From 631675d2a0ac95f1262b94c19d1846666e108887 Mon Sep 17 00:00:00 2001 From: padreug Date: Wed, 3 Sep 2025 10:54:07 +0200 Subject: [PATCH 01/14] add DEBUG logs --- nostr/nostr_client.py | 13 ++++++++----- services.py | 36 +++++++++++++++++++++++++++++++----- tasks.py | 6 +++++- 3 files changed, 44 insertions(+), 11 deletions(-) diff --git a/nostr/nostr_client.py b/nostr/nostr_client.py index a611980..8a2da32 100644 --- a/nostr/nostr_client.py +++ b/nostr/nostr_client.py @@ -91,9 +91,11 @@ class NostrClient: self.subscription_id = "nostrmarket-" + urlsafe_short_hash()[:32] await self.send_req_queue.put(["REQ", self.subscription_id] + merchant_filters) - logger.debug( - f"Subscribing to events for: {len(public_keys)} keys. New subscription id: {self.subscription_id}" + logger.info( + f"[NOSTRMARKET DEBUG] Subscribing to events for: {len(public_keys)} keys. New subscription id: {self.subscription_id}" ) + logger.info(f"[NOSTRMARKET DEBUG] Subscription filters: {merchant_filters}") + logger.info(f"[NOSTRMARKET DEBUG] Public keys: {public_keys}") async def merchant_temp_subscription(self, pk, duration=10): dm_filters = self._filters_for_direct_messages([pk], 0) @@ -175,16 +177,17 @@ class NostrClient: def _ws_handlers(self): def on_open(_): - logger.info("Connected to 'nostrclient' websocket") + logger.info("[NOSTRMARKET DEBUG] Connected to 'nostrclient' websocket") def on_message(_, message): + logger.info(f"[NOSTRMARKET DEBUG] Received websocket message: {message[:200]}...") self.recieve_event_queue.put_nowait(message) def on_error(_, error): - logger.warning(error) + logger.warning(f"[NOSTRMARKET DEBUG] Websocket error: {error}") def on_close(x, status_code, message): - logger.warning(f"Websocket closed: {x}: '{status_code}' '{message}'") + logger.warning(f"[NOSTRMARKET DEBUG] Websocket closed: {x}: '{status_code}' '{message}'") # force re-subscribe self.recieve_event_queue.put_nowait(ValueError("Websocket close.")) diff --git a/services.py b/services.py index b978e39..ff72c16 100644 --- a/services.py +++ b/services.py @@ -312,24 +312,32 @@ async def compute_products_new_quantity( async def process_nostr_message(msg: str): + logger.info(f"[NOSTRMARKET DEBUG] Received nostr message: {msg[:200]}...") try: type_, *rest = json.loads(msg) if type_.upper() == "EVENT": _, event = rest event = NostrEvent(**event) + logger.info(f"[NOSTRMARKET DEBUG] Processing event - kind: {event.kind}, id: {event.id}, pubkey: {event.pubkey}") if event.kind == 0: + logger.info(f"[NOSTRMARKET DEBUG] Handling customer profile update - event: {event.id}") await _handle_customer_profile_update(event) elif event.kind == 4: + logger.info(f"[NOSTRMARKET DEBUG] Handling NIP04 message - event: {event.id}, from: {event.pubkey}, content_length: {len(event.content)}") await _handle_nip04_message(event) elif event.kind == 30017: + logger.info(f"[NOSTRMARKET DEBUG] Handling stall event - event: {event.id}") await _handle_stall(event) elif event.kind == 30018: + logger.info(f"[NOSTRMARKET DEBUG] Handling product event - event: {event.id}") await _handle_product(event) + else: + logger.info(f"[NOSTRMARKET DEBUG] Unhandled event kind: {event.kind} - event: {event.id}") return except Exception as ex: - logger.debug(ex) + logger.error(f"[NOSTRMARKET DEBUG] Error processing nostr message: {ex}") async def create_or_update_order_from_dm( @@ -411,40 +419,53 @@ async def extract_customer_order_from_dm( async def _handle_nip04_message(event: NostrEvent): + logger.info(f"[NOSTRMARKET DEBUG] _handle_nip04_message - event: {event.id}, from: {event.pubkey}, tags: {event.tags}") merchant_public_key = event.pubkey merchant = await get_merchant_by_pubkey(merchant_public_key) + logger.info(f"[NOSTRMARKET DEBUG] Looking for merchant by pubkey {merchant_public_key}, found: {merchant is not None}") if not merchant: p_tags = event.tag_values("p") + logger.info(f"[NOSTRMARKET DEBUG] No merchant found for sender, checking p_tags: {p_tags}") if len(p_tags) and p_tags[0]: merchant_public_key = p_tags[0] merchant = await get_merchant_by_pubkey(merchant_public_key) + logger.info(f"[NOSTRMARKET DEBUG] Looking for merchant by p_tag {merchant_public_key}, found: {merchant is not None}") assert merchant, f"Merchant not found for public key '{merchant_public_key}'" if event.pubkey == merchant_public_key: + logger.info(f"[NOSTRMARKET DEBUG] Processing outgoing message from merchant {merchant_public_key}") assert len(event.tag_values("p")) != 0, "Outgong message has no 'p' tag" clear_text_msg = merchant.decrypt_message( event.content, event.tag_values("p")[0] ) + logger.info(f"[NOSTRMARKET DEBUG] Decrypted outgoing message: {clear_text_msg[:100]}...") await _handle_outgoing_dms(event, merchant, clear_text_msg) elif event.has_tag_value("p", merchant_public_key): + logger.info(f"[NOSTRMARKET DEBUG] Processing incoming message to merchant {merchant_public_key} from {event.pubkey}") clear_text_msg = merchant.decrypt_message(event.content, event.pubkey) + logger.info(f"[NOSTRMARKET DEBUG] Decrypted incoming message: {clear_text_msg[:100]}...") await _handle_incoming_dms(event, merchant, clear_text_msg) else: - logger.warning(f"Bad NIP04 event: '{event.id}'") + logger.warning(f"[NOSTRMARKET DEBUG] Bad NIP04 event: '{event.id}' - pubkey: {event.pubkey}, merchant: {merchant_public_key}") async def _handle_incoming_dms( event: NostrEvent, merchant: Merchant, clear_text_msg: str ): + logger.info(f"[NOSTRMARKET DEBUG] _handle_incoming_dms - merchant: {merchant.id}, customer: {event.pubkey}") customer = await get_customer(merchant.id, event.pubkey) if not customer: + logger.info(f"[NOSTRMARKET DEBUG] Creating new customer for pubkey: {event.pubkey}") await _handle_new_customer(event, merchant) else: + logger.info(f"[NOSTRMARKET DEBUG] Existing customer found, incrementing unread messages") await increment_customer_unread_messages(merchant.id, event.pubkey) + logger.info(f"[NOSTRMARKET DEBUG] Parsing message: {clear_text_msg}") dm_type, json_data = PartialDirectMessage.parse_message(clear_text_msg) + logger.info(f"[NOSTRMARKET DEBUG] Parsed message - type: {dm_type}, has_json_data: {json_data is not None}") new_dm = await _persist_dm( merchant.id, dm_type.value, @@ -482,17 +503,22 @@ async def _handle_outgoing_dms( async def _handle_incoming_structured_dm( merchant: Merchant, dm: DirectMessage, json_data: dict -) -> tuple[DirectMessageType, str | None]: +) -> Tuple[DirectMessageType, Optional[str]]: + logger.info(f"[NOSTRMARKET DEBUG] _handle_incoming_structured_dm - merchant: {merchant.id}, dm_type: {dm.type}, merchant_active: {merchant.config.active}") + logger.info(f"[NOSTRMARKET DEBUG] JSON data: {json_data}") try: if dm.type == DirectMessageType.CUSTOMER_ORDER.value and merchant.config.active: + logger.info(f"[NOSTRMARKET DEBUG] Processing CUSTOMER_ORDER for merchant {merchant.id}") json_resp = await _handle_new_order( merchant.id, merchant.public_key, dm, json_data ) - + logger.info(f"[NOSTRMARKET DEBUG] New order processed, response: {json_resp[:100] if json_resp else None}...") return DirectMessageType.PAYMENT_REQUEST, json_resp + else: + logger.info(f"[NOSTRMARKET DEBUG] Skipping order processing - type: {dm.type}, expected: {DirectMessageType.CUSTOMER_ORDER.value}, merchant_active: {merchant.config.active}") except Exception as ex: - logger.warning(ex) + logger.error(f"[NOSTRMARKET DEBUG] Error in _handle_incoming_structured_dm: {ex}") return DirectMessageType.PLAIN_TEXT, None diff --git a/tasks.py b/tasks.py index 013a281..774951f 100644 --- a/tasks.py +++ b/tasks.py @@ -35,13 +35,17 @@ async def on_invoice_paid(payment: Payment) -> None: async def wait_for_nostr_events(nostr_client: NostrClient): + logger.info("[NOSTRMARKET DEBUG] Starting wait_for_nostr_events task") while True: try: + logger.info("[NOSTRMARKET DEBUG] Subscribing to all merchants...") await subscribe_to_all_merchants() while True: + logger.debug("[NOSTRMARKET DEBUG] Waiting for nostr event...") message = await nostr_client.get_event() + logger.info(f"[NOSTRMARKET DEBUG] Received event from nostr_client: {message[:100]}...") await process_nostr_message(message) except Exception as e: - logger.warning(f"Subcription failed. Will retry in one minute: {e}") + logger.warning(f"[NOSTRMARKET DEBUG] Subscription failed. Will retry in 10 seconds: {e}") await asyncio.sleep(10) From 7c7d6c7953f096726032bc65b01a5c4500090ef0 Mon Sep 17 00:00:00 2001 From: padreug Date: Tue, 4 Nov 2025 00:47:43 +0100 Subject: [PATCH 02/14] interactive rebase commit, clean logs --- services.py | 74 +++++++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 34 deletions(-) diff --git a/services.py b/services.py index ff72c16..d32bf35 100644 --- a/services.py +++ b/services.py @@ -63,7 +63,8 @@ async def create_new_order( merchant = await get_merchant_by_pubkey(merchant_public_key) assert merchant, "Cannot find merchant for order!" - if await get_order(merchant.id, data.id): + existing_order = await get_order(merchant.id, data.id) + if existing_order: return None if data.event_id and await get_order_by_event_id(merchant.id, data.event_id): return None @@ -73,11 +74,12 @@ async def create_new_order( ) await create_order(merchant.id, order) - return PaymentRequest( + payment_request = PaymentRequest( id=data.id, payment_options=[PaymentOption(type="ln", link=invoice)], message=receipt, ) + return payment_request async def build_order_with_payment( @@ -106,9 +108,10 @@ async def build_order_with_payment( if not success: raise ValueError(message) + total_amount_sat = round(product_cost_sat + shipping_cost_sat) payment = await create_invoice( wallet_id=wallet_id, - amount=round(product_cost_sat + shipping_cost_sat), + amount=total_amount_sat, memo=f"Order '{data.id}' for pubkey '{data.public_key}'", extra={ "tag": "nostrmarket", @@ -312,32 +315,26 @@ async def compute_products_new_quantity( async def process_nostr_message(msg: str): - logger.info(f"[NOSTRMARKET DEBUG] Received nostr message: {msg[:200]}...") try: type_, *rest = json.loads(msg) if type_.upper() == "EVENT": _, event = rest event = NostrEvent(**event) - logger.info(f"[NOSTRMARKET DEBUG] Processing event - kind: {event.kind}, id: {event.id}, pubkey: {event.pubkey}") if event.kind == 0: - logger.info(f"[NOSTRMARKET DEBUG] Handling customer profile update - event: {event.id}") await _handle_customer_profile_update(event) elif event.kind == 4: - logger.info(f"[NOSTRMARKET DEBUG] Handling NIP04 message - event: {event.id}, from: {event.pubkey}, content_length: {len(event.content)}") await _handle_nip04_message(event) elif event.kind == 30017: - logger.info(f"[NOSTRMARKET DEBUG] Handling stall event - event: {event.id}") await _handle_stall(event) elif event.kind == 30018: - logger.info(f"[NOSTRMARKET DEBUG] Handling product event - event: {event.id}") await _handle_product(event) else: - logger.info(f"[NOSTRMARKET DEBUG] Unhandled event kind: {event.kind} - event: {event.id}") + logger.info(f"[NOSTRMARKET] Unhandled event kind: {event.kind} - event: {event.id}") return except Exception as ex: - logger.error(f"[NOSTRMARKET DEBUG] Error processing nostr message: {ex}") + logger.error(f"[NOSTRMARKET] Error processing nostr message: {ex}") async def create_or_update_order_from_dm( @@ -419,53 +416,40 @@ async def extract_customer_order_from_dm( async def _handle_nip04_message(event: NostrEvent): - logger.info(f"[NOSTRMARKET DEBUG] _handle_nip04_message - event: {event.id}, from: {event.pubkey}, tags: {event.tags}") merchant_public_key = event.pubkey merchant = await get_merchant_by_pubkey(merchant_public_key) - logger.info(f"[NOSTRMARKET DEBUG] Looking for merchant by pubkey {merchant_public_key}, found: {merchant is not None}") if not merchant: p_tags = event.tag_values("p") - logger.info(f"[NOSTRMARKET DEBUG] No merchant found for sender, checking p_tags: {p_tags}") if len(p_tags) and p_tags[0]: merchant_public_key = p_tags[0] merchant = await get_merchant_by_pubkey(merchant_public_key) - logger.info(f"[NOSTRMARKET DEBUG] Looking for merchant by p_tag {merchant_public_key}, found: {merchant is not None}") assert merchant, f"Merchant not found for public key '{merchant_public_key}'" if event.pubkey == merchant_public_key: - logger.info(f"[NOSTRMARKET DEBUG] Processing outgoing message from merchant {merchant_public_key}") assert len(event.tag_values("p")) != 0, "Outgong message has no 'p' tag" clear_text_msg = merchant.decrypt_message( event.content, event.tag_values("p")[0] ) - logger.info(f"[NOSTRMARKET DEBUG] Decrypted outgoing message: {clear_text_msg[:100]}...") await _handle_outgoing_dms(event, merchant, clear_text_msg) elif event.has_tag_value("p", merchant_public_key): - logger.info(f"[NOSTRMARKET DEBUG] Processing incoming message to merchant {merchant_public_key} from {event.pubkey}") clear_text_msg = merchant.decrypt_message(event.content, event.pubkey) - logger.info(f"[NOSTRMARKET DEBUG] Decrypted incoming message: {clear_text_msg[:100]}...") await _handle_incoming_dms(event, merchant, clear_text_msg) else: - logger.warning(f"[NOSTRMARKET DEBUG] Bad NIP04 event: '{event.id}' - pubkey: {event.pubkey}, merchant: {merchant_public_key}") + logger.warning(f"[NOSTRMARKET] Bad NIP04 event: '{event.id}' - pubkey: {event.pubkey}, merchant: {merchant_public_key}") async def _handle_incoming_dms( event: NostrEvent, merchant: Merchant, clear_text_msg: str ): - logger.info(f"[NOSTRMARKET DEBUG] _handle_incoming_dms - merchant: {merchant.id}, customer: {event.pubkey}") customer = await get_customer(merchant.id, event.pubkey) if not customer: - logger.info(f"[NOSTRMARKET DEBUG] Creating new customer for pubkey: {event.pubkey}") await _handle_new_customer(event, merchant) else: - logger.info(f"[NOSTRMARKET DEBUG] Existing customer found, incrementing unread messages") await increment_customer_unread_messages(merchant.id, event.pubkey) - logger.info(f"[NOSTRMARKET DEBUG] Parsing message: {clear_text_msg}") dm_type, json_data = PartialDirectMessage.parse_message(clear_text_msg) - logger.info(f"[NOSTRMARKET DEBUG] Parsed message - type: {dm_type}, has_json_data: {json_data is not None}") new_dm = await _persist_dm( merchant.id, dm_type.value, @@ -504,21 +488,17 @@ async def _handle_outgoing_dms( async def _handle_incoming_structured_dm( merchant: Merchant, dm: DirectMessage, json_data: dict ) -> Tuple[DirectMessageType, Optional[str]]: - logger.info(f"[NOSTRMARKET DEBUG] _handle_incoming_structured_dm - merchant: {merchant.id}, dm_type: {dm.type}, merchant_active: {merchant.config.active}") - logger.info(f"[NOSTRMARKET DEBUG] JSON data: {json_data}") try: if dm.type == DirectMessageType.CUSTOMER_ORDER.value and merchant.config.active: - logger.info(f"[NOSTRMARKET DEBUG] Processing CUSTOMER_ORDER for merchant {merchant.id}") json_resp = await _handle_new_order( merchant.id, merchant.public_key, dm, json_data ) - logger.info(f"[NOSTRMARKET DEBUG] New order processed, response: {json_resp[:100] if json_resp else None}...") return DirectMessageType.PAYMENT_REQUEST, json_resp else: - logger.info(f"[NOSTRMARKET DEBUG] Skipping order processing - type: {dm.type}, expected: {DirectMessageType.CUSTOMER_ORDER.value}, merchant_active: {merchant.config.active}") + logger.info(f"[NOSTRMARKET] Skipping order processing - type: {dm.type}, expected: {DirectMessageType.CUSTOMER_ORDER.value}, merchant_active: {merchant.config.active}") except Exception as ex: - logger.error(f"[NOSTRMARKET DEBUG] Error in _handle_incoming_structured_dm: {ex}") + logger.error(f"[NOSTRMARKET] Error in _handle_incoming_structured_dm: {ex}") return DirectMessageType.PLAIN_TEXT, None @@ -600,8 +580,29 @@ async def _handle_new_order( assert wallet, f"Cannot find wallet for product id: {first_product_id}" payment_req = await create_new_order(merchant_public_key, partial_order) + + if payment_req is None: + # Return existing order data instead of creating a failed order + existing_order = await get_order(merchant_id, partial_order.id) + if existing_order and existing_order.invoice_id != "None": + # Order exists with invoice, return existing payment request + duplicate_response = json.dumps({ + "type": DirectMessageType.PAYMENT_REQUEST.value, + "id": existing_order.id, + "message": "Order already received and processed", + "payment_options": [] + }, separators=(",", ":"), ensure_ascii=False) + return duplicate_response + else: + # Order exists but no invoice, skip processing + logger.info(f"[NOSTRMARKET] Order exists but no invoice, returning empty string") + return "" + except Exception as e: - logger.debug(e) + logger.error(f"[NOSTRMARKET] Error creating order: {e}") + logger.error(f"[NOSTRMARKET] Order data: {json_data}") + logger.error(f"[NOSTRMARKET] Exception type: {type(e).