = 0
time: Optional[int] = 0
def sign_hash(self, hash_: bytes) -> str:
return sign_message_hash(self.private_key, hash_)
def decrypt_message(self, encrypted_message: str, public_key: str) -> str:
encryption_key = get_shared_secret(self.private_key, public_key)
return decrypt_message(encrypted_message, encryption_key)
def encrypt_message(self, clear_text_message: str, public_key: str) -> str:
encryption_key = get_shared_secret(self.private_key, public_key)
return encrypt_message(clear_text_message, encryption_key)
def build_dm_event(self, message: str, to_pubkey: str) -> NostrEvent:
content = self.encrypt_message(message, to_pubkey)
event = NostrEvent(
pubkey=self.public_key,
created_at=round(time.time()),
kind=4,
tags=[["p", to_pubkey]],
content=content,
)
event.id = event.event_id
event.sig = self.sign_hash(bytes.fromhex(event.id))
return event
@classmethod
def from_row(cls, row: dict) -> "Merchant":
merchant = cls(**row)
@ -139,11 +119,11 @@ class Merchant(PartialMerchant, Nostrable):
######################################## ZONES ########################################
class Zone(BaseModel):
id: str | None = None
name: str | None = None
id: Optional[str] = None
name: Optional[str] = None
currency: str
cost: float
countries: list[str] = []
countries: List[str] = []
@classmethod
def from_row(cls, row: dict) -> "Zone":
@ -156,22 +136,22 @@ class Zone(BaseModel):
class StallConfig(BaseModel):
image_url: str | None = None
description: str | None = None
image_url: Optional[str] = None
description: Optional[str] = None
class Stall(BaseModel, Nostrable):
id: str | None = None
id: Optional[str] = None
wallet: str
name: str
currency: str = "sat"
shipping_zones: list[Zone] = []
shipping_zones: List[Zone] = []
config: StallConfig = StallConfig()
pending: bool = False
"""Last published nostr event for this Stall"""
event_id: str | None = None
event_created_at: int | None = None
event_id: Optional[str] = None
event_created_at: Optional[int] = None
def validate_stall(self):
for z in self.shipping_zones:
@ -229,19 +209,19 @@ class ProductShippingCost(BaseModel):
class ProductConfig(BaseModel):
description: str | None = None
currency: str | None = None
use_autoreply: bool | None = False
autoreply_message: str | None = None
shipping: list[ProductShippingCost] = []
description: Optional[str] = None
currency: Optional[str] = None
use_autoreply: Optional[bool] = False
autoreply_message: Optional[str] = None
shipping: List[ProductShippingCost] = []
class Product(BaseModel, Nostrable):
id: str | None = None
id: Optional[str] = None
stall_id: str
name: str
categories: list[str] = []
images: list[str] = []
categories: List[str] = []
images: List[str] = []
price: float
quantity: int
active: bool = True
@ -249,8 +229,8 @@ class Product(BaseModel, Nostrable):
config: ProductConfig = ProductConfig()
"""Last published nostr event for this Product"""
event_id: str | None = None
event_created_at: int | None = None
event_id: Optional[str] = None
event_created_at: Optional[int] = None
def to_nostr_event(self, pubkey: str) -> NostrEvent:
content = {
@ -307,7 +287,7 @@ class ProductOverview(BaseModel):
id: str
name: str
price: float
product_shipping_cost: float | None = None
product_shipping_cost: Optional[float] = None
@classmethod
def from_product(cls, p: Product) -> "ProductOverview":
@ -324,21 +304,21 @@ class OrderItem(BaseModel):
class OrderContact(BaseModel):
nostr: str | None = None
phone: str | None = None
email: str | None = None
nostr: Optional[str] = None
phone: Optional[str] = None
email: Optional[str] = None
class OrderExtra(BaseModel):
products: list[ProductOverview]
products: List[ProductOverview]
currency: str
btc_price: str
shipping_cost: float = 0
shipping_cost_sat: float = 0
fail_message: str | None = None
fail_message: Optional[str] = None
@classmethod
async def from_products(cls, products: list[Product]):
async def from_products(cls, products: List[Product]):
currency = products[0].config.currency if len(products) else "sat"
exchange_rate = (
await btc_price(currency) if currency and currency != "sat" else 1
@ -354,19 +334,19 @@ class OrderExtra(BaseModel):
class PartialOrder(BaseModel):
id: str
event_id: str | None = None
event_created_at: int | None = None
event_id: Optional[str] = None
event_created_at: Optional[int] = None
public_key: str
merchant_public_key: str
shipping_id: str
items: list[OrderItem]
contact: OrderContact | None = None
address: str | None = None
items: List[OrderItem]
contact: Optional[OrderContact] = None
address: Optional[str] = None
def validate_order(self):
assert len(self.items) != 0, f"Order has no items. Order: '{self.id}'"
def validate_order_items(self, product_list: list[Product]):
def validate_order_items(self, product_list: List[Product]):
assert len(self.items) != 0, f"Order has no items. Order: '{self.id}'"
assert (
len(product_list) != 0
@ -387,8 +367,8 @@ class PartialOrder(BaseModel):
)
async def costs_in_sats(
self, products: list[Product], shipping_id: str, stall_shipping_cost: float
) -> tuple[float, float]:
self, products: List[Product], shipping_id: str, stall_shipping_cost: float
) -> Tuple[float, float]:
product_prices = {}
for p in products:
product_shipping_cost = next(
@ -417,7 +397,7 @@ class PartialOrder(BaseModel):
return product_cost, stall_shipping_cost
def receipt(
self, products: list[Product], shipping_id: str, stall_shipping_cost: float
self, products: List[Product], shipping_id: str, stall_shipping_cost: float
) -> str:
if len(products) == 0:
return "[No Products]"
@ -466,7 +446,7 @@ class Order(PartialOrder):
total: float
paid: bool = False
shipped: bool = False
time: int | None = None
time: Optional[int] = None
extra: OrderExtra
@classmethod
@ -480,14 +460,14 @@ class Order(PartialOrder):
class OrderStatusUpdate(BaseModel):
id: str
message: str | None = None
paid: bool | None = False
shipped: bool | None = None
message: Optional[str] = None
paid: Optional[bool] = False
shipped: Optional[bool] = None
class OrderReissue(BaseModel):
id: str
shipping_id: str | None = None
shipping_id: Optional[str] = None
class PaymentOption(BaseModel):
@ -497,8 +477,8 @@ class PaymentOption(BaseModel):
class PaymentRequest(BaseModel):
id: str
message: str | None = None
payment_options: list[PaymentOption]
message: Optional[str] = None
payment_options: List[PaymentOption]
######################################## MESSAGE #######################################
@ -514,16 +494,16 @@ class DirectMessageType(Enum):
class PartialDirectMessage(BaseModel):
event_id: str | None = None
event_created_at: int | None = None
event_id: Optional[str] = None
event_created_at: Optional[int] = None
message: str
public_key: str
type: int = DirectMessageType.PLAIN_TEXT.value
incoming: bool = False
time: int | None = None
time: Optional[int] = None
@classmethod
def parse_message(cls, msg) -> tuple[DirectMessageType, Any | None]:
def parse_message(cls, msg) -> Tuple[DirectMessageType, Optional[Any]]:
try:
msg_json = json.loads(msg)
if "type" in msg_json:
@ -546,15 +526,15 @@ class DirectMessage(PartialDirectMessage):
class CustomerProfile(BaseModel):
name: str | None = None
about: str | None = None
name: Optional[str] = None
about: Optional[str] = None
class Customer(BaseModel):
merchant_id: str
public_key: str
event_created_at: int | None = None
profile: CustomerProfile | None = None
event_created_at: Optional[int] = None
profile: Optional[CustomerProfile] = None
unread_messages: int = 0
@classmethod

