Angor Preview

[ritankarsaha]

Summary

• Replaced NDK with a minimal WebSocket-based Nostr client — eliminates the heavy @nostr-dev-kit/ndk dependency
  from the server. Uses Node 22's built-in WebSocket to open short-lived connections to relays, fetch the
  event/profile, and close.
• Added in-memory caching (1hr TTL) — first bot request hits indexer + relay (~5-35s depending on indexer),
  subsequent requests serve in ~1ms.
• Fixed XSS vulnerability — all Nostr profile data (name, about, banner) is now sanitized via escapeHtml() before
  injection into HTML attributes.
• Added missing meta tags — og:url and description are now updated per-project.

Working

Bot requests (Twitterbot, facebookexternalhit, etc.) get HTML with injected OG tags:
Indexer API → Nostr event (via WebSocket to relay.angor.io) → Profile (kind 0) → inject og:title, og:description,
og:image, og:url
Normal users get the unmodified Angular SPA.

Test plan

• npm run build && node host/index.js
• curl -s -A "Twitterbot/1.0" http://localhost:3000/project/ | grep og:title → shows project name
• curl -s -A "Mozilla/5.0" http://localhost:3000/project/ | grep '<title>' → shows default "Angor"
• Second bot request to same project → no [meta] Fetching logs (served from cache)
• Validate with https://developers.facebook.com/tools/debug/ after deploying via Docker

Outputs

curl -s -A "Twitterbot/1.0" "http://localhost:3000/project/angor1qqnxefpr4f59r5f4u34c7crzst2ya83wavh8407" | grep -o '<meta property="og:title"[^>]*>'

Output -

<meta property="og:title" content="Angor Hub - SuriaBit">

The next time you do, it will come almost instantly due to caching, the first time it will take almost 30-40 seconds.

 angor-hub git:(nostr) ✗ curl -s -A "Twitterbot/1.0" "http://localhost:3000/project/angor1qqnxefpr4f59r5f4u34c7crzst2ya83wavh8407" | grep -o '<meta property="og:image"[^>]*>'

<meta property="og:image" content="https://i.postimg.cc/zfCpmrq0/GIGA-FARM.jpg">

More needs to be checked on this PR after meging into main and deploying on docker

@dangershony

[dangershony]

di we also have the docker scrip to run this?

[ritankarsaha]

di we also have the docker scrip to run this?

yess the dockerfile is there, but i will take a look into the file once to see if anything else needs to be added/modified

[dangershony]

Added in-memory caching (1hr TTL) — first bot request hits indexer + relay (~5-35s depending on indexer),
subsequent requests serve in ~1ms.

does the preview need to hit the indexer? I am not sure it needs because we fetch only metadata from relays.
that will add delays ofcourse.

[dangershony]

caching can be very long IMO because it is not a lot of data, we should cash for weeks perhaps?

[dangershony]

are there not methods that do that already? why implement that yourself?

[dangershony]

purplepag is a special relay that is only used to fetch an npubs profile data like what relays my npub posts to.
This should not be use to fetch metadata.

[dangershony]

maybe just use relay.angor.io and relay2.angor.io

[dangershony]

I only see a docker file we ned also a docker compose, so a user just needs to hit docker-compose up the Dockerfile requires to build the image which is also possible but the command is longer for that

So the docker compose file will build the dockerfile and deploy