diff --git a/01.md b/01.md index 003c0ca1..4cfdd359 100644 --- a/01.md +++ b/01.md @@ -22,7 +22,7 @@ The only object type that exists is the `event`, which has the following format "kind": , "tags": [ ["e", <32-bytes hex of the id of another event>, ], - ["p", <32-bytes hex of the key>, ], + ["p", <32-bytes hex of a pubkey>, ], ... // other kinds of tags may be included later ], "content": , @@ -89,7 +89,7 @@ The `limit` property of a filter is only valid for the initial query and can be Relays can send 2 types of messages, which must also be JSON arrays, according to the following patterns: * `["EVENT", , ]`, used to send events requested by clients. - * `["NOTICE", ]`, used to send human-readable error messages or other things to clients. + * `["NOTICE", ]`, used to send human-readable error messages or other things to clients. This NIP defines no rules for how `NOTICE` messages should be sent or treated. diff --git a/02.md b/02.md index ba1ae60e..2f199080 100644 --- a/02.md +++ b/02.md @@ -22,6 +22,7 @@ For example: ], "content": "", ...other fields +} ``` Every new contact list that gets published overwrites the past ones, so it should contain all entries. Relays and clients SHOULD delete past contact lists as soon as they receive a new one. diff --git a/04.md b/04.md index bafc5c7e..60ec5e04 100644 --- a/04.md +++ b/04.md @@ -20,15 +20,15 @@ Code sample for generating such an event in JavaScript: ```js import crypto from 'crypto' -import * as secp from 'noble-secp256k1' +import * as secp from '@noble/secp256k1' let sharedPoint = secp.getSharedSecret(ourPrivateKey, '02' + theirPublicKey) -let sharedX = sharedPoint.substr(2, 64) +let sharedX = sharedPoint.slice(1, 33) let iv = crypto.randomFillSync(new Uint8Array(16)) var cipher = crypto.createCipheriv( 'aes-256-cbc', - Buffer.from(sharedX, 'hex'), + Buffer.from(sharedX), iv ) let encryptedMessage = cipher.update(text, 'utf8', 'base64') @@ -43,3 +43,11 @@ let event = { content: encryptedMessage + '?iv=' + ivBase64 } ``` + +## Security Warning + +This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use `AUTH` to restrict who can fetch your `kind:4` events. + +## Client Implementation Warning + +Client's *should not* search and replace public key or note references from the `.content`. If processed like a regular text note (where `@npub...` is replaced with `#[0]` with a `["p", "..."]` tag) the tags are leaked and the mentioned user will receive the message in their inbox. diff --git a/06.md b/06.md index c1e66fe8..4ae571f7 100644 --- a/06.md +++ b/06.md @@ -8,8 +8,8 @@ Basic key derivation from mnemonic seed phrase [BIP39](https://bips.xyz/39) is used to generate mnemonic seed words and derive a binary seed from them. -[BIP32](https://bips.xyz/32) is used to derive the path `m/44'/1237'/0'/0/0` (according to the Nostr entry on [SLIP44](https://github.com/satoshilabs/slips/blob/master/slip-0044.md)). +[BIP32](https://bips.xyz/32) is used to derive the path `m/44'/1237'/'/0/0` (according to the Nostr entry on [SLIP44](https://github.com/satoshilabs/slips/blob/master/slip-0044.md)). -This is the default for a basic, normal, single-key client. +A basic client can simply use an `account` of `0` to derive a single key. For more advanced use-cases you can increment `account`, allowing generation of practically infinite keys from the 5-level path with hardened derivation. Other types of clients can still get fancy and use other derivation paths for their own other purposes. diff --git a/07.md b/07.md index 6c9f2b32..3b7a1d29 100644 --- a/07.md +++ b/07.md @@ -24,7 +24,9 @@ async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext ### Implementation +- [horse](https://github.com/fiatjaf/horse) (Chrome and derivatives) - [nos2x](https://github.com/fiatjaf/nos2x) (Chrome and derivatives) - [Alby](https://getalby.com) (Chrome and derivatives, Firefox, Safari) - [Blockcore](https://www.blockcore.net/wallet) (Chrome and derivatives) - [nos2x-fox](https://diegogurpegui.com/nos2x-fox/) (Firefox) +- [Flamingo](https://www.getflamingo.org/) (Chrome and derivatives) diff --git a/08.md b/08.md index 5dbb695f..fb87b536 100644 --- a/08.md +++ b/08.md @@ -1,10 +1,12 @@ +> __Warning__ `unrecommended`: deprecated in favor of NIP-27 + NIP-08 ====== Handling Mentions ----------------- -`final` `optional` `author:fiatjaf` `author:scsibug` +`final` `unrecommended` `optional` `author:fiatjaf` `author:scsibug` This document standardizes the treatment given by clients of inline mentions of other events and pubkeys inside the content of `text_note`s. @@ -15,3 +17,5 @@ Once a mention is identified, for example, the pubkey `27866e9d854c78ae625b867ee The same process applies for mentioning event IDs. A client that receives a `text_note` event with such `#[index]` mentions in its `.content` CAN do a search-and-replace using the actual contents from the `.tags` array with the actual pubkey or event ID that is mentioned, doing any desired context augmentation (for example, linking to the pubkey or showing a preview of the mentioned event contents) it wants in the process. + +Where `#[index]` has an `index` that is outside the range of the tags array or points to a tag that is not an `e` or `p` tag or a tag otherwise declared to support this notation, the client MUST NOT perform such replacement or augmentation, but instead display it as normal text. diff --git a/11.md b/11.md index 8cdb85e4..f97193c2 100644 --- a/11.md +++ b/11.md @@ -4,7 +4,7 @@ NIP-11 Relay Information Document --------------------------- -`draft` `optional` `author:scsibug` +`draft` `optional` `author:scsibug` `author:doc-hex` `author:cameri` Relays may provide server metadata to clients to inform them of capabilities, administrative contacts, and various server attributes. This is made available as a JSON document over HTTP, on the same URI as the relay's websocket. @@ -56,3 +56,200 @@ The relay server implementation MAY be provided in the `software` attribute. If ### Version ### The relay MAY choose to publish its software version as a string attribute. The string format is defined by the relay implementation. It is recommended this be a version number or commit identifier. + +Extra Fields +----------------- + +### Server Limitations ### + +These are limitations imposed by the relay on clients. Your client +should expect that requests which exceed these *practical* limitations +are rejected or fail immediately. + +```json +{ +... + limitation: { + max_message_length: 16384, + max_subscriptions: 20, + max_filters: 100, + max_limit: 5000, + max_subid_length: 100, + min_prefix: 4, + max_event_tags: 100, + max_content_length: 8196, + min_pow_difficulty: 30, + auth_required: true, + payment_required: true, + } +... +} +``` + +- `max_message_length`: this is the maximum number of bytes for incoming JSON that the relay +will attempt to decode and act upon. When you send large subscriptions, you will be +limited by this value. It also effectively limits the maximum size of any event. Value is +calculated from `[` to `]` and is after UTF-8 serialization (so some unicode characters +will cost 2-3 bytes). It is equal to the maximum size of the WebSocket message frame. + +- `max_subscriptions`: total number of subscriptions that may be +active on a single websocket connection to this relay. It's possible +that authenticated clients with a (paid) relationship to the relay +may have higher limits. + +- `max_filters`: maximum number of filter values in each subscription. +Must be one or higher. + +- `max_subid_length`: maximum length of subscription id as a string. + +- `min_prefix`: for `authors` and `ids` filters which are to match against +a hex prefix, you must provide at least this many hex digits in the prefix. + +- `max_limit`: the relay server will clamp each filter's `limit` value to this number. +This means the client won't be able to get more than this number +of events from a single subscription filter. This clamping is typically done silently +by the relay, but with this number, you can know that there are additional results +if you narrowed your filter's time range or other parameters. + +- `max_event_tags`: in any event, this is the maximum number of elements in the `tags` list. + +- `max_content_length`: maximum number of characters in the `content` +field of any event. This is a count of unicode characters. After +serializing into JSON it may be larger (in bytes), and is still +subject to the `max_message_length`, if defined. + +- `min_pow_difficulty`: new events will require at least this difficulty of PoW, +based on [NIP-13](13.md), or they will be rejected by this server. + +- `auth_required`: this relay requires [NIP-42](42.md) authentication +to happen before a new connection may perform any other action. +Even if set to False, authentication may be required for specific actions. + +- `payment_required`: this relay requires payment before a new connection may perform any action. + +### Event Retention ### + +There may be a cost associated with storing data forever, so relays +may wish to state retention times. The values stated here are defaults +for unauthenticated users and visitors. Paid users would likely have +other policies. + +Retention times are given in seconds, with `null` indicating infinity. +If zero is provided, this means the event will not be stored at +all, and preferably an error will be provided when those are received. + +```json +{ +... + retention: [ + { kinds: [0, 1, [5, 7], [40, 49]], time: 3600 }, + { kinds: [[40000, 49999], time: 100 }, + { kinds: [[30000, 39999], count: 1000 }, + { time: 3600, count: 10000 } + ] +... +} +``` + +`retention` is a list of specifications: each will apply to either all kinds, or +a subset of kinds. Ranges may be specified for the kind field as a tuple of inclusive +start and end values. Events of indicated kind (or all) are then limited to a `count` +and or time period. + +It is possible to effectively blacklist Nostr-based protocols that rely on +a specific `kind` number, by giving a retention time of zero for those `kind` values. +While that is unfortunate, it does allow clients to discover servers that will +support their protocol quickly via a single HTTP fetch. + +There is no need to specify retention times for _ephemeral events_ as defined +in [NIP-16](16.md) since they are not retained. + + +### Content Limitations ### + +Some relays may be governed by the arbitrary laws of a nation state. This +may limit what content can be stored in cleartext on those relays. All +clients are encouraged to use encryption to work around this limitation. + +It is not possible to describe the limitations of each country's laws +and policies which themselves are typically vague and constantly shifting. + +Therefore, this field allows the relay operator to indicate which +country's' laws might end up being enforced on them, and then +indirectly on their users's content. + +Users should be able to avoid relays in countries they don't like, +and/or select relays in more favourable zones. Exposing this +flexibility is up to the client software. + +```json +{ +... + relay_countries: [ 'CA', 'US' ], +... +} +``` + +- `relay_countries`: a list of two-level ISO country codes (ISO 3166-1 alpha-2) whose + laws and policies may affect this relay. `EU` may be used for European Union countries. + +Remember that a relay may be hosted in a country which is not the +country of the legal entities who own the relay, so it's very +likely a number of countries are involved. + + +### Community Preferences ### + +For public text notes at least, a relay may try to foster a +local community. This would encourage users to follow the global +feed on that relay, in addition to their usual individual follows. +To support this goal, relays MAY specify some of the following values. + +```json +{ +... + language_tags: [ 'en', 'en-419' ], + tags: [ 'sfw-only', 'bitcoin-only', 'anime' ], + posting_policy: 'https://example.com/posting-policy.html', +... +} +``` + +- `language_tags` is an ordered list + of [IETF language tags](https://en.wikipedia.org/wiki/IETF_language_tag) indicating + the major languages spoken on the relay. + +- `tags` is a list of limitations on the topics to be discussed. + For example `sfw-only` indicates hat only "Safe For Work" content + is encouraged on this relay. This relies on assumptions of what the + "work" "community" feels "safe" talking about. In time, a common + set of tags may emerge that allow users to find relays that suit + their needs, and client software will be able to parse these tags easily. + The `bitcoin-only` tag indicates that any *altcoin*, *"crypto"* or *blockchain* + comments will be ridiculed without mercy. + +- `posting_policy` is a link to a human-readable page which specifies the + community policies for the relay. In cases where `sfw-only` is True, it's + important to link to a page which gets into the specifics of your posting policy. + +The `description` field should be used to describe your community +goals and values, in brief. The `posting_policy` is for additional +detail and legal terms. Use the `tags` field to signify limitations +on content, or topics to be discussed, which could be machine +processed by appropriate client software. + +### Pay-To-Relay ### + +Relays that require payments may want to expose their fee schedules. + +```json +{ +... + payments_url: "https://my-relay/payments", + fees: { + "admission": [{ amount: 1000000, unit: 'msats' }], + "subscription": [{ amount: 5000000, unit: 'msats', period: 2592000 }], + "publication": [{ kinds: [4], amount: 100, unit: 'msats' }], + }, +... +} diff --git a/16.md b/16.md index 80a6b3d9..4d9481d4 100644 --- a/16.md +++ b/16.md @@ -16,7 +16,9 @@ Upon a regular event being received, the relay SHOULD send it to all clients wit Replaceable Events ------------------ A *replaceable event* is defined as an event with a kind `10000 <= n < 20000`. -Upon a replaceable event with a newer timestamp than the currently known latest replaceable event with the same kind being received, and signed