__name__}") + logger.error(f"[NOSTRMARKET] Exception details: {str(e)}") payment_req = await create_new_failed_order( merchant_id, merchant_public_key, @@ -609,12 +610,17 @@ async def _handle_new_order( json_data, "Order received, but cannot be processed. Please contact merchant.", ) - assert payment_req + + if not payment_req: + logger.error(f"[NOSTRMARKET] No payment request returned for order: {partial_order.id}") + return "" + response = { "type": DirectMessageType.PAYMENT_REQUEST.value, **payment_req.dict(), } - return json.dumps(response, separators=(",", ":"), ensure_ascii=False) + response_json = json.dumps(response, separators=(",", ":"), ensure_ascii=False) + return response_json async def create_new_failed_order( From 7245123e498742ac3c0b75ccc9f453427a45e003 Mon Sep 17 00:00:00 2001 From: padreug Date: Sun, 7 Sep 2025 03:25:19 +0200 Subject: [PATCH 03/14] Improve merchant creation with automatic keypair generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enhance the merchant creation process by automatically generating Nostr keypairs for users who don't have them, and streamline the API interface. Changes: - Add CreateMerchantRequest model to simplify merchant creation API - Auto-generate Nostr keypairs for users without existing keys - Update merchant creation endpoint to use user account keypairs - Improve error handling and validation in merchant creation flow - Clean up frontend JavaScript for merchant creation This ensures all merchants have proper Nostr keypairs for marketplace functionality without requiring manual key management from users. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- models.py | 4 ++++ static/js/index.js | 52 ++++++++++------------------------------------ views_api.py | 46 +++++++++++++++++++++++++++++++++++----- 3 files changed, 56 insertions(+), 46 deletions(-) diff --git a/models.py b/models.py index 58842d5..d56dbcf 100644 --- a/models.py +++ b/models.py @@ -49,6 +49,10 @@ class MerchantConfig(MerchantProfile): restore_in_progress: bool | None = False +class CreateMerchantRequest(BaseModel): + config: MerchantConfig = MerchantConfig() + + class PartialMerchant(BaseModel): private_key: str public_key: str diff --git a/static/js/index.js b/static/js/index.js index f14bf1d..b10220c 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -49,46 +49,19 @@ window.app = Vue.createApp({ } }, methods: { - generateKeys: function () { - const privateKey = nostr.generatePrivateKey() - const publicKey = nostr.getPublicKey(privateKey) - this.generateKeyDialog.privateKey = privateKey - this.generateKeyDialog.nsec = nostr.nip19.nsecEncode(privateKey) - this.generateKeyDialog.npub = nostr.nip19.npubEncode(publicKey) - this.generateKeyDialog.showNsec = false - this.generateKeyDialog.show = true - }, - confirmGenerateKey: async function () { - this.generateKeyDialog.show = false - await this.createMerchant(this.generateKeyDialog.privateKey) + generateKeys: async function () { + // No longer need to generate keys here - the backend will use user's existing keypairs + await this.createMerchant() }, importKeys: async function () { this.importKeyDialog.show = false - let privateKey = this.importKeyDialog.data.privateKey - if (!privateKey) { - return - } - try { - if (privateKey.toLowerCase().startsWith('nsec')) { - privateKey = nostr.nip19.decode(privateKey).data - } - // Check if this key is already in use - const publicKey = nostr.getPublicKey(privateKey) - if (this.merchant?.public_key === publicKey) { - this.$q.notify({ - type: 'warning', - message: 'This key is already your current profile' - }) - return - } - } catch (error) { - this.$q.notify({ - type: 'negative', - message: `${error}` - }) - return - } - await this.createMerchant(privateKey) + // Import keys functionality removed since we use user's native keypairs + // Show a message that this is no longer needed + this.$q.notify({ + type: 'info', + message: 'Merchants now use your account Nostr keys automatically. Key import is no longer needed.', + timeout: 3000 + }) }, showImportKeysDialog: async function () { this.importKeyDialog.show = true @@ -143,12 +116,9 @@ window.app = Vue.createApp({ this.showKeys = false this.stallCount = 0 }, - createMerchant: async function (privateKey) { + createMerchant: async function () { try { - const pubkey = nostr.getPublicKey(privateKey) const payload = { - private_key: privateKey, - public_key: pubkey, config: {} } const {data} = await LNbits.api.request( diff --git a/views_api.py b/views_api.py index 1e9f5c5..8d41963 100644 --- a/views_api.py +++ b/views_api.py @@ -4,12 +4,14 @@ from http import HTTPStatus from fastapi import Depends from fastapi.exceptions import HTTPException from lnbits.core.models import WalletTypeInfo +from lnbits.core.crud import get_account, update_account from lnbits.core.services import websocket_updater from lnbits.decorators import ( require_admin_key, require_invoice_key, ) from lnbits.utils.exchange_rates import currencies +from lnbits.utils.nostr import generate_keypair from loguru import logger from . import nostr_client, nostrmarket_ext @@ -58,6 +60,7 @@ from .crud import ( ) from .helpers import normalize_public_key from .models import ( + CreateMerchantRequest, Customer, DirectMessage, DirectMessageType, @@ -90,15 +93,48 @@ from .services import ( @nostrmarket_ext.post("/api/v1/merchant") async def api_create_merchant( - data: PartialMerchant, + data: CreateMerchantRequest, wallet: WalletTypeInfo = Depends(require_admin_key), ) -> Merchant: try: - merchant = await get_merchant_by_pubkey(data.public_key) - assert merchant is None, "A merchant already uses this public key" + # Check if merchant already exists for this user + merchant = await get_merchant_for_user(wallet.wallet.user) + assert merchant is None, "A merchant already exists for this user" - merchant = await create_merchant(wallet.wallet.user, data) + # Get user's account to access their Nostr keypairs + account = await get_account(wallet.wallet.user) + if not account: + raise HTTPException( + status_code=HTTPStatus.NOT_FOUND, + detail="User account not found", + ) + + # Check if user has Nostr keypairs, generate them if not + if not account.pubkey or not account.prvkey: + # Generate new keypair for user + private_key, public_key = generate_keypair() + + # Update user account with new keypairs + account.pubkey = public_key + account.prvkey = private_key + await update_account(account) + else: + public_key = account.pubkey + private_key = account.prvkey + + # Check if another merchant is already using this public key + existing_merchant = await get_merchant_by_pubkey(public_key) + assert existing_merchant is None, "A merchant already uses this public key" + + # Create PartialMerchant with user's keypairs + partial_merchant = PartialMerchant( + private_key=private_key, + public_key=public_key, + config=data.config + ) + + merchant = await create_merchant(wallet.wallet.user, partial_merchant) await create_zone( merchant.id, @@ -113,7 +149,7 @@ async def api_create_merchant( await resubscribe_to_all_merchants() - await nostr_client.merchant_temp_subscription(data.public_key) + await nostr_client.merchant_temp_subscription(public_key) return merchant except AssertionError as ex: From 0fec454006a1e49a776c5b1818b8c7395268a66c Mon Sep 17 00:00:00 2001 From: padreug Date: Mon, 8 Sep 2025 21:50:54 +0200 Subject: [PATCH 04/14] TEMP: set merchant active to True by default --- models.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/models.py b/models.py index d56dbcf..71f977b 100644 --- a/models.py +++ b/models.py @@ -43,10 +43,11 @@ class MerchantProfile(BaseModel): class MerchantConfig(MerchantProfile): - event_id: str | None = None + event_id: Optional[str] = None sync_from_nostr: bool = False - active: bool = False - restore_in_progress: bool | None = False + # TODO: switched to True for AIO demo; determine if we leave this as True + active: bool = True + restore_in_progress: Optional[bool] = False class CreateMerchantRequest(BaseModel): From 61c2db8e803954df10a9c31032703d4ee087a82a Mon Sep 17 00:00:00 2001 From: padreug Date: Mon, 3 Nov 2025 23:58:30 +0100 Subject: [PATCH 05/14] Enhances websocket connection robustness Improves websocket connection reliability by predefining the websocket URL and handling potential queueing errors. This change also updates the websocket close message for clarity. --- nostr/nostr_client.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/nostr/nostr_client.py b/nostr/nostr_client.py index 8a2da32..0e38029 100644 --- a/nostr/nostr_client.py +++ b/nostr/nostr_client.py @@ -31,9 +31,11 @@ class NostrClient: logger.debug(f"Connecting to websockets for 'nostrclient' extension...") relay_endpoint = encrypt_internal_message("relay", urlsafe=True) + ws_url = f"ws://localhost:{settings.port}/nostrclient/api/v1/{relay_endpoint}" + on_open, on_message, on_error, on_close = self._ws_handlers() ws = WebSocketApp( - f"ws://localhost:{settings.port}/nostrclient/api/v1/{relay_endpoint}", + ws_url, on_message=on_message, on_open=on_open, on_close=on_close, @@ -181,13 +183,16 @@ class NostrClient: def on_message(_, message): logger.info(f"[NOSTRMARKET DEBUG] Received websocket message: {message[:200]}...") - self.recieve_event_queue.put_nowait(message) + try: + self.recieve_event_queue.put_nowait(message) + except Exception as e: + logger.error(f"[NOSTRMARKET DEBUG] ❌ Failed to queue message: {e}") def on_error(_, error): - logger.warning(f"[NOSTRMARKET DEBUG] Websocket error: {error}") + logger.warning(f"[NOSTRMARKET DEBUG] ❌ Websocket error: {error}") def on_close(x, status_code, message): - logger.warning(f"[NOSTRMARKET DEBUG] Websocket closed: {x}: '{status_code}' '{message}'") + logger.warning(f"[NOSTRMARKET DEBUG] 🔌 Websocket closed: {x}: '{status_code}' '{message}'") # force re-subscribe self.recieve_event_queue.put_nowait(ValueError("Websocket close.")) From 1fd01f8c06917a5aa5dda5a14aa82f0bbbece7b7 Mon Sep 17 00:00:00 2001 From: padreug Date: Tue, 4 Nov 2025 00:38:29 +0100 Subject: [PATCH 06/14] Adds order discovery analysis document Adds a document analyzing the order discovery mechanism in Nostrmarket. The document identifies the reasons merchants need to manually refresh to see new orders, instead of receiving them automatically. It analyzes timing window issues, connection stability, subscription state management, and event processing delays. It proposes solutions such as enhanced persistent subscriptions, periodic auto-refresh, WebSocket health monitoring, and event gap detection. --- misc-docs/ORDER-DISCOVERY-ANALYSIS.md | 320 ++++++++++++++++++++++++++ 1 file changed, 320 insertions(+) create mode 100644 misc-docs/ORDER-DISCOVERY-ANALYSIS.md diff --git a/misc-docs/ORDER-DISCOVERY-ANALYSIS.md b/misc-docs/ORDER-DISCOVERY-ANALYSIS.md new file mode 100644 index 0000000..de393e2 --- /dev/null +++ b/misc-docs/ORDER-DISCOVERY-ANALYSIS.md @@ -0,0 +1,320 @@ +# Nostrmarket Order Discovery Analysis + +## Executive Summary + +This document analyzes the order discovery mechanism in the Nostrmarket extension and identifies why merchants must manually refresh to see new orders instead of receiving them automatically through persistent subscriptions. + +--- + +## Current Architecture + +### Two Subscription Systems + +The Nostrmarket extension implements two distinct subscription mechanisms for receiving Nostr events: + +#### 1. **Persistent Subscriptions (Background Task)** + +**Purpose**: Continuous monitoring for new orders, products, and merchant events + +**Implementation**: + +- Runs via `wait_for_nostr_events()` background task +- Initiated on extension startup (15-second delay) +- Creates subscription ID: `nostrmarket-{hash}` +- Monitors all merchant public keys continuously + +**Code Location**: `/nostrmarket/tasks.py:37-49` + +```python +async def wait_for_nostr_events(nostr_client: NostrClient): + while True: + try: + await subscribe_to_all_merchants() + while True: + message = await nostr_client.get_event() + await process_nostr_message(message) +``` + +**Subscription Filters**: + +- Direct messages (kind 4) - for orders +- Stall events (kind 30017) +- Product events (kind 30018) +- Profile updates (kind 0) + +#### 2. **Temporary Subscriptions (Manual Refresh)** + +**Purpose**: Catch up on missed events when merchant clicks "Refresh from Nostr" + +**Implementation**: + +- Duration: 10 seconds only +- Triggered by user action +- Creates subscription ID: `merchant-{hash}` +- Fetches ALL events from time=0 + +**Code Location**: `/nostrmarket/nostr/nostr_client.py:100-120` + +```python +async def merchant_temp_subscription(self, pk, duration=10): + dm_filters = self._filters_for_direct_messages([pk], 0) + # ... creates filters with time=0 (all history) + await self.send_req_queue.put(["REQ", subscription_id] + merchant_filters) + asyncio.create_task(unsubscribe_with_delay(subscription_id, duration)) +``` + +--- + +## Problem Identification + +### Why Manual Refresh is Required + +#### **Issue 1: Timing Window Problem** + +The persistent subscription uses timestamps from the last database update: + +```python +async def subscribe_to_all_merchants(): + last_dm_time = await get_last_direct_messages_created_at() + last_stall_time = await get_last_stall_update_time() + last_prod_time = await get_last_product_update_time() + + await nostr_client.subscribe_merchants( + public_keys, last_dm_time, last_stall_time, last_prod_time, 0 + ) +``` + +**Problem**: Events that occur between: + +- The last database update time +- When the subscription becomes active + ...are potentially missed + +#### **Issue 2: Connection Stability** + +The WebSocket connection between components may be unstable: + +``` +[Nostrmarket] <--WebSocket--> [Nostrclient] <--WebSocket--> [Nostr Relays] + Extension Extension (Global) +``` + +**Potential failure points**: + +1. Connection drops between nostrmarket → nostrclient +2. Connection drops between nostrclient → relays +3. Reconnection doesn't re-establish subscriptions + +#### **Issue 3: Subscription State Management** + +**Current behavior**: + +- Single persistent subscription per merchant +- No automatic resubscription on failure +- No heartbeat/keepalive mechanism +- No verification that subscription is active + +#### **Issue 4: Event Processing Delays** + +The startup sequence has intentional delays: + +```python +async def _subscribe_to_nostr_client(): + await asyncio.sleep(10) # Wait for nostrclient + await nostr_client.run_forever() + +async def _wait_for_nostr_events(): + await asyncio.sleep(15) # Wait for extension init + await wait_for_nostr_events(nostr_client) +``` + +**Problem**: Orders arriving during initialization are missed + +--- + +## Why Manual Refresh Works + +The temporary subscription succeeds because: + +1. **Fetches from time=0**: Gets ALL historical events +2. **Fresh connection**: Creates new subscription request +3. **Immediate processing**: No startup delays +4. **Direct feedback**: User sees results immediately + +```python +# Temporary subscription uses time=0 (all events) +dm_filters = self._filters_for_direct_messages([pk], 0) # ← 0 means all time + +# Persistent subscription uses last update time +dm_filters = self._filters_for_direct_messages(public_keys, dm_time) # ← can miss events +``` + +--- + +## Impact Analysis + +### User Experience Issues + +1. **Merchants miss orders** without manual refresh +2. **No real-time notifications** for new orders +3. **Uncertainty** about order status +4. **Extra manual steps** required +5. **Delayed order fulfillment** + +### Technical Implications + +1. **Not truly decentralized** - requires active monitoring +2. **Scalability concerns** - manual refresh doesn't scale +3. **Reliability issues** - depends on user action +4. **Performance overhead** - fetching all events repeatedly + +--- + +## Recommended Solutions + +### Solution A: Enhanced Persistent Subscriptions + +**Implement redundant subscription mechanisms:** + +```python +class EnhancedSubscriptionManager: + def __init__(self): + self.last_heartbeat = time.time() + self.subscription_active = False + + async def maintain_subscription(self): + while True: + if not self.subscription_active or \ + time.time() - self.last_heartbeat > 30: + await self.resubscribe_with_overlap() + await asyncio.sleep(10) + + async def resubscribe_with_overlap(self): + # Use timestamp with 5-minute overlap + overlap_time = int(time.time()) - 300 + await subscribe_to_all_merchants(since=overlap_time) +``` + +### Solution