highperfocused/go-nostr
1
0
Fork 0
mirror of https://github.com/nbd-wtf/go-nostr.git synced 2025-09-17 19:13:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

nip46: pass secret to authorize functions.

Browse Source
This commit is contained in:
fiatjaf
2024-05-15 16:13:12 -03:00
parent 4a2242e965
commit a183ab0768
3 changed files with 24 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nip46/create_account.go
View File

@@ -30,15 +30,15 @@ func CreateAccount(
pool *nostr.SimplePool, pool *nostr.SimplePool,
extraOpts *CreateAccountOptions, extraOpts *CreateAccountOptions,
onAuth func(string), onAuth func(string),
) (*BunkerClient, error) { ) (*BunkerClient, []string, error) {
if pool == nil { if pool == nil {
pool = nostr.NewSimplePool(ctx) pool = nostr.NewSimplePool(ctx)
} }
// create a bunker that targets the provider directly // create a bunker that targets the provider directly
providerPubkey, relays, err := queryWellKnownNostrJson(ctx, domain) providerPubkey, relays, err := queryWellKnownNostrJson(ctx, "_@"+domain)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
bunker := NewBunker( bunker := NewBunker(
@@ -52,7 +52,7 @@ func CreateAccount(
_, err = bunker.RPC(ctx, "connect", []string{providerPubkey, ""}) _, err = bunker.RPC(ctx, "connect", []string{providerPubkey, ""})
if err != nil { if err != nil {
return nil, fmt.Errorf("initial connect error: %w", err) return nil, relays, fmt.Errorf("initial connect error: %w", err)
} }
// call create_account on it, it should return the value of the public key that will be created // call create_account on it, it should return the value of the public key that will be created
@@ -62,7 +62,7 @@ func CreateAccount(
} }
resp, err := bunker.RPC(ctx, "create_account", []string{name, domain, email}) resp, err := bunker.RPC(ctx, "create_account", []string{name, domain, email})
if err != nil { if err != nil {
return nil, fmt.Errorf("error on create_account: %w", err) return nil, relays, fmt.Errorf("error on create_account: %w", err)
} }
newlyCreatedPublicKey := resp newlyCreatedPublicKey := resp
@@ -75,8 +75,8 @@ func CreateAccount(
// finally try to connect again using the new key as the target // finally try to connect again using the new key as the target
_, err = bunker.RPC(ctx, "connect", []string{newlyCreatedPublicKey, ""}) _, err = bunker.RPC(ctx, "connect", []string{newlyCreatedPublicKey, ""})
if err != nil { if err != nil {
return nil, fmt.Errorf("newly-created public key connect error: %w", err) return bunker, relays, fmt.Errorf("newly-created public key connect error: %w", err)
} }
return bunker, err return bunker, relays, err
} }

