fix signing functions to be more strict and correct.

2025-12-08 16:28:49 +00:00 · 2022-12-29 18:26:18 -03:00
parent 3cb351a5f4
commit 4b36848b2d
3 changed files with 17 additions and 11 deletions
--- a/event.test.js
+++ b/event.test.js
@@ -4,7 +4,6 @@ const {
  validateEvent,
  verifySignature,
  signEvent,
-  getEventHash,
  getPublicKey
 } = require('./lib/nostr.cjs')

@@ -35,15 +34,15 @@ test('validate event', () => {
 })

 test('check signature', async () => {
-  expect(await verifySignature(event)).toBeTruthy()
+  expect(verifySignature(event)).toBeTruthy()
 })

 test('sign event', async () => {
-  let sig = await signEvent(unsigned, privateKey)
-  let hash = getEventHash(unsigned)
  let pubkey = getPublicKey(privateKey)
+  let authored = {...unsigned, pubkey}

-  let signed = {...unsigned, id: hash, sig, pubkey}
+  let sig = signEvent(authored, privateKey)
+  let signed = {...authored, sig}

-  expect(await verifySignature(signed)).toBeTruthy()
+  expect(verifySignature(signed)).toBeTruthy()
 })
--- a/event.ts
+++ b/event.ts
@@ -3,7 +3,6 @@ import {sha256} from '@noble/hashes/sha256'

 import {utf8Encoder} from './utils'

-
 /* eslint-disable no-unused-vars */
 export enum Kind {
  Metadata = 0,
@@ -17,7 +16,7 @@ export enum Kind {
  ChannelMetadata = 41,
  ChannelMessage = 42,
  ChannelHideMessage = 43,
-  ChannelMuteUser = 44,
+  ChannelMuteUser = 44
 }

 export type Event = {
@@ -41,6 +40,9 @@ export function getBlankEvent(): Event {
 }

 export function serializeEvent(evt: Event): string {
+  if (!validateEvent(evt))
+    throw new Error("can't serialize event with wrong or missing properties")
+
  return JSON.stringify([
    0,
    evt.pubkey,
@@ -57,9 +59,10 @@ export function getEventHash(event: Event): string {
 }

 export function validateEvent(event: Event): boolean {
-  if (event.id !== getEventHash(event)) return false
  if (typeof event.content !== 'string') return false
  if (typeof event.created_at !== 'number') return false
+  if (typeof event.pubkey !== 'string') return false
+  if (!event.pubkey.match(/^[a-f0-9]{64}$/)) return false

  if (!Array.isArray(event.tags)) return false
  for (let i = 0; i < event.tags.length; i++) {
@@ -74,7 +77,11 @@ export function validateEvent(event: Event): boolean {
 }

 export function verifySignature(event: Event & {sig: string}): boolean {
-  return secp256k1.schnorr.verifySync(event.sig, getEventHash(event), event.pubkey)
+  return secp256k1.schnorr.verifySync(
+    event.sig,
+    getEventHash(event),
+    event.pubkey
+  )
 }

 export function signEvent(event: Event, key: string): string {
--- a/relay.test.js
+++ b/relay.test.js
@@ -98,7 +98,7 @@ test('listening (twice) and publishing', async () => {
    content: 'nostr-tools test suite'
  }
  event.id = getEventHash(event)
-  event.sig = await signEvent(event, sk)
+  event.sig = signEvent(event, sk)

  relay.publish(event)
  return expect(