B: Periodic Auto-Refresh + +**Add automatic temporary subscriptions:** + +```python +async def auto_refresh_loop(): + while True: + await asyncio.sleep(60) # Every minute + merchants = await get_all_active_merchants() + for merchant in merchants: + await merchant_temp_subscription(merchant.pubkey, duration=5) +``` + +### Solution C: WebSocket Health Monitoring + +**Implement connection health checks:** + +```python +class WebSocketHealthMonitor: + async def check_connection_health(self): + try: + # Send ping to nostrclient + response = await nostr_client.ping(timeout=5) + if not response: + await self.reconnect_and_resubscribe() + except Exception: + await self.reconnect_and_resubscribe() +``` + +### Solution D: Event Gap Detection + +**Detect and fill gaps in event sequence:** + +```python +async def detect_event_gaps(): + # Check for gaps in event timestamps + last_known = await get_last_event_time() + current_time = int(time.time()) + + if current_time - last_known > 60: # 1 minute gap + # Perform temporary subscription to fill gap + await fetch_missing_events(since=last_known) +``` + +--- + +## Implementation Priority + +### Phase 1: Quick Fixes (1-2 days) + +1. [DONE] Increase temp subscription duration (10s → 30s) +2. [DONE] Add connection health logging +3. [DONE] Reduce startup delays + +### Phase 2: Reliability (3-5 days) + +1. [TODO] Implement subscription heartbeat +2. [TODO] Add automatic resubscription on failure +3. [TODO] Create event gap detection + +### Phase 3: Full Solution (1-2 weeks) + +1. [TODO] WebSocket connection monitoring +2. [TODO] Redundant subscription system +3. [TODO] Real-time order notifications +4. [TODO] Event deduplication logic + +--- + +## Testing Recommendations + +### Test Scenarios + +1. **Order during startup**: Send order within 15 seconds of server start +2. **Long-running test**: Keep server running for 24 hours, send periodic orders +3. **Connection interruption**: Disconnect nostrclient, send order, reconnect +4. **High volume**: Send 100 orders rapidly +5. **Network latency**: Add artificial delay between components + +### Monitoring Metrics + +- Time between order sent → order discovered +- Percentage of orders requiring manual refresh +- WebSocket connection uptime +- Subscription success rate +- Event processing latency + +--- + +## Conclusion + +The current order discovery system relies on manual refresh due to: + +1. **Timing gaps** in persistent subscriptions +2. **Connection stability** issues +3. **Lack of redundancy** in subscription management +4. **No automatic recovery** mechanisms + +While the temporary subscription (manual refresh) provides a workaround, a proper solution requires implementing connection monitoring, subscription health checks, and automatic gap-filling mechanisms to ensure reliable real-time order discovery. + +--- + +## Appendix: Code References + +### Key Files + +- `/nostrmarket/tasks.py` - Background task management +- `/nostrmarket/nostr/nostr_client.py` - Nostr client implementation +- `/nostrmarket/services.py` - Order processing logic +- `/nostrmarket/views_api.py` - API endpoints for refresh + +### Relevant Functions + +- `wait_for_nostr_events()` - Main event loop +- `subscribe_to_all_merchants()` - Persistent subscription +- `merchant_temp_subscription()` - Manual refresh +- `process_nostr_message()` - Event processing + +--- + +_Document prepared: January 2025_ +_Analysis based on: Nostrmarket v1.0_ +_Status: Active Investigation_ From e0fdada15c087652d275f2709564fa94abd9f3d6 Mon Sep 17 00:00:00 2001 From: padreug Date: Tue, 4 Nov 2025 00:52:36 +0100 Subject: [PATCH 07/14] Improves Nostr message handling and error logging Enhances the processing of Nostr messages by adding more robust error handling and logging, providing better insights into potential issues. Specifically: - Improves the checks on the websocket connection to log errors and debug information. - Implements more comprehensive error logging for failed product quantity checks. - Enhances logging and validation of EVENT messages to prevent potential errors. - Implements a more robust merchant lookup logic to avoid double processing of events. - Implements a more lenient time window for direct message subscriptions. --- nostr/nostr_client.py | 18 +++++------- services.py | 66 +++++++++++++++++++++++++++---------------- 2 files changed, 49 insertions(+), 35 deletions(-) diff --git a/nostr/nostr_client.py b/nostr/nostr_client.py index 0e38029..967bc1b 100644 --- a/nostr/nostr_client.py +++ b/nostr/nostr_client.py @@ -67,6 +67,7 @@ class NostrClient: async def get_event(self): value = await self.recieve_event_queue.get() if isinstance(value, ValueError): + logger.error(f"[NOSTRMARKET] ❌ Queue returned error: {value}") raise value return value @@ -93,12 +94,6 @@ class NostrClient: self.subscription_id = "nostrmarket-" + urlsafe_short_hash()[:32] await self.send_req_queue.put(["REQ", self.subscription_id] + merchant_filters) - logger.info( - f"[NOSTRMARKET DEBUG] Subscribing to events for: {len(public_keys)} keys. New subscription id: {self.subscription_id}" - ) - logger.info(f"[NOSTRMARKET DEBUG] Subscription filters: {merchant_filters}") - logger.info(f"[NOSTRMARKET DEBUG] Public keys: {public_keys}") - async def merchant_temp_subscription(self, pk, duration=10): dm_filters = self._filters_for_direct_messages([pk], 0) stall_filters = self._filters_for_stall_events([pk], 0) @@ -179,20 +174,21 @@ class NostrClient: def _ws_handlers(self): def on_open(_): - logger.info("[NOSTRMARKET DEBUG] Connected to 'nostrclient' websocket") + logger.debug("[NOSTRMARKET DEBUG] ✅ Connected to 'nostrclient' websocket successfully") def on_message(_, message): - logger.info(f"[NOSTRMARKET DEBUG] Received websocket message: {message[:200]}...") + logger.debug(f"[NOSTRMARKET DEBUG] 📨 Received websocket message: {message[:200]}...") try: self.recieve_event_queue.put_nowait(message) + logger.debug(f"[NOSTRMARKET DEBUG] 📤 Message queued successfully") except Exception as e: - logger.error(f"[NOSTRMARKET DEBUG] ❌ Failed to queue message: {e}") + logger.error(f"[NOSTRMARKET] ❌ Failed to queue message: {e}") def on_error(_, error): - logger.warning(f"[NOSTRMARKET DEBUG] ❌ Websocket error: {error}") + logger.warning(f"[NOSTRMARKET] ❌ Websocket error: {error}") def on_close(x, status_code, message): - logger.warning(f"[NOSTRMARKET DEBUG] 🔌 Websocket closed: {x}: '{status_code}' '{message}'") + logger.warning(f"[NOSTRMARKET] 🔌 Websocket closed: {x}: '{status_code}' '{message}'") # force re-subscribe self.recieve_event_queue.put_nowait(ValueError("Websocket close.")) diff --git a/services.py b/services.py index d32bf35..4b14299 100644 --- a/services.py +++ b/services.py @@ -85,10 +85,13 @@ async def create_new_order( async def build_order_with_payment( merchant_id: str, merchant_public_key: str, data: PartialOrder ): + products = await get_products_by_ids( merchant_id, [p.product_id for p in data.items] ) + data.validate_order_items(products) + shipping_zone = await get_zone(merchant_id, data.shipping_id) assert shipping_zone, f"Shipping zone not found for order '{data.id}'" @@ -96,6 +99,7 @@ async def build_order_with_payment( product_cost_sat, shipping_cost_sat = await data.costs_in_sats( products, shipping_zone.id, shipping_zone.cost ) + receipt = data.receipt(products, shipping_zone.id, shipping_zone.cost) wallet_id = await get_wallet_for_product(data.items[0].product_id) @@ -106,6 +110,7 @@ async def build_order_with_payment( merchant_id, product_ids, data.items ) if not success: + logger.error(f"[NOSTRMARKET] ❌ Product quantity check failed: {message}") raise ValueError(message) total_amount_sat = round(product_cost_sat + shipping_cost_sat) @@ -316,9 +321,14 @@ async def compute_products_new_quantity( async def process_nostr_message(msg: str): try: - type_, *rest = json.loads(msg) + parsed_msg = json.loads(msg) + type_, *rest = parsed_msg + if type_.upper() == "EVENT": + if len(rest) < 2: + logger.warning(f"[NOSTRMARKET] ⚠️ EVENT message missing data: {rest}") + return _, event = rest event = NostrEvent(**event) if event.kind == 0: @@ -330,11 +340,14 @@ async def process_nostr_message(msg: str): elif event.kind == 30018: await _handle_product(event) else: - logger.info(f"[NOSTRMARKET] Unhandled event kind: {event.kind} - event: {event.id}") + logger.info(f"[NOSTRMARKET] ❓ Unhandled event kind: {event.kind} - event: {event.id}") return + else: + logger.info(f"[NOSTRMARKET] 🔄 Non-EVENT message type: {type_}") except Exception as ex: - logger.error(f"[NOSTRMARKET] Error processing nostr message: {ex}") + logger.error(f"[NOSTRMARKET] ❌ Error processing nostr message: {ex}") + logger.error(f"[NOSTRMARKET] 📄 Raw message that failed: {msg}") async def create_or_update_order_from_dm( @@ -416,28 +429,29 @@ async def extract_customer_order_from_dm( async def _handle_nip04_message(event: NostrEvent): - merchant_public_key = event.pubkey - merchant = await get_merchant_by_pubkey(merchant_public_key) - - if not merchant: - p_tags = event.tag_values("p") - if len(p_tags) and p_tags[0]: - merchant_public_key = p_tags[0] - merchant = await get_merchant_by_pubkey(merchant_public_key) - - assert merchant, f"Merchant not found for public key '{merchant_public_key}'" - - if event.pubkey == merchant_public_key: - assert len(event.tag_values("p")) != 0, "Outgong message has no 'p' tag" - clear_text_msg = merchant.decrypt_message( + + p_tags = event.tag_values("p") + + # PRIORITY 1: Check if any recipient (p_tag) is a merchant → incoming message TO merchant + for p_tag in p_tags: + if p_tag: + potential_merchant = await get_merchant_by_pubkey(p_tag) + if potential_merchant: + clear_text_msg = potential_merchant.decrypt_message(event.content, event.pubkey) + await _handle_incoming_dms(event, potential_merchant, clear_text_msg) + return # IMPORTANT: Return immediately to prevent double processing + + # PRIORITY 2: If no recipient merchant found, check if sender is a merchant → outgoing message FROM merchant + sender_merchant = await get_merchant_by_pubkey(event.pubkey) + if sender_merchant: + assert len(event.tag_values("p")) != 0, "Outgoing message has no 'p' tag" + clear_text_msg = sender_merchant.decrypt_message( event.content, event.tag_values("p")[0] ) - await _handle_outgoing_dms(event, merchant, clear_text_msg) - elif event.has_tag_value("p", merchant_public_key): - clear_text_msg = merchant.decrypt_message(event.content, event.pubkey) - await _handle_incoming_dms(event, merchant, clear_text_msg) - else: - logger.warning(f"[NOSTRMARKET] Bad NIP04 event: '{event.id}' - pubkey: {event.pubkey}, merchant: {merchant_public_key}") + await _handle_outgoing_dms(event, sender_merchant, clear_text_msg) + return # IMPORTANT: Return immediately + + # No merchant found in either direction async def _handle_incoming_dms( @@ -579,6 +593,7 @@ async def _handle_new_order( wallet = await get_wallet(wallet_id) assert wallet, f"Cannot find wallet for product id: {first_product_id}" + payment_req = await create_new_order(merchant_public_key, partial_order) if payment_req is None: @@ -653,8 +668,11 @@ async def subscribe_to_all_merchants(): last_stall_time = await get_last_stall_update_time() last_prod_time = await get_last_product_update_time() + # Make dm_time more lenient by subtracting 5 minutes to avoid missing recent events + lenient_dm_time = max(0, last_dm_time - 300) if last_dm_time > 0 else 0 + await nostr_client.subscribe_merchants( - public_keys, last_dm_time, last_stall_time, last_prod_time, 0 + public_keys, lenient_dm_time, last_stall_time, last_prod_time, 0 ) From f85cbaa65e45e259a5f5b6f354b406e80fc4fc91 Mon Sep 17 00:00:00 2001 From: padreug Date: Tue, 4 Nov 2025 00:59:55 +0100 Subject: [PATCH 08/14] Refactors type hints for clarity Updates type hints in `crud.py`, `helpers.py`, and `models.py` for improved readability and maintainability. Replaces `Merchant | None` with `Optional[Merchant]` and `list[X]` with `List[X]` for consistency with standard Python typing practices. --- crud.py | 69 +++++++++++++++-------------- helpers.py | 3 +- models.py | 120 +++++++++++++++++++++++++-------------------------- services.py | 16 ++++--- views_api.py | 31 ++++++------- 5 files changed, 123 insertions(+), 116 deletions(-) diff --git a/crud.py b/crud.py index 3bec1f2..adc0836 100644 --- a/crud.py +++ b/crud.py @@ -1,4 +1,5 @@ import json +from typing import List, Optional, Tuple from lnbits.helpers import urlsafe_short_hash @@ -43,7 +44,7 @@ async def create_merchant(user_id: str, m: PartialMerchant) -> Merchant: async def update_merchant( user_id: str, merchant_id: str, config: MerchantConfig -) -> Merchant | None: +) -> Optional[Merchant]: await db.execute( f""" UPDATE nostrmarket.merchants SET meta = :meta, time = {db.timestamp_now} @@ -54,7 +55,7 @@ async def update_merchant( return await get_merchant(user_id, merchant_id) -async def touch_merchant(user_id: str, merchant_id: str) -> Merchant | None: +async def touch_merchant(user_id: str, merchant_id: str) -> Optional[Merchant]: await db.execute( f""" UPDATE nostrmarket.merchants SET time = {db.timestamp_now} @@ -65,7 +66,7 @@ async def touch_merchant(user_id: str, merchant_id: str) -> Merchant | None: return await get_merchant(user_id, merchant_id) -async def get_merchant(user_id: str, merchant_id: str) -> Merchant | None: +async def get_merchant(user_id: str, merchant_id: str) -> Optional[Merchant]: row: dict = await db.fetchone( """SELECT * FROM nostrmarket.merchants WHERE user_id = :user_id AND id = :id""", { @@ -77,7 +78,7 @@ async def get_merchant(user_id: str, merchant_id: str) -> Merchant | None: return Merchant.from_row(row) if row else None -async def get_merchant_by_pubkey(public_key: str) -> Merchant | None: +async def get_merchant_by_pubkey(public_key: str) -> Optional[Merchant]: row: dict = await db.fetchone( """SELECT * FROM nostrmarket.merchants WHERE public_key = :public_key""", {"public_key": public_key}, @@ -86,7 +87,7 @@ async def get_merchant_by_pubkey(public_key: str) -> Merchant | None: return Merchant.from_row(row) if row else None -async def get_merchants_ids_with_pubkeys() -> list[tuple[str, str]]: +async def get_merchants_ids_with_pubkeys() -> List[Tuple[str, str]]: rows: list[dict] = await db.fetchall( """SELECT id, public_key FROM nostrmarket.merchants""", ) @@ -94,7 +95,7 @@ async def get_merchants_ids_with_pubkeys() -> list[tuple[str, str]]: return [(row["id"], row["public_key"]) for row in rows] -async def get_merchant_for_user(user_id: str) -> Merchant | None: +async def get_merchant_for_user(user_id: str) -> Optional[Merchant]: row: dict = await db.fetchone( """SELECT * FROM nostrmarket.merchants WHERE user_id = :user_id """, {"user_id": user_id}, @@ -137,7 +138,7 @@ async def create_zone(merchant_id: str, data: Zone) -> Zone: return zone -async def update_zone(merchant_id: str, z: Zone) -> Zone | None: +async def update_zone(merchant_id: str, z: Zone) -> Optional[Zone]: await db.execute( """ UPDATE nostrmarket.zones @@ -156,7 +157,7 @@ async def update_zone(merchant_id: str, z: Zone) -> Zone | None: return await get_zone(merchant_id, z.id) -async def get_zone(merchant_id: str, zone_id: str) -> Zone | None: +async def get_zone(merchant_id: str, zone_id: str) -> Optional[Zone]: row: dict = await db.fetchone( "SELECT * FROM nostrmarket.zones WHERE merchant_id = :merchant_id AND id = :id", { @@ -167,7 +168,7 @@ async def get_zone(merchant_id: str, zone_id: str) -> Zone | None: return Zone.from_row(row) if row else None -async def get_zones(merchant_id: str) -> list[Zone]: +async def get_zones(merchant_id: str) -> List[Zone]: rows: list[dict] = await db.fetchall( "SELECT * FROM nostrmarket.zones WHERE merchant_id = :merchant_id", {"merchant_id": merchant_id}, @@ -234,7 +235,7 @@ async def create_stall(merchant_id: str, data: Stall) -> Stall: return stall -async def get_stall(merchant_id: str, stall_id: str) -> Stall | None: +async def get_stall(merchant_id: str, stall_id: str) -> Optional[Stall]: row: dict = await db.fetchone( """ SELECT * FROM nostrmarket.stalls @@ -248,7 +249,7 @@ async def get_stall(merchant_id: str, stall_id: str) -> Stall | None: return Stall.from_row(row) if row else None -async def get_stalls(merchant_id: str, pending: bool | None = False) -> list[Stall]: +async def get_stalls(merchant_id: str, pending: Optional[bool] = False) -> List[Stall]: rows: list[dict] = await db.fetchall( """ SELECT * FROM nostrmarket.stalls @@ -273,7 +274,7 @@ async def get_last_stall_update_time() -> int: return row["event_created_at"] or 0 if row else 0 -async def update_stall(merchant_id: str, stall: Stall) -> Stall | None: +async def update_stall(merchant_id: str, stall: Stall) -> Optional[Stall]: await db.execute( """ UPDATE nostrmarket.stalls @@ -397,7 +398,9 @@ async def update_product(merchant_id: str, product: Product) -> Product: return updated_product -async def update_product_quantity(product_id: str, new_quantity: int) -> Product | None: +async def update_product_quantity( + product_id: str, new_quantity: int +) -> Optional[Product]: await db.execute( """ UPDATE nostrmarket.products SET quantity = :quantity @@ -412,7 +415,7 @@ async def update_product_quantity(product_id: str, new_quantity: int) -> Product return Product.from_row(row) if row else None -async def get_product(merchant_id: str, product_id: str) -> Product | None: +async def get_product(merchant_id: str, product_id: str) -> Optional[Product]: row: dict = await db.fetchone( """ SELECT * FROM nostrmarket.products @@ -428,8 +431,8 @@ async def get_product(merchant_id: str, product_id: str) -> Product | None: async def get_products( - merchant_id: str, stall_id: str, pending: bool | None = False -) -> list[Product]: + merchant_id: str, stall_id: str, pending: Optional[bool] = False +) -> List[Product]: rows: list[dict] = await db.fetchall( """ SELECT * FROM nostrmarket.products @@ -442,8 +445,8 @@ async def get_products( async def get_products_by_ids( - merchant_id: str, product_ids: list[str] -) -> list[Product]: + merchant_id: str, product_ids: List[str] +) -> List[Product]: # todo: revisit keys = [] @@ -464,7 +467,7 @@ async def get_products_by_ids( return [Product.from_row(row) for row in rows] -async def get_wallet_for_product(product_id: str) -> str | None: +async def get_wallet_for_product(product_id: str) -> Optional[str]: row: dict = await db.fetchone( """ SELECT s.wallet as wallet FROM nostrmarket.products p @@ -571,7 +574,7 @@ async def create_order(merchant_id: str, o: Order) -> Order: return order -async def get_order(merchant_id: str, order_id: str) -> Order | None: +async def get_order(merchant_id: str, order_id: str) -> Optional[Order]: row: dict = await db.fetchone( """ SELECT * FROM nostrmarket.orders @@ -585,7 +588,7 @@ async def get_order(merchant_id: str, order_id: str) -> Order | None: return Order.from_row(row) if row else None -async def get_order_by_event_id(merchant_id: str, event_id: str) -> Order | None: +async def get_order_by_event_id(merchant_id: str, event_id: str) -> Optional[Order]: row: dict = await db.fetchone( """ SELECT * FROM nostrmarket.orders @@ -599,7 +602,7 @@ async def get_order_by_event_id(merchant_id: str, event_id: str) -> Order | None return Order.from_row(row) if row else None -async def get_orders(merchant_id: str, **kwargs) -> list[Order]: +async def get_orders(merchant_id: str, **kwargs) -> List[Order]: q = " AND ".join( [ f"{field[0]} = :{field[0]}" @@ -626,7 +629,7 @@ async def get_orders(merchant_id: str, **kwargs) -> list[Order]: async def get_orders_for_stall( merchant_id: str, stall_id: str, **kwargs -) -> list[Order]: +) -> List[Order]: q = " AND ".join( [ f"{field[0]} = :{field[0]}" @@ -652,7 +655,7 @@ async def get_orders_for_stall( return [Order.from_row(row) for row in rows] -async def update_order(merchant_id: str, order_id: str, **kwargs) -> Order | None: +async def update_order(merchant_id: str, order_id: str, **kwargs) -> Optional[Order]: q = ", ".join( [ f"{field[0]} = :{field[0]}" @@ -676,7 +679,7 @@ async def update_order(merchant_id: str, order_id: str, **kwargs) -> Order | Non return await get_order(merchant_id, order_id) -async def update_order_paid_status(order_id: str, paid: bool) -> Order | None: +async def update_order_paid_status(order_id: str, paid: bool) -> Optional[Order]: await db.execute( "UPDATE nostrmarket.orders SET paid = :paid WHERE id = :id", {"paid": paid, "id": order_id}, @@ -690,7 +693,7 @@ async def update_order_paid_status(order_id: str, paid: bool) -> Order | None: async def update_order_shipped_status( merchant_id: str, order_id: str, shipped: bool -) -> Order | None: +) -> Optional[Order]: await db.execute( """ UPDATE nostrmarket.orders @@ -754,7 +757,7 @@ async def create_direct_message( return msg -async def get_direct_message(merchant_id: str, dm_id: str) -> DirectMessage | None: +async def get_direct_message(merchant_id: str, dm_id: str) -> Optional[DirectMessage]: row: dict = await db.fetchone( """ SELECT * FROM nostrmarket.direct_messages @@ -770,7 +773,7 @@ async def get_direct_message(merchant_id: str, dm_id: str) -> DirectMessage | No async def get_direct_message_by_event_id( merchant_id: str, event_id: str -) -> DirectMessage | None: +) -> Optional[DirectMessage]: row: dict = await db.fetchone( """ SELECT * FROM nostrmarket.direct_messages @@ -784,7 +787,7 @@ async def get_direct_message_by_event_id( return DirectMessage.from_row(row) if row else None -async def get_direct_messages(merchant_id: str, public_key: str) -> list[DirectMessage]: +async def get_direct_messages(merchant_id: str, public_key: str) -> List[DirectMessage]: rows: list[dict] = await db.fetchall( """ SELECT * FROM nostrmarket.direct_messages @@ -796,7 +799,7 @@ async def get_direct_messages(merchant_id: str, public_key: str) -> list[DirectM return [DirectMessage.from_row(row) for row in rows] -async def get_orders_from_direct_messages(merchant_id: str) -> list[DirectMessage]: +async def get_orders_from_direct_messages(merchant_id: str) -> List[DirectMessage]: rows: list[dict] = await db.fetchall( """ SELECT * FROM nostrmarket.direct_messages @@ -857,7 +860,7 @@ async def create_customer(merchant_id: str, data: Customer) -> Customer: return customer -async def get_customer(merchant_id: str, public_key: str) -> Customer | None: +async def get_customer(merchant_id: str, public_key: str) -> Optional[Customer]: row: dict = await db.fetchone( """ SELECT * FROM nostrmarket.customers @@ -871,7 +874,7 @@ async def get_customer(merchant_id: str, public_key: str) -> Customer | None: return Customer.from_row(row) if row else None -async def get_customers(merchant_id: str) -> list[Customer]: +async def get_customers(merchant_id: str) -> List[Customer]: rows: list[dict] = await db.fetchall( "SELECT * FROM nostrmarket.customers WHERE merchant_id = :merchant_id", {"merchant_id": merchant_id}, @@ -879,7 +882,7 @@ async def get_customers(merchant_id: str) -> list[Customer]: return [Customer.from_row(row) for row in rows] -async def get_all_unique_customers() -> list[Customer]: +async def get_all_unique_customers() -> List[Customer]: q = """ SELECT public_key, MAX(merchant_id) as merchant_id, MAX(event_created_at) FROM nostrmarket.customers diff --git a/helpers.py b/helpers.py index dcc0f06..dd26116 100644 --- a/helpers.py +++ b/helpers.py @@ -1,5 +1,6 @@ import base64 import secrets +from typing import Optional import coincurve from bech32 import bech32_decode, convertbits @@ -36,7 +37,7 @@ def decrypt_message(encoded_message: str, encryption_key) -> str: return unpadded_data.decode() -def encrypt_message(message: str, encryption_key, iv: bytes | None = None) -> str: +def encrypt_message(message: str, encryption_key, iv: Optional[bytes] = None) -> str: padder = padding.PKCS7(128).padder() padded_data = padder.update(message.encode()) + padder.finalize() diff --git a/models.py b/models.py index 71f977b..b12b775 100644 --- a/models.py +++ b/models.py @@ -2,7 +2,7 @@ import json import time from abc import abstractmethod from enum import Enum -from typing import Any +from typing import Any, List, Optional, Tuple from lnbits.utils.exchange_rates import btc_price, fiat_amount_as_satoshis from pydantic import BaseModel @@ -32,14 +32,14 @@ class Nostrable: class MerchantProfile(BaseModel): - name: str | None = None - display_name: str | None = None - about: str | None = None - picture: str | None = None - banner: str | None = None - website: str | None = None - nip05: str | None = None - lud16: str | None = None + name: Optional[str] = None + display_name: Optional[str] = None + about: Optional[str] = None + picture: Optional[str] = None + banner: Optional[str] = None + website: Optional[str] = None + nip05: Optional[str] = None + lud16: Optional[str] = None class MerchantConfig(MerchantProfile): @@ -62,7 +62,7 @@ class PartialMerchant(BaseModel): class Merchant(PartialMerchant, Nostrable): id: str - time: int | None = 0 + time: Optional[int] = 0 def sign_hash(self, hash_: bytes) -> str: return sign_message_hash(self.private_key, hash_) @@ -144,11 +144,11 @@ class Merchant(PartialMerchant, Nostrable): ######################################## ZONES ######################################## class Zone(BaseModel): - id: str | None = None - name: str | None = None + id: Optional[str] = None + name: Optional[str] = None currency: str cost: float - countries: list[str] = [] + countries: List[str] = [] @classmethod def from_row(cls, row: dict) -> "Zone": @@ -161,22 +161,22 @@ class Zone(BaseModel): class StallConfig(BaseModel): - image_url: str | None = None - description: str | None = None + image_url: Optional[str] = None + description: Optional[str] = None class Stall(BaseModel, Nostrable): - id: str | None = None + id: Optional[str] = None wallet: str name: str currency: str = "sat" - shipping_zones: list[Zone] = [] + shipping_zones: List[Zone] = [] config: StallConfig = StallConfig() pending: bool = False """Last published nostr event for this Stall""" - event_id: str | None = None - event_created_at: int | None = None + event_id: Optional[str] = None + event_created_at: Optional[int] = None def validate_stall(self): for z in self.shipping_zones: @@ -234,19 +234,19 @@ class ProductShippingCost(BaseModel): class ProductConfig(BaseModel): - description: str | None = None - currency: str | None = None - use_autoreply: bool | None = False - autoreply_message: str | None = None - shipping: list[ProductShippingCost] = [] + description: Optional[str] = None + currency: Optional[str] = None + use_autoreply: Optional[bool] = False + autoreply_message: Optional[str] = None + shipping: List[ProductShippingCost] = [] class Product(BaseModel, Nostrable): - id: str | None = None + id: Optional[str] = None stall_id: str name: str - categories: list[str] = [] - images: list[str] = [] + categories: List[str] = [] + images: List[str] = [] price: float quantity: int active: bool = True @@ -254,8 +254,8 @@ class Product(BaseModel, Nostrable): config: ProductConfig = ProductConfig() """Last published nostr event for this Product""" - event_id: str | None = None - event_created_at: int | None = None + event_id: Optional[str] = None + event_created_at: Optional[int] = None def to_nostr_event(self, pubkey: str) -> NostrEvent: content = { @@ -312,7 +312,7 @@ class ProductOverview(BaseModel): id: str name: str price: float - product_shipping_cost: float | None = None + product_shipping_cost: Optional[float] = None @classmethod def from_product(cls, p: Product) -> "ProductOverview": @@ -329,21 +329,21 @@ class OrderItem(BaseModel): class OrderContact(BaseModel): - nostr: str | None = None - phone: str | None = None - email: str | None = None + nostr: Optional[str] = None + phone: Optional[str] = None + email: Optional[str] = None class OrderExtra(BaseModel): - products: list[ProductOverview] + products: List[ProductOverview] currency: str btc_price: str shipping_cost: float = 0 shipping_cost_sat: float = 0 - fail_message: str | None = None + fail_message: Optional[str] = None @classmethod - async def from_products(cls, products: list[Product]): + async def from_products(cls, products: List[Product]): currency = products[0].config.currency if len(products) else "sat" exchange_rate = ( await btc_price(currency) if currency and currency != "sat" else 1 @@ -359,19 +359,19 @@ class OrderExtra(BaseModel): class PartialOrder(BaseModel): id: str - event_id: str | None = None - event_created_at: int | None = None + event_id: Optional[str] = None + event_created_at: Optional[int] = None public_key: str merchant_public_key: str shipping_id: str - items: list[OrderItem] - contact: OrderContact | None = None - address: str | None = None + items: List[OrderItem] + contact: Optional[OrderContact] = None + address: Optional[str] = None def validate_order(self): assert len(self.items) != 0, f"Order has no items. Order: '{self.id}'" - def validate_order_items(self, product_list: list[Product]): + def validate_order_items(self, product_list: List[Product]): assert len(self.items) != 0, f"Order has no items. Order: '{self.id}'" assert ( len(product_list) != 0 @@ -392,8 +392,8 @@ class PartialOrder(BaseModel): ) async def costs_in_sats( - self, products: list[Product], shipping_id: str, stall_shipping_cost: float - ) -> tuple[float, float]: + self, products: List[Product], shipping_id: str, stall_shipping_cost: float + ) -> Tuple[float, float]: product_prices = {} for p in products: product_shipping_cost = next( @@ -422,7 +422,7 @@ class PartialOrder(BaseModel): return product_cost, stall_shipping_cost def receipt( - self, products: list[Product], shipping_id: str, stall_shipping_cost: float + self, products: List[Product], shipping_id: str, stall_shipping_cost: float ) -> str: if len(products) == 0: return "[No Products]" @@ -471,7 +471,7 @@ class Order(PartialOrder): total: float paid: bool = False shipped: bool = False - time: int | None = None + time: Optional[int] = None extra: OrderExtra @classmethod @@ -485,14 +485,14 @@ class Order(PartialOrder): class OrderStatusUpdate(BaseModel): id: str - message: str | None = None - paid: bool | None = False - shipped: bool | None = None + message: Optional[str] = None + paid: Optional[bool] = False + shipped: Optional[bool] = None class OrderReissue(BaseModel): id: str - shipping_id: str | None = None + shipping_id: Optional[str] = None class PaymentOption(BaseModel): @@ -502,8 +502,8 @@ class PaymentOption(BaseModel): class PaymentRequest(BaseModel): id: str - message: str | None = None - payment_options: list[PaymentOption] + message: Optional[str] = None + payment_options: List[PaymentOption] ######################################## MESSAGE ####################################### @@ -519,16 +519,16 @@ class DirectMessageType(Enum): class PartialDirectMessage(BaseModel): - event_id: str | None = None - event_created_at: int | None = None + event_id: Optional[str] = None + event_created_at: Optional[int] = None message: str public_key: str type: int = DirectMessageType.PLAIN_TEXT.value incoming: bool = False - time: int | None = None + time: Optional[int] = None @classmethod - def parse_message(cls, msg) -> tuple[DirectMessageType, Any | None]: + def parse_message(cls, msg) -> Tuple[DirectMessageType, Optional[Any]]: try: msg_json = json.loads(msg) if "type" in msg_json: @@ -551,15 +551,15 @@ class DirectMessage(PartialDirectMessage): class CustomerProfile(BaseModel): - name: str | None = None - about: str | None = None + name: Optional[str] = None + about: Optional[str] = None class Customer(BaseModel): merchant_id: str public_key: str - event_created_at: int | None = None - profile: CustomerProfile | None = None + event_created_at: Optional[int] = None + profile: Optional[CustomerProfile] = None unread_messages: int = 0 @classmethod diff --git a/services.py b/services.py index 4b14299..3057292 100644 --- a/services.py +++ b/services.py @@ -1,7 +1,8 @@ import asyncio import json +from typing import List, Optional, Tuple -from bolt11 import decode +from lnbits.bolt11 import decode from lnbits.core.crud import get_wallet from lnbits.core.services import create_invoice, websocket_updater from loguru import logger @@ -59,7 +60,7 @@ from .nostr.event import NostrEvent async def create_new_order( merchant_public_key: str, data: PartialOrder -) -> PaymentRequest | None: +) -> Optional[PaymentRequest]: merchant = await get_merchant_by_pubkey(merchant_public_key) assert merchant, "Cannot find merchant for order!" @@ -144,7 +145,7 @@ async def update_merchant_to_nostr( merchant: Merchant, delete_merchant=False ) -> Merchant: stalls = await get_stalls(merchant.id) - event: NostrEvent | None = None + event: Optional[NostrEvent] = None for stall in stalls: assert stall.id products = await get_products(merchant.id, stall.id) @@ -228,7 +229,7 @@ async def notify_client_of_order_status( async def update_products_for_order( merchant: Merchant, order: Order -) -> tuple[bool, str]: +) -> Tuple[bool, str]: product_ids = [i.product_id for i in order.items] success, products, message = await compute_products_new_quantity( merchant.id, product_ids, order.items @@ -296,9 +297,9 @@ async def send_dm( async