diff --git a/src/lib/api/lnbits.ts b/src/lib/api/lnbits.ts index 700df9a..bdd2e18 100644 --- a/src/lib/api/lnbits.ts +++ b/src/lib/api/lnbits.ts @@ -40,12 +40,8 @@ interface User { username?: string email?: string pubkey?: string - // The `prvkey` field was removed from this interface as the final step of - // phase-1 per aiolabs/lnbits#9 / design-questions Q1.2 Option (b). LNbits - // signs server-side via the NostrSigner abstraction (PR #26) and exposes - // `signer_type` instead of raw key material on /api/v1/auth. Bucket-B - // sign-sites (kind 1 / 4 / 5 / 7 / 31925 / 10003 / 1111 etc.) migrate to - // POST /api/v1/auth/sign-event (PR #29) in phase 2. + // pragma: allowlist secret + prvkey?: string // Nostr signing key for user external_id?: string extensions: string[] wallets: Wallet[] @@ -178,22 +174,20 @@ export class LnbitsAPI extends BaseService { async getCurrentUser(): Promise { // First get basic user info from /auth const basicUser = await this.request('/auth') - - // /auth/nostr/me used to return the user's prvkey for client-side signing; - // post-aiolabs/lnbits#9 phase-1 the server signs and the endpoint returns - // only the pubkey. We keep the call to merge the pubkey (which the basic - // /auth response also includes on the post-cascade server; this is the - // belt-and-suspenders fallback for older lnbits revisions until we ship a - // signer_type-aware client). + + // Then get Nostr keys from /auth/nostr/me (this was working in main branch) try { const nostrUser = await this.request('/auth/nostr/me') - + + // Merge the data - basic user info + Nostr keys return { ...basicUser, pubkey: nostrUser.pubkey, + prvkey: nostrUser.prvkey } } catch (error) { - console.warn('Failed to fetch Nostr pubkey from /auth/nostr/me, returning basic user info:', error) + console.warn('Failed to fetch Nostr keys, returning basic user info:', error) + // Return basic user info without Nostr keys if the endpoint fails return basicUser } } diff --git a/src/modules/base/auth/auth-service.ts b/src/modules/base/auth/auth-service.ts index 3e728c7..4cc9523 100644 --- a/src/modules/base/auth/auth-service.ts +++ b/src/modules/base/auth/auth-service.ts @@ -180,14 +180,17 @@ export class AuthService extends BaseService { this.isLoading.value = true const updatedUser = await this.lnbitsAPI.updateProfile(data) - // Preserve pubkey from existing user since /auth/update doesn't return it. - // Kind-0 metadata is published server-side by lnbits's PATCH /auth handler - // (aiolabs/lnbits commit 869f67c3); no webapp-side broadcast path remains. + // Preserve prvkey and pubkey from existing user since /auth/update doesn't return them this.user.value = { ...updatedUser, pubkey: this.user.value?.pubkey || updatedUser.pubkey, + prvkey: this.user.value?.prvkey || updatedUser.prvkey } + // Kind-0 metadata is published server-side by lnbits's PATCH /auth handler + // (aiolabs/lnbits commit 869f67c3) once the cascade is deployed. The webapp + // no longer maintains its own broadcast path. + } catch (error) { const err = this.handleError(error, 'updateProfile') throw err