From 903770f78d1df52bd3247eccd44c0a7c9ab404c0 Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@gmail.com>
Date: Tue, 12 Nov 2024 15:48:49 -0300
Subject: [PATCH] nip46: check signatures incoming from bunkers by default.

---
 nip46/client.go | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/nip46/client.go b/nip46/client.go
index 202224b..471bf6d 100644
--- a/nip46/client.go
+++ b/nip46/client.go
@@ -30,6 +30,9 @@ type BunkerClient struct {
 
 	// memoized
 	getPublicKeyResponse string
+
+	// SkipSignatureCheck can be set if you don't want to double-check incoming signatures
+	SkipSignatureCheck bool
 }
 
 // ConnectBunker establishes an RPC connection to a NIP-46 signer using the relays and secret provided in the bunkerURL.
@@ -175,10 +178,25 @@ func (bunker *BunkerClient) GetPublicKey(ctx context.Context) (string, error) {
 
 func (bunker *BunkerClient) SignEvent(ctx context.Context, evt *nostr.Event) error {
 	resp, err := bunker.RPC(ctx, "sign_event", []string{evt.String()})
-	if err == nil {
-		err = easyjson.Unmarshal([]byte(resp), evt)
+	if err != nil {
+		return err
 	}
-	return err
+
+	err = easyjson.Unmarshal([]byte(resp), evt)
+	if err != nil {
+		return err
+	}
+
+	if !bunker.SkipSignatureCheck {
+		if ok := evt.CheckID(); !ok {
+			return fmt.Errorf("sign_event response from bunker has invalid id")
+		}
+		if ok, _ := evt.CheckSignature(); !ok {
+			return fmt.Errorf("sign_event response from bunker has invalid signature")
+		}
+	}
+
+	return nil
 }
 
 func (bunker *BunkerClient) NIP44Encrypt(