feat(base): phase-2 bucket-B migration via signEventViaLnbits #88

Merged

padreug merged 1 commit from feat/phase-2-bucket-b-sign-event into dev 2026-06-03 16:50:13 +00:00

Conversation 0 Commits 1 Files changed 6 +174 -291

padreug commented 2026-06-03 16:49:19 +00:00

Owner

Copy link

Summary

• Closes the build-fail interval opened by #84 (User.prvkey field removal). vue-tsc was failing in 5 files; this PR makes all of them green.
• Adds the uniform signEventViaLnbits(template) helper per design-questions Q3.3 at src/lib/nostr/signing.ts.
• Migrates kind 10003 (bookmarks), kind 31925 (RSVP), and kind 5 (NIP-09 deletion) to the helper.
• Disables NostrTransportService.call() (kind 21000 RPC) per Q4.2 — defers transport revival to phase 3+. Scaffolding retained.
• Disables NIP-59 gift-wrap unwrap in useMarket.ts per Bucket C — no nip44_decrypt HTTP endpoint exists yet.

Wire shape of the helper

POST /api/v1/auth/sign-event (aiolabs/lnbits PR #29):

• Bearer auth (Authorization header) + credentials: 'include' so the CSRF cookie rides along.
• GET /auth/csrf-token once per page load, cached, refreshed on 403-with-CSRF.
• Body = {kind, created_at, tags, content}; response = fully-signed Event.

Known regression — intentional

The marketplace order-DM gift-wrap unwrap path (useMarket.ts:handleOrderDM) is non-functional until phase-3 adds NIP-44 decrypt over HTTP/bunker. Per the workspace CLAUDE.md, the nostrmarket extension handles order publishing/receipt server-side; this client-side fast-path was redundant. Flagged with console.warn so it's visible if the path goes hot.

Test plan

• vue-tsc -b clean (was 8 errors, now 0)
• npm run build succeeds
• aio-demo smoke: bookmark an activity, RSVP, delete an own note — all three round-trip via /auth/sign-event against the deployed lnbits dev
• Confirm CSRF token round-trip works (browser DevTools → Network → auth/csrf-token 200 + auth/sign-event 200)
• CORS preflight passes (lnbits issue #31 / LNBITS_CORS_ALLOWED_ORIGINS allowlist must include the demo origin)

Refs

• ~/dev/coordination/webapp-design-questions.md Q3.3 (uniform helper) + Q4.2/Q4.3 (Bucket C deferral)
• aiolabs/lnbits PR #29 (/auth/sign-event endpoint)
• aiolabs/webapp PR #84 (the prvkey-removal that this unblocks)
• aiolabs/webapp PR #87 (scanner-via-HTTP — the only prior bucket-A migration in the same area)

🤖 Generated with Claude Code

## Summary - Closes the build-fail interval opened by **#84** (`User.prvkey` field removal). vue-tsc was failing in 5 files; this PR makes all of them green. - Adds the uniform `signEventViaLnbits(template)` helper per design-questions Q3.3 at `src/lib/nostr/signing.ts`. - Migrates **kind 10003 (bookmarks)**, **kind 31925 (RSVP)**, and **kind 5 (NIP-09 deletion)** to the helper. - Disables **`NostrTransportService.call()`** (kind 21000 RPC) per Q4.2 — defers transport revival to phase 3+. Scaffolding retained. - Disables **NIP-59 gift-wrap unwrap** in `useMarket.ts` per Bucket C — no `nip44_decrypt` HTTP endpoint exists yet. ## Wire shape of the helper `POST /api/v1/auth/sign-event` (aiolabs/lnbits PR #29): - Bearer auth (`Authorization` header) + `credentials: 'include'` so the CSRF cookie rides along. - `GET /auth/csrf-token` once per page load, cached, refreshed on 403-with-CSRF. - Body = `{kind, created_at, tags, content}`; response = fully-signed `Event`. ## Known regression — intentional The marketplace order-DM gift-wrap unwrap path (`useMarket.ts:handleOrderDM`) is non-functional until phase-3 adds NIP-44 decrypt over HTTP/bunker. Per the workspace CLAUDE.md, the `nostrmarket` extension handles order publishing/receipt server-side; this client-side fast-path was redundant. Flagged with `console.warn` so it's visible if the path goes hot. ## Test plan - [x] `vue-tsc -b` clean (was 8 errors, now 0) - [x] `npm run build` succeeds - [ ] aio-demo smoke: bookmark an activity, RSVP, delete an own note — all three round-trip via `/auth/sign-event` against the deployed lnbits dev - [ ] Confirm CSRF token round-trip works (browser DevTools → Network → `auth/csrf-token` 200 + `auth/sign-event` 200) - [ ] CORS preflight passes (lnbits issue #31 / `LNBITS_CORS_ALLOWED_ORIGINS` allowlist must include the demo origin) ## Refs - `~/dev/coordination/webapp-design-questions.md` Q3.3 (uniform helper) + Q4.2/Q4.3 (Bucket C deferral) - aiolabs/lnbits PR #29 (`/auth/sign-event` endpoint) - aiolabs/webapp PR #84 (the prvkey-removal that this unblocks) - aiolabs/webapp PR #87 (scanner-via-HTTP — the only prior bucket-A migration in the same area) 🤖 Generated with [Claude Code](https://claude.com/claude-code)