def compute_products_new_quantity( - merchant_id: str, product_ids: list[str], items: list[OrderItem] -) -> tuple[bool, list[Product], str]: - products: list[Product] = await get_products_by_ids(merchant_id, product_ids) + merchant_id: str, product_ids: List[str], items: List[OrderItem] +) -> Tuple[bool, List[Product], str]: + products: List[Product] = await get_products_by_ids(merchant_id, product_ids) for p in products: required_quantity = next( @@ -331,6 +332,7 @@ async def process_nostr_message(msg: str): return _, event = rest event = NostrEvent(**event) + if event.kind == 0: await _handle_customer_profile_update(event) elif event.kind == 4: diff --git a/views_api.py b/views_api.py index 8d41963..7bf3574 100644 --- a/views_api.py +++ b/views_api.py @@ -1,12 +1,13 @@ import json from http import HTTPStatus +from typing import List, Optional from fastapi import Depends from fastapi.exceptions import HTTPException -from lnbits.core.models import WalletTypeInfo from lnbits.core.crud import get_account, update_account from lnbits.core.services import websocket_updater from lnbits.decorators import ( + WalletTypeInfo, require_admin_key, require_invoice_key, ) @@ -168,7 +169,7 @@ async def api_create_merchant( @nostrmarket_ext.get("/api/v1/merchant") async def api_get_merchant( wallet: WalletTypeInfo = Depends(require_invoice_key), -) -> Merchant | None: +) -> Optional[Merchant]: try: merchant = await get_merchant_for_user(wallet.wallet.user) @@ -365,7 +366,7 @@ async def api_delete_merchant_on_nostr( @nostrmarket_ext.get("/api/v1/zone") async def api_get_zones( wallet: WalletTypeInfo = Depends(require_invoice_key), -) -> list[Zone]: +) -> List[Zone]: try: merchant = await get_merchant_for_user(wallet.wallet.user) assert merchant, "Merchant cannot be found" @@ -565,7 +566,7 @@ async def api_get_stall( @nostrmarket_ext.get("/api/v1/stall") async def api_get_stalls( - pending: bool | None = False, + pending: Optional[bool] = False, wallet: WalletTypeInfo = Depends(require_invoice_key), ): try: @@ -589,7 +590,7 @@ async def api_get_stalls( @nostrmarket_ext.get("/api/v1/stall/product/{stall_id}") async def api_get_stall_products( stall_id: str, - pending: bool | None = False, + pending: Optional[bool] = False, wallet: WalletTypeInfo = Depends(require_invoice_key), ): try: @@ -613,9 +614,9 @@ async def api_get_stall_products( @nostrmarket_ext.get("/api/v1/stall/order/{stall_id}") async def api_get_stall_orders( stall_id: str, - paid: bool | None = None, - shipped: bool | None = None, - pubkey: str | None = None, + paid: Optional[bool] = None, + shipped: Optional[bool] = None, + pubkey: Optional[str] = None, wallet: WalletTypeInfo = Depends(require_invoice_key), ): try: @@ -749,7 +750,7 @@ async def api_update_product( async def api_get_product( product_id: str, wallet: WalletTypeInfo = Depends(require_invoice_key), -) -> Product | None: +) -> Optional[Product]: try: merchant = await get_merchant_for_user(wallet.wallet.user) assert merchant, "Merchant cannot be found" @@ -834,9 +835,9 @@ async def api_get_order( @nostrmarket_ext.get("/api/v1/order") async def api_get_orders( - paid: bool | None = None, - shipped: bool | None = None, - pubkey: str | None = None, + paid: Optional[bool] = None, + shipped: Optional[bool] = None, + pubkey: Optional[str] = None, wallet: WalletTypeInfo = Depends(require_invoice_key), ): try: @@ -922,7 +923,7 @@ async def api_update_order_status( async def api_restore_order( event_id: str, wallet: WalletTypeInfo = Depends(require_admin_key), -) -> Order | None: +) -> Optional[Order]: try: merchant = await get_merchant_for_user(wallet.wallet.user) assert merchant, "Merchant cannot be found" @@ -1049,7 +1050,7 @@ async def api_reissue_order_invoice( @nostrmarket_ext.get("/api/v1/message/{public_key}") async def api_get_messages( public_key: str, wallet: WalletTypeInfo = Depends(require_invoice_key) -) -> list[DirectMessage]: +) -> List[DirectMessage]: try: merchant = await get_merchant_for_user(wallet.wallet.user) assert merchant, "Merchant cannot be found" @@ -1105,7 +1106,7 @@ async def api_create_message( @nostrmarket_ext.get("/api/v1/customer") async def api_get_customers( wallet: WalletTypeInfo = Depends(require_invoice_key), -) -> list[Customer]: +) -> List[Customer]: try: merchant = await get_merchant_for_user(wallet.wallet.user) assert merchant, "Merchant cannot be found" From 1b39744daa8eec5ddf26f7c6cdc232998e58fdf8 Mon Sep 17 00:00:00 2001 From: Padreug Date: Mon, 27 Apr 2026 08:16:55 +0200 Subject: [PATCH 09/14] Replace NIP-04 messaging with NIP-17 (NIP-44 + NIP-59 gift wrapping) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Modernize the entire customer-merchant communication layer from deprecated NIP-04 (kind 4, AES-256-CBC) to NIP-17 private direct messages using NIP-44 v2 encryption (ChaCha20 + HMAC-SHA256) and NIP-59 gift wrapping (rumor/seal/gift-wrap protocol). No backwards compatibility retained. New modules: - nostr/nip44.py: NIP-44 v2 encryption verified against official spec vectors - nostr/nip59.py: NIP-59 gift wrap with wrap/unwrap convenience functions - tests/: 44 unit tests for NIP-44 and NIP-59 Key changes: - Subscription filters: kind 4 → kind 1059 gift wraps - Message handler: _handle_nip04_message → _handle_gift_wrap (unwrap + route) - send_dm/reply_to_structured_dm: NIP-59 gift wrap to recipient + self-archive - Merchant model: removed NIP-04 crypto methods (decrypt/encrypt/build_dm_event) - helpers.py: removed NIP-04 functions, kept Schnorr signing + key normalization - views_api.py: consolidated DM sending through send_dm() service function Reliability improvements: - Event deduplication via bounded LRU set in NostrClient - Subscription health monitor (resubscribes after 120s of silence) - Preserved 5-minute lenient time window from prior work Co-Authored-By: Claude Opus 4.6 (1M context) --- __init__.py | 17 +++- description.md | 2 +- helpers.py | 61 -------------- models.py | 29 +------ nostr/nip44.py | 180 +++++++++++++++++++++++++++++++++++++++ nostr/nip59.py | 178 +++++++++++++++++++++++++++++++++++++++ nostr/nostr_client.py | 26 ++++-- services.py | 106 +++++++++++++++-------- tasks.py | 36 ++++++-- tests/conftest.py | 27 ++++++ tests/test_nip44.py | 139 ++++++++++++++++++++++++++++++ tests/test_nip59.py | 191 ++++++++++++++++++++++++++++++++++++++++++ views_api.py | 42 +++------- 13 files changed, 869 insertions(+), 165 deletions(-) create mode 100644 nostr/nip44.py create mode 100644 nostr/nip59.py create mode 100644 tests/conftest.py create mode 100644 tests/test_nip44.py create mode 100644 tests/test_nip59.py diff --git a/__init__.py b/__init__.py index 921c383..cffa9fa 100644 --- a/__init__.py +++ b/__init__.py @@ -27,7 +27,11 @@ def nostrmarket_renderer(): nostr_client: NostrClient = NostrClient() -from .tasks import wait_for_nostr_events, wait_for_paid_invoices # noqa +from .tasks import ( # noqa + subscription_health_monitor, + wait_for_nostr_events, + wait_for_paid_invoices, +) from .views import * # noqa from .views_api import * # noqa @@ -65,4 +69,13 @@ def nostrmarket_start(): task3 = create_permanent_unique_task( "ext_nostrmarket_wait_for_events", _wait_for_nostr_events ) - scheduled_tasks.extend([task1, task2, task3]) + + async def _health_monitor(): + # start after the subscription is active + await asyncio.sleep(20) + await subscription_health_monitor(nostr_client) + + task4 = create_permanent_unique_task( + "ext_nostrmarket_health_monitor", _health_monitor + ) + scheduled_tasks.extend([task1, task2, task3, task4]) diff --git a/description.md b/description.md index 6446ca7..dfa898f 100644 --- a/description.md +++ b/description.md @@ -9,4 +9,4 @@ The Nostr Market extension includes: - A merchant client to manage products, sales and communication with customers. - A customer client to find and order products from merchants, communicate with merchants and track status of ordered products. -All communication happens over NIP04 encrypted DMs. +All communication happens over NIP-17 private direct messages (NIP-44 encryption + NIP-59 gift wrapping). diff --git a/helpers.py b/helpers.py index dd26116..35f0d0f 100644 --- a/helpers.py +++ b/helpers.py @@ -1,55 +1,5 @@ -import base64 -import secrets -from typing import Optional - import coincurve from bech32 import bech32_decode, convertbits -from cryptography.hazmat.primitives import padding -from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes - - -def get_shared_secret(privkey: str, pubkey: str): - pk = coincurve.PublicKey(bytes.fromhex("02" + pubkey)) - sk = coincurve.PrivateKey(bytes.fromhex(privkey)) - shared_point = pk.multiply(sk.secret) - - shared_point_bytes = shared_point.format(compressed=False) - x_coord = shared_point_bytes[1:33] - return x_coord - - -def decrypt_message(encoded_message: str, encryption_key) -> str: - encoded_data = encoded_message.split("?iv=") - if len(encoded_data) == 1: - return encoded_data[0] - encoded_content, encoded_iv = encoded_data[0], encoded_data[1] - - iv = base64.b64decode(encoded_iv) - cipher = Cipher(algorithms.AES(encryption_key), modes.CBC(iv)) - encrypted_content = base64.b64decode(encoded_content) - - decryptor = cipher.decryptor() - decrypted_message = decryptor.update(encrypted_content) + decryptor.finalize() - - unpadder = padding.PKCS7(128).unpadder() - unpadded_data = unpadder.update(decrypted_message) + unpadder.finalize() - - return unpadded_data.decode() - - -def encrypt_message(message: str, encryption_key, iv: Optional[bytes] = None) -> str: - padder = padding.PKCS7(128).padder() - padded_data = padder.update(message.encode()) + padder.finalize() - - iv = iv if iv else secrets.token_bytes(16) - cipher = Cipher(algorithms.AES(encryption_key), modes.CBC(iv)) - - encryptor = cipher.encryptor() - encrypted_message = encryptor.update(padded_data) + encryptor.finalize() - - base64_message = base64.b64encode(encrypted_message).decode() - base64_iv = base64.b64encode(iv).decode() - return f"{base64_message}?iv={base64_iv}" def sign_message_hash(private_key: str, hash_: bytes) -> str: @@ -58,17 +8,6 @@ def sign_message_hash(private_key: str, hash_: bytes) -> str: return sig.hex() -def test_decrypt_encrypt(encoded_message: str, encryption_key): - msg = decrypt_message(encoded_message, encryption_key) - - # ecrypt using the same initialisation vector - iv = base64.b64decode(encoded_message.split("?iv=")[1]) - ecrypted_msg = encrypt_message(msg, encryption_key, iv) - assert ( - encoded_message == ecrypted_msg - ), f"expected '{encoded_message}', but got '{ecrypted_msg}'" - - def normalize_public_key(pubkey: str) -> str: if pubkey.startswith("npub1"): _, decoded_data = bech32_decode(pubkey) diff --git a/models.py b/models.py index b12b775..2c24dee 100644 --- a/models.py +++ b/models.py @@ -7,12 +7,7 @@ from typing import Any, List, Optional, Tuple from lnbits.utils.exchange_rates import btc_price, fiat_amount_as_satoshis from pydantic import BaseModel -from .helpers import ( - decrypt_message, - encrypt_message, - get_shared_secret, - sign_message_hash, -) +from .helpers import sign_message_hash from .nostr.event import NostrEvent ######################################## NOSTR ######################################## @@ -67,28 +62,6 @@ class Merchant(PartialMerchant, Nostrable): def sign_hash(self, hash_: bytes) -> str: return sign_message_hash(self.private_key, hash_) - def decrypt_message(self, encrypted_message: str, public_key: str) -> str: - encryption_key = get_shared_secret(self.private_key, public_key) - return decrypt_message(encrypted_message, encryption_key) - - def encrypt_message(self, clear_text_message: str, public_key: str) -> str: - encryption_key = get_shared_secret(self.private_key, public_key) - return encrypt_message(clear_text_message, encryption_key) - - def build_dm_event(self, message: str, to_pubkey: str) -> NostrEvent: - content = self.encrypt_message(message, to_pubkey) - event = NostrEvent( - pubkey=self.public_key, - created_at=round(time.time()), - kind=4, - tags=[["p", to_pubkey]], - content=content, - ) - event.id = event.event_id - event.sig = self.sign_hash(bytes.fromhex(event.id)) - - return event - @classmethod def from_row(cls, row: dict) -> "Merchant": merchant = cls(**row) diff --git a/nostr/nip44.py b/nostr/nip44.py new file mode 100644 index 0000000..908ad8a --- /dev/null +++ b/nostr/nip44.py @@ -0,0 +1,180 @@ +""" +NIP-44 v2: Encrypted Payloads (Versioned) + +secp256k1 ECDH, HKDF, padding, ChaCha20, HMAC-SHA256, base64 + +Reference: https://github.com/nostr-protocol/nips/blob/master/44.md +""" + +import base64 +import hashlib +import hmac +import math +import secrets +import struct + +import coincurve +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms +from cryptography.hazmat.primitives.kdf.hkdf import HKDFExpand +from cryptography.hazmat.primitives import hashes + +VERSION = 2 +MIN_PLAINTEXT_SIZE = 1 +MAX_PLAINTEXT_SIZE = 65535 + + +def get_conversation_key(private_key_hex: str, public_key_hex: str) -> bytes: + """ + Calculate long-term conversation key between two users via ECDH + HKDF-extract. + Symmetric: get_conversation_key(a, B) == get_conversation_key(b, A) + """ + pk = coincurve.PublicKey(bytes.fromhex("02" + public_key_hex)) + sk = coincurve.PrivateKey(bytes.fromhex(private_key_hex)) + shared_point = pk.multiply(sk.secret) + shared_x = shared_point.format(compressed=False)[1:33] + + # HKDF-extract only (not expand) with salt='nip44-v2' + conversation_key = hmac.new(b"nip44-v2", shared_x, hashlib.sha256).digest() + return conversation_key + + +def get_message_keys( + conversation_key: bytes, nonce: bytes +) -> tuple[bytes, bytes, bytes]: + """ + Derive per-message keys from conversation_key and nonce using HKDF-expand. + Returns (chacha_key, chacha_nonce, hmac_key). + """ + if len(conversation_key) != 32: + raise ValueError("invalid conversation_key length") + if len(nonce) != 32: + raise ValueError("invalid nonce length") + + keys = HKDFExpand( + algorithm=hashes.SHA256(), + length=76, + info=nonce, + ).derive(conversation_key) + + chacha_key = keys[0:32] + chacha_nonce = keys[32:44] + hmac_key = keys[44:76] + return chacha_key, chacha_nonce, hmac_key + + +def calc_padded_len(unpadded_len: int) -> int: + """Calculate padded length using power-of-two chunking.""" + if unpadded_len <= 0: + raise ValueError("invalid plaintext length") + if unpadded_len <= 32: + return 32 + next_power = 1 << (math.floor(math.log2(unpadded_len - 1)) + 1) + if next_power <= 256: + chunk = 32 + else: + chunk = next_power // 8 + return chunk * (math.floor((unpadded_len - 1) / chunk) + 1) + + +def _pad(plaintext: str) -> bytes: + """Convert plaintext string to padded byte array.""" + unpadded = plaintext.encode("utf-8") + unpadded_len = len(unpadded) + if unpadded_len < MIN_PLAINTEXT_SIZE or unpadded_len > MAX_PLAINTEXT_SIZE: + raise ValueError( + f"invalid plaintext length: {unpadded_len} " + f"(must be {MIN_PLAINTEXT_SIZE}..