| Age | Commit message (Collapse) | Author |
|---|
|
this is a contribution from jk (sectore) that I rebased and squashed
into this commit.
the tests were broken in the last few commits to rush out some fixes.
this change may introduce more issues because of
Relay.respond_standard_req.
|
|
- update nix flake
- bump hard coded reference to rustfmt nightly version
- fix warning that latest version of rustfmt produced
|
|
fix breaking changes
|
|
immediately request metadata and relay list from any newly discovered
user write relays
|
|
get user relay list and metadata events from relays when keys are
used and last fetch attempt was more than an hour ago
uses user's write relays if known, otherwise uses fallback relays
to achieve this a method for intergration testing event fetching
from relays was added
|
|
Enables the user to only handle the nsec upon first use of the tool
by encrypting it with a password and storing it on disk in an
application cache.
The approach to encryption draws heavily from that used by the gossip
nostr client.
- unencrypted nsec is zeroed from memory
- a salt is used to defend against rainbow tables
- computationally expensive key stretching defends against
brute-force attacks of passwords with low entropy.
There is UX trade-off between decryption speed and key-stretching
computation. This UX challenge is exacerbated in a cli tool as
decryption must take place more regularly. Thought was put into the
selected n_log and a heavily reduced value is provided for long
passwords where security benefits are smaller.
A more granular reducing in computation was also considered by
rejected to avoided to revealing just how weak a password is as most
weak passwords are reused.
|
|
Create skeleton for a complete rebuild of the prototype as a production
ready product.
Includes design patterns for:
- dependency injection
- unit testing with dependency mocking
- integration testing
- error handling
- config storage
BREAKING-CHANGE: ground-up redesign with incompatible protocol standards
|