mirror of
https://github.com/nbd-wtf/nostr-tools.git
synced 2025-12-08 16:28:49 +00:00
fix signing functions to be more strict and correct.
This commit is contained in:
fiatjaf
@@ -4,7 +4,6 @@ const {
|
||||
validateEvent,
|
||||
verifySignature,
|
||||
signEvent,
|
||||
getEventHash,
|
||||
getPublicKey
|
||||
} = require('./lib/nostr.cjs')
|
||||
|
||||
@@ -35,15 +34,15 @@ test('validate event', () => {
|
||||
})
|
||||
|
||||
test('check signature', async () => {
|
||||
expect(await verifySignature(event)).toBeTruthy()
|
||||
expect(verifySignature(event)).toBeTruthy()
|
||||
})
|
||||
|
||||
test('sign event', async () => {
|
||||
let sig = await signEvent(unsigned, privateKey)
|
||||
let hash = getEventHash(unsigned)
|
||||
let pubkey = getPublicKey(privateKey)
|
||||
let authored = {...unsigned, pubkey}
|
||||
|
||||
let signed = {...unsigned, id: hash, sig, pubkey}
|
||||
let sig = signEvent(authored, privateKey)
|
||||
let signed = {...authored, sig}
|
||||
|
||||
expect(await verifySignature(signed)).toBeTruthy()
|
||||
expect(verifySignature(signed)).toBeTruthy()
|
||||
})
|
||||
|
||||
15
event.ts
15
event.ts
@@ -3,7 +3,6 @@ import {sha256} from '@noble/hashes/sha256'
|
||||
|
||||
import {utf8Encoder} from './utils'
|
||||
|
||||
|
||||
/* eslint-disable no-unused-vars */
|
||||
export enum Kind {
|
||||
Metadata = 0,
|
||||
@@ -17,7 +16,7 @@ export enum Kind {
|
||||
ChannelMetadata = 41,
|
||||
ChannelMessage = 42,
|
||||
ChannelHideMessage = 43,
|
||||
ChannelMuteUser = 44,
|
||||
ChannelMuteUser = 44
|
||||
}
|
||||
|
||||
export type Event = {
|
||||
@@ -41,6 +40,9 @@ export function getBlankEvent(): Event {
|
||||
}
|
||||
|
||||
export function serializeEvent(evt: Event): string {
|
||||
if (!validateEvent(evt))
|
||||
throw new Error("can't serialize event with wrong or missing properties")
|
||||
|
||||
return JSON.stringify([
|
||||
0,
|
||||
evt.pubkey,
|
||||
@@ -57,9 +59,10 @@ export function getEventHash(event: Event): string {
|
||||
}
|
||||
|
||||
export function validateEvent(event: Event): boolean {
|
||||
if (event.id !== getEventHash(event)) return false
|
||||
if (typeof event.content !== 'string') return false
|
||||
if (typeof event.created_at !== 'number') return false
|
||||
if (typeof event.pubkey !== 'string') return false
|
||||
if (!event.pubkey.match(/^[a-f0-9]{64}$/)) return false
|
||||
|
||||
if (!Array.isArray(event.tags)) return false
|
||||
for (let i = 0; i < event.tags.length; i++) {
|
||||
@@ -74,7 +77,11 @@ export function validateEvent(event: Event): boolean {
|
||||
}
|
||||
|
||||
export function verifySignature(event: Event & {sig: string}): boolean {
|
||||
return secp256k1.schnorr.verifySync(event.sig, getEventHash(event), event.pubkey)
|
||||
return secp256k1.schnorr.verifySync(
|
||||
event.sig,
|
||||
getEventHash(event),
|
||||
event.pubkey
|
||||
)
|
||||
}
|
||||
|
||||
export function signEvent(event: Event, key: string): string {
|
||||
|
||||
@@ -98,7 +98,7 @@ test('listening (twice) and publishing', async () => {
|
||||
content: 'nostr-tools test suite'
|
||||
}
|
||||
event.id = getEventHash(event)
|
||||
event.sig = await signEvent(event, sk)
|
||||
event.sig = signEvent(event, sk)
|
||||
|
||||
relay.publish(event)
|
||||
return expect(
|
||||
|
||||
Reference in New Issue
Block a user