Coracle/nostrlib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nip11, nip13, nip46 changes from promenade port.

Browse Source 
and verify pubkey validity when decoding it from an arbitrary json object.
This commit is contained in:
fiatjaf
2025-05-11 17:42:15 -03:00
parent f60fc08f8d
commit 4befaa0129
4 changed files with 27 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
keys.go
View File

@@ -74,6 +74,9 @@ func (pk *PubKey) UnmarshalJSON(buf []byte) error {
return fmt.Errorf("must be a hex string of 64 characters") return fmt.Errorf("must be a hex string of 64 characters")
} }
_, err := hex.Decode(pk[:], buf[1:65]) _, err := hex.Decode(pk[:], buf[1:65])
if _, err := schnorr.ParsePubKey(pk[:]); err != nil {
return fmt.Errorf("pubkey is not valid %w", err)
}
return err return err
} }

4
nip11/types.go
View File

@@ -2,6 +2,8 @@ package nip11
import ( import (
"slices" "slices"
"fiatjaf.com/nostr"
) )
type RelayInformationDocument struct { type RelayInformationDocument struct {
@@ -9,7 +11,7 @@ type RelayInformationDocument struct {
Name string `json:"name"` Name string `json:"name"`
Description string `json:"description"` Description string `json:"description"`
PubKey string `json:"pubkey"` PubKey nostr.PubKey `json:"pubkey"`
Contact string `json:"contact"` Contact string `json:"contact"`
SupportedNIPs []any `json:"supported_nips"` SupportedNIPs []any `json:"supported_nips"`
Software string `json:"software"` Software string `json:"software"`

2
nip13/nip13.go
View File

@@ -22,7 +22,7 @@ var (
// //
// if the target is smaller than the actual difficulty then the value of the target is used. // if the target is smaller than the actual difficulty then the value of the target is used.
// if the target is bigger than the actual difficulty then it returns 0. // if the target is bigger than the actual difficulty then it returns 0.
func CommittedDifficulty(event *nostr.Event) int { func CommittedDifficulty(event nostr.Event) int {
work := 0 work := 0
if nonceTag := event.Tags.Find("nonce"); nonceTag != nil && len(nonceTag) >= 3 { if nonceTag := event.Tags.Find("nonce"); nonceTag != nil && len(nonceTag) >= 3 {
work = Difficulty(event.ID) work = Difficulty(event.ID)

