From 9f0376692b8c7419d5fa98bad1d456b4447bfd53 Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@gmail.com>
Date: Fri, 18 Jul 2025 14:37:18 -0300
Subject: [PATCH] nip46: dynamic bunker can't rely on a secret to be persistent
 or "connect" to be always sent, that's a job for the implementor.

---
 nip46/dynamic-signer.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/nip46/dynamic-signer.go b/nip46/dynamic-signer.go
index 88dd5af..94ac21d 100644
--- a/nip46/dynamic-signer.go
+++ b/nip46/dynamic-signer.go
@@ -112,15 +112,23 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
 		return req, resp, eventResponse, fmt.Errorf("error parsing request: %w", err)
 	}
 
-	var secret string
 	var result string
 	var resultErr error
 
 	switch req.Method {
 	case "connect":
+		var secret string
 		if len(req.Params) >= 2 {
 			secret = req.Params[1]
 		}
+
+		if p.OnConnect != nil {
+			if err := p.OnConnect(ctx, event.PubKey, secret); err != nil {
+				resultErr = err
+				break
+			}
+		}
+
 		result = "ack"
 	case "get_public_key":
 		result = hex.EncodeToString(session.PublicKey[:])
@@ -135,7 +143,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
 			resultErr = fmt.Errorf("failed to decode event/2: %w", err)
 			break
 		}
-		if p.AuthorizeSigning != nil && !p.AuthorizeSigning(evt, event.PubKey, secret) {
+		if p.AuthorizeSigning != nil && !p.AuthorizeSigning(ctx, evt, event.PubKey) {
 			resultErr = fmt.Errorf("refusing to sign this event")
 			break
 		}
@@ -158,7 +166,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
 			resultErr = fmt.Errorf("first argument to 'nip44_encrypt' is not a valid pubkey string")
 			break
 		}
-		if p.AuthorizeEncryption != nil && !p.AuthorizeEncryption(event.PubKey, secret) {
+		if p.AuthorizeEncryption != nil && !p.AuthorizeEncryption(ctx, event.PubKey) {
 			resultErr = fmt.Errorf("refusing to encrypt")
 			break
 		}
@@ -180,7 +188,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
 			resultErr = fmt.Errorf("first argument to 'nip04_decrypt' is not a valid pubkey string")
 			break
 		}
-		if p.AuthorizeEncryption != nil && !p.AuthorizeEncryption(event.PubKey, secret) {
+		if p.AuthorizeEncryption != nil && !p.AuthorizeEncryption(ctx, event.PubKey) {
 			resultErr = fmt.Errorf("refusing to decrypt")
 			break
 		}