From a4d8491d2d5c0f27c0a58dcd45c1a0aa1a1e9d78 Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@gmail.com>
Date: Mon, 28 Jul 2025 17:31:13 -0300
Subject: [PATCH] nip46: AuthorizeSigning returns an error for better
 debuggability.

---
 nip46/dynamic-signer.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/nip46/dynamic-signer.go b/nip46/dynamic-signer.go
index 931f47b..7a63ba8 100644
--- a/nip46/dynamic-signer.go
+++ b/nip46/dynamic-signer.go
@@ -35,7 +35,7 @@ type DynamicSigner struct {
 	GetUserKeyer func(ctx context.Context, handlerPubkey nostr.PubKey) (context.Context, nostr.Keyer, error)
 
 	// this is called on every sign_event call, if it is nil it will be assumed that everything is authorized
-	AuthorizeSigning func(ctx context.Context, event nostr.Event, from nostr.PubKey) bool
+	AuthorizeSigning func(ctx context.Context, event nostr.Event, from nostr.PubKey) error
 
 	// this is called on every encrypt or decrypt calls, if it is nil it will be assumed that everything is authorized
 	AuthorizeEncryption func(ctx context.Context, from nostr.PubKey) bool
@@ -143,9 +143,11 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
 			resultErr = fmt.Errorf("failed to decode event/2: %w", err)
 			break
 		}
-		if p.AuthorizeSigning != nil && !p.AuthorizeSigning(ctx, evt, event.PubKey) {
-			resultErr = fmt.Errorf("refusing to sign this event")
-			break
+		if p.AuthorizeSigning != nil {
+			if err := p.AuthorizeSigning(ctx, evt, event.PubKey); err != nil {
+				resultErr = fmt.Errorf("refusing to sign: %s", err)
+				break
+			}
 		}
 
 		err = userKeyer.SignEvent(ctx, &evt)