highperfocused/khatru
1
0
Fork 0
mirror of https://github.com/fiatjaf/khatru.git synced 2025-03-17 21:32:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

nip86: disallow old auth events.

Browse Source
This commit is contained in:
fiatjaf 2024-07-09 17:03:39 -03:00
parent 91c652ef48
commit dea3e59c92
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nip86.go
View File

@ -52,22 +52,25 @@ func (rl *Relay) HandleNIP86(w http.ResponseWriter, r *http.Request) {
auth := r.Header.Get("Authorization")
spl := strings.Split(auth, "Nostr ")
if len(spl) != 2 {
http.Error(w, "missing auth", 403)
http.Error(w, "missing auth", 401)
return
}
var evt nostr.Event
if evtj, err := base64.StdEncoding.DecodeString(spl[1]); err != nil {
http.Error(w, "invalid base64 auth", 403)
http.Error(w, "invalid base64 auth", 401)
return
} else if err := json.Unmarshal(evtj, &evt); err != nil {
http.Error(w, "invalid auth event json", 403)
http.Error(w, "invalid auth event json", 401)
return
} else if ok, _ := evt.CheckSignature(); !ok {
http.Error(w, "invalid auth event", 403)
http.Error(w, "invalid auth event", 401)
return
} else if pht := evt.Tags.GetFirst([]string{"payload", hex.EncodeToString(payloadHash[:])}); pht == nil {
http.Error(w, "invalid auth event payload hash", 403)
http.Error(w, "invalid auth event payload hash", 401)
return
} else if evt.CreatedAt < nostr.Now()-30 {
http.Error(w, "auth event is too old", 401)
return
}