180
nostr/nip44.py Normal file
View file

@ -0,0 +1,180 @@
"""
NIP-44 v2: Encrypted Payloads (Versioned)
secp256k1 ECDH, HKDF, padding, ChaCha20, HMAC-SHA256, base64
Reference: https://github.com/nostr-protocol/nips/blob/master/44.md
"""
import base64
import hashlib
import hmac
import math
import secrets
import struct
import coincurve
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
from cryptography.hazmat.primitives.kdf.hkdf import HKDFExpand
from cryptography.hazmat.primitives import hashes
VERSION = 2
MIN_PLAINTEXT_SIZE = 1
MAX_PLAINTEXT_SIZE = 65535
def get_conversation_key(private_key_hex: str, public_key_hex: str) -> bytes:
"""
Calculate long-term conversation key between two users via ECDH + HKDF-extract.
Symmetric: get_conversation_key(a, B) == get_conversation_key(b, A)
"""
pk = coincurve.PublicKey(bytes.fromhex("02" + public_key_hex))
sk = coincurve.PrivateKey(bytes.fromhex(private_key_hex))
shared_point = pk.multiply(sk.secret)
shared_x = shared_point.format(compressed=False)[1:33]
# HKDF-extract only (not expand) with salt='nip44-v2'
conversation_key = hmac.new(b"nip44-v2", shared_x, hashlib.sha256).digest()
return conversation_key
def get_message_keys(
conversation_key: bytes, nonce: bytes
) -> tuple[bytes, bytes, bytes]:
"""
Derive per-message keys from conversation_key and nonce using HKDF-expand.
Returns (chacha_key, chacha_nonce, hmac_key).
"""
if len(conversation_key) != 32:
raise ValueError("invalid conversation_key length")
if len(nonce) != 32:
raise ValueError("invalid nonce length")
keys = HKDFExpand(
algorithm=hashes.SHA256(),
length=76,
info=nonce,
).derive(conversation_key)
chacha_key = keys[0:32]
chacha_nonce = keys[32:44]
hmac_key = keys[44:76]
return chacha_key, chacha_nonce, hmac_key
def calc_padded_len(unpadded_len: int) -> int:
"""Calculate padded length using power-of-two chunking."""
if unpadded_len <= 0:
raise ValueError("invalid plaintext length")
if unpadded_len <= 32:
return 32
next_power = 1 << (math.floor(math.log2(unpadded_len - 1)) + 1)
if next_power <= 256:
chunk = 32
else:
chunk = next_power // 8
return chunk * (math.floor((unpadded_len - 1) / chunk) + 1)
def _pad(plaintext: str) -> bytes:
"""Convert plaintext string to padded byte array."""
unpadded = plaintext.encode("utf-8")
unpadded_len = len(unpadded)
if unpadded_len < MIN_PLAINTEXT_SIZE or unpadded_len > MAX_PLAINTEXT_SIZE:
raise ValueError(
f"invalid plaintext length: {unpadded_len} "
f"(must be {MIN_PLAINTEXT_SIZE}..{MAX_PLAINTEXT_SIZE})"
)
prefix = struct.pack(">H", unpadded_len)
padded_len = calc_padded_len(unpadded_len)
suffix = b"\x00" * (padded_len - unpadded_len)
return prefix + unpadded + suffix
def _unpad(padded: bytes) -> str:
"""Convert padded byte array back to plaintext string."""
unpadded_len = struct.unpack(">H", padded[0:2])[0]
unpadded = padded[2 : 2 + unpadded_len]
if (
unpadded_len == 0
or len(unpadded) != unpadded_len
or len(padded) != 2 + calc_padded_len(unpadded_len)
):
raise ValueError("invalid padding")
return unpadded.decode("utf-8")
def _hmac_aad(key: bytes, message: bytes, aad: bytes) -> bytes:
"""HMAC-SHA256 with AAD: hmac(key, aad || message)."""
if len(aad) != 32:
raise ValueError("AAD associated data must be 32 bytes")
return hmac.new(key, aad + message, hashlib.sha256).digest()
def _chacha20(key: bytes, nonce: bytes, data: bytes) -> bytes:
"""ChaCha20 encrypt/decrypt with initial counter = 0."""
# cryptography's ChaCha20 takes a 16-byte nonce: 4-byte counter (LE) + 12-byte nonce
full_nonce = b"\x00\x00\x00\x00" + nonce
cipher = Cipher(algorithms.ChaCha20(key, full_nonce), mode=None)
encryptor = cipher.encryptor()
return encryptor.update(data) + encryptor.finalize()
def _decode_payload(payload: str) -> tuple[bytes, bytes, bytes]:
"""Decode base64 payload into (nonce, ciphertext, mac)."""
plen = len(payload)
if plen == 0 or payload[0] == "#":
raise ValueError("unknown version")
if plen < 132 or plen > 87472:
raise ValueError("invalid payload size")
data = base64.b64decode(payload)
dlen = len(data)
if dlen < 99 or dlen > 65603:
raise ValueError("invalid data size")
vers = data[0]
if vers != VERSION:
raise ValueError(f"unknown version {vers}")
nonce = data[1:33]
ciphertext = data[33 : dlen - 32]
mac = data[dlen - 32 : dlen]
return nonce, ciphertext, mac
def encrypt(
plaintext: str,
conversation_key: bytes,
nonce: bytes | None = None,
) -> str:
"""
Encrypt plaintext using NIP-44 v2.
Returns base64-encoded payload.
"""
if nonce is None:
nonce = secrets.token_bytes(32)
if len(nonce) != 32:
raise ValueError("invalid nonce length")
chacha_key, chacha_nonce, hmac_key = get_message_keys(conversation_key, nonce)
padded = _pad(plaintext)
ciphertext = _chacha20(chacha_key, chacha_nonce, padded)
mac = _hmac_aad(hmac_key, ciphertext, nonce)
return base64.b64encode(
struct.pack("B", VERSION) + nonce + ciphertext + mac
).decode("ascii")
def decrypt(payload: str, conversation_key: bytes) -> str:
"""
Decrypt a NIP-44 v2 base64 payload.
Returns plaintext string.
"""
nonce, ciphertext, mac = _decode_payload(payload)
chacha_key, chacha_nonce, hmac_key = get_message_keys(conversation_key, nonce)
calculated_mac = _hmac_aad(hmac_key, ciphertext, nonce)
if not hmac.compare_digest(calculated_mac, mac):
raise ValueError("invalid MAC")
padded_plaintext = _chacha20(chacha_key, chacha_nonce, ciphertext)
return _unpad(padded_plaintext)

178
nostr/nip59.py Normal file
View file

@ -0,0 +1,178 @@
"""
NIP-59: Gift Wrap
Three-layer protocol for metadata-protected messaging:
1. Rumor (unsigned event) carries content, deniable if leaked
2. Seal (kind 13) encrypts rumor, signed by author, no recipient metadata
3. Gift Wrap (kind 1059) encrypts seal with ephemeral key, has recipient p-tag
Reference: https://github.com/nostr-protocol/nips/blob/master/59.md
"""
import json
import secrets
import time
from typing import Optional
import coincurve
from .event import NostrEvent
from .nip44 import decrypt as nip44_decrypt
from .nip44 import encrypt as nip44_encrypt
from .nip44 import get_conversation_key
TWO_DAYS = 2 * 24 * 60 * 60
def _random_past_timestamp() -> int:
"""Generate a timestamp randomly in the past 0-2 days for metadata protection."""
return int(time.time()) - secrets.randbelow(TWO_DAYS)
def _sign_event(event: NostrEvent, private_key_hex: str) -> NostrEvent:
"""Compute event id and sign it."""
event.id = event.event_id
sk = coincurve.PrivateKey(bytes.fromhex(private_key_hex))
event.sig = sk.sign_schnorr(bytes.fromhex(event.id)).hex()
return event
def _pubkey_from_privkey(private_key_hex: str) -> str:
"""Derive x-only public key hex from private key hex."""
sk = coincurve.PrivateKey(bytes.fromhex(private_key_hex))
return sk.public_key.format(compressed=True)[1:].hex()
def create_rumor(
pubkey: str,
content: str,
kind: int = 14,
tags: Optional[list[list[str]]] = None,
created_at: Optional[int] = None,
) -> NostrEvent:
"""
Create an unsigned rumor event.
The event has an id but no signature, making it deniable.
"""
event = NostrEvent(
pubkey=pubkey,
created_at=created_at or int(time.time()),
kind=kind,
tags=tags or [],
content=content,
)
event.id = event.event_id
# sig intentionally left as None (unsigned)
return event
def create_seal(
rumor: NostrEvent,
sender_privkey: str,
recipient_pubkey: str,
) -> NostrEvent:
"""
Create a kind 13 seal: encrypts the rumor for the recipient.
Signed by the sender. Tags are always empty.
"""
conv_key = get_conversation_key(sender_privkey, recipient_pubkey)
encrypted_rumor = nip44_encrypt(rumor.stringify(), conv_key)
seal = NostrEvent(
pubkey=_pubkey_from_privkey(sender_privkey),
created_at=_random_past_timestamp(),
kind=13,
tags=[],
content=encrypted_rumor,
)
return _sign_event(seal, sender_privkey)
def create_gift_wrap(
seal: NostrEvent,
recipient_pubkey: str,
) -> NostrEvent:
"""
Create a kind 1059 gift wrap: encrypts the seal with an ephemeral key.
The only public metadata is the recipient's p-tag.
"""
ephemeral_privkey = secrets.token_bytes(32).hex()
ephemeral_pubkey = _pubkey_from_privkey(ephemeral_privkey)
conv_key = get_conversation_key(ephemeral_privkey, recipient_pubkey)
encrypted_seal = nip44_encrypt(seal.stringify(), conv_key)
wrap = NostrEvent(
pubkey=ephemeral_pubkey,
created_at=_random_past_timestamp(),
kind=1059,
tags=[["p", recipient_pubkey]],
content=encrypted_seal,
)
return _sign_event(wrap, ephemeral_privkey)
def unwrap_gift_wrap(
gift_wrap: NostrEvent,
recipient_privkey: str,
) -> NostrEvent:
"""
Decrypt a kind 1059 gift wrap to reveal the inner seal.
Uses the recipient's private key and the gift wrap's ephemeral pubkey.
"""
conv_key = get_conversation_key(recipient_privkey, gift_wrap.pubkey)
seal_json = nip44_decrypt(gift_wrap.content, conv_key)
return NostrEvent(**json.loads(seal_json))
def unseal(
seal: NostrEvent,
recipient_privkey: str,
) -> NostrEvent:
"""
Decrypt a kind 13 seal to reveal the inner rumor.
Uses the recipient's private key and the seal's pubkey (the sender).
Validates that the rumor's pubkey matches the seal's pubkey.
"""
conv_key = get_conversation_key(recipient_privkey, seal.pubkey)
rumor_json = nip44_decrypt(seal.content, conv_key)
rumor = NostrEvent(**json.loads(rumor_json))
if rumor.pubkey != seal.pubkey:
raise ValueError(
f"rumor pubkey ({rumor.pubkey}) does not match "
f"seal pubkey ({seal.pubkey})"
)
return rumor
# --- Convenience functions ---
def wrap_message(
content: str,
sender_privkey: str,
sender_pubkey: str,
recipient_pubkey: str,
kind: int = 14,
tags: Optional[list[list[str]]] = None,
) -> NostrEvent:
"""
Full wrap pipeline: create rumor -> seal -> gift wrap.
Returns the gift wrap event ready to publish.
"""
rumor = create_rumor(sender_pubkey, content, kind=kind, tags=tags)
seal = create_seal(rumor, sender_privkey, recipient_pubkey)
return create_gift_wrap(seal, recipient_pubkey)
def unwrap_message(
gift_wrap: NostrEvent,
recipient_privkey: str,
) -> NostrEvent:
"""
Full unwrap pipeline: gift wrap -> seal -> rumor.
Returns the rumor with sender pubkey and plaintext content.
"""
seal = unwrap_gift_wrap(gift_wrap, recipient_privkey)
return unseal(seal, recipient_privkey)