{MAX_PLAINTEXT_SIZE})" + ) + prefix = struct.pack(">H", unpadded_len) + padded_len = calc_padded_len(unpadded_len) + suffix = b"\x00" * (padded_len - unpadded_len) + return prefix + unpadded + suffix + + +def _unpad(padded: bytes) -> str: + """Convert padded byte array back to plaintext string.""" + unpadded_len = struct.unpack(">H", padded[0:2])[0] + unpadded = padded[2 : 2 + unpadded_len] + if ( + unpadded_len == 0 + or len(unpadded) != unpadded_len + or len(padded) != 2 + calc_padded_len(unpadded_len) + ): + raise ValueError("invalid padding") + return unpadded.decode("utf-8") + + +def _hmac_aad(key: bytes, message: bytes, aad: bytes) -> bytes: + """HMAC-SHA256 with AAD: hmac(key, aad || message).""" + if len(aad) != 32: + raise ValueError("AAD associated data must be 32 bytes") + return hmac.new(key, aad + message, hashlib.sha256).digest() + + +def _chacha20(key: bytes, nonce: bytes, data: bytes) -> bytes: + """ChaCha20 encrypt/decrypt with initial counter = 0.""" + # cryptography's ChaCha20 takes a 16-byte nonce: 4-byte counter (LE) + 12-byte nonce + full_nonce = b"\x00\x00\x00\x00" + nonce + cipher = Cipher(algorithms.ChaCha20(key, full_nonce), mode=None) + encryptor = cipher.encryptor() + return encryptor.update(data) + encryptor.finalize() + + +def _decode_payload(payload: str) -> tuple[bytes, bytes, bytes]: + """Decode base64 payload into (nonce, ciphertext, mac).""" + plen = len(payload) + if plen == 0 or payload[0] == "#": + raise ValueError("unknown version") + if plen < 132 or plen > 87472: + raise ValueError("invalid payload size") + + data = base64.b64decode(payload) + dlen = len(data) + if dlen < 99 or dlen > 65603: + raise ValueError("invalid data size") + + vers = data[0] + if vers != VERSION: + raise ValueError(f"unknown version {vers}") + + nonce = data[1:33] + ciphertext = data[33 : dlen - 32] + mac = data[dlen - 32 : dlen] + return nonce, ciphertext, mac + + +def encrypt( + plaintext: str, + conversation_key: bytes, + nonce: bytes | None = None, +) -> str: + """ + Encrypt plaintext using NIP-44 v2. + Returns base64-encoded payload. + """ + if nonce is None: + nonce = secrets.token_bytes(32) + if len(nonce) != 32: + raise ValueError("invalid nonce length") + + chacha_key, chacha_nonce, hmac_key = get_message_keys(conversation_key, nonce) + padded = _pad(plaintext) + ciphertext = _chacha20(chacha_key, chacha_nonce, padded) + mac = _hmac_aad(hmac_key, ciphertext, nonce) + return base64.b64encode( + struct.pack("B", VERSION) + nonce + ciphertext + mac + ).decode("ascii") + + +def decrypt(payload: str, conversation_key: bytes) -> str: + """ + Decrypt a NIP-44 v2 base64 payload. + Returns plaintext string. + """ + nonce, ciphertext, mac = _decode_payload(payload) + chacha_key, chacha_nonce, hmac_key = get_message_keys(conversation_key, nonce) + calculated_mac = _hmac_aad(hmac_key, ciphertext, nonce) + if not hmac.compare_digest(calculated_mac, mac): + raise ValueError("invalid MAC") + padded_plaintext = _chacha20(chacha_key, chacha_nonce, ciphertext) + return _unpad(padded_plaintext) diff --git a/nostr/nip59.py b/nostr/nip59.py new file mode 100644 index 0000000..2283bee --- /dev/null +++ b/nostr/nip59.py @@ -0,0 +1,178 @@ +""" +NIP-59: Gift Wrap + +Three-layer protocol for metadata-protected messaging: + 1. Rumor (unsigned event) — carries content, deniable if leaked + 2. Seal (kind 13) — encrypts rumor, signed by author, no recipient metadata + 3. Gift Wrap (kind 1059) — encrypts seal with ephemeral key, has recipient p-tag + +Reference: https://github.com/nostr-protocol/nips/blob/master/59.md +""" + +import json +import secrets +import time +from typing import Optional + +import coincurve + +from .event import NostrEvent +from .nip44 import decrypt as nip44_decrypt +from .nip44 import encrypt as nip44_encrypt +from .nip44 import get_conversation_key + +TWO_DAYS = 2 * 24 * 60 * 60 + + +def _random_past_timestamp() -> int: + """Generate a timestamp randomly in the past 0-2 days for metadata protection.""" + return int(time.time()) - secrets.randbelow(TWO_DAYS) + + +def _sign_event(event: NostrEvent, private_key_hex: str) -> NostrEvent: + """Compute event id and sign it.""" + event.id = event.event_id + sk = coincurve.PrivateKey(bytes.fromhex(private_key_hex)) + event.sig = sk.sign_schnorr(bytes.fromhex(event.id)).hex() + return event + + +def _pubkey_from_privkey(private_key_hex: str) -> str: + """Derive x-only public key hex from private key hex.""" + sk = coincurve.PrivateKey(bytes.fromhex(private_key_hex)) + return sk.public_key.format(compressed=True)[1:].hex() + + +def create_rumor( + pubkey: str, + content: str, + kind: int = 14, + tags: Optional[list[list[str]]] = None, + created_at: Optional[int] = None, +) -> NostrEvent: + """ + Create an unsigned rumor event. + The event has an id but no signature, making it deniable. + """ + event = NostrEvent( + pubkey=pubkey, + created_at=created_at or int(time.time()), + kind=kind, + tags=tags or [], + content=content, + ) + event.id = event.event_id + # sig intentionally left as None (unsigned) + return event + + +def create_seal( + rumor: NostrEvent, + sender_privkey: str, + recipient_pubkey: str, +) -> NostrEvent: + """ + Create a kind 13 seal: encrypts the rumor for the recipient. + Signed by the sender. Tags are always empty. + """ + conv_key = get_conversation_key(sender_privkey, recipient_pubkey) + encrypted_rumor = nip44_encrypt(rumor.stringify(), conv_key) + + seal = NostrEvent( + pubkey=_pubkey_from_privkey(sender_privkey), + created_at=_random_past_timestamp(), + kind=13, + tags=[], + content=encrypted_rumor, + ) + return _sign_event(seal, sender_privkey) + + +def create_gift_wrap( + seal: NostrEvent, + recipient_pubkey: str, +) -> NostrEvent: + """ + Create a kind 1059 gift wrap: encrypts the seal with an ephemeral key. + The only public metadata is the recipient's p-tag. + """ + ephemeral_privkey = secrets.token_bytes(32).hex() + ephemeral_pubkey = _pubkey_from_privkey(ephemeral_privkey) + + conv_key = get_conversation_key(ephemeral_privkey, recipient_pubkey) + encrypted_seal = nip44_encrypt(seal.stringify(), conv_key) + + wrap = NostrEvent( + pubkey=ephemeral_pubkey, + created_at=_random_past_timestamp(), + kind=1059, + tags=[["p", recipient_pubkey]], + content=encrypted_seal, + ) + return _sign_event(wrap, ephemeral_privkey) + + +def unwrap_gift_wrap( + gift_wrap: NostrEvent, + recipient_privkey: str, +) -> NostrEvent: + """ + Decrypt a kind 1059 gift wrap to reveal the inner seal. + Uses the recipient's private key and the gift wrap's ephemeral pubkey. + """ + conv_key = get_conversation_key(recipient_privkey, gift_wrap.pubkey) + seal_json = nip44_decrypt(gift_wrap.content, conv_key) + return NostrEvent(**json.loads(seal_json)) + + +def unseal( + seal: NostrEvent, + recipient_privkey: str, +) -> NostrEvent: + """ + Decrypt a kind 13 seal to reveal the inner rumor. + Uses the recipient's private key and the seal's pubkey (the sender). + Validates that the rumor's pubkey matches the seal's pubkey. + """ + conv_key = get_conversation_key(recipient_privkey, seal.pubkey) + rumor_json = nip44_decrypt(seal.content, conv_key) + rumor = NostrEvent(**json.loads(rumor_json)) + + if rumor.pubkey != seal.pubkey: + raise ValueError( + f"rumor pubkey ({rumor.pubkey}) does not match " + f"seal pubkey ({seal.pubkey})" + ) + return rumor + + +# --- Convenience functions --- + + +def wrap_message( + content: str, + sender_privkey: str, + sender_pubkey: str, + recipient_pubkey: str, + kind: int = 14, + tags: Optional[list[list[str]]] = None, +) -> NostrEvent: + """ + Full wrap pipeline: create rumor -> seal -> gift wrap. + Returns the gift wrap event ready to publish. + """ + rumor = create_rumor(sender_pubkey, content, kind=kind, tags=tags) + seal = create_seal(rumor, sender_privkey, recipient_pubkey) + return create_gift_wrap(seal, recipient_pubkey) + + +def unwrap_message( + gift_wrap: NostrEvent, + recipient_privkey: str, +) -> NostrEvent: + """ + Full unwrap pipeline: gift wrap -> seal -> rumor. + Returns the rumor with sender pubkey and plaintext content. + """ + seal = unwrap_gift_wrap(gift_wrap, recipient_privkey) + return unseal(seal, recipient_privkey) diff --git a/nostr/nostr_client.py b/nostr/nostr_client.py index 967bc1b..c51d19d 100644 --- a/nostr/nostr_client.py +++ b/nostr/nostr_client.py @@ -1,6 +1,8 @@ import asyncio import json +import time from asyncio import Queue +from collections import OrderedDict from threading import Thread from typing import Callable, List, Optional @@ -12,6 +14,8 @@ from lnbits.helpers import encrypt_internal_message, urlsafe_short_hash from .event import NostrEvent +MAX_SEEN_EVENTS = 1000 + class NostrClient: def __init__(self): @@ -20,6 +24,8 @@ class NostrClient: self.ws: Optional[WebSocketApp] = None self.subscription_id = "nostrmarket-" + urlsafe_short_hash()[:32] self.running = False + self._seen_events: OrderedDict[str, None] = OrderedDict() + self.last_event_at: float = 0 @property def is_websocket_connected(self): @@ -64,11 +70,21 @@ class NostrClient: logger.warning(ex) await asyncio.sleep(60) + def is_duplicate_event(self, event_id: str) -> bool: + """Check if an event has been seen recently. Returns True if duplicate.""" + if event_id in self._seen_events: + return True + self._seen_events[event_id] = None + if len(self._seen_events) > MAX_SEEN_EVENTS: + self._seen_events.popitem(last=False) + return False + async def get_event(self): value = await self.recieve_event_queue.get() if isinstance(value, ValueError): logger.error(f"[NOSTRMARKET] ❌ Queue returned error: {value}") raise value + self.last_event_at = time.time() return value async def publish_nostr_event(self, e: NostrEvent): @@ -134,13 +150,13 @@ class NostrClient: logger.debug(ex) def _filters_for_direct_messages(self, public_keys: List[str], since: int) -> List: - in_messages_filter = {"kinds": [4], "#p": public_keys} - out_messages_filter = {"kinds": [4], "authors": public_keys} + # NIP-17/NIP-59: subscribe to kind 1059 gift wraps addressed to our merchants. + # With gift wrapping, outgoing messages are self-wrapped (same p-tag filter). + gift_wrap_filter: dict = {"kinds": [1059], "#p": public_keys} if since and since != 0: - in_messages_filter["since"] = since - out_messages_filter["since"] = since + gift_wrap_filter["since"] = since - return [in_messages_filter, out_messages_filter] + return [gift_wrap_filter] def _filters_for_stall_events(self, public_keys: List[str], since: int) -> List: stall_filter = {"kinds": [30017], "authors": public_keys} diff --git a/services.py b/services.py index 3057292..2a7159e 100644 --- a/services.py +++ b/services.py @@ -56,6 +56,7 @@ from .models import ( Stall, ) from .nostr.event import NostrEvent +from .nostr.nip59 import unwrap_message, wrap_message async def create_new_order( @@ -270,19 +271,34 @@ async def send_dm( other_pubkey: str, type_: int, dm_content: str, -): - dm_event = merchant.build_dm_event(dm_content, other_pubkey) +) -> DirectMessage: + # Wrap message to recipient via NIP-59 gift wrap + gift_wrap = wrap_message( + dm_content, + merchant.private_key, + merchant.public_key, + other_pubkey, + ) dm = PartialDirectMessage( - event_id=dm_event.id, - event_created_at=dm_event.created_at, + event_id=gift_wrap.id, + event_created_at=gift_wrap.created_at, message=dm_content, public_key=other_pubkey, type=type_, ) dm_reply = await create_direct_message(merchant.id, dm) - await nostr_client.publish_nostr_event(dm_event) + await nostr_client.publish_nostr_event(gift_wrap) + + # Also wrap a copy to self for archival + self_wrap = wrap_message( + dm_content, + merchant.private_key, + merchant.public_key, + merchant.public_key, + ) + await nostr_client.publish_nostr_event(self_wrap) await websocket_updater( merchant.id, @@ -295,6 +311,8 @@ async def send_dm( ), ) + return dm_reply + async def compute_products_new_quantity( merchant_id: str, product_ids: List[str], items: List[OrderItem] @@ -332,11 +350,15 @@ async def process_nostr_message(msg: str): return _, event = rest event = NostrEvent(**event) - + + # Deduplicate events (overlap resubscriptions may deliver duplicates) + if nostr_client.is_duplicate_event(event.id): + return + if event.kind == 0: await _handle_customer_profile_update(event) - elif event.kind == 4: - await _handle_nip04_message(event) + elif event.kind == 1059: + await _handle_gift_wrap(event) elif event.kind == 30017: await _handle_stall(event) elif event.kind == 30018: @@ -430,30 +452,41 @@ async def extract_customer_order_from_dm( return order -async def _handle_nip04_message(event: NostrEvent): - +async def _handle_gift_wrap(event: NostrEvent): + """Handle an incoming kind 1059 gift wrap event (NIP-59/NIP-17).""" + p_tags = event.tag_values("p") - - # PRIORITY 1: Check if any recipient (p_tag) is a merchant → incoming message TO merchant - for p_tag in p_tags: - if p_tag: - potential_merchant = await get_merchant_by_pubkey(p_tag) - if potential_merchant: - clear_text_msg = potential_merchant.decrypt_message(event.content, event.pubkey) - await _handle_incoming_dms(event, potential_merchant, clear_text_msg) - return # IMPORTANT: Return immediately to prevent double processing - - # PRIORITY 2: If no recipient merchant found, check if sender is a merchant → outgoing message FROM merchant - sender_merchant = await get_merchant_by_pubkey(event.pubkey) - if sender_merchant: - assert len(event.tag_values("p")) != 0, "Outgoing message has no 'p' tag" - clear_text_msg = sender_merchant.decrypt_message( - event.content, event.tag_values("p")[0] + if not p_tags: + logger.warning(f"[NOSTRMARKET] ⚠️ Gift wrap has no p-tag: {event.id}") + return + + # The p-tag identifies the recipient of the gift wrap + recipient_pubkey = p_tags[0] + merchant = await get_merchant_by_pubkey(recipient_pubkey) + if not merchant: + logger.warning( + f"[NOSTRMARKET] ⚠️ No merchant found for gift wrap recipient: {recipient_pubkey}" ) - await _handle_outgoing_dms(event, sender_merchant, clear_text_msg) - return # IMPORTANT: Return immediately - - # No merchant found in either direction + return + + try: + rumor = unwrap_message(event, merchant.private_key) + except Exception as ex: + logger.error(f"[NOSTRMARKET] ❌ Failed to unwrap gift wrap {event.id}: {ex}") + return + + sender_pubkey = rumor.pubkey + + if sender_pubkey == merchant.public_key: + # This is a self-addressed wrap (outgoing message archive) + # Extract the actual recipient from the rumor's p-tags + rumor_p_tags = rumor.tag_values("p") + if rumor_p_tags: + await _handle_outgoing_dms(rumor, merchant, rumor.content) + return + + # Incoming message from a customer + await _handle_incoming_dms(rumor, merchant, rumor.content) async def _handle_incoming_dms( @@ -553,16 +586,21 @@ async def _persist_dm( async def reply_to_structured_dm( merchant: Merchant, customer_pubkey: str, dm_type: int, dm_reply: str ): - dm_event = merchant.build_dm_event(dm_reply, customer_pubkey) + gift_wrap = wrap_message( + dm_reply, + merchant.private_key, + merchant.public_key, + customer_pubkey, + ) dm = PartialDirectMessage( - event_id=dm_event.id, - event_created_at=dm_event.created_at, + event_id=gift_wrap.id, + event_created_at=gift_wrap.created_at, message=dm_reply, public_key=customer_pubkey, type=dm_type, ) await create_direct_message(merchant.id, dm) - await nostr_client.publish_nostr_event(dm_event) + await nostr_client.publish_nostr_event(gift_wrap) await websocket_updater( merchant.id, diff --git a/tasks.py b/tasks.py index 774951f..c147936 100644 --- a/tasks.py +++ b/tasks.py @@ -1,4 +1,5 @@ import asyncio +import time from asyncio import Queue from lnbits.core.models import Payment @@ -9,9 +10,13 @@ from .nostr.nostr_client import NostrClient from .services import ( handle_order_paid, process_nostr_message, + resubscribe_to_all_merchants, subscribe_to_all_merchants, ) +HEALTH_CHECK_INTERVAL = 30 # seconds between health checks +STALE_THRESHOLD = 120 # seconds without events before resubscribing + async def wait_for_paid_invoices(): invoice_queue = Queue() @@ -35,17 +40,38 @@ async def on_invoice_paid(payment: Payment) -> None: async def wait_for_nostr_events(nostr_client: NostrClient): - logger.info("[NOSTRMARKET DEBUG] Starting wait_for_nostr_events task") + logger.info("[NOSTRMARKET] Starting wait_for_nostr_events task") while True: try: - logger.info("[NOSTRMARKET DEBUG] Subscribing to all merchants...") + logger.info("[NOSTRMARKET] Subscribing to all merchants...") await subscribe_to_all_merchants() while True: - logger.debug("[NOSTRMARKET DEBUG] Waiting for nostr event...") message = await nostr_client.get_event() - logger.info(f"[NOSTRMARKET DEBUG] Received event from nostr_client: {message[:100]}...") await process_nostr_message(message) except Exception as e: - logger.warning(f"[NOSTRMARKET DEBUG] Subscription failed. Will retry in 10 seconds: {e}") + logger.warning(f"[NOSTRMARKET] Subscription failed. Retrying in 10s: {e}") await asyncio.sleep(10) + + +async def subscription_health_monitor(nostr_client: NostrClient): + """ + Periodically check if events are flowing. If no events have been + received for STALE_THRESHOLD seconds, force a resubscription with + overlap to catch any missed events. + """ + logger.info("[NOSTRMARKET] Starting subscription health monitor") + while True: + await asyncio.sleep(HEALTH_CHECK_INTERVAL) + try: + if not nostr_client.is_websocket_connected: + continue + + elapsed = time.time() - nostr_client.last_event_at + if nostr_client.last_event_at > 0 and elapsed > STALE_THRESHOLD: + logger.warning( + f"[NOSTRMARKET] ⚠️ No events for {elapsed:.0f}s, resubscribing..." + ) + await resubscribe_to_all_merchants() + except Exception as e: + logger.error(f"[NOSTRMARKET] Health monitor error: {e}") diff --git a/tests/conftest.py b/tests/conftest.py new file mode 100644 index 0000000..22ffb83 --- /dev/null +++ b/tests/conftest.py @@ -0,0 +1,27 @@ +""" +Stub out the nostrmarket root package and all LNbits dependencies so that +nostr/* unit tests can run without the full LNbits environment. + +pytest walks up from tests/ and tries to import the parent __init__.py, +which pulls in fastapi, lnbits, websocket, etc. We preemptively register +the parent package as a simple module so that import never happens. +""" + +import sys +import types +from pathlib import Path + +# Register 'nostrmarket' as an already-imported namespace package +# pointing at the extension root, so pytest doesn't try to exec __init__.py +_ext_root = Path(__file__).resolve().parent.parent +_pkg = types.ModuleType("nostrmarket") +_pkg.