From d1684130c78a7d0e3e02be3fff0f96f11caa6f5c Mon Sep 17 00:00:00 2001 From: Silberengel Date: Sat, 28 Mar 2026 12:10:51 +0100 Subject: [PATCH] bug-fixes --- src/lib/nip05.ts | 44 +++++++++++++++++++++++++++---------- src/services/web.service.ts | 13 ++++++----- 2 files changed, 40 insertions(+), 17 deletions(-) diff --git a/src/lib/nip05.ts b/src/lib/nip05.ts index 72cbbcc1..5b906e29 100644 --- a/src/lib/nip05.ts +++ b/src/lib/nip05.ts @@ -1,4 +1,5 @@ import { LRUCache } from 'lru-cache' +import { buildViteProxySitesFetchUrl } from '@/lib/vite-proxy-url' import { isValidPubkey } from './pubkey' import logger from '@/lib/logger' @@ -37,16 +38,14 @@ async function _verifyNip05(nip05: string, pubkey: string): Promise | undefined + if (names?.[nip05Name] === pubkey) { + const relays = json.relays as Record | undefined + const relayList = relays?.[pubkey] + return { ...result, isVerified: true, relays: Array.isArray(relayList) ? relayList : undefined } } - } catch { - // ignore } return result } @@ -70,12 +69,33 @@ export function getWellKnownNip05Url(domain: string, name?: string): string { return url.toString() } +/** + * Fetch `/.well-known/nostr.json` in the browser without tripping third-party CORS: + * when `VITE_PROXY_SERVER` is set (production), use same-origin `/sites/?url=…` like OG preview. + */ +async function fetchWellKnownNostrJson(domain: string, name?: string): Promise | null> { + const targetUrl = getWellKnownNip05Url(domain, name) + const proxyServer = import.meta.env.VITE_PROXY_SERVER?.trim() + const fetchUrl = proxyServer ? buildViteProxySitesFetchUrl(targetUrl, proxyServer) : targetUrl + try { + const res = await fetch(fetchUrl, { + credentials: 'omit', + headers: { Accept: 'application/json, text/plain;q=0.9,*/*;q=0.8' } + }) + if (!res.ok) return null + const data: unknown = await res.json() + return data && typeof data === 'object' && !Array.isArray(data) ? (data as Record) : null + } catch { + return null + } +} + export async function fetchPubkeysFromDomain(domain: string): Promise { try { - const res = await fetch(getWellKnownNip05Url(domain)) - const json = await res.json() + const json = await fetchWellKnownNostrJson(domain) + if (!json) return [] const pubkeySet = new Set() - return Object.values(json.names || {}).filter((pubkey) => { + return Object.values((json.names as Record) || {}).filter((pubkey) => { if (typeof pubkey !== 'string' || !isValidPubkey(pubkey)) { return false } diff --git a/src/services/web.service.ts b/src/services/web.service.ts index c7268a3f..6e58247a 100644 --- a/src/services/web.service.ts +++ b/src/services/web.service.ts @@ -61,11 +61,14 @@ async function fetchHtmlForOpenGraph(originalUrl: string): Promise<{ html: strin if (html) { return { html, via: proxyFetchUrl } } - logger.debug('[WebService] OG proxy unavailable or bad response; trying direct fetch', { - originalUrl - }) - html = await tryFetchHtml(originalUrl, 15_000) - return html ? { html, via: 'direct' } : null + logger.debug('[WebService] OG proxy unavailable or bad response', { originalUrl }) + // In production with a configured proxy, skip direct fetch: random sites rarely allow browser CORS, + // and the attempt spams DevTools with cross-origin errors without improving OG success. + if (!import.meta.env.PROD) { + html = await tryFetchHtml(originalUrl, 15_000) + return html ? { html, via: 'direct' } : null + } + return null } const html = await tryFetchHtml(originalUrl, 15_000)