diegogurpegui / nos2x-fox Goto Github PK
View Code? Open in Web Editor NEWnostr signer extension for Firefox
Home Page: https://diegogurpegui.com/nos2x-fox/
nostr signer extension for Firefox
Home Page: https://diegogurpegui.com/nos2x-fox/
It would be a great addition to be able to manage multiple nsecs inside the tool. At the moment one can use only one keys which makes having multiple accounts impossible to use in a more secure way.
Currently most Nostr signer extensions like Nos2x, Nos2x-fox and Alby require permissions to "access data from all websites" which I feel is a bit excessive with regards to user privacy. Although I trust that the extension may not do anything with the data from other websites, I feel there could be a way for the user to configure a list of domains on the extension properties or options to allow access to data just for those domains.
Here is how I envision this to work:
An example of an extension that does this is Sponsorblock which allows only Youtube domains or user configured local or external domains.
I will be cross posting this on nos2x and alby extension GitHub repositories as well for a more open discussion.
For authorizations to events that have been approved by the user, it would be nice to have a 'Revoke' option in the options page that would revoke the authorization by clearing out the permissions in local storage.
This is implemented in Nos2x and maybe can be forked?
Public key strings can be difficult to read, especially if you're managing multiple keys.
Provide the option to name a profile, which would be easier to recognize than just an npub. Users could also view the name alongside the shortened public key for a better overall usability.
Is it worth it to have a manual approval each time you have to sign something? I'm thinking of a PIN or even a password.
The idea is that the private key is stored encrypted without the extension to know the encryption key. So each time you need to sign something you, the user, need to enter that encryption key. It could be in the form of a PIN or a password, which you have to enter every time.
If you have this activated, the saved authorizations (5m, 1h, etc) won't be available.
Does it make sense? is it too much?
It would be nice to have the ability to sign for periods longer than 5 minutes.
I don't want to sign forever, but feel the 5 minute period is too short and have to keep on signing multiple times.
My suggestion would be 1 hour, and 8 hours.
Thanks!
The Permissions are not showing in the Options page. It was working before but got broken with the multi-profile feature.
It's probably because they are not being saved along with the problem by mistake, then not properly retrieved. Or a similar bug.
Apparently the creation of popups is not throttled. I just had a situation on https://plebeian.market/ where I got bombarded with plugin popups in an infinite loop. I had to kill Firefox when the system started swapping beyond my 32GB of RAM.
Using this extension, one can only auto-permit all requests or nothing. However, for requests like AUTH
, it would be great to allow them for a certain website always, because they have to be remade for each connection. But I feel less confident in allowing signing anything, mostly in case of bugs that'd cause my feed to explode.
Firefox android launching December 14 (tomorrow)
Is there any way to install the Addon in the mobile version of Firefox?
If not, it would be a very much needed feature ๐
Description:
Mask the nsec behind circle bullets as entered by the user
Current behavior:
The nsec is only masked after it's been saved
Expected behavior:
User doesn't expose their nsec to prying eyes or cameras
I don't really feel comfortable keeping my private key unencrypted on my machine- as of right now the only NIP-07 extensions with this feature are BTC wallets, and I have no desire to use BTC/LN
I don't think I'm alone in wanting this. I'd PR the feature myself, but I unfortunately I've never worked with JS or React
It would be nice to configure multiple profiles consisting of the private/public keypair and allow the user to select which profile that they would want to authorize with while using Nostr Clients.
A selection dropdown in the options page for creating profiles and selecting would be useful. Once a new profile is selected, the 'generate' option would be present to create a new keypair and save it or the user can save their own. Selecting another profile from the dropdown would display another keypair.
The profiles should also allow individually setting up different preferred relays..etc. Basically all options should fall under individual profiles to configure independently per profile.
During authorization prompt the user could be provided the option to select from the list of setup profiles to authorize from. A default or primary profile could be provided as an option too, or default to the value of the previous profile from which authorization was done.
Also, provide an option to delete profiles with a warning message to backup the private key.
noStrudel does not decrypt messages automatically because its author prefers to not give the extension permanent decrypt permission. As most users probably give this permission it would be nice if the nostr client could detect this.
I thought there was maybe a hack one could do - cancel request if it doesn't resolve in 100ms - but I could not find a way to do that.
I think a boolean parameter could be used.
async window.nostr.nip04.decrypt(pubkey, ciphertext, interactive): string // takes ciphertext and iv as specified in nip-04
If interactive
is set to false
, immediately throw an exception if the action is not permitted already.
My index.html is listening for a load
event but even then window.nostr is undefined. If I manually open the browser console, window.nostr exists. I believe this is a timing issue, but I'm not sure what to look for or wait on to signify when nos2x-fox has been loaded into the page. I've also logged any 'message' events but nothing seems applicable.
I noticed once I close a prompt window the site just hangs waiting for the event response would something tied to the closing of the window help here?
I was thinking firing the reject event on a 'beforeunload' event
window.addEventListener('beforeunload', function(ev) {
authorizeHandler(AuthorizationCondition.REJECT)
});
Preferred relays configurable by the user on the extension could allow the user to define a map of some relays, so that when they login to web clients and if clients request for the relay list, maybe they could be sent after the user authorizes it.
According to NIP-07 async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies
This is currently available with Nos2x and maybe could be implemented or forked here as well?
I cannot save my secret key.
Downgrade: You can download the old version 1.11.0 from this page: https://addons.mozilla.org/firefox/addon/nos2x-fox/versions/
Uncaught (in promise) Error: private key must be 32 bytes, hex or bigint, not string
normPrivateKeyToScalar moz-extension://f6a8d7e0-020a-4805-b55b-4a8181ba9915/options.js:25675
schnorrGetExtPubKey moz-extension://f6a8d7e0-020a-4805-b55b-4a8181ba9915/options.js:26512
schnorrGetPublicKey moz-extension://f6a8d7e0-020a-4805-b55b-4a8181ba9915/options.js:26533
getPublicKey moz-extension://f6a8d7e0-020a-4805-b55b-4a8181ba9915/options.js:31647
updateActivePrivateKey moz-extension://f6a8d7e0-020a-4805-b55b-4a8181ba9915/options.js:34723
savePrivateKey moz-extension://f6a8d7e0-020a-4805-b55b-4a8181ba9915/options.js:34996
callCallback2 moz-extension://f6a8d7e0-020a-4805-b55b-4a8181ba9915/options.js:5583
Even if I use a new key generated by pressing "Generate key" button, I got the same error.
I think I could save the key when I was using version 1.11.0.
Firefox Developer Edition 118.0b7 (64bit) / Linux 6.5.2 x86_64
I noticed that the original exception thrown by ensureBytes
:
private key must be valid hex string, got "(omitted)". Cause: Error: padded hex string expected, got unpadded hex of length 63
The input field accepts npub
but the process expects hex
format. I think the cause it that.
Add a feature to mask the private key visibility with an asterisk *
or a dot โ
. This way if we open the options page to revoke permissions to configure something, it's not open for viewing when in a public area.
Hey there,
I'm trying to add an nsec key I generated on Damus to my nos2x-fox, but I'm getting a "the key is not valid error".
Does the extension accept nsec or just hex format keys?
I might be doing something wrong.
Thank you,
I pinned the extension and it's only visible when I hover over the icon.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.