by the same key, the old event SHOULD be discarded and replaced with the newer event. +Upon a replaceable event with a newer timestamp than the currently known latest replaceable event with the same kind and author being received, the old event SHOULD be discarded, +effectively replacing what gets returned when querying for +`author:kind` tuples. Ephemeral Events ---------------- diff --git a/18.md b/18.md new file mode 100644 index 00000000..422ad9ca --- /dev/null +++ b/18.md @@ -0,0 +1,25 @@ +NIP-18 +====== + +Reposts +------- + +`draft` `optional` `author:jb55` `author:fiatjaf` `author:arthurfranca` + +A repost is a `kind 6` note that is used to signal to followers +that another event is worth reading. + +The `content` of a repost event is empty. Optionally, it MAY contain +the stringified JSON of the reposted note event for quick look up. + +The repost event MUST include an `e` tag with the `id` of the note that is +being reposted. That tag MUST include a relay URL as its third entry +to indicate where it can be fetched. + +The repost SHOULD include a `p` tag with the `pubkey` of the event being +reposted. + +## Quote Reposts + +Quote reposts are `kind 1` events with an embedded `e` tag (see [NIP-08](08.md) and [NIP-27](27.md)). +Because a quote repost includes an `e` tag, it may show up along replies to the reposted note. diff --git a/19.md b/19.md index 45081b0e..9d73458d 100644 --- a/19.md +++ b/19.md @@ -46,14 +46,14 @@ These possible standardized `TLV` types are indicated here: - for `nrelay`, this is the relay URL - for `naddr`, it is the identifier (the `"d"` tag) of the event being referenced - `1`: `relay` - - for `nprofile`, `nevent` and `naddr`, a relay in which the entity (profile or event) is more likely to be found, encoded as ascii + - for `nprofile`, `nevent` and `naddr`, _optionally_, a relay in which the entity (profile or event) is more likely to be found, encoded as ascii - this may be included multiple times - `2`: `author` - for `naddr`, the 32 bytes of the pubkey of the event + - for `nevent`, _optionally_, the 32 bytes of the pubkey of the event - `3`: `kind` - for `naddr`, the 32-bit unsigned integer of the kind, big-endian - ## Examples - `npub10elfcs4fr0l0r8af98jlmgdh9c8tcxjvz9qkw038js35mp4dma8qzvjptg` should decode into the public key hex `7e7e9c42a91bfef19fa929e5fda1b72e0ebc1a4c1141673e2794234d86addf4e` and vice-versa diff --git a/23.md b/23.md index 0648a354..151a31b5 100644 --- a/23.md +++ b/23.md @@ -6,7 +6,7 @@ Long-form Content `draft` `optional` `author:fiatjaf` -This NIP defines `kind:30023` (a parameterized replaceable event according to NIP-33) for long-form text content, generally referred to as "articles" or "blog posts". +This NIP defines `kind:30023` (a parameterized replaceable event according to [NIP-33](33.md)) for long-form text content, generally referred to as "articles" or "blog posts". "Social" clients that deal primarily with `kind:1` notes should not be expected to implement this NIP. @@ -31,17 +31,11 @@ These articles are meant to be editable, so they should make use of the replacea ### Linking -The article may be linked to using the NIP-19 `naddr` code along with the `"a"` tag (see NIP-33 and NIP-19). +The article may be linked to using the NIP-19 `naddr` code along with the `"a"` tag (see [NIP-33](33.md) and [NIP-19](19.md)). ### References -Clients that support publishing NIP-23 events should implement support for parsing pasted NIP-19 `naddr` identifiers and adding them automatically to the list of `.tags` of the event, replacing the actual content with a string like `#[tag_index]` in the same way as NIP-08 -- or, if the reference is in the form of a URL (for example, `[click here](naddr1...)`) then they should be replaced with just the tag number directly as if link with that name existed at the bottom of the Markdown (for example, `[click here][0]`). - -Reader clients should parse the Markdown and replace these references with either internal links so the referenced events can be accessed directly, with NIP-21 `nostr:naddr1...` links or direct links to web clients that will handle these references. - -The idea here is that having these tags is that reader clients can display a list of backreferences at the bottom when one article mentions another. - -The same principles can be applied to `nevent1...`, `note1...`, `nprofile1...` or `npub1...`. +References to other Nostr notes, articles or profiles must be made according to [NIP-27](27.md), i.e. by using [NIP-21](21.md) `nostr:...` links and optionally adding tags for these (see example below). ## Example Event @@ -49,7 +43,7 @@ The same principles can be applied to `nevent1...`, `note1...`, `nprofile1...` o { "kind": 30023, "created_at": 1675642635, - "content": "Lorem [ipsum][4] dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.\n\nRead more at #[3].", + "content": "Lorem [ipsum][nostr:nevent1qqst8cujky046negxgwwm5ynqwn53t8aqjr6afd8g59nfqwxpdhylpcpzamhxue69uhhyetvv9ujuetcv9khqmr99e3k7mg8arnc9] dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.\n\nRead more at nostr:naddr1qqzkjurnw4ksz9thwden5te0wfjkccte9ehx7um5wghx7un8qgs2d90kkcq3nk2jry62dyf50k0h36rhpdtd594my40w9pkal876jxgrqsqqqa28pccpzu.", "tags": [ ["d", "lorem-ipsum"], ["title", "Lorem Ipsum"], diff --git a/27.md b/27.md new file mode 100644 index 00000000..028ee5ea --- /dev/null +++ b/27.md @@ -0,0 +1,54 @@ +NIP-27 +====== + +Text Note References +-------------------- + +`draft` `optional` `author:arthurfranca` `author:hodlbod` `author:fiatjaf` + +This document standardizes the treatment given by clients of inline references of other events and profiles inside the `.content` of any event that has readable text in its `.content` (such as kinds 1 and 30023). + +When creating an event, clients should include mentions to other profiles and to other events in the middle of the `.content` using NIP-21 codes, such as `nostr:nprofile1qqsw3dy8cpu...6x2argwghx6egsqstvg`. + +Including [NIP-10](10.md)-style tags (`["e", , , ]`) for each reference is optional, clients should do it whenever they want the profile being mentioned to be notified of the mention, or when they want the referenced event to recognize their mention as a reply. + +A reader client that receives an event with such `nostr:...