fix signing functions to be more strict and correct.

2025-12-09 00:28:51 +00:00 · 2022-12-29 18:26:18 -03:00
parent 3cb351a5f4
commit 4b36848b2d
3 changed files with 17 additions and 11 deletions
--- a/event.ts
+++ b/event.ts
@@ -3,7 +3,6 @@ import {sha256} from '@noble/hashes/sha256'

 import {utf8Encoder} from './utils'

-
 /* eslint-disable no-unused-vars */
 export enum Kind {
  Metadata = 0,
@@ -17,7 +16,7 @@ export enum Kind {
  ChannelMetadata = 41,
  ChannelMessage = 42,
  ChannelHideMessage = 43,
-  ChannelMuteUser = 44,
+  ChannelMuteUser = 44
 }

 export type Event = {
@@ -41,6 +40,9 @@ export function getBlankEvent(): Event {
 }

 export function serializeEvent(evt: Event): string {
+  if (!validateEvent(evt))
+    throw new Error("can't serialize event with wrong or missing properties")
+
  return JSON.stringify([
    0,
    evt.pubkey,
@@ -57,9 +59,10 @@ export function getEventHash(event: Event): string {
 }

 export function validateEvent(event: Event): boolean {
-  if (event.id !== getEventHash(event)) return false
  if (typeof event.content !== 'string') return false
  if (typeof event.created_at !== 'number') return false
+  if (typeof event.pubkey !== 'string') return false
+  if (!event.pubkey.match(/^[a-f0-9]{64}$/)) return false

  if (!Array.isArray(event.tags)) return false
  for (let i = 0; i < event.tags.length; i++) {
@@ -74,7 +77,11 @@ export function validateEvent(event: Event): boolean {
 }

 export function verifySignature(event: Event & {sig: string}): boolean {
-  return secp256k1.schnorr.verifySync(event.sig, getEventHash(event), event.pubkey)
+  return secp256k1.schnorr.verifySync(
+    event.sig,
+    getEventHash(event),
+    event.pubkey
+  )
 }

 export function signEvent(event: Event, key: string): string {