48
nostr/nostr_client.py
View file

@ -1,6 +1,8 @@
import asyncio
import json
import time
from asyncio import Queue
from collections import OrderedDict
from threading import Thread
from typing import Callable, List, Optional
@ -12,6 +14,8 @@ from lnbits.helpers import encrypt_internal_message, urlsafe_short_hash
from .event import NostrEvent
MAX_SEEN_EVENTS = 1000
class NostrClient:
def __init__(self):
@ -20,6 +24,8 @@ class NostrClient:
self.ws: Optional[WebSocketApp] = None
self.subscription_id = "nostrmarket-" + urlsafe_short_hash()[:32]
self.running = False
self._seen_events: OrderedDict[str, None] = OrderedDict()
self.last_event_at: float = 0
@property
def is_websocket_connected(self):
@ -31,9 +37,11 @@ class NostrClient:
logger.debug(f"Connecting to websockets for 'nostrclient' extension...")
relay_endpoint = encrypt_internal_message("relay", urlsafe=True)
ws_url = f"ws://localhost:{settings.port}/nostrclient/api/v1/{relay_endpoint}"
on_open, on_message, on_error, on_close = self._ws_handlers()
ws = WebSocketApp(
f"ws://localhost:{settings.port}/nostrclient/api/v1/{relay_endpoint}",
ws_url,
on_message=on_message,
on_open=on_open,
on_close=on_close,
@ -62,10 +70,21 @@ class NostrClient:
logger.warning(ex)
await asyncio.sleep(60)
def is_duplicate_event(self, event_id: str) -> bool:
"""Check if an event has been seen recently. Returns True if duplicate."""
if event_id in self._seen_events:
return True
self._seen_events[event_id] = None
if len(self._seen_events) > MAX_SEEN_EVENTS:
self._seen_events.popitem(last=False)
return False
async def get_event(self):
value = await self.recieve_event_queue.get()
if isinstance(value, ValueError):
logger.error(f"[NOSTRMARKET] ❌ Queue returned error: {value}")
raise value
self.last_event_at = time.time()
return value
async def publish_nostr_event(self, e: NostrEvent):
@ -91,10 +110,6 @@ class NostrClient:
self.subscription_id = "nostrmarket-" + urlsafe_short_hash()[:32]
await self.send_req_queue.put(["REQ", self.subscription_id] + merchant_filters)
logger.debug(
f"Subscribing to events for: {len(public_keys)} keys. New subscription id: {self.subscription_id}"
)
async def merchant_temp_subscription(self, pk, duration=10):
dm_filters = self._filters_for_direct_messages([pk], 0)
stall_filters = self._filters_for_stall_events([pk], 0)
@ -135,13 +150,13 @@ class NostrClient:
logger.debug(ex)
def _filters_for_direct_messages(self, public_keys: List[str], since: int) -> List:
in_messages_filter = {"kinds": [4], "#p": public_keys}
out_messages_filter = {"kinds": [4], "authors": public_keys}
# NIP-17/NIP-59: subscribe to kind 1059 gift wraps addressed to our merchants.
# With gift wrapping, outgoing messages are self-wrapped (same p-tag filter).
gift_wrap_filter: dict = {"kinds": [1059], "#p": public_keys}
if since and since != 0:
in_messages_filter["since"] = since
out_messages_filter["since"] = since
gift_wrap_filter["since"] = since
return [in_messages_filter, out_messages_filter]
return [gift_wrap_filter]
def _filters_for_stall_events(self, public_keys: List[str], since: int) -> List:
stall_filter = {"kinds": [30017], "authors": public_keys}
@ -175,16 +190,21 @@ class NostrClient:
def _ws_handlers(self):
def on_open(_):
logger.info("Connected to 'nostrclient' websocket")
logger.debug("[NOSTRMARKET DEBUG] ✅ Connected to 'nostrclient' websocket successfully")
def on_message(_, message):
self.recieve_event_queue.put_nowait(message)
logger.debug(f"[NOSTRMARKET DEBUG] 📨 Received websocket message: {message[:200]}...")
try:
self.recieve_event_queue.put_nowait(message)
logger.debug(f"[NOSTRMARKET DEBUG] 📤 Message queued successfully")
except Exception as e:
logger.error(f"[NOSTRMARKET] ❌ Failed to queue message: {e}")
def on_error(_, error):
logger.warning(error)
logger.warning(f"[NOSTRMARKET] ❌ Websocket error: {error}")
def on_close(x, status_code, message):
logger.warning(f"Websocket closed: {x}: '{status_code}' '{message}'")
logger.warning(f"[NOSTRMARKET] 🔌 Websocket closed: {x}: '{status_code}' '{message}'")
# force re-subscribe
self.recieve_event_queue.put_nowait(ValueError("Websocket close."))

