From 680169e312bf3dd7b93fc4735da510e2dd8a3818 Mon Sep 17 00:00:00 2001
From: Gigi <dergigi@pm.me>
Date: Fri, 17 Oct 2025 00:42:14 +0200
Subject: [PATCH] fix(bunker): validate bunker URI - remote must differ from
 user pubkey

- Prevents invalid state where Amber remote equals user pubkey
- Show actionable error to generate fresh connect link in Amber
---
 src/App.tsx                     | 5 ++++-
 src/components/LoginOptions.tsx | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/App.tsx b/src/App.tsx
index 7ee8d64c..67920d68 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -311,7 +311,10 @@ function App() {
                   // Debug: log publish/subscription calls made by signer (decrypt/sign requests)
                   const originalPublish = (recreatedSigner as any).publishMethod
                   ;(recreatedSigner as any).publishMethod = (relays: string[], event: any) => {
-                    try { console.log('[bunker] publish via signer:', { relays, kind: event?.kind, tags: event?.tags?.length }) } catch {}
+                    try {
+                      const pTag = Array.isArray(event?.tags) ? event.tags.find((t: any) => t?.[0] === 'p')?.[1] : undefined
+                      console.log('[bunker] publish via signer:', { relays, kind: event?.kind, tags: event?.tags, pTag, remote: nostrConnectAccount.signer.remote, userPubkey: nostrConnectAccount.pubkey })
+                    } catch {}
                     return originalPublish(relays, event)
                   }
                   const originalSubscribe = (recreatedSigner as any).subscriptionMethod
diff --git a/src/components/LoginOptions.tsx b/src/components/LoginOptions.tsx
index bb18501b..4e846a45 100644
--- a/src/components/LoginOptions.tsx
+++ b/src/components/LoginOptions.tsx
@@ -48,6 +48,13 @@ const LoginOptions: React.FC = () => {
       // Get pubkey from signer
       const pubkey = await signer.getPublicKey()
       
+      // Validate: remote (Amber) pubkey must not equal user pubkey
+      if ((signer as any).remote === pubkey) {
+        console.error('[bunker] Invalid bunker URI: remote pubkey equals user pubkey')
+        setError('Invalid bunker URI (remote equals your pubkey). Generate a fresh Connect link in Amber and try again.')
+        return
+      }
+      
       // Create account from signer
       const account = new Accounts.NostrConnectAccount(pubkey, signer)