laantungir/nostr-tools
1
0
Fork 0
mirror of https://github.com/nbd-wtf/nostr-tools.git synced 2025-12-10 09:08:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix signing functions to be more strict and correct.

Browse Source
This commit is contained in:
fiatjaf
2022-12-29 18:26:18 -03:00
parent 3cb351a5f4
commit 4b36848b2d
3 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
event.test.js
View File

@@ -4,7 +4,6 @@ const {
validateEvent, validateEvent,
verifySignature, verifySignature,
signEvent, signEvent,
getEventHash,
getPublicKey getPublicKey
} = require('./lib/nostr.cjs') } = require('./lib/nostr.cjs')
@@ -35,15 +34,15 @@ test('validate event', () => {
}) })
test('check signature', async () => { test('check signature', async () => {
expect(await verifySignature(event)).toBeTruthy() expect(verifySignature(event)).toBeTruthy()
}) })
test('sign event', async () => { test('sign event', async () => {
let sig = await signEvent(unsigned, privateKey)
let hash = getEventHash(unsigned)
let pubkey = getPublicKey(privateKey) let pubkey = getPublicKey(privateKey)
let authored = {...unsigned, pubkey}
let signed = {...unsigned, id: hash, sig, pubkey} let sig = signEvent(authored, privateKey)
let signed = {...authored, sig}
expect(await verifySignature(signed)).toBeTruthy() expect(verifySignature(signed)).toBeTruthy()
}) })

15
event.ts
View File

@@ -3,7 +3,6 @@ import {sha256} from '@noble/hashes/sha256'
import {utf8Encoder} from './utils' import {utf8Encoder} from './utils'
/* eslint-disable no-unused-vars */ /* eslint-disable no-unused-vars */
export enum Kind { export enum Kind {
Metadata = 0, Metadata = 0,
@@ -17,7 +16,7 @@ export enum Kind {
ChannelMetadata = 41, ChannelMetadata = 41,
ChannelMessage = 42, ChannelMessage = 42,
ChannelHideMessage = 43, ChannelHideMessage = 43,
ChannelMuteUser = 44, ChannelMuteUser = 44
} }
export type Event = { export type Event = {
@@ -41,6 +40,9 @@ export function getBlankEvent(): Event {
} }
export function serializeEvent(evt: Event): string { export function serializeEvent(evt: Event): string {
if (!validateEvent(evt))
throw new Error("can't serialize event with wrong or missing properties")
return JSON.stringify([ return JSON.stringify([
0, 0,
evt.pubkey, evt.pubkey,
@@ -57,9 +59,10 @@ export function getEventHash(event: Event): string {
} }
export function validateEvent(event: Event): boolean { export function validateEvent(event: Event): boolean {
if (event.id !== getEventHash(event)) return false
if (typeof event.content !== 'string') return false if (typeof event.content !== 'string') return false
if (typeof event.created_at !== 'number') return false if (typeof event.created_at !== 'number') return false
if (typeof event.pubkey !== 'string') return false
if (!event.pubkey.match(/^[a-f0-9]{64}$/)) return false
if (!Array.isArray(event.tags)) return false if (!Array.isArray(event.tags)) return false
for (let i = 0; i < event.tags.length; i++) { for (let i = 0; i < event.tags.length; i++) {
@@ -74,7 +77,11 @@ export function validateEvent(event: Event): boolean {
} }
export function verifySignature(event: Event & {sig: string}): boolean { export function verifySignature(event: Event & {sig: string}): boolean {
return secp256k1.schnorr.verifySync(event.sig, getEventHash(event), event.pubkey) return secp256k1.schnorr.verifySync(
event.sig,
getEventHash(event),
event.pubkey
)
} }
export function signEvent(event: Event, key: string): string { export function signEvent(event: Event, key: string): string {

2
relay.test.js
View File

@@ -98,7 +98,7 @@ test('listening (twice) and publishing', async () => {
content: 'nostr-tools test suite' content: 'nostr-tools test suite'
} }
event.id = getEventHash(event) event.id = getEventHash(event)
event.sig = await signEvent(event, sk) event.sig = signEvent(event, sk)
relay.publish(event) relay.publish(event)
return expect( return expect(