261
services.py
View file

@ -1,7 +1,8 @@
import asyncio
import json
from typing import List, Optional, Tuple
from bolt11 import decode
from lnbits.bolt11 import decode
from lnbits.core.crud import get_wallet
from lnbits.core.services import create_invoice, websocket_updater
from loguru import logger
@ -11,9 +12,11 @@ from .crud import (
CustomerProfile,
create_customer,
create_direct_message,
create_merchant,
create_order,
create_product,
create_stall,
create_zone,
get_customer,
get_last_direct_messages_created_at,
get_last_product_update_time,
@ -41,6 +44,7 @@ from .models import (
DirectMessage,
DirectMessageType,
Merchant,
MerchantConfig,
Nostrable,
Order,
OrderContact,
@ -48,22 +52,26 @@ from .models import (
OrderItem,
OrderStatusUpdate,
PartialDirectMessage,
PartialMerchant,
PartialOrder,
PaymentOption,
PaymentRequest,
Product,
Stall,
Zone,
)
from .nostr.event import NostrEvent
from .nostr.nip59 import unwrap_message, wrap_message
async def create_new_order(
merchant_public_key: str, data: PartialOrder
) -> PaymentRequest | None:
) -> Optional[PaymentRequest]:
merchant = await get_merchant_by_pubkey(merchant_public_key)
assert merchant, "Cannot find merchant for order!"
if await get_order(merchant.id, data.id):
existing_order = await get_order(merchant.id, data.id)
if existing_order:
return None
if data.event_id and await get_order_by_event_id(merchant.id, data.event_id):
return None
@ -73,20 +81,24 @@ async def create_new_order(
)
await create_order(merchant.id, order)
return PaymentRequest(
payment_request = PaymentRequest(
id=data.id,
payment_options=[PaymentOption(type="ln", link=invoice)],
message=receipt,
)
return payment_request
async def build_order_with_payment(
merchant_id: str, merchant_public_key: str, data: PartialOrder
):
products = await get_products_by_ids(
merchant_id, [p.product_id for p in data.items]
)
data.validate_order_items(products)
shipping_zone = await get_zone(merchant_id, data.shipping_id)
assert shipping_zone, f"Shipping zone not found for order '{data.id}'"
@ -94,6 +106,7 @@ async def build_order_with_payment(
product_cost_sat, shipping_cost_sat = await data.costs_in_sats(
products, shipping_zone.id, shipping_zone.cost
)
receipt = data.receipt(products, shipping_zone.id, shipping_zone.cost)
wallet_id = await get_wallet_for_product(data.items[0].product_id)
@ -104,11 +117,13 @@ async def build_order_with_payment(
merchant_id, product_ids, data.items
)
if not success:
logger.error(f"[NOSTRMARKET] ❌ Product quantity check failed: {message}")
raise ValueError(message)
total_amount_sat = round(product_cost_sat + shipping_cost_sat)
payment = await create_invoice(
wallet_id=wallet_id,
amount=round(product_cost_sat + shipping_cost_sat),
amount=total_amount_sat,
memo=f"Order '{data.id}' for pubkey '{data.public_key}'",
extra={
"tag": "nostrmarket",
@ -136,7 +151,7 @@ async def update_merchant_to_nostr(
merchant: Merchant, delete_merchant=False
) -> Merchant:
stalls = await get_stalls(merchant.id)
event: NostrEvent | None = None
event: Optional[NostrEvent] = None
for stall in stalls:
assert stall.id
products = await get_products(merchant.id, stall.id)
@ -170,6 +185,72 @@ async def sign_and_send_to_nostr(
return event
async def provision_merchant(
user_id: str,
wallet_id: str,
public_key: str,
private_key: str,
display_name: Optional[str] = None,
config: Optional[MerchantConfig] = None,
) -> Merchant:
"""
Provision a merchant with a default shipping zone and default stall,
and publish the stall to Nostr relays.
Single source of truth used by:
- LNbits user-creation hook (eager, on signup) see
lnbits/core/services/users.py:_create_default_merchant
- nostrmarket views_api._auto_create_merchant (lazy, on first GET
/api/v1/merchant when a merchant is missing).
Idempotent on the merchant: if a merchant with this pubkey already
exists, returns it without recreating zone/stall.
"""
existing = await get_merchant_by_pubkey(public_key)
if existing:
return existing
partial_merchant = PartialMerchant(
private_key=private_key,
public_key=public_key,
config=config or MerchantConfig(),
)
merchant = await create_merchant(user_id, partial_merchant)
online_zone = Zone(
id=f"online-{merchant.public_key}",
name="Online",
currency="sat",
cost=0,
countries=["Free (digital)"],
)
await create_zone(merchant.id, online_zone)
name = display_name or "My"
default_stall = Stall(
wallet=wallet_id,
name=f"{name}'s Store",
currency="sat",
shipping_zones=[online_zone],
)
default_stall = await create_stall(merchant.id, default_stall)
# Publish the kind 30017 stall event so customers' clients can resolve
# the stall name when they fetch products. Non-fatal on failure: a
# later product publish (or webapp self-heal) will retry.
try:
stall_event = await sign_and_send_to_nostr(merchant, default_stall)
default_stall.event_id = stall_event.id
await update_stall(merchant.id, default_stall)
except Exception as ex:
logger.warning(
f"[NOSTRMARKET] Failed to publish default stall for "
f"merchant {merchant.id}: {ex}"
)
return merchant
async def handle_order_paid(order_id: str, merchant_pubkey: str):
try:
order = await update_order_paid_status(order_id, True)
@ -220,7 +301,7 @@ async def notify_client_of_order_status(
async def update_products_for_order(
merchant: Merchant, order: Order
) -> tuple[bool, str]:
) -> Tuple[bool, str]:
product_ids = [i.product_id for i in order.items]
success, products, message = await compute_products_new_quantity(
merchant.id, product_ids, order.items
@ -261,19 +342,34 @@ async def send_dm(
other_pubkey: str,
type_: int,
dm_content: str,
):
dm_event = merchant.build_dm_event(dm_content, other_pubkey)
) -> DirectMessage:
# Wrap message to recipient via NIP-59 gift wrap
gift_wrap = wrap_message(
dm_content,
merchant.private_key,
merchant.public_key,
other_pubkey,
)
dm = PartialDirectMessage(
event_id=dm_event.id,
event_created_at=dm_event.created_at,
event_id=gift_wrap.id,
event_created_at=gift_wrap.created_at,
message=dm_content,
public_key=other_pubkey,
type=type_,
)
dm_reply = await create_direct_message(merchant.id, dm)
await nostr_client.publish_nostr_event(dm_event)
await nostr_client.publish_nostr_event(gift_wrap)
# Also wrap a copy to self for archival
self_wrap = wrap_message(
dm_content,
merchant.private_key,
merchant.public_key,
merchant.public_key,
)
await nostr_client.publish_nostr_event(self_wrap)
await websocket_updater(
merchant.id,
@ -286,11 +382,13 @@ async def send_dm(
),
)
return dm_reply
async def compute_products_new_quantity(
merchant_id: str, product_ids: list[str], items: list[OrderItem]
) -> tuple[bool, list[Product], str]:
products: list[Product] = await get_products_by_ids(merchant_id, product_ids)
merchant_id: str, product_ids: List[str], items: List[OrderItem]
) -> Tuple[bool, List[Product], str]:
products: List[Product] = await get_products_by_ids(merchant_id, product_ids)
for p in products:
required_quantity = next(
@ -313,23 +411,38 @@ async def compute_products_new_quantity(
async def process_nostr_message(msg: str):
try:
type_, *rest = json.loads(msg)
parsed_msg = json.loads(msg)
type_, *rest = parsed_msg
if type_.upper() == "EVENT":
if len(rest) < 2:
logger.warning(f"[NOSTRMARKET] ⚠️ EVENT message missing data: {rest}")
return
_, event = rest
event = NostrEvent(**event)
# Deduplicate events (overlap resubscriptions may deliver duplicates)
if nostr_client.is_duplicate_event(event.id):
return
if event.kind == 0:
await _handle_customer_profile_update(event)
elif event.kind == 4:
await _handle_nip04_message(event)
elif event.kind == 1059:
await _handle_gift_wrap(event)
elif event.kind == 30017:
await _handle_stall(event)
elif event.kind == 30018:
await _handle_product(event)
else:
logger.info(f"[NOSTRMARKET] ❓ Unhandled event kind: {event.kind} - event: {event.id}")
return
else:
logger.info(f"[NOSTRMARKET] 🔄 Non-EVENT message type: {type_}")
except Exception as ex:
logger.debug(ex)
logger.error(f"[NOSTRMARKET] ❌ Error processing nostr message: {ex}")
logger.error(f"[NOSTRMARKET] 📄 Raw message that failed: {msg}")
async def create_or_update_order_from_dm(
@ -410,29 +523,41 @@ async def extract_customer_order_from_dm(
return order
async def _handle_nip04_message(event: NostrEvent):
merchant_public_key = event.pubkey
merchant = await get_merchant_by_pubkey(merchant_public_key)
async def _handle_gift_wrap(event: NostrEvent):
"""Handle an incoming kind 1059 gift wrap event (NIP-59/NIP-17)."""
p_tags = event.tag_values("p")
if not p_tags:
logger.warning(f"[NOSTRMARKET] ⚠️ Gift wrap has no p-tag: {event.id}")
return
# The p-tag identifies the recipient of the gift wrap
recipient_pubkey = p_tags[0]
merchant = await get_merchant_by_pubkey(recipient_pubkey)
if not merchant:
p_tags = event.tag_values("p")
if len(p_tags) and p_tags[0]:
merchant_public_key = p_tags[0]
merchant = await get_merchant_by_pubkey(merchant_public_key)
assert merchant, f"Merchant not found for public key '{merchant_public_key}'"
if event.pubkey == merchant_public_key:
assert len(event.tag_values("p")) != 0, "Outgong message has no 'p' tag"
clear_text_msg = merchant.decrypt_message(
event.content, event.tag_values("p")[0]
logger.warning(
f"[NOSTRMARKET] ⚠️ No merchant found for gift wrap recipient: {recipient_pubkey}"
)
await _handle_outgoing_dms(event, merchant, clear_text_msg)
elif event.has_tag_value("p", merchant_public_key):
clear_text_msg = merchant.decrypt_message(event.content, event.pubkey)
await _handle_incoming_dms(event, merchant, clear_text_msg)
else:
logger.warning(f"Bad NIP04 event: '{event.id}'")
return
try:
rumor = unwrap_message(event, merchant.private_key)
except Exception as ex:
logger.error(f"[NOSTRMARKET] ❌ Failed to unwrap gift wrap {event.id}: {ex}")
return
sender_pubkey = rumor.pubkey
if sender_pubkey == merchant.public_key:
# This is a self-addressed wrap (outgoing message archive)
# Extract the actual recipient from the rumor's p-tags
rumor_p_tags = rumor.tag_values("p")
if rumor_p_tags:
await _handle_outgoing_dms(rumor, merchant, rumor.content)
return
# Incoming message from a customer
await _handle_incoming_dms(rumor, merchant, rumor.content)
async def _handle_incoming_dms(
@ -482,17 +607,18 @@ async def _handle_outgoing_dms(
async def _handle_incoming_structured_dm(
merchant: Merchant, dm: DirectMessage, json_data: dict
) -> tuple[DirectMessageType, str | None]:
) -> Tuple[DirectMessageType, Optional[str]]:
try:
if dm.type == DirectMessageType.CUSTOMER_ORDER.value and merchant.config.active:
json_resp = await _handle_new_order(
merchant.id, merchant.public_key, dm, json_data
)
return DirectMessageType.PAYMENT_REQUEST, json_resp
else:
logger.info(f"[NOSTRMARKET] Skipping order processing - type: {dm.type}, expected: {DirectMessageType.CUSTOMER_ORDER.value}, merchant_active: {merchant.config.active}")
except Exception as ex:
logger.warning(ex)
logger.error(f"[NOSTRMARKET] Error in _handle_incoming_structured_dm: {ex}")
return DirectMessageType.PLAIN_TEXT, None
@ -531,16 +657,21 @@ async def _persist_dm(
async def reply_to_structured_dm(
merchant: Merchant, customer_pubkey: str, dm_type: int, dm_reply: str
):
dm_event = merchant.build_dm_event(dm_reply, customer_pubkey)
gift_wrap = wrap_message(
dm_reply,
merchant.private_key,
merchant.public_key,
customer_pubkey,
)
dm = PartialDirectMessage(
event_id=dm_event.id,
event_created_at=dm_event.created_at,
event_id=gift_wrap.id,
event_created_at=gift_wrap.created_at,
message=dm_reply,
public_key=customer_pubkey,
type=dm_type,
)
await create_direct_message(merchant.id, dm)
await nostr_client.publish_nostr_event(dm_event)
await nostr_client.publish_nostr_event(gift_wrap)
await websocket_updater(
merchant.id,
@ -573,9 +704,31 @@ async def _handle_new_order(
wallet = await get_wallet(wallet_id)
assert wallet, f"Cannot find wallet for product id: {first_product_id}"
payment_req = await create_new_order(merchant_public_key, partial_order)
if payment_req is None:
# Return existing order data instead of creating a failed order
existing_order = await get_order(merchant_id, partial_order.id)
if existing_order and existing_order.invoice_id != "None":
# Order exists with invoice, return existing payment request
duplicate_response = json.dumps({
"type": DirectMessageType.PAYMENT_REQUEST.value,
"id": existing_order.id,
"message": "Order already received and processed",
"payment_options": []
}, separators=(",", ":"), ensure_ascii=False)
return duplicate_response
else:
# Order exists but no invoice, skip processing
logger.info(f"[NOSTRMARKET] Order exists but no invoice, returning empty string")
return ""
except Exception as e:
logger.debug(e)
logger.error(f"[NOSTRMARKET] Error creating order: {e}")
logger.error(f"[NOSTRMARKET] Order data: {json_data}")
logger.error(f"[NOSTRMARKET] Exception type: {type(e).__name__}")
logger.error(f"[NOSTRMARKET] Exception details: {str(e)}")
payment_req = await create_new_failed_order(
merchant_id,
merchant_public_key,
@ -583,12 +736,17 @@ async def _handle_new_order(
json_data,
"Order received, but cannot be processed. Please contact merchant.",
)
assert payment_req
if not payment_req:
logger.error(f"[NOSTRMARKET] No payment request returned for order: {partial_order.id}")
return ""
response = {
"type": DirectMessageType.PAYMENT_REQUEST.value,
**payment_req.dict(),
}
return json.dumps(response, separators=(",", ":"), ensure_ascii=False)
response_json = json.dumps(response, separators=(",", ":"), ensure_ascii=False)
return response_json
async def create_new_failed_order(
@ -621,8 +779,11 @@ async def subscribe_to_all_merchants():
last_stall_time = await get_last_stall_update_time()
last_prod_time = await get_last_product_update_time()
# Make dm_time more lenient by subtracting 5 minutes to avoid missing recent events
lenient_dm_time = max(0, last_dm_time - 300) if last_dm_time > 0 else 0
await nostr_client.subscribe_merchants(
public_keys, last_dm_time, last_stall_time, last_prod_time, 0
public_keys, lenient_dm_time, last_stall_time, last_prod_time, 0
)

