mirror of
https://github.com/Yonle/bostr.git
synced 2025-03-17 13:22:49 +01:00
49181f4ec9
Even with authorized_keys being set, If noscraper is enabled in config, Then an unexpected behavior will occurs due to bad code on auth.js. See the following diff for details. Signed-off-by: Yonle <yonle@lecturify.net>
48 lines
1.5 KiB
JavaScript
48 lines
1.5 KiB
JavaScript
"use strict";
|
|
let { validateEvent, verifyEvent, nip19 } = require("nostr-tools");
|
|
let { authorized_keys, private_keys, noscraper } = require(process.env.BOSTR_CONFIG_PATH || "./config");
|
|
|
|
authorized_keys = authorized_keys?.map(i => i.startsWith("npub") ? nip19.decode(i).data : i);
|
|
|
|
for (const key in private_keys) {
|
|
if (!key.startsWith("npub")) continue;
|
|
private_keys[nip19.decode(key).data] = private_keys[key];
|
|
|
|
delete private_keys[key];
|
|
}
|
|
|
|
module.exports = (authKey, data, ws, req) => {
|
|
if (!authorized_keys?.length && !Object.keys(private_keys).length && !noscraper) return; // do nothing
|
|
if (!validateEvent(data) || !verifyEvent(data)) {
|
|
ws.send(JSON.stringify(["NOTICE", "error: invalid challenge response."]));
|
|
return false;
|
|
}
|
|
|
|
let pubkeyInConfig = authorized_keys?.includes(data.pubkey) || data.pubkey in private_keys;
|
|
|
|
if (authorized_keys?.length && !pubkeyInConfig) {
|
|
ws.send(JSON.stringify(["OK", data.id, false, "unauthorized."]));
|
|
return false;
|
|
}
|
|
|
|
if (data.kind != 22242) {
|
|
ws.send(JSON.stringify(["OK", data.id, false, "not kind 22242."]));
|
|
return false;
|
|
}
|
|
|
|
const tags = Object.fromEntries(data.tags);
|
|
|
|
if (!tags.relay?.includes(req.headers.host)) {
|
|
ws.send(JSON.stringify(["OK", data.id, false, "unmatched relay url."]));
|
|
return false;
|
|
};
|
|
|
|
if (tags.challenge !== authKey) {
|
|
ws.send(JSON.stringify(["OK", data.id, false, "unmatched challenge string."]));
|
|
return false;
|
|
}
|
|
|
|
ws.send(JSON.stringify(["OK", data.id, true, `Hello ${data.pubkey}`]));
|
|
return true;
|
|
}
|