nip46: pass secret to authorize functions.

2025-09-17 19:13:56 +02:00 · 2024-05-15 16:13:12 -03:00
parent 4a2242e965
commit a183ab0768
3 changed files with 24 additions and 16 deletions
--- a/nip46/create_account.go
+++ b/nip46/create_account.go
@@ -30,15 +30,15 @@ func CreateAccount(
 	pool *nostr.SimplePool,
 	extraOpts *CreateAccountOptions,
 	onAuth func(string),
-) (*BunkerClient, error) {
+) (*BunkerClient, []string, error) {
 	if pool == nil {
 		pool = nostr.NewSimplePool(ctx)
 	}

 	// create a bunker that targets the provider directly
-	providerPubkey, relays, err := queryWellKnownNostrJson(ctx, domain)
+	providerPubkey, relays, err := queryWellKnownNostrJson(ctx, "_@"+domain)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}

 	bunker := NewBunker(
@@ -52,7 +52,7 @@ func CreateAccount(

 	_, err = bunker.RPC(ctx, "connect", []string{providerPubkey, ""})
 	if err != nil {
-		return nil, fmt.Errorf("initial connect error: %w", err)
+		return nil, relays, fmt.Errorf("initial connect error: %w", err)
 	}

 	// call create_account on it, it should return the value of the public key that will be created
@@ -62,7 +62,7 @@ func CreateAccount(
 	}
 	resp, err := bunker.RPC(ctx, "create_account", []string{name, domain, email})
 	if err != nil {
-		return nil, fmt.Errorf("error on create_account: %w", err)
+		return nil, relays, fmt.Errorf("error on create_account: %w", err)
 	}

 	newlyCreatedPublicKey := resp
@@ -75,8 +75,8 @@ func CreateAccount(
 	// finally try to connect again using the new key as the target
 	_, err = bunker.RPC(ctx, "connect", []string{newlyCreatedPublicKey, ""})
 	if err != nil {
-		return nil, fmt.Errorf("newly-created public key connect error: %w", err)
+		return bunker, relays, fmt.Errorf("newly-created public key connect error: %w", err)
 	}

-	return bunker, err
+	return bunker, relays, err
 }
--- a/nip46/dynamic-signer.go
+++ b/nip46/dynamic-signer.go
@@ -24,16 +24,16 @@ type DynamicSigner struct {
 	RelaysToAdvertise map[string]RelayReadWrite

 	getPrivateKey       func(pubkey string) (string, error)
-	authorizeSigning    func(event nostr.Event) bool
+	authorizeSigning    func(event nostr.Event, from string, secret string) bool
 	onEventSigned       func(event nostr.Event)
-	authorizeEncryption func() bool
+	authorizeEncryption func(from string, secret string) bool
 }

 func NewDynamicSigner(
 	getPrivateKey func(pubkey string) (string, error),
-	authorizeSigning func(event nostr.Event) bool,
+	authorizeSigning func(event nostr.Event, from string, secret string) bool,
 	onEventSigned func(event nostr.Event),
-	authorizeEncryption func() bool,
+	authorizeEncryption func(from string, secret string) bool,
 ) DynamicSigner {
 	return DynamicSigner{
 		getPrivateKey:       getPrivateKey,
@@ -112,11 +112,15 @@ func (p *DynamicSigner) HandleRequest(event *nostr.Event) (
 		}
 	}

+	var secret string
 	var result string
 	var resultErr error

 	switch req.Method {
 	case "connect":
+		if len(req.Params) >= 2 {
+			secret = req.Params[1]
+		}
 		result = "ack"
 	case "get_public_key":
 		result = targetPubkey
@@ -131,7 +135,7 @@ func (p *DynamicSigner) HandleRequest(event *nostr.Event) (
 			resultErr = fmt.Errorf("failed to decode event/2: %w", err)
 			break
 		}
-		if !p.authorizeSigning(evt) {
+		if !p.authorizeSigning(evt, event.PubKey, secret) {
 			resultErr = fmt.Errorf("refusing to sign this event")
 			break
 		}
@@ -155,7 +159,7 @@ func (p *DynamicSigner) HandleRequest(event *nostr.Event) (
 			resultErr = fmt.Errorf("first argument to 'nip04_encrypt' is not a pubkey string")
 			break
 		}
-		if !p.authorizeEncryption() {
+		if !p.authorizeEncryption(event.PubKey, secret) {
 			resultErr = fmt.Errorf("refusing to encrypt")
 			break
 		}
@@ -189,7 +193,7 @@ func (p *DynamicSigner) HandleRequest(event *nostr.Event) (
 			resultErr = fmt.Errorf("first argument to 'nip04_decrypt' is not a pubkey string")
 			break
 		}
-		if !p.authorizeEncryption() {
+		if !p.authorizeEncryption(event.PubKey, secret) {
 			resultErr = fmt.Errorf("refusing to decrypt")
 			break
 		}
--- a/nip46/static-key-signer.go
+++ b/nip46/static-key-signer.go
@@ -24,7 +24,7 @@ type StaticKeySigner struct {
 	sync.Mutex

 	RelaysToAdvertise map[string]RelayReadWrite
-	AuthorizeRequest  func(harmless bool, from string) bool
+	AuthorizeRequest  func(harmless bool, from string, secret string) bool
 }

 func NewStaticKeySigner(secretKey string) StaticKeySigner {
@@ -92,12 +92,16 @@ func (p *StaticKeySigner) HandleRequest(event *nostr.Event) (
 		return req, resp, eventResponse, fmt.Errorf("error parsing request: %w", err)
 	}

+	var secret string
 	var harmless bool
 	var result string
 	var resultErr error

 	switch req.Method {
 	case "connect":
+		if len(req.Params) >= 2 {
+			secret = req.Params[1]
+		}
 		result = "ack"
 		harmless = true
 	case "get_public_key":
@@ -197,7 +201,7 @@ func (p *StaticKeySigner) HandleRequest(event *nostr.Event) (
 	}

 	if resultErr == nil && p.AuthorizeRequest != nil {
-		if !p.AuthorizeRequest(harmless, event.PubKey) {
+		if !p.AuthorizeRequest(harmless, event.PubKey, secret) {
 			resultErr = fmt.Errorf("unauthorized")
 		}
 	}