laantungir/nostr-tools
1
0
Fork 0
mirror of https://github.com/nbd-wtf/nostr-tools.git synced 2025-12-09 16:48:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

update to support body payload and hash

Browse Source
This commit is contained in:
Josh Remaley
2023-11-13 08:26:04 -06:00
committed by fiatjaf_
parent a2a15567b7
commit dc04d1eb85
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
nip98.ts
View File

@@ -1,9 +1,16 @@
import { bytesToHex } from '@noble/hashes/utils'
import { sha256 } from '@noble/hashes/sha256'
import { base64 } from '@scure/base' import { base64 } from '@scure/base'
import { Event, EventTemplate, Kind, getBlankEvent, verifySignature } from './event' import { Event, EventTemplate, Kind, getBlankEvent, verifySignature } from './event'
import { utf8Decoder, utf8Encoder } from './utils' import { utf8Decoder, utf8Encoder } from './utils'
const _authorizationScheme = 'Nostr ' const _authorizationScheme = 'Nostr '
function hashPayload(payload: any): string {
const hash = sha256(utf8Encoder.encode(JSON.stringify(payload)))
return bytesToHex(hash)
}
/** /**
* Generate token for NIP-98 flow. * Generate token for NIP-98 flow.
* *
@@ -16,6 +23,7 @@ export async function getToken(
httpMethod: string, httpMethod: string,
sign: <K extends number = number>(e: EventTemplate<K>) => Promise<Event<K>> | Event<K>, sign: <K extends number = number>(e: EventTemplate<K>) => Promise<Event<K>> | Event<K>,
includeAuthorizationScheme: boolean = false, includeAuthorizationScheme: boolean = false,
payload?: Record<string, any>,
): Promise<string> { ): Promise<string> {
if (!loginUrl || !httpMethod) throw new Error('Missing loginUrl or httpMethod') if (!loginUrl || !httpMethod) throw new Error('Missing loginUrl or httpMethod')
@@ -25,6 +33,11 @@ export async function getToken(
['u', loginUrl], ['u', loginUrl],
['method', httpMethod], ['method', httpMethod],
] ]
if (payload) {
event.tags.push(['payload', bytesToHex(sha256(utf8Encoder.encode(JSON.stringify(payload))))])
}
event.created_at = Math.round(new Date().getTime() / 1000) event.created_at = Math.round(new Date().getTime() / 1000)
const signedEvent = await sign(event) const signedEvent = await sign(event)
@@ -66,7 +79,7 @@ export async function unpackEventFromToken(token: string): Promise<Event> {
return event return event
} }
export async function validateEvent(event: Event, url: string, method: string): Promise<boolean> { export async function validateEvent(event: Event, url: string, method: string, body?: any): Promise<boolean> {
if (!event) { if (!event) {
throw new Error('Invalid nostr event') throw new Error('Invalid nostr event')
} }
@@ -96,5 +109,13 @@ export async function validateEvent(event: Event, url: string, method: string):
throw new Error('Invalid nostr event, method tag invalid') throw new Error('Invalid nostr event, method tag invalid')
} }
if (Boolean(body) && Object.keys(body).length > 0) {
const payloadTag = event.tags.find(t => t[0] === 'payload')
const payloadHash = bytesToHex(sha256(utf8Encoder.encode(JSON.stringify(body))))
if (payloadTag?.[1] !== payloadHash) {
throw new Error('Invalid payload tag hash, does not match request body hash')
}
}
return true return true
} }