__path__ = [str(_ext_root)] +_pkg.__package__ = "nostrmarket" +sys.modules["nostrmarket"] = _pkg + +# Also ensure the nostr subpackage is importable +_nostr_dir = _ext_root / "nostr" +_nostr_pkg = types.ModuleType("nostrmarket.nostr") +_nostr_pkg.__path__ = [str(_nostr_dir)] +_nostr_pkg.__package__ = "nostrmarket.nostr" +sys.modules["nostrmarket.nostr"] = _nostr_pkg diff --git a/tests/test_nip44.py b/tests/test_nip44.py new file mode 100644 index 0000000..3e767a6 --- /dev/null +++ b/tests/test_nip44.py @@ -0,0 +1,139 @@ +"""Tests for NIP-44 v2 encryption against official spec test vectors.""" + +import coincurve +import pytest + +from nostr.nip44 import ( + calc_padded_len, + decrypt, + encrypt, + get_conversation_key, + get_message_keys, +) + + +def pubkey_from_secret(secret_hex: str) -> str: + """Derive x-only public key hex from secret key hex.""" + sk = coincurve.PrivateKey(bytes.fromhex(secret_hex)) + return sk.public_key.format(compressed=True)[1:].hex() + + +# --- Test vector from NIP-44 spec --- + +SPEC_VECTOR = { + "sec1": "0000000000000000000000000000000000000000000000000000000000000001", + "sec2": "0000000000000000000000000000000000000000000000000000000000000002", + "conversation_key": "c41c775356fd92eadc63ff5a0dc1da211b268cbea22316767095b2871ea1412d", + "nonce": "0000000000000000000000000000000000000000000000000000000000000001", + "plaintext": "a", + "payload": "AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABee0G5VSK0/9YypIObAtDKfYEAjD35uVkHyB0F4DwrcNaCXlCWZKaArsGrY6M9wnuTMxWfp1RTN9Xga8no+kF5Vsb", +} + + +class TestConversationKey: + def test_spec_vector(self): + pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"]) + key = get_conversation_key(SPEC_VECTOR["sec1"], pub2) + assert key.hex() == SPEC_VECTOR["conversation_key"] + + def test_symmetric(self): + """conv(a, B) == conv(b, A)""" + pub1 = pubkey_from_secret(SPEC_VECTOR["sec1"]) + pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"]) + key_ab = get_conversation_key(SPEC_VECTOR["sec1"], pub2) + key_ba = get_conversation_key(SPEC_VECTOR["sec2"], pub1) + assert key_ab == key_ba + + +class TestMessageKeys: + def test_returns_correct_lengths(self): + conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"]) + nonce = bytes.fromhex(SPEC_VECTOR["nonce"]) + chacha_key, chacha_nonce, hmac_key = get_message_keys(conv_key, nonce) + assert len(chacha_key) == 32 + assert len(chacha_nonce) == 12 + assert len(hmac_key) == 32 + + def test_rejects_bad_key_length(self): + with pytest.raises(ValueError): + get_message_keys(b"\x00" * 16, b"\x00" * 32) + + def test_rejects_bad_nonce_length(self): + with pytest.raises(ValueError): + get_message_keys(b"\x00" * 32, b"\x00" * 16) + + +class TestPadding: + @pytest.mark.parametrize( + "unpadded,expected", + [ + (1, 32), + (2, 32), + (31, 32), + (32, 32), + (33, 64), + (64, 64), + (65, 96), + (256, 256), + (257, 320), + (1024, 1024), + (65535, 65536), + ], + ) + def test_calc_padded_len(self, unpadded, expected): + assert calc_padded_len(unpadded) == expected + + def test_rejects_zero(self): + with pytest.raises(ValueError): + calc_padded_len(0) + + +class TestEncryptDecrypt: + def test_spec_vector(self): + conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"]) + nonce = bytes.fromhex(SPEC_VECTOR["nonce"]) + payload = encrypt(SPEC_VECTOR["plaintext"], conv_key, nonce) + assert payload == SPEC_VECTOR["payload"] + + def test_spec_vector_decrypt(self): + conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"]) + plaintext = decrypt(SPEC_VECTOR["payload"], conv_key) + assert plaintext == SPEC_VECTOR["plaintext"] + + def test_round_trip_short(self): + pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"]) + conv_key = get_conversation_key(SPEC_VECTOR["sec1"], pub2) + msg = "x" + assert decrypt(encrypt(msg, conv_key), conv_key) == msg + + def test_round_trip_long(self): + pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"]) + conv_key = get_conversation_key(SPEC_VECTOR["sec1"], pub2) + msg = "A" * 65535 + assert decrypt(encrypt(msg, conv_key), conv_key) == msg + + def test_round_trip_unicode(self): + pub2 = pubkey_from_secret(SPEC_VECTOR["sec2"]) + conv_key = get_conversation_key(SPEC_VECTOR["sec1"], pub2) + msg = "hello world! \U0001f680\U0001f30e\U0001f4ac" + assert decrypt(encrypt(msg, conv_key), conv_key) == msg + + def test_tampered_mac_rejected(self): + conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"]) + payload = SPEC_VECTOR["payload"] + tampered = payload[:-1] + ("a" if payload[-1] != "a" else "b") + with pytest.raises(ValueError, match="invalid MAC"): + decrypt(tampered, conv_key) + + def test_empty_plaintext_rejected(self): + conv_key = bytes.fromhex(SPEC_VECTOR["conversation_key"]) + with pytest.raises(ValueError, match="invalid plaintext length"): + encrypt("", conv_key) + + def test_unknown_version_rejected(self): + with pytest.raises(ValueError, match="unknown version"): + decrypt("#invalid", bytes(32)) + + def test_short_payload_rejected(self): + with pytest.raises(ValueError, match="invalid payload size"): + decrypt("AAAA", bytes(32)) diff --git a/tests/test_nip59.py b/tests/test_nip59.py new file mode 100644 index 0000000..e518abf --- /dev/null +++ b/tests/test_nip59.py @@ -0,0 +1,191 @@ +"""Tests for NIP-59 gift wrap protocol.""" + +import json +import time + +import coincurve +import pytest + +from nostr.nip59 import ( + create_gift_wrap, + create_rumor, + create_seal, + unseal, + unwrap_gift_wrap, + unwrap_message, + wrap_message, +) + + +def _generate_keypair() -> tuple[str, str]: + """Generate a (privkey_hex, pubkey_hex) pair.""" + sk = coincurve.PrivateKey() + privkey = sk.secret.hex() + pubkey = sk.public_key.format(compressed=True)[1:].hex() + return privkey, pubkey + + +SENDER_PRIV, SENDER_PUB = _generate_keypair() +RECIPIENT_PRIV, RECIPIENT_PUB = _generate_keypair() + + +class TestCreateRumor: + def test_has_id_but_no_sig(self): + rumor = create_rumor(SENDER_PUB, "hello", kind=14) + assert rumor.id != "" + assert rumor.sig is None + + def test_kind_and_content(self): + rumor = create_rumor(SENDER_PUB, "test message", kind=14, tags=[["p", RECIPIENT_PUB]]) + assert rumor.kind == 14 + assert rumor.content == "test message" + assert rumor.pubkey == SENDER_PUB + assert ["p", RECIPIENT_PUB] in rumor.tags + + def test_custom_timestamp(self): + ts = 1700000000 + rumor = create_rumor(SENDER_PUB, "hello", created_at=ts) + assert rumor.created_at == ts + + +class TestCreateSeal: + def test_kind_13_with_empty_tags(self): + rumor = create_rumor(SENDER_PUB, "hello") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + assert seal.kind == 13 + assert seal.tags == [] + assert seal.pubkey == SENDER_PUB + + def test_is_signed(self): + rumor = create_rumor(SENDER_PUB, "hello") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + assert seal.sig is not None + assert len(seal.sig) == 128 # 64 bytes hex + + def test_content_is_encrypted(self): + rumor = create_rumor(SENDER_PUB, "hello") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + # Content should be base64 NIP-44 payload, not plaintext JSON + assert "hello" not in seal.content + + def test_timestamp_is_randomized(self): + rumor = create_rumor(SENDER_PUB, "hello") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + now = int(time.time()) + # Seal timestamp should be in the past (up to 2 days) + assert seal.created_at <= now + assert seal.created_at >= now - (2 * 24 * 60 * 60 + 10) + + +class TestCreateGiftWrap: + def test_kind_1059_with_p_tag(self): + rumor = create_rumor(SENDER_PUB, "hello") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + wrap = create_gift_wrap(seal, RECIPIENT_PUB) + assert wrap.kind == 1059 + assert ["p", RECIPIENT_PUB] in wrap.tags + + def test_uses_ephemeral_key(self): + rumor = create_rumor(SENDER_PUB, "hello") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + wrap = create_gift_wrap(seal, RECIPIENT_PUB) + # Gift wrap pubkey should be neither sender nor recipient + assert wrap.pubkey != SENDER_PUB + assert wrap.pubkey != RECIPIENT_PUB + + def test_different_wraps_have_different_ephemeral_keys(self): + rumor = create_rumor(SENDER_PUB, "hello") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + wrap1 = create_gift_wrap(seal, RECIPIENT_PUB) + wrap2 = create_gift_wrap(seal, RECIPIENT_PUB) + assert wrap1.pubkey != wrap2.pubkey + + +class TestUnwrap: + def test_unwrap_gift_wrap_returns_seal(self): + rumor = create_rumor(SENDER_PUB, "hello") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + wrap = create_gift_wrap(seal, RECIPIENT_PUB) + + recovered_seal = unwrap_gift_wrap(wrap, RECIPIENT_PRIV) + assert recovered_seal.kind == 13 + assert recovered_seal.pubkey == SENDER_PUB + + def test_unseal_returns_rumor(self): + rumor = create_rumor(SENDER_PUB, "hello world") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + + recovered_rumor = unseal(seal, RECIPIENT_PRIV) + assert recovered_rumor.content == "hello world" + assert recovered_rumor.pubkey == SENDER_PUB + assert recovered_rumor.kind == 14 + + def test_wrong_key_fails(self): + rumor = create_rumor(SENDER_PUB, "secret") + seal = create_seal(rumor, SENDER_PRIV, RECIPIENT_PUB) + wrap = create_gift_wrap(seal, RECIPIENT_PUB) + + wrong_priv, _ = _generate_keypair() + with pytest.raises(Exception): + unwrap_message(wrap, wrong_priv) + + +class TestFullRoundTrip: + def test_wrap_unwrap_message(self): + content = "Are you going to the party tonight?" + wrap = wrap_message(content, SENDER_PRIV, SENDER_PUB, RECIPIENT_PUB) + + assert wrap.kind == 1059 + assert ["p", RECIPIENT_PUB] in wrap.tags + + rumor = unwrap_message(wrap, RECIPIENT_PRIV) + assert rumor.content == content + assert rumor.pubkey == SENDER_PUB + assert rumor.kind == 14 + assert rumor.sig is None + + def test_wrap_with_custom_kind_and_tags(self): + tags = [["p", RECIPIENT_PUB], ["subject", "test"]] + wrap = wrap_message( + "order data", + SENDER_PRIV, + SENDER_PUB, + RECIPIENT_PUB, + kind=14, + tags=tags, + ) + + rumor = unwrap_message(wrap, RECIPIENT_PRIV) + assert rumor.content == "order data" + assert rumor.kind == 14 + assert ["subject", "test"] in rumor.tags + + def test_self_wrap_for_archival(self): + """Merchant wraps a copy to self (same sender and recipient).""" + content = '{"type": 1, "payment_options": [{"type": "ln", "link": "lnbc..."}]}' + wrap = wrap_message(content, SENDER_PRIV, SENDER_PUB, SENDER_PUB) + + rumor = unwrap_message(wrap, SENDER_PRIV) + assert rumor.content == content + assert rumor.pubkey == SENDER_PUB + + def test_json_content_preserved(self): + """Order JSON payloads survive the wrap/unwrap cycle.""" + order = { + "type": 0, + "id": "test-order-123", + "items": [{"product_id": "abc", "quantity": 2}], + "shipping_id": "zone-1", + } + content = json.dumps(order) + wrap = wrap_message(content, SENDER_PRIV, SENDER_PUB, RECIPIENT_PUB) + + rumor = unwrap_message(wrap, RECIPIENT_PRIV) + recovered_order = json.loads(rumor.content) + assert recovered_order == order + + def test_unicode_content(self): + content = "Payment received! \u2705 Your order is being processed \U0001f4e6" + wrap = wrap_message(content, SENDER_PRIV, SENDER_PUB, RECIPIENT_PUB) + rumor = unwrap_message(wrap, RECIPIENT_PRIV) + assert rumor.content == content diff --git a/views_api.py b/views_api.py index 7bf3574..f974345 100644 --- a/views_api.py +++ b/views_api.py @@ -84,6 +84,7 @@ from .services import ( create_or_update_order_from_dm, reply_to_structured_dm, resubscribe_to_all_merchants, + send_dm, sign_and_send_to_nostr, subscribe_to_all_merchants, update_merchant_to_nostr, @@ -881,27 +882,11 @@ async def api_update_order_status( ensure_ascii=False, ) - dm_event = merchant.build_dm_event(dm_content, order.public_key) - - dm = PartialDirectMessage( - event_id=dm_event.id, - event_created_at=dm_event.created_at, - message=dm_content, - public_key=order.public_key, - type=DirectMessageType.ORDER_PAID_OR_SHIPPED.value, - ) - await create_direct_message(merchant.id, dm) - - await nostr_client.publish_nostr_event(dm_event) - await websocket_updater( - merchant.id, - json.dumps( - { - "type": f"dm:{dm.type}", - "customerPubkey": order.public_key, - "dm": dm.dict(), - } - ), + await send_dm( + merchant, + order.public_key, + DirectMessageType.ORDER_PAID_OR_SHIPPED.value, + dm_content, ) return order @@ -1079,14 +1064,13 @@ async def api_create_message( merchant = await get_merchant_for_user(wallet.wallet.user) assert merchant, "Merchant cannot be found" - dm_event = merchant.build_dm_event(data.message, data.public_key) - data.event_id = dm_event.id - data.event_created_at = dm_event.created_at - - dm = await create_direct_message(merchant.id, data) - await nostr_client.publish_nostr_event(dm_event) - - return dm + dm_reply = await send_dm( + merchant, + data.public_key, + data.type, + data.message, + ) + return dm_reply except AssertionError as ex: raise HTTPException( status_code=HTTPStatus.BAD_REQUEST, From 8606dce908ce12e2e1f8b7feb855a3a6bd58310b Mon Sep 17 00:00:00 2001 From: Padreug Date: Mon, 27 Apr 2026 12:14:40 +0200 Subject: [PATCH 10/14] Auto-provision merchant from account keypair on first access The LNbits user account IS the merchant identity. GET /api/v1/merchant now auto-creates the merchant record using the account's existing Nostr keypair if one doesn't exist yet, so the extension is immediately usable without any setup screen. - Extract _auto_create_merchant() helper used by both GET and POST - Remove welcome/key-generation screen (replaced with loading spinner) - Remove dead frontend code (generateKeys, importKeys dialogs) Co-Authored-By: Claude Opus 4.6 (1M context) --- static/js/index.js | 36 ++--------- templates/nostrmarket/index.html | 55 +--------------- views_api.py | 107 ++++++++++++++++--------------- 3 files changed, 62 insertions(+), 136 deletions(-) diff --git a/static/js/index.js b/static/js/index.js index b10220c..e180d85 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -13,19 +13,6 @@ window.app = Vue.createApp({ orderPubkey: null, showKeys: false, stallCount: 0, - importKeyDialog: { - show: false, - data: { - privateKey: null - } - }, - generateKeyDialog: { - show: false, - privateKey: null, - nsec: null, - npub: null, - showNsec: false - }, wsConnection: null, nostrStatus: { connected: false, @@ -49,23 +36,6 @@ window.app = Vue.createApp({ } }, methods: { - generateKeys: async function () { - // No longer need to generate keys here - the backend will use user's existing keypairs - await this.createMerchant() - }, - importKeys: async function () { - this.importKeyDialog.show = false - // Import keys functionality removed since we use user's native keypairs - // Show a message that this is no longer needed - this.$q.notify({ - type: 'info', - message: 'Merchants now use your account Nostr keys automatically. Key import is no longer needed.', - timeout: 3000 - }) - }, - showImportKeysDialog: async function () { - this.importKeyDialog.show = true - }, toggleShowKeys: function () { this.showKeys = !this.showKeys }, @@ -379,7 +349,11 @@ window.app = Vue.createApp({ } }, created: async function () { - await this.getMerchant() + const merchant = await this.getMerchant() + if (!merchant) { + // Auto-create merchant using the account's existing Nostr keypair + await this.createMerchant() + } await this.checkNostrStatus() setInterval(async () => { if ( diff --git a/templates/nostrmarket/index.html b/templates/nostrmarket/index.html index 949f8fe..2b6ea41 100644 --- a/templates/nostrmarket/index.html +++ b/templates/nostrmarket/index.html @@ -124,58 +124,9 @@ - - Welcome to Nostr Market!
- In Nostr Market, merchant and customer communicate via NOSTR relays, so - loss of money, product information, and reputation become far less - likely if attacked. - - - Terms
-
    -
  • - merchant - seller of products with - NOSTR key-pair -
    • -
  • - customer - buyer of products with - NOSTR key-pair -
    • -
  • - product - item for sale by the - merchant -
    • -
  • - stall - list of products controlled - by merchant (a merchant can have multiple stalls) -
    • -
  • - marketplace - clientside software for - searching stalls and purchasing products -
    • -
- - -
-
- - Use an existing private key (hex or npub) - - - A new key pair will be generated for you - -
-
+ + +
Setting up Nostr Market...
