nip42: fix panic when there is no "relay" tag.

nip42/nip42.go

@@ -43,7 +43,7 @@ func parseURL(input string) (*url.URL, error) {
 
 // ValidateAuthEvent checks whether event is a valid NIP-42 event for given challenge and relayURL.
 // The result of the validation is encoded in the ok bool.
-func ValidateAuthEvent(event nostr.Event, challenge string, relayURL string) (pubkey nostr.PubKey, ok bool) {
+func ValidateAuthEvent(event nostr.Event, challenge string, relayURL string) (nostr.PubKey, bool) {
 	if event.Kind != nostr.KindClientAuthentication {
 		return nostr.ZeroPK, false
 	}
@@ -57,7 +57,10 @@ func ValidateAuthEvent(event nostr.Event, challenge string, relayURL string) (pu
 		return nostr.ZeroPK, false
 	}
 
-	found, err := parseURL(event.Tags.Find("relay")[1])
+	if tag := event.Tags.Find("relay"); tag == nil {
+		return nostr.ZeroPK, false
+	} else {
+		found, err := parseURL(tag[1])
 		if err != nil {
 			return nostr.ZeroPK, false
 		}
@@ -67,14 +70,15 @@ func ValidateAuthEvent(event nostr.Event, challenge string, relayURL string) (pu
 			expected.Path != found.Path {
 			return nostr.ZeroPK, false
 		}
+	}
 
 	now := time.Now()
-	if event.CreatedAt.Time().After(now.Add(10*time.Minute)) || event.CreatedAt.Time().Before(now.Add(-10*time.Minute)) {
+	if event.CreatedAt.Time().After(now.Add(10*time.Minute)) ||
+		event.CreatedAt.Time().Before(now.Add(-10*time.Minute)) {
 		return nostr.ZeroPK, false
 	}
 
 	// save for last, as it is most expensive operation
-	// no need to check returned error, since ok == true implies err == nil.
 	if !event.VerifySignature() {
 		return nostr.ZeroPK, false
 	}