4
static/components/merchant-tab.js
View file

@ -19,9 +19,7 @@ window.app.component('merchant-tab', {
'merchant-deleted',
'toggle-merchant-state',
'restart-nostr-connection',
'profile-updated',
'import-key',
'generate-key'
'profile-updated'
],
data: function () {
return {

88
static/js/index.js
View file

@ -13,19 +13,6 @@ window.app = Vue.createApp({
orderPubkey: null,
showKeys: false,
stallCount: 0,
importKeyDialog: {
show: false,
data: {
privateKey: null
}
},
generateKeyDialog: {
show: false,
privateKey: null,
nsec: null,
npub: null,
showNsec: false
},
wsConnection: null,
nostrStatus: {
connected: false,
@ -49,49 +36,29 @@ window.app = Vue.createApp({
}
},
methods: {
generateKeys: function () {
const privateKey = nostr.generatePrivateKey()
const publicKey = nostr.getPublicKey(privateKey)
this.generateKeyDialog.privateKey = privateKey
this.generateKeyDialog.nsec = nostr.nip19.nsecEncode(privateKey)
this.generateKeyDialog.npub = nostr.nip19.npubEncode(publicKey)
this.generateKeyDialog.showNsec = false
this.generateKeyDialog.show = true
},
confirmGenerateKey: async function () {
this.generateKeyDialog.show = false
await this.createMerchant(this.generateKeyDialog.privateKey)
},
importKeys: async function () {
this.importKeyDialog.show = false
let privateKey = this.importKeyDialog.data.privateKey
if (!privateKey) {
return
}
try {
if (privateKey.toLowerCase().startsWith('nsec')) {
privateKey = nostr.nip19.decode(privateKey).data
}
// Check if this key is already in use
const publicKey = nostr.getPublicKey(privateKey)
if (this.merchant?.public_key === publicKey) {
this.$q.notify({
type: 'warning',
message: 'This key is already your current profile'
})
return
}
} catch (error) {
this.$q.notify({
type: 'negative',
message: `${error}`
migrateKeys: async function () {
LNbits.utils
.confirmDialog(
'This will update your merchant to use your current account Nostr keypair ' +
'and republish all stalls and products under the new identity. ' +
'Existing orders and messages are preserved. Continue?'
)
.onOk(async () => {
try {
const {data} = await LNbits.api.request(
'POST',
`/nostrmarket/api/v1/merchant/${this.merchant.id}/migrate-keys`,
this.g.user.wallets[0].adminkey
)
this.merchant = data
this.$q.notify({
type: 'positive',
message: 'Merchant keys migrated and stalls republished'
})
} catch (error) {
LNbits.utils.notifyApiError(error)
}
})
return
}
await this.createMerchant(privateKey)
},
showImportKeysDialog: async function () {
this.importKeyDialog.show = true
},
toggleShowKeys: function () {
this.showKeys = !this.showKeys
@ -143,12 +110,9 @@ window.app = Vue.createApp({
this.showKeys = false
this.stallCount = 0
},
createMerchant: async function (privateKey) {
createMerchant: async function () {
try {
const pubkey = nostr.getPublicKey(privateKey)
const payload = {
private_key: privateKey,
public_key: pubkey,
config: {}
}
const {data} = await LNbits.api.request(
@ -409,7 +373,11 @@ window.app = Vue.createApp({
}
},
created: async function () {
await this.getMerchant()
const merchant = await this.getMerchant()
if (!merchant) {
// Auto-create merchant using the account's existing Nostr keypair
await this.createMerchant()
}
await this.checkNostrStatus()
setInterval(async () => {
if (

32
tasks.py
View file

@ -1,4 +1,5 @@
import asyncio
import time
from asyncio import Queue
from lnbits.core.models import Payment
@ -9,9 +10,13 @@ from .nostr.nostr_client import NostrClient
from .services import (
handle_order_paid,
process_nostr_message,
resubscribe_to_all_merchants,
subscribe_to_all_merchants,
)
HEALTH_CHECK_INTERVAL = 30 # seconds between health checks
STALE_THRESHOLD = 120 # seconds without events before resubscribing
async def wait_for_paid_invoices():
invoice_queue = Queue()
@ -35,13 +40,38 @@ async def on_invoice_paid(payment: Payment) -> None:
async def wait_for_nostr_events(nostr_client: NostrClient):
logger.info("[NOSTRMARKET] Starting wait_for_nostr_events task")
while True:
try:
logger.info("[NOSTRMARKET] Subscribing to all merchants...")
await subscribe_to_all_merchants()
while True:
message = await nostr_client.get_event()
await process_nostr_message(message)
except Exception as e:
logger.warning(f"Subcription failed. Will retry in one minute: {e}")
logger.warning(f"[NOSTRMARKET] Subscription failed. Retrying in 10s: {e}")
await asyncio.sleep(10)
async def subscription_health_monitor(nostr_client: NostrClient):
"""
Periodically check if events are flowing. If no events have been
received for STALE_THRESHOLD seconds, force a resubscription with
overlap to catch any missed events.
"""
logger.info("[NOSTRMARKET] Starting subscription health monitor")
while True:
await asyncio.sleep(HEALTH_CHECK_INTERVAL)
try:
if not nostr_client.is_websocket_connected:
continue
elapsed = time.time() - nostr_client.last_event_at
if nostr_client.last_event_at > 0 and elapsed > STALE_THRESHOLD:
logger.warning(
f"[NOSTRMARKET] ⚠️ No events for {elapsed:.0f}s, resubscribing..."
)
await resubscribe_to_all_merchants()
except Exception as e:
logger.error(f"[NOSTRMARKET] Health monitor error: {e}")

19
templates/nostrmarket/components/merchant-tab.html
View file

@ -67,25 +67,6 @@
</q-btn>
</q-item-section>
</q-item>
<q-separator></q-separator>
<q-item clickable v-close-popup @click="$emit('import-key')">
<q-item-section avatar>
<q-icon name="vpn_key" color="primary"></q-icon>
</q-item-section>
<q-item-section>
<q-item-label>Import Existing Key</q-item-label>
<q-item-label caption>Use an existing nsec</q-item-label>
</q-item-section>
</q-item>
<q-item clickable v-close-popup @click="$emit('generate-key')">
<q-item-section avatar>
<q-icon name="add" color="primary"></q-icon>
</q-item-section>
<q-item-section>
<q-item-label>Generate New Key</q-item-label>
<q-item-label caption>Create a fresh nsec</q-item-label>
</q-item-section>
</q-item>
</q-list>
</q-btn-dropdown>
<q-btn-dropdown