 diff --git a/views_api.py b/views_api.py index f974345..53cf9a6 100644 --- a/views_api.py +++ b/views_api.py @@ -93,6 +93,56 @@ from .services import ( ######################################## MERCHANT ###################################### +async def _auto_create_merchant( + wallet: WalletTypeInfo, + config: MerchantConfig | None = None, +) -> Merchant: + """ + Provision a merchant record from the user's account keypair. + Called automatically on first GET or explicitly via POST. + """ + account = await get_account(wallet.wallet.user) + assert account, "User account not found" + + # In our fork, accounts always have keypairs. + # Generate as fallback only if somehow missing. + if not account.pubkey or not account.prvkey: + private_key, public_key = generate_keypair() + account.pubkey = public_key + account.prvkey = private_key + await update_account(account) + else: + public_key = account.pubkey + private_key = account.prvkey + + existing_merchant = await get_merchant_by_pubkey(public_key) + assert existing_merchant is None, "A merchant already uses this public key" + + partial_merchant = PartialMerchant( + private_key=private_key, + public_key=public_key, + config=config or MerchantConfig(), + ) + + merchant = await create_merchant(wallet.wallet.user, partial_merchant) + + await create_zone( + merchant.id, + Zone( + id=f"online-{merchant.public_key}", + name="Online", + currency="sat", + cost=0, + countries=["Free (digital)"], + ), + ) + + await resubscribe_to_all_merchants() + await nostr_client.merchant_temp_subscription(public_key) + + return merchant + + @nostrmarket_ext.post("/api/v1/merchant") async def api_create_merchant( data: CreateMerchantRequest, @@ -100,60 +150,10 @@ async def api_create_merchant( ) -> Merchant: try: - # Check if merchant already exists for this user merchant = await get_merchant_for_user(wallet.wallet.user) assert merchant is None, "A merchant already exists for this user" - # Get user's account to access their Nostr keypairs - account = await get_account(wallet.wallet.user) - if not account: - raise HTTPException( - status_code=HTTPStatus.NOT_FOUND, - detail="User account not found", - ) - - # Check if user has Nostr keypairs, generate them if not - if not account.pubkey or not account.prvkey: - # Generate new keypair for user - private_key, public_key = generate_keypair() - - # Update user account with new keypairs - account.pubkey = public_key - account.prvkey = private_key - await update_account(account) - else: - public_key = account.pubkey - private_key = account.prvkey - - # Check if another merchant is already using this public key - existing_merchant = await get_merchant_by_pubkey(public_key) - assert existing_merchant is None, "A merchant already uses this public key" - - # Create PartialMerchant with user's keypairs - partial_merchant = PartialMerchant( - private_key=private_key, - public_key=public_key, - config=data.config - ) - - merchant = await create_merchant(wallet.wallet.user, partial_merchant) - - await create_zone( - merchant.id, - Zone( - id=f"online-{merchant.public_key}", - name="Online", - currency="sat", - cost=0, - countries=["Free (digital)"], - ), - ) - - await resubscribe_to_all_merchants() - - await nostr_client.merchant_temp_subscription(public_key) - - return merchant + return await _auto_create_merchant(wallet, data.config) except AssertionError as ex: raise HTTPException( status_code=HTTPStatus.BAD_REQUEST, @@ -170,12 +170,13 @@ async def api_create_merchant( @nostrmarket_ext.get("/api/v1/merchant") async def api_get_merchant( wallet: WalletTypeInfo = Depends(require_invoice_key), -) -> Optional[Merchant]: +) -> Merchant: try: merchant = await get_merchant_for_user(wallet.wallet.user) if not merchant: - return None + # Auto-provision merchant from the user's account keypair + merchant = await _auto_create_merchant(wallet) merchant = await touch_merchant(wallet.wallet.user, merchant.id) assert merchant From e2fb28e90eb18ed09b4986dc86850ed21fb6d445 Mon Sep 17 00:00:00 2001 From: Padreug Date: Mon, 27 Apr 2026 12:38:00 +0200 Subject: [PATCH 11/14] Add keypair rotation detection and migration feature When a user rotates their Nostr keypair in account settings, the merchant still holds the old key. This adds: - key_mismatch flag on MerchantConfig (runtime, not persisted) - detected on each GET /api/v1/merchant by comparing account vs merchant pubkey - POST /api/v1/merchant/{id}/migrate-keys endpoint that updates the merchant keys, republishes all stalls/products under the new identity, and resubscribes - Warning banner in the UI with a "Migrate Keys" button and confirmation dialog - update_merchant_keys() crud function Orders and DM history are preserved since they reference customer pubkeys. Old stall/product events on relays become orphaned. Co-Authored-By: Claude Opus 4.6 (1M context) --- crud.py | 20 +++++++++ models.py | 2 + static/js/index.js | 24 ++++++++++ templates/nostrmarket/index.html | 20 +++++++++ views_api.py | 76 ++++++++++++++++++++++++++++++++ 5 files changed, 142 insertions(+) diff --git a/crud.py b/crud.py index adc0836..7bb799b 100644 --- a/crud.py +++ b/crud.py @@ -55,6 +55,26 @@ async def update_merchant( return await get_merchant(user_id, merchant_id) +async def update_merchant_keys( + user_id: str, merchant_id: str, private_key: str, public_key: str +) -> Optional[Merchant]: + await db.execute( + f""" + UPDATE nostrmarket.merchants + SET private_key = :private_key, public_key = :public_key, + time = {db.timestamp_now} + WHERE id = :id AND user_id = :user_id + """, + { + "private_key": private_key, + "public_key": public_key, + "id": merchant_id, + "user_id": user_id, + }, + ) + return await get_merchant(user_id, merchant_id) + + async def touch_merchant(user_id: str, merchant_id: str) -> Optional[Merchant]: await db.execute( f""" diff --git a/models.py b/models.py index 2c24dee..c766cc2 100644 --- a/models.py +++ b/models.py @@ -43,6 +43,8 @@ class MerchantConfig(MerchantProfile): # TODO: switched to True for AIO demo; determine if we leave this as True active: bool = True restore_in_progress: Optional[bool] = False + # Set at runtime (not persisted) when account keypair != merchant keypair + key_mismatch: Optional[bool] = False class CreateMerchantRequest(BaseModel): diff --git a/static/js/index.js b/static/js/index.js index e180d85..f5d2e62 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -36,6 +36,30 @@ window.app = Vue.createApp({ } }, methods: { + migrateKeys: async function () { + LNbits.utils + .confirmDialog( + 'This will update your merchant to use your current account Nostr keypair ' + + 'and republish all stalls and products under the new identity. ' + + 'Existing orders and messages are preserved. Continue?' + ) + .onOk(async () => { + try { + const {data} = await LNbits.api.request( + 'POST', + `/nostrmarket/api/v1/merchant/${this.merchant.id}/migrate-keys`, + this.g.user.wallets[0].adminkey + ) + this.merchant = data + this.$q.notify({ + type: 'positive', + message: 'Merchant keys migrated and stalls republished' + }) + } catch (error) { + LNbits.utils.notifyApiError(error) + } + }) + }, toggleShowKeys: function () { this.showKeys = !this.showKeys }, diff --git a/templates/nostrmarket/index.html b/templates/nostrmarket/index.html index 2b6ea41..c4f7931 100644 --- a/templates/nostrmarket/index.html +++ b/templates/nostrmarket/index.html @@ -3,6 +3,26 @@
+ + + Your account Nostr keypair has changed since this merchant was created. + The merchant is still using the old key. Migrate to republish your + stalls and products under the new identity. + +
Merchant: + """ + Migrate a merchant to the current account keypair. + + When a user rotates their Nostr keypair, the merchant still holds the old + key. This endpoint updates the merchant's keys to match the account, + then republishes all stalls and products under the new identity. + + Orders and DM history are preserved (they reference customer pubkeys, + not the merchant key). Old stall/product events on relays become + orphaned — clients following the new pubkey will see the fresh events. + """ + try: + merchant = await get_merchant_for_user(wallet.wallet.user) + assert merchant, "Merchant cannot be found" + assert merchant.id == merchant_id, "Wrong merchant ID" + + account = await get_account(wallet.wallet.user) + assert account and account.pubkey and account.prvkey, ( + "Account has no Nostr keypair" + ) + + if account.pubkey == merchant.public_key: + return merchant # already in sync + + # Check no other merchant is using the new pubkey + existing = await get_merchant_by_pubkey(account.pubkey) + assert existing is None, ( + "Another merchant already uses this public key" + ) + + old_pubkey = merchant.public_key + + # Update merchant keys in DB + merchant = await update_merchant_keys( + wallet.wallet.user, merchant.id, + account.prvkey, account.pubkey, + ) + assert merchant + + # Republish all stalls and products under the new key + merchant = await update_merchant_to_nostr(merchant) + + logger.info( + f"[NOSTRMARKET] Migrated merchant {merchant.id} " + f"from {old_pubkey[:16]}... to {account.pubkey[:16]}..." + ) + + # Resubscribe with new pubkey + await resubscribe_to_all_merchants() + + return merchant + + except AssertionError as ex: + raise HTTPException( + status_code=HTTPStatus.BAD_REQUEST, + detail=str(ex), + ) from ex + except Exception as ex: + logger.warning(ex) + raise HTTPException( + status_code=HTTPStatus.INTERNAL_SERVER_ERROR, + detail="Cannot migrate merchant keys", + ) from ex + + @nostrmarket_ext.patch("/api/v1/merchant/{merchant_id}") async def api_update_merchant( merchant_id: str, From 3208e89e195ea85e8884d96705cb09e8925a8bad Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 3 May 2026 15:51:54 +0200 Subject: [PATCH 12/14] Remove orphaned key import/generate UI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Phase 3 (auto-provision merchant from account keypair) removed the generateKeys / importKeys methods and the dialog data fields, but left the dialog templates and dropdown menu items behind. They referenced importKeyDialog.show and generateKeyDialog.show, which were now undefined — breaking the merchant dashboard with "Cannot read properties of undefined (reading 'show')". Removes: - The Import Key and Generate New Key dialogs from index.html - The corresponding dropdown items from merchant-tab.html - The 'import-key' and 'generate-key' emits from merchant-tab.js - The dangling @import-key / @generate-key listeners in index.html Merchants are auto-provisioned from the account keypair on first GET; key rotation is handled by the migrate-keys feature instead. Co-Authored-By: Claude Opus 4.6 (1M context) --- static/components/merchant-tab.js | 4 +- .../nostrmarket/components/merchant-tab.html | 19 ----- templates/nostrmarket/index.html | 85 ------------------- 3 files changed, 1 insertion(+), 107 deletions(-) diff --git a/static/components/merchant-tab.js b/static/components/merchant-tab.js index 1194420..8e9588c 100644 --- a/static/components/merchant-tab.js +++ b/static/components/merchant-tab.js @@ -19,9 +19,7 @@ window.app.component('merchant-tab', { 'merchant-deleted', 'toggle-merchant-state', 'restart-nostr-connection', - 'profile-updated', - 'import-key', - 'generate-key' + 'profile-updated' ], data: function () { return { diff --git a/templates/nostrmarket/components/merchant-tab.html b/templates/nostrmarket/components/merchant-tab.html index 3d932d2..5d41ab2 100644 --- a/templates/nostrmarket/components/merchant-tab.html +++ b/templates/nostrmarket/components/merchant-tab.html @@ -67,25 +67,6 @@ - - - - - - - Import Existing Key - Use an existing nsec - - - - - - - - Generate New Key - Create a fresh nsec - - @@ -367,89 +365,6 @@
-
- - - - -
- Import - Cancel -
- - - -
- - - - -
Generate New Key
-
-
Public Key (npub)
- - - -
-
-
- - Private Key (nsec) -
- - - -
- - Never share your private key! -
-
-
- Create Merchant - Cancel -
- -
{% endblock%}{% block scripts %} {{ window_vars(user) }} From 83e9660ae5080a46c37734a4fb80792f1426b1f2 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 3 May 2026 16:11:15 +0200 Subject: [PATCH 13/14] Auto-create + publish default stall, republish stall on product publish Two complementary fixes for the "Unknown Stall" bug, where a customer sees a product on the relay but the parent stall is missing. 1. _auto_create_merchant() now creates a default "'s Store" stall and publishes its kind 30017 event before returning. New users land with a fully-published merchant identity, so the very first product they create has a known parent stall on relays. 2. POST /api/v1/product (api_create_product) now republishes the parent stall before publishing the product. NIP-33 parameterized replaceable events make this idempotent, but it self-heals every existing case where the stall publish failed or never happened (transient relay issues, accounts that pre-date the auto-publish flow, manual stall creation that didn't reach all relays). This complements the LNbits-side fix in core/services/users.py (_create_default_merchant publishes the stall on signup) and the webapp self-heal in useMarketStallSelfHeal.ts. With all three layers, "Unknown Stall" should disappear from the customer view. Co-Authored-By: Claude Opus 4.6 (1M context) --- views_api.py | 58 ++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 49 insertions(+), 9 deletions(-) diff --git a/views_api.py b/views_api.py index 3489e86..8241162 100644 --- a/views_api.py +++ b/views_api.py @@ -101,6 +101,10 @@ async def _auto_create_merchant( """ Provision a merchant record from the user's account keypair. Called automatically on first GET or explicitly via POST. + + Also creates a default "Online" shipping zone and a default stall named + after the user, then publishes the stall to relays so that any product + the user creates references a stall the customer-facing client can find. """ account = await get_account(wallet.wallet.user) assert account, "User account not found" @@ -127,16 +131,37 @@ async def _auto_create_merchant( merchant = await create_merchant(wallet.wallet.user, partial_merchant) - await create_zone( - merchant.id, - Zone( - id=f"online-{merchant.public_key}", - name="Online", - currency="sat", - cost=0, - countries=["Free (digital)"], - ), + online_zone = Zone( + id=f"online-{merchant.public_key}", + name="Online", + currency="sat", + cost=0, + countries=["Free (digital)"], ) + await create_zone(merchant.id, online_zone) + + # Create + publish a default stall so products created through the UI + # always have a published parent. Without this, a product publish lands + # on relays referencing a stall_id that no relay has seen, and the + # customer client renders "Unknown Stall". + display_name = account.username or "My" + default_stall = Stall( + wallet=wallet.wallet.id, + name=f"{display_name}'s Store", + currency="sat", + shipping_zones=[online_zone], + ) + default_stall = await create_stall(merchant.id, default_stall) + try: + stall_event = await sign_and_send_to_nostr(merchant, default_stall) + default_stall.event_id = stall_event.id + await update_stall(merchant.id, default_stall) + except Exception as ex: + # Non-fatal: merchant is usable; a product publish (or self-heal) + # will republish the stall later. + logger.warning( + f"[NOSTRMARKET] Failed to publish default stall for {merchant.id}: {ex}" + ) await resubscribe_to_all_merchants() await nostr_client.merchant_temp_subscription(public_key) @@ -767,6 +792,21 @@ async def api_create_product( assert stall, "Stall missing for product" data.config.currency = stall.currency + # Re-publish the parent stall before publishing the product. NIP-33 + # parameterized replaceable events make this idempotent on relays. + # This guarantees the customer client never sees a product whose + # parent stall isn't on the relay (e.g., when the original stall + # publish failed transiently or never ran). + try: + stall_event = await sign_and_send_to_nostr(merchant, stall) + stall.event_id = stall_event.id + await update_stall(merchant.id, stall) + except Exception as ex: + logger.warning( + f"[NOSTRMARKET] Failed to refresh stall {stall.id} " + f"before product publish: {ex}" + ) + product = await create_product(merchant.id, data=data) event = await sign_and_send_to_nostr(merchant, product) From 16e50d67f9479b7084e23a1081619d38cc41fafb Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 3 May 2026 16:19:52 +0200 Subject: [PATCH 14/14] Extract provision_merchant() service for shared use MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Both _auto_create_merchant (lazy GET fallback in views_api) and LNbits' _create_default_merchant (eager signup hook) used to reimplement merchant + zone + stall creation independently. Moves the canonical implementation to services.provision_merchant() so both call sites stay in lockstep — future changes (NIP-17 kind 10050 relay list, additional default zones, etc.) only happen in one place. - services.provision_merchant(user_id, wallet_id, public_key, private_key, display_name, config): creates merchant if absent, default 'Online' zone, default ''s Store' stall, and publishes the kind 30017 stall event. Idempotent on the merchant pubkey: returns the existing merchant unchanged if one exists. - views_api._auto_create_merchant: now a 10-line wrapper that loads the account, generates fallback keys if missing, then delegates. The LNbits-side hook (lnbits/core/services/users.py:_create_default_merchant) will be updated in a companion commit to also call this service. Co-Authored-By: Claude Opus 4.6 (1M context) --- services.py | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++ views_api.py | 67 +++++++++++-------------------------------------- 2 files changed, 86 insertions(+), 52 deletions(-) diff --git a/services.py b/services.py index 2a7159e..f57788c 100644 --- a/services.py +++ b/services.py @@ -12,9 +12,11 @@ from .crud import ( CustomerProfile, create_customer, create_direct_message, + create_merchant, create_order, create_product, create_stall, + create_zone, get_customer, get_last_direct_messages_created_at, get_last_product_update_time, @@ -42,6 +44,7 @@ from .models import ( DirectMessage, DirectMessageType, Merchant, + MerchantConfig, Nostrable, Order, OrderContact, @@ -49,11 +52,13 @@ from .models import ( OrderItem, OrderStatusUpdate, PartialDirectMessage, + PartialMerchant, PartialOrder, PaymentOption, PaymentRequest, Product, Stall, + Zone, ) from .nostr.event import NostrEvent from .nostr.nip59 import unwrap_message, wrap_message @@ -180,6 +185,72 @@ async def sign_and_send_to_nostr( return event +async def provision_merchant( + user_id: str, + wallet_id: str, + public_key: str, + private_key: str, + display_name: Optional[str] = None, + config: Optional[MerchantConfig] = None, +) -> Merchant: + """ + Provision a merchant with a default shipping zone and default stall, + and publish the stall to Nostr relays. + + Single source of truth used by: + - LNbits user-creation hook (eager, on signup) — see + lnbits/core/services/users.py:_create_default_merchant + - nostrmarket views_api._auto_create_merchant (lazy, on first GET + /api/v1/merchant when a merchant is missing). + + Idempotent on the merchant: if a merchant with this pubkey already + exists, returns it without recreating zone/stall. + """ + existing = await get_merchant_by_pubkey(public_key) + if existing: + return existing + + partial_merchant = PartialMerchant( + private_key=private_key, + public_key=public_key, + config=config or MerchantConfig(), + ) + merchant = await create_merchant(user_id, partial_merchant) + + online_zone = Zone( + id=f"online-{merchant.public_key}", + name="Online", + currency="sat", + cost=0, + countries=["Free (digital)"], + ) + await create_zone(merchant.id, online_zone) + + name = display_name or "My" + default_stall = Stall( + wallet=wallet_id, + name=f"{name}'s Store", + currency="sat", + shipping_zones=[online_zone], + ) + default_stall = await create_stall(merchant.id, default_stall) + + # Publish the kind 30017 stall event so customers' clients can resolve + # the stall name when they fetch products. Non-fatal on failure: a + # later product publish (or webapp self-heal) will retry. + try: + stall_event = await sign_and_send_to_nostr(merchant, default_stall) + default_stall.event_id = stall_event.id + await update_stall(merchant.id, default_stall) + except Exception as ex: + logger.warning( + f"[NOSTRMARKET] Failed to publish default stall for " + f"merchant {merchant.id}: {ex}" + ) + + return merchant + + async def handle_order_paid(order_id: str, merchant_pubkey: str): try: order = await update_order_paid_status(order_id, True) diff --git a/views_api.py b/views_api.py index 8241162..0e78bc3 100644 --- a/views_api.py +++ b/views_api.py @@ -83,6 +83,7 @@ from .models import ( from .services import ( build_order_with_payment, create_or_update_order_from_dm, + provision_merchant, reply_to_structured_dm, resubscribe_to_all_merchants, send_dm, @@ -99,72 +100,34 @@ async def _auto_create_merchant( config: MerchantConfig | None = None, ) -> Merchant: """ - Provision a merchant record from the user's account keypair. - Called automatically on first GET or explicitly via POST. + Lazy fallback: provision a merchant from the user's account keypair when + the LNbits-side eager provisioning didn't run (e.g., older accounts, or + upstream LNbits without our signup hook). - Also creates a default "Online" shipping zone and a default stall named - after the user, then publishes the stall to relays so that any product - the user creates references a stall the customer-facing client can find. + Delegates to services.provision_merchant — the canonical implementation. """ account = await get_account(wallet.wallet.user) assert account, "User account not found" - # In our fork, accounts always have keypairs. - # Generate as fallback only if somehow missing. + # In our fork, accounts always have keypairs. Generate as fallback only + # if somehow missing (e.g., upstream LNbits where this isn't auto-set). if not account.pubkey or not account.prvkey: private_key, public_key = generate_keypair() account.pubkey = public_key account.prvkey = private_key await update_account(account) - else: - public_key = account.pubkey - private_key = account.prvkey - existing_merchant = await get_merchant_by_pubkey(public_key) - assert existing_merchant is None, "A merchant already uses this public key" - - partial_merchant = PartialMerchant( - private_key=private_key, - public_key=public_key, - config=config or MerchantConfig(), + merchant = await provision_merchant( + user_id=wallet.wallet.user, + wallet_id=wallet.wallet.id, + public_key=account.pubkey, + private_key=account.prvkey, + display_name=account.username, + config=config, ) - merchant = await create_merchant(wallet.wallet.user, partial_merchant) - - online_zone = Zone( - id=f"online-{merchant.public_key}", - name="Online", - currency="sat", - cost=0, - countries=["Free (digital)"], - ) - await create_zone(merchant.id, online_zone) - - # Create + publish a default stall so products created through the UI - # always have a published parent. Without this, a product publish lands - # on relays referencing a stall_id that no relay has seen, and the - # customer client renders "Unknown Stall". - display_name = account.username or "My" - default_stall = Stall( - wallet=wallet.wallet.id, - name=f"{display_name}'s Store", - currency="sat", - shipping_zones=[online_zone], - ) - default_stall = await create_stall(merchant.id, default_stall) - try: - stall_event = await sign_and_send_to_nostr(merchant, default_stall) - default_stall.event_id = stall_event.id - await update_stall(merchant.id, default_stall) - except Exception as ex: - # Non-fatal: merchant is usable; a product publish (or self-heal) - # will republish the stall later. - logger.warning( - f"[NOSTRMARKET] Failed to publish default stall for {merchant.id}: {ex}" - ) - await resubscribe_to_all_merchants() - await nostr_client.merchant_temp_subscription(public_key) + await nostr_client.merchant_temp_subscription(account.pubkey) return merchant