Merge pull request #267 from Airtune/nip98-extract-pubkey

+nip98.unpackEventFromToken +nip98.validateEvent
2025-12-08 16:28:49 +00:00 · 2023-08-08 08:48:29 -05:00
parent 3368e8c00e 4978c858e7
commit de7e128818
3 changed files with 62 additions and 15 deletions
--- a/nip98.test.ts
+++ b/nip98.test.ts
@@ -1,7 +1,5 @@
-import {base64} from '@scure/base'
-import {getToken, validateToken} from './nip98.ts'
+import {getToken, unpackEventFromToken, validateEvent, validateToken} from './nip98.ts'
 import {Event, Kind, finishEvent} from './event.ts'
-import {utf8Decoder} from './utils.ts'
 import {generatePrivateKey, getPublicKey} from './keys.ts'

 const sk = generatePrivateKey()
@@ -12,9 +10,7 @@ describe('getToken', () => {
      finishEvent(e, sk)
    )

-    const decodedResult: Event = JSON.parse(
-      utf8Decoder.decode(base64.decode(result))
-    )
+    const decodedResult: Event = await unpackEventFromToken(result)

    expect(decodedResult.created_at).toBeGreaterThan(0)
    expect(decodedResult.content).toBe('')
@@ -31,9 +27,7 @@ describe('getToken', () => {
      finishEvent(e, sk)
    )

-    const decodedResult: Event = JSON.parse(
-      utf8Decoder.decode(base64.decode(result))
-    )
+    const decodedResult: Event = await unpackEventFromToken(result)

    expect(decodedResult.created_at).toBeGreaterThan(0)
    expect(decodedResult.content).toBe('')
@@ -57,9 +51,7 @@ describe('getToken', () => {

    expect(result.startsWith(authorizationScheme)).toBe(true)

-    const decodedResult: Event = JSON.parse(
-      utf8Decoder.decode(base64.decode(result.replace(authorizationScheme, '')))
-    )
+    const decodedResult: Event = await unpackEventFromToken(result)

    expect(decodedResult.created_at).toBeGreaterThan(0)
    expect(decodedResult.content).toBe('')
@@ -136,4 +128,43 @@ describe('validateToken', () => {
    const result = validateToken(validToken, 'http://test.com', 'post')
    await expect(result).rejects.toThrow(Error)
  })
+
+  test('validateEvent returns true for valid decoded token with authorization scheme', async () => {
+    const validToken = await getToken(
+      'http://test.com',
+      'get',
+      e => finishEvent(e, sk),
+      true
+    )
+    const decodedResult: Event = await unpackEventFromToken(validToken)
+
+    const result = await validateEvent(decodedResult, 'http://test.com', 'get')
+    expect(result).toBe(true)
+  })
+
+  test('validateEvent throws an error for a wrong url', async () => {
+    const validToken = await getToken(
+      'http://test.com',
+      'get',
+      e => finishEvent(e, sk),
+      true
+    )
+    const decodedResult: Event = await unpackEventFromToken(validToken)
+
+    const result = validateEvent(decodedResult, 'http://wrong-test.com', 'get')
+    await expect(result).rejects.toThrow(Error)
+  })
+
+  test('validateEvent throws an error for a wrong method', async () => {
+    const validToken = await getToken(
+      'http://test.com',
+      'get',
+      e => finishEvent(e, sk),
+      true
+    )
+    const decodedResult: Event = await unpackEventFromToken(validToken)
+
+    const result = validateEvent(decodedResult, 'http://test.com', 'post')
+    await expect(result).rejects.toThrow(Error)
+  })
 })
--- a/nip98.ts
+++ b/nip98.ts
@@ -20,7 +20,7 @@ const _authorizationScheme = 'Nostr '
 *
 * @example
 * const sign = window.nostr.signEvent
- * await getToken('https://example.com/login', 'post', sign, true)
+ * await nip98.getToken('https://example.com/login', 'post', (e) => sign(e), true)
 */
 export async function getToken(
  loginUrl: string,
@@ -58,13 +58,20 @@ export async function getToken(
 * Validate token for NIP-98 flow.
 *
 * @example
- * await validateToken('Nostr base64token', 'https://example.com/login', 'post')
+ * await nip98.validateToken('Nostr base64token', 'https://example.com/login', 'post')
 */
 export async function validateToken(
  token: string,
  url: string,
  method: string
 ): Promise<boolean> {
+  const event = await unpackEventFromToken(token).catch((error) => { throw(error) })
+  const valid = await validateEvent(event, url, method).catch((error) => { throw(error) })
+
+  return valid
+}
+
+export async function unpackEventFromToken(token: string): Promise<Event> {
  if (!token) {
    throw new Error('Missing token')
  }
@@ -76,6 +83,15 @@ export async function validateToken(
  }

  const event = JSON.parse(eventB64) as Event
+
+  return event
+}
+
+export async function validateEvent(
+  event: Event,
+  url: string,
+  method: string
+): Promise<boolean> {
  if (!event) {
    throw new Error('Invalid nostr event')
  }
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "nostr-tools",
-  "version": "1.14.0",
+  "version": "1.14.1",
  "description": "Tools for making a Nostr client.",
  "repository": {
    "type": "git",