From 0eba3efe240241d6f7142d9f0eba6bdec2c64f82 Mon Sep 17 00:00:00 2001
From: Danny Morabito <danny@arx-ccn.com>
Date: Mon, 2 Dec 2024 18:26:49 +0100
Subject: [PATCH] fix #1

---
 .env.example       |  3 ++-
 src/index.ts       |  2 ++
 src/smtpServer.ts  |  9 +++++----
 src/utils/index.ts | 19 +++++++++++++++++++
 4 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/.env.example b/.env.example
index 7af7356..adb42b7 100644
--- a/.env.example
+++ b/.env.example
@@ -3,4 +3,5 @@ DB_URL=file:./users.db
 SMTP_PORT=6587
 HTTP_PORT=3000
 LOG_FILE=/tmp/nostr-email.log
-PUBLIC_API_BASE_URL=https://api.npub.email
\ No newline at end of file
+PUBLIC_API_BASE_URL=https://api.npub.email
+MASTER_NSEC=nsec1...
\ No newline at end of file
diff --git a/src/index.ts b/src/index.ts
index 7d96c8f..2d87a08 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -11,6 +11,8 @@ if (!process.env.DB_URL)
   throw new Error("DB_URL is not set");
 if (!process.env.PUBLIC_API_BASE_URL)
   throw new Error("PUBLIC_API_BASE_URL is not set");
+if (!process.env.MASTER_NSEC)
+  throw new Error("MASTER_NSEC is not set");
 
 const dbClient = createLibSQLClient({
   url: process.env.DB_URL,
diff --git a/src/smtpServer.ts b/src/smtpServer.ts
index ced5372..36cb852 100644
--- a/src/smtpServer.ts
+++ b/src/smtpServer.ts
@@ -1,6 +1,5 @@
 import {SMTPServer} from "smtp-server";
-import {getNDK} from "./utils";
-import {generateSecretKey} from "nostr-tools";
+import {deriveNsecForEmail, getNDK} from "./utils";
 import {NDKEvent, NDKKind, NDKPrivateKeySigner} from "@nostr-dev-kit/ndk";
 import {PrismaClient} from "@prisma/client";
 import {logger} from "./utils/logs";
@@ -55,8 +54,10 @@ export class NostrSmtpServer {
                 continue;
               }
               const recipient = user.npub;
-              const randomKey = generateSecretKey();
-              const randomKeySinger = new NDKPrivateKeySigner(randomKey);
+              const randomKeySinger = new NDKPrivateKeySigner(deriveNsecForEmail(
+                process.env.MASTER_NSEC!,
+                session.envelope.mailFrom?.address
+              ));
               const ndk = getNDK();
               ndk.signer = randomKeySinger;
               await ndk.connect();
diff --git a/src/utils/index.ts b/src/utils/index.ts
index b220d99..43362bc 100644
--- a/src/utils/index.ts
+++ b/src/utils/index.ts
@@ -1,4 +1,5 @@
 import NDK from "@nostr-dev-kit/ndk";
+import * as crypto from "node:crypto";
 
 export * from "./logs";
 
@@ -14,3 +15,21 @@ export function getNDK() {
     enableOutboxModel: true,
   });
 }
+
+/**
+ * Derive a nostr private key from a master private key and an email address.
+ *
+ * This is done by taking the SHA-256 hash of the email address, and then taking
+ * the SHA-256 hash of the master private key concatenated with the email hash.
+ * The resulting hash is the nostr private key.
+ *
+ * @param masterNsec - The master nostr private key.
+ * @param email - The email address.
+ * @returns The nostr private key derived from the master key and email address as a uint8array.
+ */
+export function deriveNsecForEmail(masterNsec: string, email: string): Uint8Array {
+  const masterNsecHash = crypto.createHash('sha256').update(masterNsec).digest('hex');
+  const emailHash = crypto.createHash('sha256').update(email).digest('hex');
+  const sharedSecret = crypto.createHash('sha256').update(masterNsecHash + emailHash).digest('hex');
+  return Uint8Array.from(Buffer.from(sharedSecret, 'hex'));
+}
\ No newline at end of file