padreug added 1 commit 2026-06-03 16:49:19 +00:00

feat(base): phase-2 bucket-B migration via signEventViaLnbits ... ebd8cef8cd

Closes the build-fail interval opened by PR #84 (User.prvkey field
removal). Adds the uniform signEventViaLnbits() helper per
design-questions Q3.3 and migrates the 5 compile-failing sites the
prvkey removal exposed.

New helper at src/lib/nostr/signing.ts:
- POST /api/v1/auth/sign-event with Bearer auth + credentials:include
- Lazy CSRF token fetch + cache; one-shot refresh on 403-with-CSRF
- Returns the fully-signed event for caller to publish

Site migrations:
- activities/composables/useBookmarks.ts (kind 10003) — drop finalizeEvent
- activities/composables/useRSVP.ts (kind 31925) — drop finalizeEvent
- nostr-feed/components/NostrFeed.vue (kind 5 deletion) — drop finalizeEvent
- base/services/NostrTransportService.ts (kind 21000 RPC bootstrap) —
  call() now throws "deferred to phase 3+ per Q4.2/Q4.3"; scaffolding
  retained for the eventual transport revival
- market/composables/useMarket.ts (NIP-59 gift-wrap unwrap) — disabled
  with a console.warn; no server-routed nip44_decrypt endpoint exists
  yet (Bucket C territory)

Known regression intentionally accepted: incoming order-DM gift-wrap
processing in the marketplace is non-functional until phase-3 adds
NIP-44 decrypt over HTTP/bunker. Per design-questions §"Open questions
deferred", marketplace order receipt routes through nostrmarket
server-side anyway; this client-side path was a redundant fast-path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

padreug added the

app:webapp

enhancement

labels 2026-06-03 16:49:54 +00:00

padreug merged commit 52c03328b4 into dev 2026-06-03 16:50:13 +00:00

padreug deleted branch feat/phase-2-bucket-b-sign-event 2026-06-03 16:50:13 +00:00

padreug referenced this pull request from a commit 2026-06-03 16:50:14 +00:00

Merge pull request 'feat(base): phase-2 bucket-B migration via signEventViaLnbits' (#88) from feat/phase-2-bucket-b-sign-event into dev

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

app:activities

Standalone Sortir activities app

  

app:chat

Standalone chat app

  

app:events

  

app:forum

  

app:libra

  

app:market

Standalone marketplace app

  

app:restaurant

  

app:tasks

  

app:wallet

Standalone wallet app

  

app:webapp

Main webapp (all modules)

  

bug

Something is not working

  

enhancement

New feature or improvement

No labels

app:activities

app:chat

app:events

app:forum

app:libra

app:market

app:restaurant

app:tasks

app:wallet

app:webapp

bug

enhancement

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

aiolabs/webapp!88

No description provided.