` mentions in its `.content` can do any desired context augmentation (for example, linking to the profile or showing a preview of the mentioned event contents) it wants in the process. If turning such mentions into links, they could become internal links, NIP-21 links or direct links to web clients that will handle these references. + +--- + +## Example of a profile mention process + +Suppose Bob is writing a note in a client that has search-and-autocomplete functionality for users that is triggered when they write the character `@`. + +As Bob types `"hello @mat"` the client will prompt him to autocomplete with [mattn's profile](https://gateway.nostr.com/p/2c7cc62a697ea3a7826521f3fd34f0cb273693cbe5e9310f35449f43622a5cdc), showing a picture and name. + +Bob presses "enter" and now he sees his typed note as `"hello @mattn"`, `@mattn` is highlighted, indicating that it is a mention. Internally, however, the event looks like this: + +```json +{ + "content": "hello nostr:nprofile1qqszclxx9f5haga8sfjjrulaxncvkfekj097t6f3pu65f86rvg49ehqj6f9dh", + "created_at": 1679790774, + "id": "f39e9b451a73d62abc5016cffdd294b1a904e2f34536a208874fe5e22bbd47cf", + "kind": 1, + "pubkey": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", + "sig": "f8c8bab1b90cc3d2ae1ad999e6af8af449ad8bb4edf64807386493163e29162b5852a796a8f474d6b1001cddbaac0de4392838574f5366f03cc94cf5dfb43f4d", + "tags": [ + [ + "p", + "2c7cc62a697ea3a7826521f3fd34f0cb273693cbe5e9310f35449f43622a5cdc" + ] + ] +} +``` + +(Alternatively, the mention could have been a `nostr:npub1...` URL.) + +After Bob publishes this event and Carol sees it, her client will initially display the `.content` as it is, but later it will parse the `.content` and see that there is a `nostr:` URL in there, decode it, extract the public key from it (and possibly relay hints), fetch that profile from its internal database or relays, then replace the full URL with the name `@mattn`, with a link to the internal page view for that profile. + +## Verbose and probably unnecessary considerations + +- The example above was very concrete, but it doesn't mean all clients have to implement the same flow. There could be clients that do not support autocomplete at all, so they just allow users to paste raw [NIP-19](19.md) codes into the body of text, then prefix these with `nostr:` before publishing the event. +- The flow for referencing other events is similar: a user could paste a `note1...` or `nevent1...` code and the client will turn that into a `nostr:note1...` or `nostr:nevent1...` URL. Then upon reading such references the client may show the referenced note in a preview box or something like that -- or nothing at all. +- Other display procedures can be employed: for example, if a client that is designed for dealing with only `kind:1` text notes sees, for example, a [`kind:30023`](23.md) `nostr:naddr1...` URL reference in the `.content`, it can, for example, decide to turn that into a link to some hardcoded webapp capable of displaying such events. +- Clients may give the user the option to include or not include tags for mentioned events or profiles. If someone wants to mention `mattn` without notifying them, but still have a nice augmentable/clickable link to their profile inside their note, they can instruct their client to _not_ create a `["p", ...]` tag for that specific mention. +- In the same way, if someone wants to reference another note but their reference is not meant to show up along other replies to that same note, their client can choose to not include a corresponding `["e", ...]` tag for any given `nostr:nevent1...` URL inside `.content`. Clients may decide to expose these advanced functionalities to users or be more opinionated about things. diff --git a/28.md b/28.md index 0862e72d..169ae4f4 100644 --- a/28.md +++ b/28.md @@ -9,7 +9,7 @@ Public Chat This NIP defines new event kinds for public chat channels, channel messages, and basic client-side moderation. -It reserves five event kinds (40-44) for immediate use and five event kinds (45-49) for future use. +It reserves five event kinds (40-44) for immediate use: - `40 - channel create` - `41 - channel metadata` @@ -84,6 +84,7 @@ Reply to another message: { "content": , "tags": [ + ["e", , , "root"], ["e", , , "reply"], ["p", , ], ... @@ -138,12 +139,6 @@ For [NIP-10](10.md) relay recommendations, clients generally SHOULD use the rela Clients MAY recommend any relay URL. For example, if a relay hosting the original kind 40 event for a channel goes offline, clients could instead fetch channel data from a backup relay, or a relay that clients trust more than the original relay. -Future extensibility --------------------- - -We reserve event kinds 45-49 for other events related to chat, to potentially include new types of media (photo/video), moderation, or support of private or group messaging. - - Motivation ---------- If we're solving censorship-resistant communication for social media, we may as well solve it also for Telegram-style messaging. diff --git a/33.md b/33.md index 409ce4f7..10681fac 100644 --- a/33.md +++ b/33.md @@ -14,8 +14,10 @@ The value of a tag is defined as the first parameter of a tag after the tag name A *parameterized replaceable event* is defined as an event with a kind `30000 <= n < 40000`. Upon a parameterized replaceable event with a newer timestamp than the currently known latest -replaceable event with the same kind and first `d` tag value being received, the old event -SHOULD be discarded and replaced with the newer event. +replaceable event with the same kind, author and first `d` tag value being received, the old event +SHOULD be discarded, effectively replacing what gets returned when querying for +`author:kind:d-tag` tuples. + A missing or a `d` tag with no value should be interpreted equivalent to a `d` tag with the value as an empty string. Events from the same author with any of the following `tags` replace each other: @@ -26,7 +28,7 @@ replace each other: * `"tags":[["d",""],["d","not empty"]]`: only first `d` tag is considered * `"tags":[["d"],["d","some value"]]`: only first `d` tag is considered * `"tags":[["e"]]`: same as no tags -* `"tags":[["d","test","1"]]`: only the value is considered (`test`) +* `"tags":[["d","","1"]]`: only the first value is considered (`""`) Clients SHOULD NOT use `d` tags with multiple values and SHOULD include the `d` tag even if it has no value to allow querying using the `#d` filter. diff --git a/39.md b/39.md new file mode 100644 index 00000000..b84603c9 --- /dev/null +++ b/39.md @@ -0,0 +1,66 @@ +NIP-39 +====== + +External Identities in Profiles +------------------------------- + +`draft` `optional` `author:pseudozach` `author:Semisol` + +## Abstract + +Nostr protocol users may have other online identities such as usernames, profile pages, keypairs etc. they control and they may want to include this data in their profile metadata so clients can parse, validate and display this information. + +## `i` tag on a metadata event + +A new optional `i` tag is introduced for `kind 0` metadata event contents in addition to name, about, picture fields as included in [NIP-01](https://github.com/nostr-protocol/nips/blob/master/01.md): +```json +{ + "id": , + "pubkey": , + ... + "tags": [ + ["i", "github:semisol", "9721ce4ee4fceb91c9711ca2a6c9a5ab"], + ["i", "twitter:semisol_public", "1619358434134196225"], + ["i", "mastodon:bitcoinhackers.org/@semisol", "109775066355589974"] + ["i", "telegram:1087295469", "nostrdirectory/770"] + ] +} +``` + +An `i` tag will have two parameters, which are defined as the following: +1. `platform:identity`: This is the platform name (for example `github`) and the identity on that platform (for example `semisol`) joined together with `:`. +2. `proof`: String or object that points to