Fix Blossom auth base64 encoding and Svelte reactivity issues

- Use standard base64 encoding (not URL-safe) for NIP-24242 auth per BUD-01 spec - Fix Svelte reactivity by using spread + sort pattern instead of in-place mutation - Add debug logging for blob upload/delete operations - Add temporary p256k1 replace directive (v1.0.6 has race condition fix) Files modified: - app/web/src/BlossomView.svelte: Base64 fix, reactivity fix for blob list updates - app/web/src/LogView.svelte: Base64 encoding fix - app/web/src/api.js: Base64 encoding fix in createNIP98Auth - go.mod: Temporary replace directive for p256k1 race condition fix Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
4 months ago · af67baf4db
7 changed files with 28 additions and 19 deletions
--- a/app/web/dist/bundle.js
+++ b/app/web/dist/bundle.js
--- a/app/web/dist/bundle.js.map
+++ b/app/web/dist/bundle.js.map
--- a/app/web/src/BlossomView.svelte
+++ b/app/web/src/BlossomView.svelte
@ -77,8 +77,8 @@
				@@ -77,8 +77,8 @@
            };

            const signedEvent = await signer.signEvent(authEvent);
-            // Use URL-safe base64 encoding (replace + with -, / with _)
-            return btoa(JSON.stringify(signedEvent)).replace(/\+/g, '-').replace(/\//g, '_');
+            // Use standard base64 encoding per BUD-01 spec
+            return btoa(JSON.stringify(signedEvent));
        } catch (err) {
            console.error("Error creating Blossom auth:", err);
            return null;
@ -99,8 +99,12 @@
				@@ -99,8 +99,12 @@
    }

    async function loadBlobs() {
-        if (!userPubkey) return;
+        if (!userPubkey) {
+            console.log("loadBlobs: no userPubkey, skipping");
+            return;
+        }

+        console.log("loadBlobs: starting, userSigner available:", !!userSigner);
        isLoading = true;
        error = "";

@ -117,8 +121,9 @@
				@@ -117,8 +121,9 @@

            const data = await response.json();
            // API returns 'uploaded' timestamp per BUD-02 spec
-            blobs = Array.isArray(data) ? data : [];
-            blobs.sort((a, b) => (b.uploaded || 0) - (a.uploaded || 0));
+            // Use spread + sort to ensure Svelte reactivity triggers
+            const blobList = Array.isArray(data) ? data : [];
+            blobs = [...blobList].sort((a, b) => (b.uploaded || 0) - (a.uploaded || 0));
            console.log("Loaded blobs:", blobs);
        } catch (err) {
            console.error("Error loading blobs:", err);
@ -241,7 +246,9 @@
				@@ -241,7 +246,9 @@
                throw new Error(`Failed to delete: ${response.statusText}`);
            }

+            console.log("Delete successful, removing blob from list:", blob.sha256);
            blobs = blobs.filter(b => b.sha256 !== blob.sha256);
+            console.log("Blobs after filter:", blobs.length);
            if (selectedBlob?.sha256 === blob.sha256) {
                closeModal();
            }
@ -304,7 +311,9 @@
				@@ -304,7 +311,9 @@
        if (fileInput) fileInput.value = "";

        if (uploaded.length > 0) {
+            console.log("Upload complete, refreshing blob list...");
            await loadBlobs();
+            console.log("Blob list refresh complete, blobs count:", blobs.length);
        }

        if (failed.length > 0) {
@ -375,8 +384,8 @@
				@@ -375,8 +384,8 @@
                throw new Error(`Failed to load user blobs: ${response.statusText}`);
            }