160
templates/nostrmarket/index.html
View file

@ -3,6 +3,26 @@
<div class="row q-col-gutter-md">
<div class="col-12 col-md-7 col-lg-8 q-gutter-y-md">
<div v-if="merchant && merchant.id">
<q-banner
v-if="merchant.config && merchant.config.key_mismatch"
class="bg-warning text-white q-mb-md"
rounded
>
<template v-slot:avatar>
<q-icon name="warning" color="white"></q-icon>
</template>
Your account Nostr keypair has changed since this merchant was created.
The merchant is still using the old key. Migrate to republish your
stalls and products under the new identity.
<template v-slot:action>
<q-btn
flat
color="white"
label="Migrate Keys"
@click="migrateKeys"
></q-btn>
</template>
</q-banner>
<q-card>
<div class="row items-center no-wrap">
<q-tabs
@ -82,8 +102,6 @@
@merchant-deleted="handleMerchantDeleted"
@toggle-merchant-state="toggleMerchantState"
@restart-nostr-connection="restartNostrConnection"
@import-key="showImportKeysDialog"
@generate-key="generateKeys"
@profile-updated="getMerchant"
></merchant-tab>
</q-tab-panel>
@ -124,58 +142,9 @@
</q-card>
</div>
<q-card v-else>
<q-card-section>
<span class="text-h4">Welcome to Nostr Market!</span><br />
In Nostr Market, merchant and customer communicate via NOSTR relays, so
loss of money, product information, and reputation become far less
likely if attacked.
</q-card-section>
<q-card-section>
<span class="text-h4">Terms</span><br />
<ul>
<li>
<span class="text-bold">merchant</span> - seller of products with
NOSTR key-pair
</li>
<li>
<span class="text-bold">customer</span> - buyer of products with
NOSTR key-pair
</li>
<li>
<span class="text-bold">product</span> - item for sale by the
merchant
</li>
<li>
<span class="text-bold">stall</span> - list of products controlled
by merchant (a merchant can have multiple stalls)
</li>
<li>
<span class="text-bold">marketplace</span> - clientside software for
searching stalls and purchasing products
</li>
</ul>
</q-card-section>
<q-card-section>
<div class="row">
<div class="col-12">
<q-btn
@click="showImportKeysDialog"
label="Import Key"
color="primary"
class="float-left"
>
<q-tooltip> Use an existing private key (hex or npub) </q-tooltip>
</q-btn>
<q-btn
label="Generate New Key"
color="green"
@click="generateKeys"
class="float-right"
>
<q-tooltip> A new key pair will be generated for you </q-tooltip>
</q-btn>
</div>
</div>
<q-card-section class="text-center q-pa-xl">
<q-spinner color="primary" size="3em" class="q-mb-md"></q-spinner>
<div class="text-h6">Setting up Nostr Market...</div>
</q-card-section>
</q-card>
</div>
@ -396,89 +365,6 @@
</div>
</div>
<div>
<q-dialog v-model="importKeyDialog.show" position="top">
<q-card class="q-pa-lg q-pt-xl" style="width: 500px">
<q-form @submit="importKeys" class="q-gutter-md">
<q-input
filled
dense
v-model.trim="importKeyDialog.data.privateKey"
label="Private Key (hex or nsec)"
></q-input>
<div class="row q-mt-lg">
<q-btn
unelevated
color="primary"
:disable="!importKeyDialog.data.privateKey"
type="submit"
>Import</q-btn
>
<q-btn v-close-popup flat color="grey" class="q-ml-auto"
>Cancel</q-btn
>
</div>
</q-form>
</q-card>
</q-dialog>
</div>
<!-- Generate Key Dialog -->
<q-dialog v-model="generateKeyDialog.show" position="top">
<q-card class="q-pa-lg q-pt-xl" style="width: 500px">
<div class="text-h6 q-mb-md">Generate New Key</div>
<div class="q-mb-md">
<div class="text-subtitle2 q-mb-xs">Public Key (npub)</div>
<q-input :model-value="generateKeyDialog.npub" readonly dense outlined>
<template v-slot:append>
<q-btn
flat
dense
icon="content_copy"
@click="copyText(generateKeyDialog.npub, 'npub copied!')"
></q-btn>
</template>
</q-input>
</div>
<div class="q-mb-md">
<div class="text-subtitle2 q-mb-xs text-warning">
<q-icon name="warning" size="xs"></q-icon>
Private Key (nsec)
</div>
<q-input
:model-value="generateKeyDialog.showNsec ? generateKeyDialog.nsec : '••••••••••••••••••••••••••••••••••••••••••••••'"
readonly
dense
outlined
>
<template v-slot:append>
<q-btn
flat
dense
:icon="generateKeyDialog.showNsec ? 'visibility_off' : 'visibility'"
@click="generateKeyDialog.showNsec = !generateKeyDialog.showNsec"
></q-btn>
<q-btn
flat
dense
icon="content_copy"
@click="copyText(generateKeyDialog.nsec, 'nsec copied! Keep it safe!')"
></q-btn>
</template>
</q-input>
<div class="text-caption text-negative q-mt-xs">
<q-icon name="error" size="xs"></q-icon>
Never share your private key!
</div>
</div>
<div class="row q-mt-lg">
<q-btn unelevated color="primary" @click="confirmGenerateKey"
>Create Merchant</q-btn
>
<q-btn v-close-popup flat color="grey" class="q-ml-auto">Cancel</q-btn>
</div>
</q-card>
</q-dialog>
</div>
{% endblock%}{% block scripts %} {{ window_vars(user) }}

27
tests/conftest.py Normal file
View file

@ -0,0 +1,27 @@
"""
Stub out the nostrmarket root package and all LNbits dependencies so that
nostr/* unit tests can run without the full LNbits environment.
pytest walks up from tests/ and tries to import the parent __init__.py,
which pulls in fastapi, lnbits, websocket, etc. We preemptively register
the parent package as a simple module so that import never happens.
"""
import sys
import types
from pathlib import Path
# Register 'nostrmarket' as an already-imported namespace package
# pointing at the extension root, so pytest doesn't try to exec __init__.py
_ext_root = Path(__file__).resolve().parent.parent
_pkg = types.ModuleType("nostrmarket")
_pkg.__path__ = [str(_ext_root)]
_pkg.__package__ = "nostrmarket"
sys.modules["nostrmarket"] = _pkg
# Also ensure the nostr subpackage is importable
_nostr_dir = _ext_root / "nostr"
_nostr_pkg = types.ModuleType("nostrmarket.nostr")
_nostr_pkg.__path__ = [str(_nostr_dir)]
_nostr_pkg.__package__ = "nostrmarket.nostr"
sys.modules["nostrmarket.nostr"] = _nostr_pkg

139
tests/test_nip44.py Normal file
View file

@ -0,0 +1,139 @@
"""Tests for NIP-44 v2 encryption against official spec test vectors."""
import coincurve
import pytest
from nostr.nip44 import (
calc_padded_len,
decrypt,
encrypt,
get_conversation_key,
get_message_keys,
)
def pubkey_from_secret(secret_hex: str) -> str:
"""Derive x-only public key hex from secret key hex."""
sk = coincurve.PrivateKey(bytes.fromhex(secret_hex))
return sk.public_key.format(compressed=True)[1:].hex()
# --- Test vector from NIP-44 spec ---
SPEC_VECTOR = {
"sec1": "0000000000000000000000000000000000000000000000000000000000000001",
"sec2": "0000000000000000000000000000000000000000000000000000000000000002",
"conversation_key": "c41c775356fd92eadc63ff5a0dc1da211b268cbea22316767095b2871ea1412d",
"nonce": "0000000000000000000000000000000000000000000000000000000000000001",
"plaintext": "a",
"payload": "AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABee0G5VSK0/9YypIObAtDKfYEAjD35uVkHyB0F4DwrcNaCXlCWZKaArsGrY6M9wnuTMxWfp1RTN9Xga8no+kF5Vsb",
}
class TestConversationKey:
def test_spec_vector(self):
pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"])
key = get_conversation_key(SPEC_VECTOR["sec1"], pub2)
assert key.hex() == SPEC_VECTOR["conversation_key"]
def test_symmetric(self):
"""conv(a, B) == conv(b, A)"""
pub1 = pubkey_from_secret(SPEC_VECTOR["sec1"])
pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"])
key_ab = get_conversation_key(SPEC_VECTOR["sec1"], pub2)
key_ba = get_conversation_key(SPEC_VECTOR["sec2"], pub1)
assert key_ab == key_ba
class TestMessageKeys:
def test_returns_correct_lengths(self):
conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"])
nonce = bytes.fromhex(SPEC_VECTOR["nonce"])
chacha_key, chacha_nonce, hmac_key = get_message_keys(conv_key, nonce)
assert len(chacha_key) == 32
assert len(chacha_nonce) == 12
assert len(hmac_key) == 32
def test_rejects_bad_key_length(self):
with pytest.raises(ValueError):
get_message_keys(b"\x00" * 16, b"\x00" * 32)
def test_rejects_bad_nonce_length(self):
with pytest.raises(ValueError):
get_message_keys(b"\x00" * 32, b"\x00" * 16)
class TestPadding:
@pytest.mark.parametrize(
"unpadded,expected",
[
(1, 32),
(2, 32),
(31, 32),
(32, 32),
(33, 64),
(64, 64),
(65, 96),
(256, 256),
(257, 320),
(1024, 1024),
(65535, 65536),
],
)
def test_calc_padded_len(self, unpadded, expected):
assert calc_padded_len(unpadded) == expected
def test_rejects_zero(self):
with pytest.raises(ValueError):
calc_padded_len(0)
class TestEncryptDecrypt:
def test_spec_vector(self):
conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"])
nonce = bytes.fromhex(SPEC_VECTOR["nonce"])
payload = encrypt(SPEC_VECTOR["plaintext"], conv_key, nonce)
assert payload == SPEC_VECTOR["payload"]
def test_spec_vector_decrypt(self):
conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"])
plaintext = decrypt(SPEC_VECTOR["payload"], conv_key)
assert plaintext == SPEC_VECTOR["plaintext"]
def test_round_trip_short(self):
pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"])
conv_key = get_conversation_key(SPEC_VECTOR["sec1"], pub2)
msg = "x"
assert decrypt(encrypt(msg, conv_key), conv_key) == msg
def test_round_trip_long(self):
pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"])
conv_key = get_conversation_key(SPEC_VECTOR["sec1"], pub2)
msg = "A" * 65535
assert decrypt(encrypt(msg, conv_key), conv_key) == msg
def test_round_trip_unicode(self):
pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"])
conv_key = get_conversation_key(SPEC_VECTOR["sec1"], pub2)
msg = "hello world! \U0001f680\U0001f30e\U0001f4ac"
assert decrypt(encrypt(msg, conv_key), conv_key) == msg
def test_tampered_mac_rejected(self):
conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"])
payload = SPEC_VECTOR["payload"]
tampered = payload[:-1] + ("a" if payload[-1] != "a" else "b")
with pytest.raises(ValueError, match="invalid MAC"):
decrypt(tampered, conv_key)
def test_empty_plaintext_rejected(self):
conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"])
with pytest.raises(ValueError, match="invalid plaintext length"):
encrypt("", conv_key)
def test_unknown_version_rejected(self):
with pytest.raises(ValueError, match="unknown version"):
decrypt("#invalid", bytes(32))
def test_short_payload_rejected(self):
with pytest.raises(ValueError, match="invalid payload size"):
decrypt("AAAA", bytes(32))