the proof of owning this identity. + +Clients SHOULD process any `i` tags with more than 2 values for future extensibility. +Identity provider names SHOULD only include `a-z`, `0-9` and the characters `._-/` and MUST NOT include `:`. +Identity names SHOULD be normalized if possible by replacing uppercase letters with lowercase letters, and if there are multiple aliases for an entity the primary one should be used. + +## Claim types + +### `github` + +Identity: A GitHub username. + +Proof: A GitHub Gist ID. This Gist should be created by `` with a single file that has the text `Verifying that I control the following Nostr public key: `. +This can be located at `https://gist.github.com//`. + +### `twitter` + +Identity: A Twitter username. + +Proof: A Tweet ID. The tweet should be posted by `` and have the text `Verifying my account on nostr My Public Key: ""`. +This can be located at `https://twitter.com//status/`. + +### `mastodon` + +Identity: A Mastodon instance and username in the format `/@`. + +Proof: A Mastodon post ID. This post should be published by `@` and have the text `Verifying that I control the following Nostr public key: ""`. +This can be located at `https:///`. + +### `telegram` + +Identity: A Telegram user ID. + +Proof: A string in the format `/` which points to a message published in the public channel or group with name `` and message ID ``. This message should be sent by user ID `` and have the text `Verifying that I control the following Nostr public key: ""`. +This can be located at `https://t.me/`. diff --git a/45.md b/45.md new file mode 100644 index 00000000..cd81c116 --- /dev/null +++ b/45.md @@ -0,0 +1,31 @@ +NIP-45 +====== + +Event Counts +-------------- + +`draft` `optional` `author:staab` + +Relays may support the `COUNT` verb, which provide a mechanism for obtaining event counts. + +## Motivation + +Some queries a client may want to execute against connected relays are prohibitively expensive, for example, in order to retrieve follower counts for a given pubkey, a client must query all kind-3 events referring to a given pubkey and count them. The result may be cached, either by a client or by a separate indexing server as an alternative, but both options erode the decentralization of the network by creating a second-layer protocol on top of Nostr. + +## Filters and return values + +This NIP defines a verb called `COUNT`, which accepts a subscription id and a filter as specified in [NIP 01](01.md). + +Counts are returned using a `COUNT` response in the form `{count: }`. Relays may use probabilistic counts to reduce compute requirements. + +Examples: + +``` +# Followers count +["COUNT", "", {kinds: [3], '#p': []}] +["COUNT", "", {count: 238}] + +# Count posts and reactions +["COUNT", "", {kinds: [1, 7], authors: []}] +["COUNT", "", {count: 5}] +``` diff --git a/46.md b/46.md index 6589fc00..90fa1a06 100644 --- a/46.md +++ b/46.md @@ -67,7 +67,7 @@ These are mandatory methods the remote signer app MUST implement: - result `pubkey` - **sign_event** - params [`event`] - - result `signature` + - result `event_with_signature` #### optional @@ -151,7 +151,7 @@ The `content` field contains encrypted message as specified by [NIP04](https://g 1. The **App** will send a message to the **Signer** with a `sign_event` request along with the **event** to be signed 2. The **Signer** will show a popup to the user to inspect the event and sign it -3. The **Signer** will send back a message with the schnorr `signature` of the event as a response to the `sign_event` request +3. The **Signer** will send back a message with the event including the `id` and the schnorr `signature` as a response to the `sign_event` request ### Delegate diff --git a/51.md b/51.md new file mode 100644 index 00000000..b4143ada --- /dev/null +++ b/51.md @@ -0,0 +1,112 @@ +NIP-51 +====== + +Lists +------------------------- + +`draft` `optional` `author:fiatjaf` `author:arcbtc` `author:monlovesmango` `author:eskema` `depends:33` + +A "list" event is defined as having a list of public and/or private tags. Public tags will be listed in the event `tags`. Private tags will be encrypted in the event `content`. Encryption for private tags will use [NIP-04 - Encrypted Direct Message](04.md) encryption, using the list author's private and public key for the shared secret. A distinct event kind should be used for each list type created. + +If a list type should only be defined once per user (like the 'Mute' list), the list type's events should follow the specification for [NIP-16 - Replaceable Events](16.md). These lists may be referred to as 'replaceable lists'. + +Otherwise the list type's events should follow the specification for [NIP-33 - Parameterized Replaceable Events](33.md), where the list name will be used as the 'd' parameter. These lists may be referred to as 'parameterized replaceable lists'. + +## Replaceable List Event Example + +Lets say a user wants to create a 'Mute' list and has keys: +``` +priv: fb505c65d4df950f5d28c9e4d285ee12ffaf315deef1fc24e3c7cd1e7e35f2b1 +pub: b1a5c93edcc8d586566fde53a20bdb50049a97b15483cb763854e57016e0fa3d +``` +The user wants to publicly include these users: + +```json +["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"], +["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"] +``` +and privately include these users (below is the JSON that would be encrypted and placed in the event content): + +```json +[ + ["p", "9ec7a778167afb1d30c4833de9322da0c08ba71a69e1911d5578d3144bb56437"], + ["p", "8c0da4862130283ff9e67d889df264177a508974e2feb96de139804ea66d6168"] +] +``` + +Then the user would create a 'Mute' list event like below: + +```json +{ + "kind": 10000, + "tags": [ + ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"], + ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"], + ], + "content": "VezuSvWak++ASjFMRqBPWS3mK5pZ0vRLL325iuIL4S+r8n9z+DuMau5vMElz1tGC/UqCDmbzE2kwplafaFo/FnIZMdEj4pdxgptyBV1ifZpH3TEF6OMjEtqbYRRqnxgIXsuOSXaerWgpi0pm+raHQPseoELQI/SZ1cvtFqEUCXdXpa5AYaSd+quEuthAEw7V1jP+5TDRCEC8jiLosBVhCtaPpLcrm8HydMYJ2XB6Ixs=?iv=/rtV49RFm0XyFEwG62Eo9A==", + ...other fields +} +``` + + +## Parameterized Replaceable List Event Example + +Lets say a user wants to create a 'Categorized People' list of `nostr` people and has keys: +``` +priv: fb505c65d4df950f5d28c9e4d285ee12ffaf315deef1fc24e3c7cd1e7e35f2b1 +pub: b1a5c93edcc8d586566fde53a20bdb50049a97b15483cb763854e57016e0fa3d +``` +The user wants to publicly include these users: + +```json +["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"], +["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"] +``` +and privately include these users (below is the JSON that would be encrypted and placed in the event content): + +```json +[ + ["p", "9ec7a778167afb1d30c4833de9322da0c08ba71a69e1911d5578d3144bb56437"], + ["p", "8c0da4862130283ff9e67d889df264177a508974e2feb96de139804ea66d6168"] +] +``` + +Then the user would create a 'Categorized People' list event like below: + +```json +{ + "kind": 30000, + "tags": [ + ["d", "nostr"], + ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"], + ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"], + ], + "content": "VezuSvWak++ASjFMRqBPWS3mK5pZ0vRLL325iuIL4S+r8n9z+DuMau5vMElz1tGC/UqCDmbzE2kwplafaFo/FnIZMdEj4pdxgptyBV1ifZpH3TEF6OMjEtqbYRRqnxgIXsuOSXaerWgpi0pm+raHQPseoELQI/SZ1cvtFqEUCXdXpa5AYaSd+quEuthAEw7V1jP+5TDRCEC8jiLosBVhCtaPpLcrm8HydMYJ2XB6Ixs=?iv=/rtV49RFm0XyFEwG62Eo9A==", + ...other fields +} +``` + +## List Event Kinds + +| kind | list type | +| ------ | ----------------------- | +| 10000 | Mute | +| 10001 | Pin | +| 30000 | Categorized People | +| 30001 | Categorized Bookmarks | + +### Mute List + +An event with kind `10000` is defined as a replaceable list event for listing content a user wants to mute. Any standarized tag can be included in a Mute List. + +### Pin List + +An event with kind `10001` is defined as a replaceable list event for listing content a user wants to pin. Any standarized tag can be included in a Pin List. + +### Categorized People List + +An event with kind `30000` is defined as a parameterized replaceable list event for categorizing people. The 'd' parameter for this event holds the category name of the list. The tags included in these lists MUST follow the format of kind 3 events as defined in [NIP-02 - Contact List and Petnames](02.md). + +### Categorized Bookmarks List + +An event with kind `30001` is defined as a parameterized replaceable list event for categorizing bookmarks. The 'd' parameter for this event holds the category name of the list. Any standarized tag can be included in a Categorized Bookmarks List. diff --git a/57.md b/57.md index f42f9317..ca16bfd0 100644 --- a/57.md +++ b/57.md @@ -6,69 +6,139 @@ Lightning Zaps `draft` `optional` `author:jb55` `author:kieran` -This NIP defines a new note type called a lightning zap of kind `9735`. These represent paid lightning invoice receipts sent by a lightning node called the `zapper`. We also define another note type of kind `9734` which are `zap request` notes, which will be described in this document. +This NIP defines two new event types for recording lightning payments between users. `9734` is a `zap request`, representing a payer's request to a recipient's lightning wallet for an invoice. `9735` is a `zap receipt`, representing the confirmation by the recipient's lightning wallet that the invoice issued in response to a zap request has been paid. Having lightning receipts on nostr allows clients to display lightning payments from entities on the network. These can be used for fun or for spam deterrence. - -## Definitions - -`zapper` - the lightning node or service that sends zap notes (kind `9735`) - -`zap request` - a note of kind `9734` created by the person zapping - -`zap invoice` - the bolt11 invoice fetched from a custom lnurl endpoint which contains a `zap request` note - - ## Protocol flow -### Client side +1. Client calculates a recipient's lnurl pay request url from the `zap` tag on the event being zapped (see Appendix G), or by decoding their lud06 or lud16 field on their profile according to the [lnurl specifications](https://github.com/lnurl/luds). The client MUST send a GET request to this url and parse the response. If `allowsNostr` exists and it is `true`, and if `nostrPubkey` exists and is a valid BIP 340 public key in hex, the client should associate this information with the user, along with the response's `callback`, `minSendable`, and `maxSendable` values. +2. Clients may choose to display a lightning zap button on each post or on a user's profile. If the user's lnurl pay request endpoint supports nostr, the client SHOULD use this NIP to request a zap receipt rather than a normal lnurl invoice. +3. When a user (the "sender") indicates they want to send a zap to another user (the "recipient"), the client should create a `zap request` event as described in Appendix A of this NIP and sign it. +4. Instead of publishing the `zap request`, the `9734` event should instead be sent to the `callback` url received from the lnurl pay endpoint for the recipient using a GET request. See Appendix B for details and an example. +5. The recipient's lnurl server will receive this request and validate it. See Appendix C for details on how to properly configure an lnurl server to support zaps, and Appendix D for details on how to validate the `nostr` query parameter. +6. If the request is valid, the server should fetch a description hash invoice where the description is this note and this note only. No additional lnurl metadata is included in the description. This will be returned in the response according to [LUD06](https://github.com/lnurl/luds/blob/luds/06.md). +7. On receiving the invoice, the client MAY pay it or pass it to an app that can pay the invoice. +8. Once the invoice is paid, the recipient's lnurl server MUST generate a `zap receipt` as described in Appendix E, and publish it to the `relays` specified in the `zap request`. +9. Clients MAY fetch zap notes on posts and profiles, but MUST authorize their validity as described in Appendix F. If the zap request note contains a non-empty `content`, it may display a zap comment. Generally clients should show users the `zap request` note, and use the `zap note` to show "zap authorized by ..." but this is optional. -1. Calculate the lnurl pay request url for a user from the lud06 or lud16 field on their profile +## Reference and examples -2. Fetch the lnurl pay request static endpoint (`https://host.com/.well-known/lnurlp/user`) and gather the `allowsNostr` and `nostrPubkey` fields. If `allowsNostr` exists and it is `true`, and if `nostrPubkey` exists and is a valid BIP 340 public key, associate this information with the user. The `nostrPubkey` is the `zapper`'s pubkey, and it is used to authorize zaps sent to that user. +### Appendix A: Zap Request Event -3. Clients may choose to display a lightning zap button on each post or on the users profile, if the user's lnurl pay request endpoint supports nostr, the client SHOULD generate a `zap invoice` instead of a normal lnurl invoice. +A `zap request` is an event of kind `9734` that is _not_ published to relays, but is instead sent to a recipient's lnurl pay `callback` url. This event's `content` MAY be an optional message to send along with the payment. The event MUST include the following tags: -4. To generate a `zap invoice`, call the `callback` url with `amount` set to the milli-satoshi amount value. A `nostr` querystring value MUST be set as well. It is a uri-encoded `zap request` note signed by the user's key. The `zap request` note contains an `e` tag of the note it is zapping, and a `p` tag of the target user's pubkey. The `e` tag is optional which allows profile tipping. An optional `a` tag allows tipping parameterized replaceable events such as NIP-23 long-form notes. The `zap request` note must also have a `relays` tag, which is gathered from the user's configured relays. The `zap request` note SHOULD contain an `amount` tag, which is the milli-satoshi value of the zap which