From 4f7b9f1b994a99cbc0c111a685c764fa0fdc9168 Mon Sep 17 00:00:00 2001
From: artur <brugeman.artur@gmail.com>
Date: Fri, 8 Mar 2024 08:49:36 +0300
Subject: [PATCH] Add oauth event handler everywhere, dedup auth_url handling,
 add requested perms, add since to reply filter

---
 packages/app/src/Hooks/useLoginHandler.tsx |  3 +++
 packages/app/src/Utils/Login/Functions.ts  |  3 +++
 packages/system/src/impl/nip46.ts          | 15 +++++++++------
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/packages/app/src/Hooks/useLoginHandler.tsx b/packages/app/src/Hooks/useLoginHandler.tsx
index 1908a14c..21862bd7 100644
--- a/packages/app/src/Hooks/useLoginHandler.tsx
+++ b/packages/app/src/Hooks/useLoginHandler.tsx
@@ -85,6 +85,9 @@ export default function useLoginHandler() {
       }
     } else if (key.startsWith("bunker://")) {
       const nip46 = new Nip46Signer(key);
+      nip46.on("oauth", url => {
+        window.open(url, CONFIG.appNameCapitalized, "width=600,height=800,popup=yes");
+      });
       await nip46.init();
 
       const loginPubkey = await nip46.getPubKey();
diff --git a/packages/app/src/Utils/Login/Functions.ts b/packages/app/src/Utils/Login/Functions.ts
index 2497b87f..2b1d47c0 100644
--- a/packages/app/src/Utils/Login/Functions.ts
+++ b/packages/app/src/Utils/Login/Functions.ts
@@ -247,6 +247,9 @@ export function createPublisher(l: LoginSession) {
       const relayArgs = (l.remoteSignerRelays ?? []).map(a => `relay=${encodeURIComponent(a)}`);
       const inner = new PrivateKeySigner(unwrap(l.privateKeyData as KeyStorage).value);
       const nip46 = new Nip46Signer(`bunker://${unwrap(l.publicKey)}?${[...relayArgs].join("&")}`, inner);
+      nip46.on("oauth", url => {
+        window.open(url, CONFIG.appNameCapitalized, "width=600,height=800,popup=yes");
+      });
       return new EventPublisher(nip46, unwrap(l.publicKey));
     }
     case LoginSessionType.Nip7os: {
diff --git a/packages/system/src/impl/nip46.ts b/packages/system/src/impl/nip46.ts
index 9fa020f5..08175133 100644
--- a/packages/system/src/impl/nip46.ts
+++ b/packages/system/src/impl/nip46.ts
@@ -11,6 +11,8 @@ import EventKind from "../event-kind";
 import { EventEmitter } from "eventemitter3";
 
 const NIP46_KIND = 24_133;
+// FIXME add all kinds that Snort signs
+const PERMS = "nip04_encrypt,nip04_decrypt,sign_event:0,sign_event:1,sign_event:3,sign_event:4,sign_event:6,sign_event:7,sign_event:30078"
 
 interface Nip46Metadata {
   name: string;
@@ -34,6 +36,7 @@ interface Nip46Response {
 interface QueueObj {
   resolve: (o: Nip46Response) => void;
   reject: (e: Error) => void;
+  authed?: boolean;
 }
 
 interface Nip46Events {
@@ -112,6 +115,8 @@ export class Nip46Signer extends EventEmitter<Nip46Events> implements EventSigne
             {
               kinds: [NIP46_KIND],
               "#p": [this.#localPubkey],
+              // strfry doesn't always delete ephemeral events
+              since: Math.floor(Date.now() / 1000 - 10),
             },
           ],
           () => {},
@@ -195,7 +200,7 @@ export class Nip46Signer extends EventEmitter<Nip46Events> implements EventSigne
    */
   async createAccount(name: string, domain: string, email?: string) {
     await this.init(false);
-    const rsp = await this.#rpc("create_account", [name, domain, email ?? ""]);
+    const rsp = await this.#rpc("create_account", [name, domain, email ?? "", PERMS]);
     if (!rsp.error) {
       this.#remotePubkey = rsp.result as string;
     }
@@ -206,10 +211,7 @@ export class Nip46Signer extends EventEmitter<Nip46Events> implements EventSigne
   }
 
   async #connect(pk: string) {
-    const connectParams = [pk];
-    if (this.#token) {
-      connectParams.push(this.#token);
-    }
+    const connectParams = [pk, this.#token ?? '', PERMS];
     return await this.#rpc("connect", connectParams);
   }
 
@@ -241,7 +243,8 @@ export class Nip46Signer extends EventEmitter<Nip46Events> implements EventSigne
     }
 
     if ("result" in reply && reply.result === "auth_url") {
-      this.emit("oauth", reply.error);
+      if (!pending.authed) this.emit("oauth", reply.error);
+      pending.authed = true;
     } else {
       const rx = reply as Nip46Response;
       if (rx.error) {