191
tests/test_nip59.py Normal file
View file

@ -0,0 +1,191 @@
"""Tests for NIP-59 gift wrap protocol."""
import json
import time
import coincurve
import pytest
from nostr.nip59 import (
create_gift_wrap,
create_rumor,
create_seal,
unseal,
unwrap_gift_wrap,
unwrap_message,
wrap_message,
)
def _generate_keypair() -> tuple[str, str]:
"""Generate a (privkey_hex, pubkey_hex) pair."""
sk = coincurve.PrivateKey()
privkey = sk.secret.hex()
pubkey = sk.public_key.format(compressed=True)[1:].hex()
return privkey, pubkey
SENDER_PRIV, SENDER_PUB = _generate_keypair()
RECIPIENT_PRIV, RECIPIENT_PUB = _generate_keypair()
class TestCreateRumor:
def test_has_id_but_no_sig(self):
rumor = create_rumor(SENDER_PUB, "hello", kind=14)
assert rumor.id != ""
assert rumor.sig is None
def test_kind_and_content(self):
rumor = create_rumor(SENDER_PUB, "test message", kind=14, tags=[["p", RECIPIENT_PUB]])
assert rumor.kind == 14
assert rumor.content == "test message"
assert rumor.pubkey == SENDER_PUB
assert ["p", RECIPIENT_PUB] in rumor.tags
def test_custom_timestamp(self):
ts = 1700000000
rumor = create_rumor(SENDER_PUB, "hello", created_at=ts)
assert rumor.created_at == ts
class TestCreateSeal:
def test_kind_13_with_empty_tags(self):
rumor = create_rumor(SENDER_PUB, "hello")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
assert seal.kind == 13
assert seal.tags == []
assert seal.pubkey == SENDER_PUB
def test_is_signed(self):
rumor = create_rumor(SENDER_PUB, "hello")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
assert seal.sig is not None
assert len(seal.sig) == 128 # 64 bytes hex
def test_content_is_encrypted(self):
rumor = create_rumor(SENDER_PUB, "hello")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
# Content should be base64 NIP-44 payload, not plaintext JSON
assert "hello" not in seal.content
def test_timestamp_is_randomized(self):
rumor = create_rumor(SENDER_PUB, "hello")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
now = int(time.time())
# Seal timestamp should be in the past (up to 2 days)
assert seal.created_at <= now
assert seal.created_at >= now - (2 * 24 * 60 * 60 + 10)
class TestCreateGiftWrap:
def test_kind_1059_with_p_tag(self):
rumor = create_rumor(SENDER_PUB, "hello")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
wrap = create_gift_wrap(seal, RECIPIENT_PUB)
assert wrap.kind == 1059
assert ["p", RECIPIENT_PUB] in wrap.tags
def test_uses_ephemeral_key(self):
rumor = create_rumor(SENDER_PUB, "hello")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
wrap = create_gift_wrap(seal, RECIPIENT_PUB)
# Gift wrap pubkey should be neither sender nor recipient
assert wrap.pubkey != SENDER_PUB
assert wrap.pubkey != RECIPIENT_PUB
def test_different_wraps_have_different_ephemeral_keys(self):
rumor = create_rumor(SENDER_PUB, "hello")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
wrap1 = create_gift_wrap(seal, RECIPIENT_PUB)
wrap2 = create_gift_wrap(seal, RECIPIENT_PUB)
assert wrap1.pubkey != wrap2.pubkey
class TestUnwrap:
def test_unwrap_gift_wrap_returns_seal(self):
rumor = create_rumor(SENDER_PUB, "hello")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
wrap = create_gift_wrap(seal, RECIPIENT_PUB)
recovered_seal = unwrap_gift_wrap(wrap, RECIPIENT_PRIV)
assert recovered_seal.kind == 13
assert recovered_seal.pubkey == SENDER_PUB
def test_unseal_returns_rumor(self):
rumor = create_rumor(SENDER_PUB, "hello world")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
recovered_rumor = unseal(seal, RECIPIENT_PRIV)
assert recovered_rumor.content == "hello world"
assert recovered_rumor.pubkey == SENDER_PUB
assert recovered_rumor.kind == 14
def test_wrong_key_fails(self):
rumor = create_rumor(SENDER_PUB, "secret")
seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB)
wrap = create_gift_wrap(seal, RECIPIENT_PUB)
wrong_priv, _ = _generate_keypair()
with pytest.raises(Exception):
unwrap_message(wrap, wrong_priv)
class TestFullRoundTrip:
def test_wrap_unwrap_message(self):
content = "Are you going to the party tonight?"
wrap = wrap_message(content, SENDER_PRIV, SENDER_PUB, RECIPIENT_PUB)
assert wrap.kind == 1059
assert ["p", RECIPIENT_PUB] in wrap.tags
rumor = unwrap_message(wrap, RECIPIENT_PRIV)
assert rumor.content == content
assert rumor.pubkey == SENDER_PUB
assert rumor.kind == 14
assert rumor.sig is None
def test_wrap_with_custom_kind_and_tags(self):
tags = [["p", RECIPIENT_PUB], ["subject", "test"]]
wrap = wrap_message(
"order data",
SENDER_PRIV,
SENDER_PUB,
RECIPIENT_PUB,
kind=14,
tags=tags,
)
rumor = unwrap_message(wrap, RECIPIENT_PRIV)
assert rumor.content == "order data"
assert rumor.kind == 14
assert ["subject", "test"] in rumor.tags
def test_self_wrap_for_archival(self):
"""Merchant wraps a copy to self (same sender and recipient)."""
content = '{"type": 1, "payment_options": [{"type": "ln", "link": "lnbc..."}]}'
wrap = wrap_message(content, SENDER_PRIV, SENDER_PUB, SENDER_PUB)
rumor = unwrap_message(wrap, SENDER_PRIV)
assert rumor.content == content
assert rumor.pubkey == SENDER_PUB
def test_json_content_preserved(self):
"""Order JSON payloads survive the wrap/unwrap cycle."""
order = {
"type": 0,
"id": "test-order-123",
"items": [{"product_id": "abc", "quantity": 2}],
"shipping_id": "zone-1",
}
content = json.dumps(order)
wrap = wrap_message(content, SENDER_PRIV, SENDER_PUB, RECIPIENT_PUB)
rumor = unwrap_message(wrap, RECIPIENT_PRIV)
recovered_order = json.loads(rumor.content)
assert recovered_order == order
def test_unicode_content(self):
content = "Payment received! \u2705 Your order is being processed \U0001f4e6"
wrap = wrap_message(content, SENDER_PRIV, SENDER_PUB, RECIPIENT_PUB)
rumor = unwrap_message(wrap, RECIPIENT_PRIV)
assert rumor.content == content