clients SHOULD verify being equal to the amount of the invoice. The `content` MAY be an additional comment from the user which can be displayed when listing zaps on posts and profiles. +- `relays` is a list of relays the recipient's wallet should publish its `zap receipt` to. Note that relays should not be nested in an additional list, but should be included as shown in the example below. +- `amount` is the amount in _millisats_ the sender intends to pay, formatted as a string. This is recommended, but optional. +- `lnurl` is the lnurl pay url of the recipient, encoded using bech32 with the prefix `lnurl`. This is recommended, but optional. +- `p` is the hex-encoded pubkey of the recipient. -5. Pay this invoice or pass it to an app that can pay the invoice. Once it's paid, a `zap note` will be created by the `zapper`. +In addition, the event MAY include the following tags: -### LNURL Server side +- `e` is an optional hex-encoded event id. Clients MUST include this if zapping an event rather than a person. +- `a` is an optional NIP-33 event coordinate that allows tipping parameterized replaceable events such as NIP-23 long-form notes. + +Example: + +```json +{ + "kind": 9734, + "content": "Zap!", + "tags": [ + ["relays", "wss://nostr-pub.wellorder.com"], + ["amount", "21000"], + ["lnurl", "lnurl1dp68gurn8ghj7um5v93kketj9ehx2amn9uh8wetvdskkkmn0wahz7mrww4excup0dajx2mrv92x9xp"], + ["p", "04c915daefee38317fa734444acee390a8269fe5810b2241e5e6dd343dfbecc9"], + ["e", "9ae37aa68f48645127299e9453eb5d908a0cbb6058ff340d528ed4d37c8994fb"] + ], + "pubkey": "97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322", + "created_at": 1679673265, + "id": "30efed56a035b2549fcaeec0bf2c1595f9a9b3bb4b1a38abaf8ee9041c4b7d93", + "sig": "f2cb581a84ed10e4dc84937bd98e27acac71ab057255f6aa8dfa561808c981fe8870f4a03c1e3666784d82a9c802d3704e174371aa13d63e2aeaf24ff5374d9d" +} +``` + +### Appendix B: Zap Request HTTP Request + +A signed zap request event is not published, but is instead sent using a HTTP GET request to the recipient's `callback` url, which was provided by the recipient's lnurl pay endpoint. This request should have the following query parameters defined: + +- `amount` is the amount in _millisats_ the sender intends to pay +- `nostr` is the `9734` zap request event, JSON encoded then URI encoded +- `lnurl` is the lnurl pay url of the recipient, encoded using bech32 with the prefix `lnurl` + +This request should return a JSON response with a `pr` key, which is the invoice the sender must pay to finalize his zap. Here is an example flow: + +```javascript +const senderPubkey // The sender's pubkey +const recipientPubkey = // The recipient's pubkey +const callback = // The callback received from the recipients lnurl pay endpoint +const lnurl = // The recipient's lightning address, encoded as a lnurl +const sats = 21 + +const amount = sats * 1000 +const relays = ['wss://nostr-pub.wellorder.net'] +const event = encodeURI(JSON.stringify(await signEvent({ + kind: [9734], + content: "", + pubkey: senderPubkey, + created_at: Math.round(Date.now() / 1000), + tags: [ + ["relays", ...relays], + ["amount", amount.toString()], + ["lnurl", lnurl], + ["p", recipientPubkey], + ], +}))) + +const {pr: invoice} = await fetchJson(`${callback}?amount=${amount}&nostr=${event}&lnurl=${lnurl}`) +``` + +### Appendix C: LNURL Server Configuration The lnurl server will need some additional pieces of information so that clients can know that zap invoices are supported: -1. Add a `nostrPubkey` to the lnurl-pay static endpoint `/.well-known/lnurlp/user`, where `nostrPubkey` is the nostr pubkey of the `zapper`, the entity that creates zap notes. Clients will use this to authorize zaps. - +1. Add a `nostrPubkey` to the lnurl-pay static endpoint `/.well-known/lnurlp/`, where `nostrPubkey` is the nostr pubkey your server will use to sign `zap receipt` events. Clients will use this to validate zap receipts. 2. Add an `allowsNostr` field and set it to true. -3. In the lnurl-pay callback URL, watch for a `nostr` querystring, where the contents of the note is a uri-encoded `zap request` JSON. +### Appendix D: LNURL Server Zap Request Validation -4. If present, the zap request note must be validated: +When a client sends a zap request event to a server's lnurl-pay callback URL, there will be a `nostr` query parameter where the contents of the event are URI- and JSON-encoded. If present, the zap request event must be validated in the following ways: - a. It MUST have a valid nostr signature +1. It MUST have a valid nostr signature +2. It MUST have tags +3. It MUST have only one `p` tag +4. It MUST have 0 or 1 `e` tags +5. There should be a `relays` tag with the relays to send the `zap` note to. +6. If there is an `amount` tag, it MUST be equal to the `amount` query parameter. +7. If there is an `a` tag, it MUST be a valid NIP-33 event coordinate - b. It MUST have tags +The event MUST then be stored for use later, when the invoice is paid. - c. It MUST have at least one p-tag +### Appendix E: Zap Receipt Event - d. It MUST have either 0 or 1 e-tag +A `zap receipt` is created by a lightning node when an invoice generated by a `zap request` is paid. Zap receipts are only created when the invoice description (committed to the description hash) contains a zap request note. - e. There should be a `relays` tag with the relays to send the `zap` note to. +When receiving a payment, the following steps are executed: - f. If there is an `amount` tag, it MUST be equal to the `amount` query parameter. +1. Get the description for the invoice. This needs to be saved somewhere during the generation of the description hash invoice. It is saved automatically for you with CLN, which is the reference implementation used here. +2. Parse the bolt11 description as a JSON nostr event. This SHOULD be validated based on the requirements in Appendix D, either when it is received, or before the invoice is paid. +3. Create a nostr event of kind `9735` as described below, and publish it to the `relays` declared in the zap request. - g. If there is an `a` tag, it MUST be a valid NIP-33 event coordinate +The following should be true of the zap receipt event: -5. If valid, fetch a description hash invoice where the description is this note and this note only. No additional lnurl metadata is included in the description. +- The content SHOULD be empty. +- The `created_at` date SHOULD be set to the invoice `paid_at` date for idempotency. +- `tags` MUST include the `p` tag AND optional `e` tag from the zap request. +- The zap receipt MUST have a `bolt11` tag containing the description hash bolt11 invoice. +- The zap receipt MUST contain a `description` tag which is the JSON-encoded invoice description. +- `SHA256(description)` MUST match the description hash in the bolt11 invoice. +- The zap receipt MAY contain a `preimage` tag to match against the payment hash of the bolt11 invoice. This isn't really a payment proof, there is no real way to prove that the invoice is real or has been paid. You are