39
nip46/dynamic-signer.go
View File

@@ -18,37 +18,24 @@ type DynamicSigner struct {
sync.Mutex sync.Mutex
getHandlerSecretKey func(handlerPubkey nostr.PubKey) ([32]byte, error)
getUserKeyer func(handlerPubkey nostr.PubKey) (nostr.Keyer, error)
authorizeSigning func(event nostr.Event, from nostr.PubKey, secret string) bool
authorizeEncryption func(from nostr.PubKey, secret string) bool
onEventSigned func(event nostr.Event)
}
func NewDynamicSigner(
// the handler is the keypair we use to communicate with the NIP-46 client, decrypt requests, encrypt responses etc // the handler is the keypair we use to communicate with the NIP-46 client, decrypt requests, encrypt responses etc
getHandlerSecretKey func(handlerPubkey nostr.PubKey) ([32]byte, error), GetHandlerSecretKey func(handlerPubkey nostr.PubKey) (nostr.SecretKey, error)
// this should correspond to the actual user on behalf of which we will respond to requests // this should correspond to the actual user on behalf of which we will respond to requests
getUserKeyer func(handlerPubkey nostr.PubKey) (nostr.Keyer, error), GetUserKeyer func(handlerPubkey nostr.PubKey) (nostr.Keyer, error)
// this is called on every sign_event call, if it is nil it will be assumed that everything is authorized // this is called on every sign_event call, if it is nil it will be assumed that everything is authorized
authorizeSigning func(event nostr.Event, from nostr.PubKey, secret string) bool, AuthorizeSigning func(event nostr.Event, from nostr.PubKey, secret string) bool
// this is called on every encrypt or decrypt calls, if it is nil it will be assumed that everything is authorized // this is called on every encrypt or decrypt calls, if it is nil it will be assumed that everything is authorized
authorizeEncryption func(from nostr.PubKey, secret string) bool, AuthorizeEncryption func(from nostr.PubKey, secret string) bool
// unless it is nil, this is called after every event is signed // unless it is nil, this is called after every event is signed
onEventSigned func(event nostr.Event), OnEventSigned func(event nostr.Event)
) DynamicSigner {
return DynamicSigner{
sessions: make(map[nostr.PubKey]Session),
getHandlerSecretKey: getHandlerSecretKey,
getUserKeyer: getUserKeyer,
authorizeSigning: authorizeSigning,
authorizeEncryption: authorizeEncryption,
onEventSigned: onEventSigned,
} }
func (p *DynamicSigner) Init() {
p.sessions = make(map[nostr.PubKey]Session)
} }
func (p *DynamicSigner) GetSession(clientPubkey nostr.PubKey) (Session, bool) { func (p *DynamicSigner) GetSession(clientPubkey nostr.PubKey) (Session, bool) {
@@ -95,11 +82,11 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
if err != nil { if err != nil {
return req, resp, eventResponse, fmt.Errorf("%x is invalid pubkey: %w", handler[1], err) return req, resp, eventResponse, fmt.Errorf("%x is invalid pubkey: %w", handler[1], err)
} }
handlerSecret, err := p.getHandlerSecretKey(handlerPubkey) handlerSecret, err := p.GetHandlerSecretKey(handlerPubkey)
if err != nil { if err != nil {
return req, resp, eventResponse, fmt.Errorf("no private key for %s: %w", handlerPubkey, err) return req, resp, eventResponse, fmt.Errorf("no private key for %s: %w", handlerPubkey, err)
} }
userKeyer, err := p.getUserKeyer(handlerPubkey) userKeyer, err := p.GetUserKeyer(handlerPubkey)
if err != nil { if err != nil {
return req, resp, eventResponse, fmt.Errorf("failed to get user keyer for %s: %w", handlerPubkey, err) return req, resp, eventResponse, fmt.Errorf("failed to get user keyer for %s: %w", handlerPubkey, err)
} }
@@ -149,7 +136,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
resultErr = fmt.Errorf("failed to decode event/2: %w", err) resultErr = fmt.Errorf("failed to decode event/2: %w", err)
break break
} }
if p.authorizeSigning != nil && !p.authorizeSigning(evt, event.PubKey, secret) { if p.AuthorizeSigning != nil && !p.AuthorizeSigning(evt, event.PubKey, secret) {
resultErr = fmt.Errorf("refusing to sign this event") resultErr = fmt.Errorf("refusing to sign this event")
break break
} }
@@ -171,7 +158,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
resultErr = fmt.Errorf("first argument to 'nip44_encrypt' is not a valid pubkey string") resultErr = fmt.Errorf("first argument to 'nip44_encrypt' is not a valid pubkey string")
break break
} }
if p.authorizeEncryption != nil && !p.authorizeEncryption(event.PubKey, secret) { if p.AuthorizeEncryption != nil && !p.AuthorizeEncryption(event.PubKey, secret) {
resultErr = fmt.Errorf("refusing to encrypt") resultErr = fmt.Errorf("refusing to encrypt")
break break
} }
@@ -193,7 +180,7 @@ func (p *DynamicSigner) HandleRequest(ctx context.Context, event nostr.Event) (
resultErr = fmt.Errorf("first argument to 'nip04_decrypt' is not a valid pubkey string") resultErr = fmt.Errorf("first argument to 'nip04_decrypt' is not a valid pubkey string")
break break
} }
if p.authorizeEncryption != nil && !p.authorizeEncryption(event.PubKey, secret) { if p.AuthorizeEncryption != nil && !p.AuthorizeEncryption(event.PubKey, secret) {
resultErr = fmt.Errorf("refusing to decrypt") resultErr = fmt.Errorf("refusing to decrypt")
break break
} }