einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-06-17 16:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make the NIP-55 signer callback robust against Amber URL rewriting

Browse Source 
Amber drops the query string when it rebuilds the callback URL and
appends the signed event directly to the path. The mobile login page now
hands out path-based callback URLs (/auth/mobile/signed/{k1}/) so the
event arrives as the remainder of the path.

The new callback runs in the web middleware group: the signer opens it
in the system browser, which shares cookies with the in-app browser
session, so the flow completes immediately — a bridge page issues the
token and fires the einundzwanzig:// deep link. The LoginKey row is
still written as a fallback for the polling login page.
This commit is contained in:
HolgerHatGarKeineNode
2026-06-11 18:43:59 +02:00
parent 07169dfee6
commit 4aba1514e9
5 changed files with 141 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
resources/views/auth/mobile-bridge.blade.php
+29
View File
@@ -0,0 +1,29 @@
<!DOCTYPE html>
<html lang="de" class="dark">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>{{ __('Login bestätigt') }} Einundzwanzig</title>
<style>
body { margin: 0; min-height: 100dvh; display: flex; align-items: center; justify-content: center;
background: #09090b; color: #fafafa; font-family: ui-sans-serif, system-ui, sans-serif; }
.card { text-align: center; padding: 2rem; max-width: 22rem; }
.check { font-size: 3rem; }
h1 { font-size: 1.25rem; margin: 1rem 0 .5rem; }
p { color: #a1a1aa; line-height: 1.5; }
a.button { display: block; margin-top: 1.5rem; padding: .875rem 1.25rem; border-radius: .75rem;
background: #f7931a; color: #09090b; font-weight: 600; text-decoration: none; }
</style>
</head>
<body>
<div class="card">
<div class="check"></div>
<h1>{{ __('Login bestätigt') }}</h1>
<p>{{ __('Du wirst jetzt zurück in die Einundzwanzig-App geleitet. Falls nichts passiert, tippe auf den Button.') }}</p>
<a class="button" href="{{ $deepLink }}">{{ __('Zurück zur App') }}</a>
</div>
<script>
setTimeout(function () { window.location.href = @js($deepLink); }, 400);
</script>
</body>
</html>
resources/views/livewire/auth/mobile-login.blade.php
+4 -2
View File
@@ -79,8 +79,10 @@ class extends Component {
$this->lnurl = lnurl\encodeUrl($url);
// NIP-55 signers append the signed event JSON directly after "event=".
$this->signerCallbackUrl = url('/api/nostr-login-callback').'?k1='.$this->k1.'&event=';
// NIP-55 signers append the signed event JSON to the callback URL.
// Amber strips query strings when rebuilding the URL, so the k1
// travels in the path and the event lands after the trailing slash.
$this->signerCallbackUrl = url('/auth/mobile/signed').'/'.$this->k1.'/';
$image = 'public/img/domains/'.session('lang_country', 'de-DE').'.jpg';
if (! file_exists(base_path($image))) {