Use secure storage for overriding nsec

Author: benthecarman

android/app/capacitor.build.gradle

@@ -18,6 +18,7 @@ dependencies {
     implementation project(':capacitor-share')
     implementation project(':capacitor-status-bar')
     implementation project(':capacitor-toast')
+    implementation project(':capacitor-secure-storage-plugin')
 
 }
 

android/capacitor.settings.gradle

@@ -28,3 +28,6 @@ project(':capacitor-status-bar').projectDir = new File('../node_modules/.pnpm/@c
 
 include ':capacitor-toast'
 project(':capacitor-toast').projectDir = new File('../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@capacitor/toast/android')
+
+include ':capacitor-secure-storage-plugin'
+project(':capacitor-secure-storage-plugin').projectDir = new File('../node_modules/.pnpm/[email protected]_@[email protected]/node_modules/capacitor-secure-storage-plugin/android')

ios/App/Podfile

@@ -20,6 +20,7 @@ def capacitor_pods
   pod 'CapacitorShare', :path => '../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@capacitor/share'
   pod 'CapacitorStatusBar', :path => '../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@capacitor/status-bar'
   pod 'CapacitorToast', :path => '../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@capacitor/toast'
+  pod 'CapacitorSecureStoragePlugin', :path => '../../node_modules/.pnpm/[email protected]_@[email protected]/node_modules/capacitor-secure-storage-plugin'
 end
 
 target 'App' do

package.json

@@ -60,6 +60,7 @@
         "@solid-primitives/upload": "^0.0.111",
         "@solidjs/meta": "^0.29.1",
         "@solidjs/router": "^0.9.0",
+        "capacitor-secure-storage-plugin": "^0.9.0",
         "i18next": "^22.5.1",
         "i18next-browser-languagedetector": "^7.1.0",
         "qr-scanner": "^1.4.2",

pnpm-lock.yaml

@@ -1,6 +1,8 @@
 /* @refresh reload */
 
+import { Capacitor } from "@capacitor/core";
 import initMutinyWallet, { MutinyWallet } from "@mutinywallet/mutiny-wasm";
+import { SecureStoragePlugin } from "capacitor-secure-storage-plugin";
 
 export type Network = "bitcoin" | "testnet" | "regtest" | "signet";
 
@@ -249,6 +251,17 @@ export async function setupMutinyWallet(
         scorer
     } = settings;
 
+    let nsec;
+    // get nsec from secure storage
+    if (Capacitor.isNativePlatform()) {
+        try {
+            const value = await SecureStoragePlugin.get({ key: "nsec" });
+            nsec = value.value;
+        } catch (e) {
+            console.log("No nsec stored");
+        }
+    }
+
     console.log("Initializing Mutiny Manager");
     console.log("Using network", network);
     console.log("Using proxy", proxy);
@@ -290,7 +303,8 @@ export async function setupMutinyWallet(
         // Safe mode
         safeMode || undefined,
         // Skip hodl invoices? (defaults to true, so if shouldZapHodl is true that's when we pass false)
-        shouldZapHodl ? false : undefined
+        shouldZapHodl ? false : undefined,
+        nsec
     );
 
     sessionStorage.setItem("MUTINY_WALLET_INITIALIZED", Date.now().toString());

src/logic/mutinyWalletSetup.ts

@@ -1,5 +1,8 @@
+import { Capacitor } from "@capacitor/core";
 import { createForm, required, SubmitHandler } from "@modular-forms/solid";
-import { createSignal, Match, Show, Switch } from "solid-js";
+import { MutinyWallet } from "@mutinywallet/mutiny-wasm";
+import { SecureStoragePlugin } from "capacitor-secure-storage-plugin";
+import { createResource, createSignal, Match, Show, Switch } from "solid-js";
 
 import {
     BackPop,
@@ -31,6 +34,8 @@ function SyncContactsForm() {
     const [state, actions] = useMegaStore();
     const [error, setError] = createSignal<Error>();
 
+    const allowNsec = Capacitor.isNativePlatform();
+
     const [feedbackForm, { Form, Field }] = createForm<NostrContactsForm>({
         initialValues: {
             npub: ""
@@ -41,7 +46,26 @@ function SyncContactsForm() {
         f: NostrContactsForm
     ) => {
         try {
-            const npub = f.npub.trim();
+            const string = f.npub.trim();
+            let npub = string;
+
+            // if it is an nsec, save it into secure storage
+            if (string.startsWith("nsec")) {
+                if (!allowNsec) {
+                    throw new Error(
+                        "nsec not allowed in web version, please install the app"
+                    );
+                }
+
+                // set in storage
+                SecureStoragePlugin.set({ key: "nsec", value: string }).then(
+                    (success) => console.log(success)
+                );
+
+                // set npub and continue
+                npub = await MutinyWallet.nsec_to_npub(string);
+            }
+
             if (!PRIMAL_API) throw new Error("PRIMAL_API not set");
             await state.mutiny_wallet?.sync_nostr_contacts(PRIMAL_API, npub);
             actions.saveNpub(npub);
@@ -68,7 +92,7 @@ function SyncContactsForm() {
                             value={field.value}
                             error={field.error}
                             label={i18n.t("settings.nostr_contacts.npub_label")}
-                            placeholder="npub..."
+                            placeholder={allowNsec ? "npub/nsec..." : "npub..."}
                         />
                     )}
                 </Field>
@@ -97,10 +121,26 @@ export function SyncNostrContacts() {
     const [loading, setLoading] = createSignal(false);
     const [error, setError] = createSignal<Error>();
 
-    function clearNpub() {
+    async function clearNpub() {
         actions.saveNpub("");
+        if (Capacitor.isNativePlatform()) {
+            await SecureStoragePlugin.remove({ key: "nsec" });
+        }
     }
 
+    const [hasNsec] = createResource(async () => {
+        if (Capacitor.isNativePlatform()) {
+            try {
+                await SecureStoragePlugin.get({ key: "nsec" });
+                return true;
+            } catch (_e) {
+                return false;
+            }
+        } else {
+            return false;
+        }
+    });
+
     async function resync() {
         setError(undefined);
         setLoading(true);