diff --git a/keys.go b/keys.go index 1329d9a..645743f 100644 --- a/keys.go +++ b/keys.go @@ -74,6 +74,9 @@ func (pk *PubKey) UnmarshalJSON(buf []byte) error { return fmt.Errorf("must be a hex string of 64 characters") } _, err := hex.Decode(pk[:], buf[1:65]) + if _, err := schnorr.ParsePubKey(pk[:]); err != nil { + return fmt.Errorf("pubkey is not valid %w", err) + } return err } diff --git a/nip11/types.go b/nip11/types.go index 0b11d26..03ade51 100644 --- a/nip11/types.go +++ b/nip11/types.go @@ -2,18 +2,20 @@ package nip11 import ( "slices" + + "fiatjaf.com/nostr" ) type RelayInformationDocument struct { URL string `json:"-"` - Name string `json:"name"` - Description string `json:"description"` - PubKey string `json:"pubkey"` - Contact string `json:"contact"` - SupportedNIPs []any `json:"supported_nips"` - Software string `json:"software"` - Version string `json:"version"` + Name string `json:"name"` + Description string `json:"description"` + PubKey nostr.PubKey `json:"pubkey"` + Contact string `json:"contact"` + SupportedNIPs []any `json:"supported_nips"` + Software string `json:"software"` + Version string `json:"version"` Limitation *RelayLimitationDocument `json:"limitation,omitempty"` RelayCountries []string `json:"relay_countries,omitempty"` diff --git a/nip13/nip13.go b/nip13/nip13.go index 6ba78fd..f5b2bcb 100644 --- a/nip13/nip13.go +++ b/nip13/nip13.go @@ -22,7 +22,7 @@ var ( // // if the target is smaller than the actual difficulty then the value of the target is used. // if the target is bigger than the actual difficulty then it returns 0. -func CommittedDifficulty(event *nostr.Event) int { +func CommittedDifficulty(event nostr.Event) int { work := 0 if nonceTag := event.Tags.Find("nonce"); nonceTag != nil && len(nonceTag) >= 3 { work = Difficulty(event.ID) diff --git a/nip46/dynamic-signer.go b/nip46/dynamic-signer.go index 2d8eac8..dbf697a 100644 --- a/nip46/dynamic-signer.go +++ b/nip46/dynamic-signer.go @@ -18,37 +18,24 @@ type DynamicSigner struct { sync.Mutex - getHandlerSecretKey func(handlerPubkey nostr.PubKey) ([32]byte, error) - getUserKeyer func(handlerPubkey nostr.PubKey) (nostr.Keyer, error) - authorizeSigning func(event nostr.Event, from nostr.PubKey, secret string) bool - authorizeEncryption func(from nostr.PubKey, secret string) bool - onEventSigned func(event nostr.Event) -} - -func NewDynamicSigner( // the handler is the keypair we use to communicate with the NIP-46 client, decrypt requests, encrypt responses etc - getHandlerSecretKey func(handlerPubkey nostr.PubKey) ([32]byte, error), + GetHandlerSecretKey func(handlerPubkey nostr.PubKey) (nostr.SecretKey, error) // this should correspond to the actual user on behalf of which we will respond to requests - getUserKeyer func(handlerPubkey nostr.PubKey) (nostr.Keyer, error), + GetUserKeyer func(handlerPubkey nostr.PubKey) (nostr.Keyer, error) // this is called on every sign_event call, if it is nil it will be assumed that everything is authorized - authorizeSigning func(event nostr.Event, from nostr.PubKey, secret string) bool, + AuthorizeSigning func(event nostr.Event, from nostr.PubKey, secret string) bool // this is called on every encrypt or decrypt calls, if it is nil it will be assumed that everything is authorized - authorizeEncryption func(from nostr.PubKey, secret string) bool, + AuthorizeEncryption func(from nostr.PubKey, secret string) bool // unless it is nil, this is called after every event is signed - onEventSigned func(event nostr.Event), -) DynamicSigner { - return DynamicSigner{ - sessions: make(map[nostr.PubKey]Session), - getHandlerSecretKey: getHandlerSecretKey, - getUserKeyer: getUserKeyer, - authorizeSigning: authorizeSigning, - authorizeEncryption: authorizeEncryption, - onEventSigned: onEventSigned, - } + OnEventSigned func(event nostr.Event) +} + +func (p *DynamicSigner) Init() { + p.sessions = make(map[nostr.PubKey]Session) } func (p *DynamicSigner) GetSession(clientPubkey nostr.PubKey) (Session, bool) { @@ -95,11 +82,11 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) ( if err != nil { return req, resp, eventResponse, fmt.Errorf("%x is invalid pubkey: %w", handler[1], err) } - handlerSecret, err := p.getHandlerSecretKey(handlerPubkey) + handlerSecret, err := p.GetHandlerSecretKey(handlerPubkey) if err != nil { return req, resp, eventResponse, fmt.Errorf("no private key for %s: %w", handlerPubkey, err) } - userKeyer, err := p.getUserKeyer(handlerPubkey) + userKeyer, err := p.GetUserKeyer(handlerPubkey) if err != nil { return req, resp, eventResponse, fmt.Errorf("failed to get user keyer for %s: %w", handlerPubkey, err) } @@ -149,7 +136,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) ( resultErr = fmt.Errorf("failed to decode event/2: %w", err) break } - if p.authorizeSigning != nil && !p.authorizeSigning(evt, event.PubKey, secret) { + if p.AuthorizeSigning != nil && !p.AuthorizeSigning(evt, event.PubKey, secret) { resultErr = fmt.Errorf("refusing to sign this event") break } @@ -171,7 +158,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) ( resultErr = fmt.Errorf("first argument to 'nip44_encrypt' is not a valid pubkey string") break } - if p.authorizeEncryption != nil && !p.authorizeEncryption(event.PubKey, secret) { + if p.AuthorizeEncryption != nil && !p.AuthorizeEncryption(event.PubKey, secret) { resultErr = fmt.Errorf("refusing to encrypt") break } @@ -193,7 +180,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) ( resultErr = fmt.Errorf("first argument to 'nip04_decrypt' is not a valid pubkey string") break } - if p.authorizeEncryption != nil && !p.authorizeEncryption(event.PubKey, secret) { + if p.AuthorizeEncryption != nil && !p.AuthorizeEncryption(event.PubKey, secret) { resultErr = fmt.Errorf("refusing to decrypt") break }