From 7e491326a9fb09e5847a821e57821ef2d81cb709 Mon Sep 17 00:00:00 2001 From: HolgerHatGarKeineNode <123783602+HolgerHatGarKeineNode@users.noreply.github.com> Date: Thu, 11 Jun 2026 22:40:57 +0200 Subject: [PATCH] Build the Nostr signer URI in the browser, not server-side MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Server-side percent-encoding (rawurlencode/http_build_query) produced a nostrsigner: URI that Amber rejected as malformed. The launcher view now assembles it in JS with encodeURIComponent(JSON.stringify(event)) — the exact encoding Amber accepts (verified working earlier in the session). The controller only passes k1 and the callback URL. --- app/Http/Controllers/MobileAuthController.php | 20 +++++--------- .../views/auth/mobile-nostr-launch.blade.php | 26 ++++++++++++++----- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/app/Http/Controllers/MobileAuthController.php b/app/Http/Controllers/MobileAuthController.php index c4eb978..cf6f020 100644 --- a/app/Http/Controllers/MobileAuthController.php +++ b/app/Http/Controllers/MobileAuthController.php @@ -154,22 +154,14 @@ final class MobileAuthController extends Controller $k1 = bin2hex(random_bytes(32)); - $event = [ - 'kind' => 22242, - 'created_at' => now()->timestamp, - 'content' => '', - 'tags' => [['challenge', $k1]], - ]; - - $signerUri = 'nostrsigner:'.rawurlencode(json_encode($event)).'?'.http_build_query([ - 'compressionType' => 'none', - 'returnType' => 'event', - 'type' => 'sign_event', - 'appName' => 'Einundzwanzig', + // The signer URI is assembled in the browser (see the view) with + // encodeURIComponent(JSON.stringify(event)) — the exact encoding + // Amber accepts. Building it server-side produced subtly different + // percent-encoding that Amber rejected as malformed. + return view('auth.mobile-nostr-launch', [ + 'k1' => $k1, 'callbackUrl' => url('/auth/mobile/signed/'.$k1.'/'), ]); - - return view('auth.mobile-nostr-launch', ['signerUri' => $signerUri]); } /** diff --git a/resources/views/auth/mobile-nostr-launch.blade.php b/resources/views/auth/mobile-nostr-launch.blade.php index f1be333..b45bba9 100644 --- a/resources/views/auth/mobile-nostr-launch.blade.php +++ b/resources/views/auth/mobile-nostr-launch.blade.php @@ -10,20 +10,34 @@ .card { text-align: center; padding: 2rem; max-width: 22rem; } h1 { font-size: 1.25rem; margin: 1rem 0 .5rem; } p { color: #a1a1aa; line-height: 1.5; } - a.button { display: inline-block; margin-top: 1.5rem; padding: .875rem 1.25rem; border-radius: .75rem; - background: #f7931a; color: #09090b; font-weight: 600; text-decoration: none; } + button.launch { margin-top: 1.5rem; padding: .875rem 1.25rem; border: 0; border-radius: .75rem; + background: #f7931a; color: #09090b; font-weight: 600; font-size: 1rem; cursor: pointer; }

{{ __('Anmeldung mit Nostr') }}

{{ __('Dein Nostr-Signer (z. B. Amber) öffnet sich gleich. Falls nicht, tippe auf den Button.') }}

- {{ __('Signer öffnen') }} +