silberengel
/
gitrepublic-web
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 Commits
1 Branch
0 Tags
13 MiB
 
 
 
 
 
Tree: adcffaf279
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'adcffaf279'
${ noResults }
gitrepublic-web/docs/07.md

2.7 KiB
Raw Blame History

NIP-07

window.nostr capability for web browsers

draft optional

The window.nostr object may be made available by web browsers or extensions and websites or web-apps may make use of it after checking its availability.

That object must define the following methods:

async window.nostr.getPublicKey(): string // returns a public key as hex
async window.nostr.signEvent(event: { created_at: number, kind: number, tags: string[][], content: string }): Event // takes an event object, adds `id`, `pubkey` and `sig` and returns it

Aside from these two basic above, the following functions can also be implemented optionally:

async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04 (deprecated)
async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated)
async window.nostr.nip44.encrypt(pubkey, plaintext): string // returns ciphertext as specified in nip-44
async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext as specified in nip-44

Recommendation to Extension Authors

To make sure that the window.nostr is available to nostr clients on page load, the authors who create Chromium and Firefox extensions should load their scripts by specifying "run_at": "document_end" in the extension's manifest.

Implementation

See https://github.com/aljazceru/awesome-nostr#nip-07-browser-extensions.

GitRepublic Usage

NIP-07 is the primary authentication method for GitRepublic. All user interactions that require signing events use the NIP-07 browser extension interface.

Authentication Flow

  1. Availability Check: GitRepublic checks for window.nostr availability on page load
  2. Public Key Retrieval: When users need to authenticate, getPublicKey() is called to get their pubkey
  3. Event Signing: All repository announcements, PRs, issues, and other events are signed using signEvent()

Key Features

  • Repository Creation: Users sign repository announcement events (kind 30617) using NIP-07
  • Repository Updates: Settings changes, maintainer additions, and other updates are signed via NIP-07
  • Pull Requests: PR creation and updates are signed by the PR author
  • Issues: Issue creation and comments are signed by the author
  • Commit Signatures: Git commits can be signed using NIP-07 (client-side only, keys never leave browser)

Security

  • Keys never leave the browser - all signing happens client-side
  • No server-side key storage required
  • Users maintain full control of their private keys

Implementation: src/lib/services/nostr/nip07-signer.ts