highperfocused/khatru
1
0
Fork 0
mirror of https://github.com/fiatjaf/khatru.git synced 2025-03-17 21:32:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

check id before signature and do not allow invalid ids.

Browse Source
This commit is contained in:
fiatjaf 2023-11-19 16:40:29 -03:00
parent 591b49fe73
commit 18e4904a00
No known key found for this signature in database
GPG Key ID: BAD43C4BE5C1A3A1
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
handlers.go
View File

@ -116,12 +116,12 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
return
}
// check serialization
serialized := evt.Serialize()
// assign ID
hash := sha256.Sum256(serialized)
evt.ID = hex.EncodeToString(hash[:])
// check id
hash := sha256.Sum256(evt.Serialize())
id := hex.EncodeToString(hash[:])
if id != evt.ID {
ws.WriteJSON(nostr.OKEnvelope{EventID: evt.ID, OK: false, Reason: "invalid: id is computed incorrectly"})
}
// check signature (requires the ID to be set)
if ok, err := evt.CheckSignature(); err != nil {