233
views_api.py
View file

@ -1,15 +1,18 @@
import json
from http import HTTPStatus
from typing import List, Optional
from fastapi import Depends
from fastapi.exceptions import HTTPException
from lnbits.core.models import WalletTypeInfo
from lnbits.core.crud import get_account, update_account
from lnbits.core.services import websocket_updater
from lnbits.decorators import (
WalletTypeInfo,
require_admin_key,
require_invoice_key,
)
from lnbits.utils.exchange_rates import currencies
from lnbits.utils.nostr import generate_keypair
from loguru import logger
from . import nostr_client, nostrmarket_ext
@ -36,6 +39,7 @@ from .crud import (
get_last_direct_messages_time,
get_merchant_by_pubkey,
get_merchant_for_user,
update_merchant_keys,
get_order,
get_order_by_event_id,
get_orders,
@ -58,6 +62,7 @@ from .crud import (
)
from .helpers import normalize_public_key
from .models import (
CreateMerchantRequest,
Customer,
DirectMessage,
DirectMessageType,
@ -78,8 +83,10 @@ from .models import (
from .services import (
build_order_with_payment,
create_or_update_order_from_dm,
provision_merchant,
reply_to_structured_dm,
resubscribe_to_all_merchants,
send_dm,
sign_and_send_to_nostr,
subscribe_to_all_merchants,
update_merchant_to_nostr,
@ -88,34 +95,54 @@ from .services import (
######################################## MERCHANT ######################################
async def _auto_create_merchant(
wallet: WalletTypeInfo,
config: MerchantConfig | None = None,
) -> Merchant:
"""
Lazy fallback: provision a merchant from the user's account keypair when
the LNbits-side eager provisioning didn't run (e.g., older accounts, or
upstream LNbits without our signup hook).
Delegates to services.provision_merchant the canonical implementation.
"""
account = await get_account(wallet.wallet.user)
assert account, "User account not found"
# In our fork, accounts always have keypairs. Generate as fallback only
# if somehow missing (e.g., upstream LNbits where this isn't auto-set).
if not account.pubkey or not account.prvkey:
private_key, public_key = generate_keypair()
account.pubkey = public_key
account.prvkey = private_key
await update_account(account)
merchant = await provision_merchant(
user_id=wallet.wallet.user,
wallet_id=wallet.wallet.id,
public_key=account.pubkey,
private_key=account.prvkey,
display_name=account.username,
config=config,
)
await resubscribe_to_all_merchants()
await nostr_client.merchant_temp_subscription(account.pubkey)
return merchant
@nostrmarket_ext.post("/api/v1/merchant")
async def api_create_merchant(
data: PartialMerchant,
data: CreateMerchantRequest,
wallet: WalletTypeInfo = Depends(require_admin_key),
) -> Merchant:
try:
merchant = await get_merchant_by_pubkey(data.public_key)
assert merchant is None, "A merchant already uses this public key"
merchant = await get_merchant_for_user(wallet.wallet.user)
assert merchant is None, "A merchant already exists for this user"
merchant = await create_merchant(wallet.wallet.user, data)
await create_zone(
merchant.id,
Zone(
id=f"online-{merchant.public_key}",
name="Online",
currency="sat",
cost=0,
countries=["Free (digital)"],
),
)
await resubscribe_to_all_merchants()
await nostr_client.merchant_temp_subscription(data.public_key)
return merchant
return await _auto_create_merchant(wallet, data.config)
except AssertionError as ex:
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST,
@ -132,12 +159,13 @@ async def api_create_merchant(
@nostrmarket_ext.get("/api/v1/merchant")
async def api_get_merchant(
wallet: WalletTypeInfo = Depends(require_invoice_key),
) -> Merchant | None:
) -> Merchant:
try:
merchant = await get_merchant_for_user(wallet.wallet.user)
if not merchant:
return None
# Auto-provision merchant from the user's account keypair
merchant = await _auto_create_merchant(wallet)
merchant = await touch_merchant(wallet.wallet.user, merchant.id)
assert merchant
@ -145,6 +173,11 @@ async def api_get_merchant(
assert merchant.time
merchant.config.restore_in_progress = (merchant.time - last_dm_time) < 30
# Detect keypair rotation: account key no longer matches merchant key
account = await get_account(wallet.wallet.user)
if account and account.pubkey and account.pubkey != merchant.public_key:
merchant.config.key_mismatch = True
return merchant
except Exception as ex:
logger.warning(ex)
@ -190,6 +223,76 @@ async def api_delete_merchant(
await subscribe_to_all_merchants()
@nostrmarket_ext.post("/api/v1/merchant/{merchant_id}/migrate-keys")
async def api_migrate_merchant_keys(
merchant_id: str,
wallet: WalletTypeInfo = Depends(require_admin_key),
) -> Merchant:
"""
Migrate a merchant to the current account keypair.
When a user rotates their Nostr keypair, the merchant still holds the old
key. This endpoint updates the merchant's keys to match the account,
then republishes all stalls and products under the new identity.
Orders and DM history are preserved (they reference customer pubkeys,
not the merchant key). Old stall/product events on relays become
orphaned clients following the new pubkey will see the fresh events.
"""
try:
merchant = await get_merchant_for_user(wallet.wallet.user)
assert merchant, "Merchant cannot be found"
assert merchant.id == merchant_id, "Wrong merchant ID"
account = await get_account(wallet.wallet.user)
assert account and account.pubkey and account.prvkey, (
"Account has no Nostr keypair"
)
if account.pubkey == merchant.public_key:
return merchant # already in sync
# Check no other merchant is using the new pubkey
existing = await get_merchant_by_pubkey(account.pubkey)
assert existing is None, (
"Another merchant already uses this public key"
)
old_pubkey = merchant.public_key
# Update merchant keys in DB
merchant = await update_merchant_keys(
wallet.wallet.user, merchant.id,
account.prvkey, account.pubkey,
)
assert merchant
# Republish all stalls and products under the new key
merchant = await update_merchant_to_nostr(merchant)
logger.info(
f"[NOSTRMARKET] Migrated merchant {merchant.id} "
f"from {old_pubkey[:16]}... to {account.pubkey[:16]}..."
)
# Resubscribe with new pubkey
await resubscribe_to_all_merchants()
return merchant
except AssertionError as ex:
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST,
detail=str(ex),
) from ex
except Exception as ex:
logger.warning(ex)
raise HTTPException(
status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
detail="Cannot migrate merchant keys",
) from ex
@nostrmarket_ext.patch("/api/v1/merchant/{merchant_id}")
async def api_update_merchant(
merchant_id: str,
@ -329,7 +432,7 @@ async def api_delete_merchant_on_nostr(
@nostrmarket_ext.get("/api/v1/zone")
async def api_get_zones(
wallet: WalletTypeInfo = Depends(require_invoice_key),
) -> list[Zone]:
) -> List[Zone]:
try:
merchant = await get_merchant_for_user(wallet.wallet.user)
assert merchant, "Merchant cannot be found"
@ -529,7 +632,7 @@ async def api_get_stall(
@nostrmarket_ext.get("/api/v1/stall")
async def api_get_stalls(
pending: bool | None = False,
pending: Optional[bool] = False,
wallet: WalletTypeInfo = Depends(require_invoice_key),
):
try:
@ -553,7 +656,7 @@ async def api_get_stalls(
@nostrmarket_ext.get("/api/v1/stall/product/{stall_id}")
async def api_get_stall_products(
stall_id: str,
pending: bool | None = False,
pending: Optional[bool] = False,
wallet: WalletTypeInfo = Depends(require_invoice_key),
):
try:
@ -577,9 +680,9 @@ async def api_get_stall_products(
@nostrmarket_ext.get("/api/v1/stall/order/{stall_id}")
async def api_get_stall_orders(
stall_id: str,
paid: bool | None = None,
shipped: bool | None = None,
pubkey: str | None = None,
paid: Optional[bool] = None,
shipped: Optional[bool] = None,
pubkey: Optional[str] = None,
wallet: WalletTypeInfo = Depends(require_invoice_key),
):
try:
@ -652,6 +755,21 @@ async def api_create_product(
assert stall, "Stall missing for product"
data.config.currency = stall.currency
# Re-publish the parent stall before publishing the product. NIP-33
# parameterized replaceable events make this idempotent on relays.
# This guarantees the customer client never sees a product whose
# parent stall isn't on the relay (e.g., when the original stall
# publish failed transiently or never ran).
try:
stall_event = await sign_and_send_to_nostr(merchant, stall)
stall.event_id = stall_event.id
await update_stall(merchant.id, stall)
except Exception as ex:
logger.warning(
f"[NOSTRMARKET] Failed to refresh stall {stall.id} "
f"before product publish: {ex}"
)
product = await create_product(merchant.id, data=data)
event = await sign_and_send_to_nostr(merchant, product)
@ -713,7 +831,7 @@ async def api_update_product(
async def api_get_product(
product_id: str,
wallet: WalletTypeInfo = Depends(require_invoice_key),
) -> Product | None:
) -> Optional[Product]:
try:
merchant = await get_merchant_for_user(wallet.wallet.user)
assert merchant, "Merchant cannot be found"
@ -798,9 +916,9 @@ async def api_get_order(
@nostrmarket_ext.get("/api/v1/order")
async def api_get_orders(
paid: bool | None = None,
shipped: bool | None = None,
pubkey: str | None = None,
paid: Optional[bool] = None,
shipped: Optional[bool] = None,
pubkey: Optional[str] = None,
wallet: WalletTypeInfo = Depends(require_invoice_key),
):
try:
@ -844,27 +962,11 @@ async def api_update_order_status(
ensure_ascii=False,
)
dm_event = merchant.build_dm_event(dm_content, order.public_key)
dm = PartialDirectMessage(
event_id=dm_event.id,
event_created_at=dm_event.created_at,
message=dm_content,
public_key=order.public_key,
type=DirectMessageType.ORDER_PAID_OR_SHIPPED.value,
)
await create_direct_message(merchant.id, dm)
await nostr_client.publish_nostr_event(dm_event)
await websocket_updater(
merchant.id,
json.dumps(
{
"type": f"dm:{dm.type}",
"customerPubkey": order.public_key,
"dm": dm.dict(),
}
),
await send_dm(
merchant,
order.public_key,
DirectMessageType.ORDER_PAID_OR_SHIPPED.value,
dm_content,
)
return order
@ -886,7 +988,7 @@ async def api_update_order_status(
async def api_restore_order(
event_id: str,
wallet: WalletTypeInfo = Depends(require_admin_key),
) -> Order | None:
) -> Optional[Order]:
try:
merchant = await get_merchant_for_user(wallet.wallet.user)
assert merchant, "Merchant cannot be found"
@ -1013,7 +1115,7 @@ async def api_reissue_order_invoice(
@nostrmarket_ext.get("/api/v1/message/{public_key}")
async def api_get_messages(
public_key: str, wallet: WalletTypeInfo = Depends(require_invoice_key)
) -> list[DirectMessage]:
) -> List[DirectMessage]:
try:
merchant = await get_merchant_for_user(wallet.wallet.user)
assert merchant, "Merchant cannot be found"
@ -1042,14 +1144,13 @@ async def api_create_message(
merchant = await get_merchant_for_user(wallet.wallet.user)
assert merchant, "Merchant cannot be found"
dm_event = merchant.build_dm_event(data.message, data.public_key)
data.event_id = dm_event.id
data.event_created_at = dm_event.created_at
dm = await create_direct_message(merchant.id, data)
await nostr_client.publish_nostr_event(dm_event)
return dm
dm_reply = await send_dm(
merchant,
data.public_key,
data.type,
data.message,
)
return dm_reply
except AssertionError as ex:
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST,
@ -1069,7 +1170,7 @@ async def api_create_message(
@nostrmarket_ext.get("/api/v1/customer")
async def api_get_customers(
wallet: WalletTypeInfo = Depends(require_invoice_key),
) -> list[Customer]:
) -> List[Customer]:
try:
merchant = await get_merchant_for_user(wallet.wallet.user)
assert merchant, "Merchant cannot be found"