Allow probing for permissions
Opened this issue · 6 comments
noStrudel does not decrypt messages automatically because its author prefers to not give the extension permanent decrypt permission. As most users probably give this permission it would be nice if the nostr client could detect this.
I thought there was maybe a hack one could do - cancel request if it doesn't resolve in 100ms - but I could not find a way to do that.
I think a boolean parameter could be used.
async window.nostr.nip04.decrypt(pubkey, ciphertext, interactive): string // takes ciphertext and iv as specified in nip-04
If interactive is set to false, immediately throw an exception if the action is not permitted already.
I just tested it and if I authorize the site in nos2x-fox for like 5 minutes, I can decrypt messages for 5 minutes without the popup being brought up. Just as intended.
Did I understand your request correctly?
This is a feature request.
noStrudel dev had it such that you had to click on each message to decrypt it and only recently added support to decrypt all messages at once and his reason was that he wants control over what his extension decrypts but that comes at the cost of a horrible UI for users that want messages to decrypt always.
Currently the nip07 api does not allow the client dev to figure out if decrypt would open a popup or not but if there was, the client dev could decrypt by default if no popup was involved and show the "decrypt" button else.
I thinkthought the most elegant way of achieving such an API extension would be to add a parameter as described above but now I think it should be a separate call as the caller wouldn't know if it's supported else.
Let me see if I understand it correctly:
You want the client site to know if the user "trusts" or "authorized" the site for decryption so instead of displaying the "Decrypt" button, it can just decrypt all directly without user interaction. Is that right?
Or does the site still display the "Decrypt" button in all cases? Because this last scenario is whats already happening. I kept clicking "Decrypt" and saw all messages being decrypted without getting a single popup (because I authorized once).
I'm guessing you're talking about the first scenario.
The first, yes. I want NoStrudel to not show decrypt buttons if decrypt works non-interactively.
I wonder if revealing this information to a site could have negative consequences. I mean, letting the site find out if I have authorized some action automatically. The site could take advantage of this.
Yeah, I thought of that, too. The plugin could still track or even show what's going on so it could at least prevent it from happening secretly. Some toast "decrypted 12 messages" ...