18
nip46/dynamic-signer.go
View File

@@ -24,16 +24,16 @@ type DynamicSigner struct {
RelaysToAdvertise map[string]RelayReadWrite RelaysToAdvertise map[string]RelayReadWrite
getPrivateKey func(pubkey string) (string, error) getPrivateKey func(pubkey string) (string, error)
authorizeSigning func(event nostr.Event) bool authorizeSigning func(event nostr.Event, from string, secret string) bool
onEventSigned func(event nostr.Event) onEventSigned func(event nostr.Event)
authorizeEncryption func() bool authorizeEncryption func(from string, secret string) bool
} }
func NewDynamicSigner( func NewDynamicSigner(
getPrivateKey func(pubkey string) (string, error), getPrivateKey func(pubkey string) (string, error),
authorizeSigning func(event nostr.Event) bool, authorizeSigning func(event nostr.Event, from string, secret string) bool,
onEventSigned func(event nostr.Event), onEventSigned func(event nostr.Event),
authorizeEncryption func() bool, authorizeEncryption func(from string, secret string) bool,
) DynamicSigner { ) DynamicSigner {
return DynamicSigner{ return DynamicSigner{
getPrivateKey: getPrivateKey, getPrivateKey: getPrivateKey,
@@ -112,11 +112,15 @@ func (p *DynamicSigner) HandleRequest(event *nostr.Event) (
} }
} }
var secret string
var result string var result string
var resultErr error var resultErr error
switch req.Method { switch req.Method {
case "connect": case "connect":
if len(req.Params) >= 2 {
secret = req.Params[1]
}
result = "ack" result = "ack"
case "get_public_key": case "get_public_key":
result = targetPubkey result = targetPubkey
@@ -131,7 +135,7 @@ func (p *DynamicSigner) HandleRequest(event *nostr.Event) (
resultErr = fmt.Errorf("failed to decode event/2: %w", err) resultErr = fmt.Errorf("failed to decode event/2: %w", err)
break break
} }
if !p.authorizeSigning(evt) { if !p.authorizeSigning(evt, event.PubKey, secret) {
resultErr = fmt.Errorf("refusing to sign this event") resultErr = fmt.Errorf("refusing to sign this event")
break break
} }
@@ -155,7 +159,7 @@ func (p *DynamicSigner) HandleRequest(event *nostr.Event) (
resultErr = fmt.Errorf("first argument to 'nip04_encrypt' is not a pubkey string") resultErr = fmt.Errorf("first argument to 'nip04_encrypt' is not a pubkey string")
break break
} }
if !p.authorizeEncryption() { if !p.authorizeEncryption(event.PubKey, secret) {
resultErr = fmt.Errorf("refusing to encrypt") resultErr = fmt.Errorf("refusing to encrypt")
break break
} }
@@ -189,7 +193,7 @@ func (p *DynamicSigner) HandleRequest(event *nostr.Event) (
resultErr = fmt.Errorf("first argument to 'nip04_decrypt' is not a pubkey string") resultErr = fmt.Errorf("first argument to 'nip04_decrypt' is not a pubkey string")
break break
} }
if !p.authorizeEncryption() { if !p.authorizeEncryption(event.PubKey, secret) {
resultErr = fmt.Errorf("refusing to decrypt") resultErr = fmt.Errorf("refusing to decrypt")
break break
} }

8
nip46/static-key-signer.go
View File

@@ -24,7 +24,7 @@ type StaticKeySigner struct {
sync.Mutex sync.Mutex
RelaysToAdvertise map[string]RelayReadWrite RelaysToAdvertise map[string]RelayReadWrite
AuthorizeRequest func(harmless bool, from string) bool AuthorizeRequest func(harmless bool, from string, secret string) bool
} }
func NewStaticKeySigner(secretKey string) StaticKeySigner { func NewStaticKeySigner(secretKey string) StaticKeySigner {
@@ -92,12 +92,16 @@ func (p *StaticKeySigner) HandleRequest(event *nostr.Event) (
return req, resp, eventResponse, fmt.Errorf("error parsing request: %w", err) return req, resp, eventResponse, fmt.Errorf("error parsing request: %w", err)
} }
var secret string
var harmless bool var harmless bool
var result string var result string
var resultErr error var resultErr error
switch req.Method { switch req.Method {
case "connect": case "connect":
if len(req.Params) >= 2 {
secret = req.Params[1]
}
result = "ack" result = "ack"
harmless = true harmless = true
case "get_public_key": case "get_public_key":
@@ -197,7 +201,7 @@ func (p *StaticKeySigner) HandleRequest(event *nostr.Event) (
} }
if resultErr == nil && p.AuthorizeRequest != nil { if resultErr == nil && p.AuthorizeRequest != nil {
if !p.AuthorizeRequest(harmless, event.PubKey) { if !p.AuthorizeRequest(harmless, event.PubKey, secret) {
resultErr = fmt.Errorf("unauthorized") resultErr = fmt.Errorf("unauthorized")
} }
} }