diff --git a/Dockerfile b/Dockerfile index 1168d8c..1eb99be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,20 @@ -# Patched from upstream kind-0/nsecbunkerd Dockerfile to use pnpm — the -# upstream version uses `npm install` but package.json declares -# `@nostr-dev-kit/ndk` as `workspace:*`, which only pnpm understands. -# A clean clone of upstream fails to build with `EUNSUPPORTEDPROTOCOL` -# under npm. Switching to pnpm matches the lockfile that ships in-repo. -# Also drops `--frozen-lockfile` because the upstream pnpm-lock.yaml is -# out of date vs. package.json (ERR_PNPM_OUTDATED_LOCKFILE) — bug to -# file upstream once we've verified the rest of the stack works. - FROM node:20.11-bullseye AS build WORKDIR /app -RUN npm install -g pnpm@9 - -# Copy lockfile + manifest first so the install layer caches across -# source changes. -COPY package.json pnpm-lock.yaml ./ -RUN pnpm install --no-frozen-lockfile +# Copy package files and install dependencies +COPY package*.json ./ +RUN npm install # Copy application files COPY . . # Generate prisma client and build the application RUN npx prisma generate -RUN pnpm run build +RUN npm run build # Runtime stage -FROM node:20.11-alpine AS runtime +FROM node:20.11-alpine as runtime WORKDIR /app @@ -34,13 +22,11 @@ RUN apk update && \ apk add --no-cache openssl && \ rm -rf /var/cache/apk/* -RUN npm install -g pnpm@9 - # Copy built files from the build stage COPY --from=build /app . -# Install only runtime dependencies (pnpm respects the workspace protocol) -RUN pnpm install --prod --no-frozen-lockfile +# Install only runtime dependencies +RUN npm install --only=production EXPOSE 3000 diff --git a/package.json b/package.json index 297fd2a..4232435 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ "@fastify/view": "^8.2.0", "@inquirer/password": "^1.1.2", "@inquirer/prompts": "^1.2.3", - "@nostr-dev-kit/ndk": "2.8.1", + "@nostr-dev-kit/ndk": "workspace:*", "@prisma/client": "^5.4.1", "@scure/base": "^1.1.1", "@types/yargs": "^17.0.24", diff --git a/src/daemon/admin/index.ts b/src/daemon/admin/index.ts index 75dfc4b..4db9cc2 100644 --- a/src/daemon/admin/index.ts +++ b/src/daemon/admin/index.ts @@ -122,12 +122,7 @@ class AdminInterface { this.rpc.on('request', (req) => this.handleRequest(req)); - // pingOrDie disabled — NDK 2.8.1 outbox model doesn't echo - // self-published events back through subscriptions on - // non-public relay channels, so the watchdog fires false - // positives and exits the bunker every 50s on private relays. - // See aiolabs/nsecbunkerd#4 + #7. - // pingOrDie(this.ndk); + pingOrDie(this.ndk); }).catch((err) => { console.log('❌ admin connection failed'); console.log(err); diff --git a/src/daemon/run.ts b/src/daemon/run.ts index 6637986..262a150 100644 --- a/src/daemon/run.ts +++ b/src/daemon/run.ts @@ -230,14 +230,8 @@ class Daemon { if (nsec.startsWith('nsec1')) { try { - // NDK 2.8.1's NDKPrivateKeySigner constructor passes its - // arg straight to nostr-tools getPublicKey() which requires - // 32-byte hex / bytes / bigint, not bech32. Without this - // decode, every key created via create_new_key fails to - // load with the nostr-tools getPublicKey type error, so - // the bunker can never sign for any target it provisions. - // See aiolabs/nsecbunkerd#8. - hexpk = nip19.decode(nsec).data as string; + const key = new NDKPrivateKeySigner(nsec); + hexpk = key.privateKey!; } catch(e) { console.error(`Error loading key ${name}:`, e); return