trusting the author of the zap receipt for the legitimacy of the payment. -At this point, the lightning node is ready to send the zap note once payment is received. +The zap receipt is not a proof of payment, all it proves is that some nostr user fetched an invoice. The existence of the zap receipt implies the invoice as paid, but it could be a lie given a rogue implementation. -## The zap note +A reference implementation for a zap-enabled lnurl server can be found [here](https://github.com/jb55/cln-nostr-zapper). -Zap notes are created by a lightning node reacting to paid invoices. Zap notes are only created when the invoice description (committed to the description hash) contains a `zap request` note. - -Example zap note: +Example zap receipt: ```json { @@ -115,37 +185,25 @@ Example zap note: The zap note is not a proof of payment, all it proves is that some nostr user fetched an invoice. The existence of the zap note implies the invoice as paid, but it could be a lie given a rogue implementation. +### Appendix F: Validating Zap Receipts -### Creating a zap note +A client can retrieve `zap receipts` on events and pubkeys using a NIP-01 filter, for example `{"kinds": [9735], "#e": [...]}`. Zaps MUST be validated using the following steps: -When receiving a payment, the following steps are executed: +- The `zap receipt` event's `pubkey` MUST be the same as the recipient's lnurl provider's `nostrPubkey` (retrieved in step 1 of the protocol flow). +- The `invoiceAmount` contained in the `bolt11` tag of the `zap receipt` MUST equal the `amount` tag of the `zap request` (if present). +- The `lnurl` tag of the `zap request` (if present) SHOULD equal the recipient's `lnurl`. -1. Get the description for the invoice. This needs to be saved somewhere during the generation of the description hash invoice. It is saved automatically for you with CLN, which is the reference implementation used here. +### Appendix G: `zap` tag on zapped event -2. Parse the bolt11 description as a JSON nostr note. You SHOULD check the signature of the parsed note to ensure that it is valid. This is the `zap request` note created by the entity who is zapping. +When an event includes a `zap` tag, clients SHOULD calculate the lnurl pay request based on it's value instead of the profile's field. An optional third argument on the tag specifies the type of value, either `lud06` or `lud16`. -4. The note MUST have only one `p` tag - -5. The note MUST have 0 or 1 `e` tag - -6. Create a nostr note of kind `9735` that includes the `p` tag AND optional `e` tag. The content SHOULD be empty. The created_at date SHOULD be set to the invoice paid_at date for idempotency. - -7. Send the note to the `relays` declared in the `zap request` note from the invoice description. - -A reference implementation for the zapper is here: [zapper][zapper] - -[zapper]: https://github.com/jb55/cln-nostr-zapper - - -## Client Behavior - -Clients MAY fetch zap notes on posts and profiles: - -`{"kinds": [9735], "#e": [...]}` - -To authorize these notes, clients MUST fetch the `nostrPubkey` from the users configured lightning address or lnurl and ensure that the zaps to their posts were created by this pubkey. If clients don't do this, anyone could forge unauthorized zaps. - -Once authorized, clients MAY tally zaps on posts, and list them on profiles. If the zap request note contains a non-empty `content`, it may display a zap comment. Generally clients should show users the `zap request` note, and use the `zap note` to show "zap authorized by ..." but this is optional. +```json +{ + "tags": [ + [ "zap", "pablo@f7z.io", "lud16" ] + ] +} +``` ## Future Work diff --git a/README.md b/README.md index 8e7dbab1..72465ffe 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh - [NIP-05: Mapping Nostr keys to DNS-based internet identifiers](05.md) - [NIP-06: Basic key derivation from mnemonic seed phrase](06.md) - [NIP-07: `window.nostr` capability for web browsers](07.md) -- [NIP-08: Handling Mentions](08.md) +- [NIP-08: Handling Mentions](08.md) – `unrecommended`: deprecated in favor of [NIP-27](27.md) - [NIP-09: Event Deletion](09.md) - [NIP-10: Conventions for clients' use of `e` and `p` tags in text events](10.md) - [NIP-11: Relay Information Document](11.md) @@ -18,6 +18,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh - [NIP-14: Subject tag in text events.](14.md) - [NIP-15: End of Stored Events Notice](15.md) - [NIP-16: Event Treatment](16.md) +- [NIP-18: Reposts](18.md) - [NIP-19: bech32-encoded entities](19.md) - [NIP-20: Command Results](20.md) - [NIP-21: `nostr:` URL scheme](21.md) @@ -25,13 +26,17 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh - [NIP-23: Long-form Content](23.md) - [NIP-25: Reactions](25.md) - [NIP-26: Delegated Event Signing](26.md) +- [NIP-27: Text Note References](27.md) - [NIP-28: Public Chat](28.md) - [NIP-33: Parameterized Replaceable Events](33.md) - [NIP-36: Sensitive Content](36.md) +- [NIP-39: External Identities in Profiles](39.md) - [NIP-40: Expiration Timestamp](40.md) - [NIP-42: Authentication of clients to relays](42.md) +- [NIP-45: Counting results](45.md) - [NIP-46: Nostr Connect](46.md) - [NIP-50: Keywords filter](50.md) +- [NIP-51: Lists](51.md) - [NIP-56: Reporting](56.md) - [NIP-57: Lightning Zaps](57.md) - [NIP-58: Badges](58.md) @@ -40,6 +45,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh - [NIP-78: Application-specific data](78.md) ## Event Kinds + | kind | description | NIP | | ------------- | -------------------------------- | ----------------------- | | 0 | Metadata | [1](01.md), [5](05.md) | @@ -60,9 +66,13 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh | 6969 | Poll | [69](69.md) | | 9734 | Zap Request | [57](57.md) | | 9735 | Zap | [57](57.md) | +| 10000 | Mute List | [51](51.md) | +| 10001 | Pin List | [51](51.md) | | 10002 | Relay List Metadata | [65](65.md) | | 22242 | Client Authentication | [42](42.md) | | 24133 | Nostr Connect | [46](46.md) | +| 30000 | Categorized People List | [51](51.md) | +| 30001 | Categorized Bookmark List | [51](51.md) | | 30008 | Profile Badges | [58](58.md) | | 30009 | Badge Definition | [58](58.md) | | 30023 | Long-form Content | [23](23.md) | @@ -81,6 +91,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh | REQ | used to request events and subscribe to new updates | [1](01.md) | | CLOSE | used to stop previous subscriptions | [1](01.md) | | AUTH | used to send authentication events | [42](42.md) | +| COUNT | used to request event counts | [45](45.md) | ### Relay to Client | type | description | NIP | @@ -90,6 +101,7 @@ NIPs stand for **Nostr Implementation Possibilities**. They exist to document wh | EOSE | used to notify clients all stored events have been sent | [15](15.md) | | OK | used to notify clients if an EVENT was successful | [20](20.md) | | AUTH | used to send authentication challenges | [42](42.md) | +| COUNT | used to send requested event counts to clients | [45](45.md) | Please update these lists when proposing NIPs introducing new event kinds.