fix: resolve signer auth loop and mutex placement#322
Open
Conversation
Three fixes based on external signer developer feedback: 1. Move signing mutex from SignerIntentBridge into RemoteSigner so queued nip44 operations retry the ContentResolver after acquiring the lock — permissions granted by a prior intent may allow the next request to succeed silently. For signEvent the CR retry is skipped inside the lock to avoid starting the signer process in the background and racing with the intent launch on fresh installs. 2. Add a 60-second cooldown on denyAuth so that rejecting a relay AUTH prompt (without reject-forever) does not immediately re-prompt when the relay reconnects — breaking the auth loop on auth.nostr1 and similar relays. 3. Skip relay reconnect entirely when the app was only backgrounded for less than 5 seconds (e.g. switching to Amber and back). Previously even a 1-2s pause triggered reconnectAll(), tearing down live connections and generating new AUTH challenges that fed back into the loop. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three fixes based on external signer developer feedback:
Mutex moved to
RemoteSigner— the concurrency lock for intent-based signing now lives inRemoteSigner.intentMutex(companion object) instead ofSignerIntentBridge. Queued nip44 operations retry the ContentResolver after acquiring the lock, so permissions granted by a prior intent signing allow the next queued request to succeed silently. ForsignEventthe CR retry is skipped inside the lock — calling the ContentProvider a second time can start the signer process in the background and race with the intent launch on fresh installs, causing Amber to hang.Auth deny cooldown —
denyAuth()now records a 60-second cooldown per relay URL. If the relay disconnects and immediately reconnects after a denial,collectAuthChallengessuppresses the re-prompt for that window instead of showing the dialog again. This breaks the auth loop on relays likeauth.nostr1.Skip reconnect on very brief background pauses —
onAppResumenow skipsreconnectAll()entirely when the app was backgrounded for less than 5 seconds (e.g. switching to Amber and back). Previously even a 1-2s pause triggered a full disconnect/reconnect cycle, tearing down live connections and generating new AUTH challenges that fed back into the loop.Test plan