Fwiw coracle has the same thing. The tradeoff is storing dms unencrypted which I imagine would't really fly with whitenoise. Alternatively you could re-encrypt with a local key (since the bottleneck is really nip46), or keep a decrypted index to build list views, but store the actual messages encrypted
Discussion
Yeah. Encrypted is the way. I am just wondering what scheme you guys used and did you run into interesting issues with how to do the storage. Is it relational on indexdb or something else?
It was actually really simple, I just set up my in-memory events repository and indexeddb adapter to accept events with no signature and with a `wrap` property for the original wrapper. Here's the meat of the implementation: https://github.com/coracle-social/flotilla/blob/master/src/app/state.ts#L183
enjoying coracle lately, much better than primal i think.
does coracle have the settings that enables fetching the retweets?
You can create a custom feed that includes reposts and they should get deduplicated, it's just not in the default
tried again but couldn't figure it out
Try this:
nostr:naddr1qvzqqqrujgpzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqyvhwumn8ghj76rzwghxxmmjv93kcefwwdhkx6tpdshsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0qy88wumn8ghj7mn0wvhxcmmv9uqpqv3cxu6rvv34xu6ngwpjx5enzvchn09kn
noice! it does not go back in history though. only loads the latest ones.
Like it doesn't load when you scroll, or you can't control the time range? You should be able to customize to set since/until if needed
0xChat’s approach is to store data unencrypted in the database, but the entire database itself is encrypted. When the app is opened, it only needs to decrypt the database once to access all the unencrypted content.
in the lite version…
Thats what I was thinking of doing, but unfortunately having an encrypted sqlite db in the browser is really difficult :)
Do you think it would be better if the database encryption key was a password or pin provided by the user?
Also why does 0xchat ask to NIP-04 encrypt and sign 443 events when I open it? I thought it was only decrypting my DMs
I think you can initialize a random key for the user, and if they want to export database, you can let them set their own password (or PIN) to protect it.
The NIP-04 encryption is used to encrypt messages sent to the push server. This should eventually be updated to NIP-44 encryption, but the migration hasn’t started yet :(
443 is an MLS KeyPackage event, and by default generated & uploaded to the relay.
https://github.com/0xchat-app/0xchat-core/blob/main/doc/nofitications.md
Push notifications spec used by 0xchat
When you do re-write it, consider:
Why do I have to encrypt and send multiple messages to the push server?
I'm somewhat interested in how it works but I'm more concerned that as soon as I open the app I have 5+ signing requests that I have to blindly sign
This is because, in the 0xchat implementation, a heartbeat event (encrypted) is sent every minute.
The reason for using heartbeat events is that the push server relies on them to determine whether the app is online. If it receives an offline event or does not receive a heartbeat event for an extended period, it assumes the app is offline.
I bet we could come up with a way to do hash-based heartbeats rather than encrypted ones (or use an ephemeral key) to avoid the signer requests
Thats what I ended up doing. I created a simple encrypted wrapper around localforage and then I let the user choose to encrypt with a password (use encryption wrapper) or no encryption (use localforage)
Not really secure, but a massive UX improvement since decryption with the users key is the bottleneck
https://github.com/hzrd149/nostrudel/blob/master/src/classes/encrypted-storage.tsx