highperfocused/go-nostr
1
0
Fork 0
mirror of https://github.com/nbd-wtf/go-nostr.git synced 2025-11-15 16:50:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tweaked the NIP 42 Validation (#58)

Browse Source
This commit is contained in:
barkyq
2023-02-09 09:28:31 -05:00
committed by GitHub
parent 72386d27e1
commit 3ccef5eec4
1 changed files with 20 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
nip42/nip42.go
View File

@@ -23,33 +23,26 @@ func CreateUnsignedAuthEvent(challenge, pubkey, relayURL string) nostr.Event {
} }
} }
// helper function for ValidateAuthEvent
func parseUrl(input string) (*url.URL, error) {
return url.Parse(
strings.ToLower(
strings.TrimSuffix(input, "/"),
),
)
}
// ValidateAuthEvent checks whether event is a valid NIP-42 event for given challenge and relayURL. // ValidateAuthEvent checks whether event is a valid NIP-42 event for given challenge and relayURL.
// The result of the validation is encoded in the ok bool. // The result of the validation is encoded in the ok bool.
func ValidateAuthEvent(event *nostr.Event, challenge string, relayURL string) (pubkey string, ok bool) { func ValidateAuthEvent(event *nostr.Event, challenge string, relayURL string) (pubkey string, ok bool) {
if ok, _ := event.CheckSignature(); !ok {
return "", false
}
if event.Kind != 22242 { if event.Kind != 22242 {
return "", false return "", false
} }
now := time.Now()
if event.CreatedAt.After(now.Add(10*time.Minute)) || event.CreatedAt.Before(now.Add(-10*time.Minute)) {
return "", false
}
if event.Tags.GetFirst([]string{"challenge", challenge}) == nil { if event.Tags.GetFirst([]string{"challenge", challenge}) == nil {
return "", false return "", false
} }
parseUrl := func(input string) (*url.URL, error) {
return url.Parse(
strings.ToLower(
strings.TrimSuffix(input, "/"),
),
)
}
expected, err := parseUrl(relayURL) expected, err := parseUrl(relayURL)
if err != nil { if err != nil {
return "", false return "", false
@@ -66,5 +59,16 @@ func ValidateAuthEvent(event *nostr.Event, challenge string, relayURL string) (p
return "", false return "", false
} }
now := time.Now()
if event.CreatedAt.After(now.Add(10*time.Minute)) || event.CreatedAt.Before(now.Add(-10*time.Minute)) {
return "", false
}
// save for last, as it is most expensive operation
// no need to check returned error, since ok == true implies err == nil.
if ok, _ := event.CheckSignature(); !ok {
return "", false
}
return event.PubKey, true return event.PubKey, true
} }