feat: implement three-phase Amber login flow in AuthModal

- Updated Amber login button to reflect new three-phase process. - Added handling for reading public key and signature from clipboard. - Introduced new state management for Amber login phases. - Enhanced user feedback during each phase with appropriate messaging. - Refactored related functions for clarity and maintainability.
2026-02-14 09:28:25 +00:00
parent 38293b1f95
commit 276dab207c
6 changed files with 434 additions and 170 deletions
--- a/src/services/auth.service.ts
+++ b/src/services/auth.service.ts
@@ -117,8 +117,16 @@ class AuthService {
  /**
   * Create Nostr session via NIP-98 HTTP Auth.
   * Signs a kind-27235 event and sends it as the Authorization header.
+   *
+   * @param _request  Standard session request (pubkey, signature, event)
+   * @param preSignedAuthHeader  Optional pre-built `Nostr <base64>` header.
+   *   When provided the signer is NOT called — useful for Amber / clipboard
+   *   signers that cannot sign inline.
   */
-  async createNostrSession(_request: NostrSessionRequest): Promise<NostrSessionResponse> {
+  async createNostrSession(
+    _request: NostrSessionRequest,
+    preSignedAuthHeader?: string,
+  ): Promise<NostrSessionResponse> {
    const relativeUrl = `${apiConfig.baseURL}/auth/nostr/session`
    const method = 'POST'

@@ -126,8 +134,8 @@ class AuthService {
    // what the backend reconstructs from Host / X-Forwarded-Proto.
    const absoluteUrl = new URL(relativeUrl, window.location.origin).toString()

-    // Create NIP-98 auth header — no body is sent
-    const authHeader = await createNip98AuthHeader(absoluteUrl, method)
+    // Use the pre-signed header if provided; otherwise sign inline
+    const authHeader = preSignedAuthHeader ?? await createNip98AuthHeader(absoluteUrl, method)

    // Send the request without a body.
    // We use axios({ method }) instead of axios.post(url, data) to
@@ -156,6 +164,16 @@ class AuthService {
    return data
  }

+  /**
+   * Get the absolute URL for the Nostr session endpoint.
+   * Exposed so callers (e.g. Amber flow) can construct the NIP-98 event
+   * with the correct URL tag before sending it to an external signer.
+   */
+  getNostrSessionUrl(): string {
+    const relativeUrl = `${apiConfig.baseURL}/auth/nostr/session`
+    return new URL(relativeUrl, window.location.origin).toString()
+  }
+
  /**
   * Refresh Nostr session
   */