-            selectedUserBlobs = await response.json();
-            selectedUserBlobs.sort((a, b) => (b.uploaded || 0) - (a.uploaded || 0));
+            const userBlobData = await response.json();
+            selectedUserBlobs = [...userBlobData].sort((a, b) => (b.uploaded || 0) - (a.uploaded || 0));
        } catch (err) {
            console.error("Error loading user blobs:", err);
            error = err.message || "Failed to load user blobs";
--- a/app/web/src/LogView.svelte
+++ b/app/web/src/LogView.svelte
@ -76,8 +76,8 @@
				@@ -76,8 +76,8 @@
            };

            const signedEvent = await userSigner.signEvent(authEvent);
-            // Use URL-safe base64 encoding (replace + with -, / with _)
-            return btoa(JSON.stringify(signedEvent)).replace(/\+/g, '-').replace(/\//g, '_');
+            // Use standard base64 encoding per BUD-01 spec
+            return btoa(JSON.stringify(signedEvent));
        } catch (err) {
            console.error("Error creating auth header:", err);
            return null;
--- a/app/web/src/api.js
+++ b/app/web/src/api.js
@ -43,9 +43,9 @@ export async function createNIP98Auth(signer, pubkey, method, url) {
				@@ -43,9 +43,9 @@ export async function createNIP98Auth(signer, pubkey, method, url) {
            hasSig: !!signedEvent.sig
        });

-        // Use URL-safe base64 encoding (replace + with -, / with _)
+        // Use standard base64 encoding per BUD-01/NIP-98 spec
        const json = JSON.stringify(signedEvent);
-        const base64 = btoa(json).replace(/\+/g, '-').replace(/\//g, '_');
+        const base64 = btoa(json);
        return base64;
    } catch (error) {
        console.error("createNIP98Auth: Error:", error);
--- a/go.mod
+++ b/go.mod
@ -87,7 +87,7 @@ require (
				@@ -87,7 +87,7 @@ require (
 	github.com/baidubce/bce-sdk-go v0.9.256 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
-	github.com/btcsuite/btcd/btcec/v2 v2.3.4 // indirect
+	github.com/btcsuite/btcd/btcec/v2 v2.3.6 // indirect
 	github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 // indirect
 	github.com/bytedance/sonic v1.13.1 // indirect
 	github.com/bytedance/sonic/loader v0.2.4 // indirect
@ -266,7 +266,9 @@ require (
				@@ -266,7 +266,9 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gvisor.dev/gvisor v0.0.0-20250503011706-39ed1f5ac29c // indirect
-	p256k1.mleku.dev v1.0.3 // indirect
+	p256k1.mleku.dev v1.0.5 // indirect
 )

 retract v1.0.3
+
+replace p256k1.mleku.dev => /home/mleku/src/p256k1.mleku.dev
--- a/go.sum
+++ b/go.sum
@ -228,8 +228,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
				@@ -228,8 +228,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ=
-github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
+github.com/btcsuite/btcd/btcec/v2 v2.3.6 h1:IzlsEr9olcSRKB/n7c4351F3xHKxS2lma+1UFGCYd4E=
+github.com/btcsuite/btcd/btcec/v2 v2.3.6/go.mod h1:m22FrOAiuxl/tht9wIqAoGHcbnCCaPWyauO8y2LGGtQ=
 github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 h1:59Kx4K6lzOW5w6nFlA0v5+lk/6sjybR934QNHSJZPTQ=
 github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
 github.com/bytedance/sonic v1.13.1 h1:Jyd5CIvdFnkOWuKXr+wm4Nyk2h0yAFsr8ucJgEasO3g=
@ -1623,8 +1623,6 @@ lol.mleku.dev v1.0.5/go.mod h1:JlsqP0CZDLKRyd85XGcy79+ydSRqmFkrPzYFMYxQ+zs=
				@@ -1623,8 +1623,6 @@ lol.mleku.dev v1.0.5/go.mod h1:JlsqP0CZDLKRyd85XGcy79+ydSRqmFkrPzYFMYxQ+zs=
 lukechampine.com/frand v1.5.1 h1:fg0eRtdmGFIxhP5zQJzM1lFDbD6CUfu/f+7WgAZd5/w=
 lukechampine.com/frand v1.5.1/go.mod h1:4VstaWc2plN4Mjr10chUD46RAVGWhpkZ5Nja8+Azp0Q=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
-p256k1.mleku.dev v1.0.3 h1:2SBEH9XhNAotO1Ik8ejODjChTqc06Z/6ncQhrYkAdRA=
-p256k1.mleku.dev v1.0.3/go.mod h1:cWkZlx6Tu7CTmIxonFbdjhdNfkY3VbjjY5TFEILiTnY=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=