231 lines
7.4 KiB
JavaScript
231 lines
7.4 KiB
JavaScript
"use strict";
|
|
var __defProp = Object.defineProperty;
|
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
var __export = (target, all) => {
|
|
for (var name in all)
|
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
};
|
|
var __copyProps = (to, from, except, desc) => {
|
|
if (from && typeof from === "object" || typeof from === "function") {
|
|
for (let key of __getOwnPropNames(from))
|
|
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
}
|
|
return to;
|
|
};
|
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
|
|
// nip98.ts
|
|
var nip98_exports = {};
|
|
__export(nip98_exports, {
|
|
getToken: () => getToken,
|
|
hashPayload: () => hashPayload,
|
|
unpackEventFromToken: () => unpackEventFromToken,
|
|
validateEvent: () => validateEvent2,
|
|
validateEventKind: () => validateEventKind,
|
|
validateEventMethodTag: () => validateEventMethodTag,
|
|
validateEventPayloadTag: () => validateEventPayloadTag,
|
|
validateEventTimestamp: () => validateEventTimestamp,
|
|
validateEventUrlTag: () => validateEventUrlTag,
|
|
validateToken: () => validateToken
|
|
});
|
|
module.exports = __toCommonJS(nip98_exports);
|
|
var import_sha2562 = require("@noble/hashes/sha256");
|
|
var import_utils4 = require("@noble/hashes/utils");
|
|
var import_base = require("@scure/base");
|
|
|
|
// pure.ts
|
|
var import_secp256k1 = require("@noble/curves/secp256k1");
|
|
var import_utils2 = require("@noble/hashes/utils");
|
|
|
|
// core.ts
|
|
var verifiedSymbol = Symbol("verified");
|
|
var isRecord = (obj) => obj instanceof Object;
|
|
function validateEvent(event) {
|
|
if (!isRecord(event))
|
|
return false;
|
|
if (typeof event.kind !== "number")
|
|
return false;
|
|
if (typeof event.content !== "string")
|
|
return false;
|
|
if (typeof event.created_at !== "number")
|
|
return false;
|
|
if (typeof event.pubkey !== "string")
|
|
return false;
|
|
if (!event.pubkey.match(/^[a-f0-9]{64}$/))
|
|
return false;
|
|
if (!Array.isArray(event.tags))
|
|
return false;
|
|
for (let i2 = 0; i2 < event.tags.length; i2++) {
|
|
let tag = event.tags[i2];
|
|
if (!Array.isArray(tag))
|
|
return false;
|
|
for (let j = 0; j < tag.length; j++) {
|
|
if (typeof tag[j] !== "string")
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
// pure.ts
|
|
var import_sha256 = require("@noble/hashes/sha256");
|
|
|
|
// utils.ts
|
|
var import_utils = require("@noble/hashes/utils");
|
|
var utf8Decoder = new TextDecoder("utf-8");
|
|
var utf8Encoder = new TextEncoder();
|
|
|
|
// pure.ts
|
|
var JS = class {
|
|
generateSecretKey() {
|
|
return import_secp256k1.schnorr.utils.randomPrivateKey();
|
|
}
|
|
getPublicKey(secretKey) {
|
|
return (0, import_utils2.bytesToHex)(import_secp256k1.schnorr.getPublicKey(secretKey));
|
|
}
|
|
finalizeEvent(t, secretKey) {
|
|
const event = t;
|
|
event.pubkey = (0, import_utils2.bytesToHex)(import_secp256k1.schnorr.getPublicKey(secretKey));
|
|
event.id = getEventHash(event);
|
|
event.sig = (0, import_utils2.bytesToHex)(import_secp256k1.schnorr.sign(getEventHash(event), secretKey));
|
|
event[verifiedSymbol] = true;
|
|
return event;
|
|
}
|
|
verifyEvent(event) {
|
|
if (typeof event[verifiedSymbol] === "boolean")
|
|
return event[verifiedSymbol];
|
|
const hash = getEventHash(event);
|
|
if (hash !== event.id) {
|
|
event[verifiedSymbol] = false;
|
|
return false;
|
|
}
|
|
try {
|
|
const valid = import_secp256k1.schnorr.verify(event.sig, hash, event.pubkey);
|
|
event[verifiedSymbol] = valid;
|
|
return valid;
|
|
} catch (err) {
|
|
event[verifiedSymbol] = false;
|
|
return false;
|
|
}
|
|
}
|
|
};
|
|
function serializeEvent(evt) {
|
|
if (!validateEvent(evt))
|
|
throw new Error("can't serialize event with wrong or missing properties");
|
|
return JSON.stringify([0, evt.pubkey, evt.created_at, evt.kind, evt.tags, evt.content]);
|
|
}
|
|
function getEventHash(event) {
|
|
let eventHash = (0, import_sha256.sha256)(utf8Encoder.encode(serializeEvent(event)));
|
|
return (0, import_utils2.bytesToHex)(eventHash);
|
|
}
|
|
var i = new JS();
|
|
var generateSecretKey = i.generateSecretKey;
|
|
var getPublicKey = i.getPublicKey;
|
|
var finalizeEvent = i.finalizeEvent;
|
|
var verifyEvent = i.verifyEvent;
|
|
|
|
// kinds.ts
|
|
var HTTPAuth = 27235;
|
|
|
|
// nip98.ts
|
|
var _authorizationScheme = "Nostr ";
|
|
async function getToken(loginUrl, httpMethod, sign, includeAuthorizationScheme = false, payload) {
|
|
const event = {
|
|
kind: HTTPAuth,
|
|
tags: [
|
|
["u", loginUrl],
|
|
["method", httpMethod]
|
|
],
|
|
created_at: Math.round(new Date().getTime() / 1e3),
|
|
content: ""
|
|
};
|
|
if (payload) {
|
|
event.tags.push(["payload", hashPayload(payload)]);
|
|
}
|
|
const signedEvent = await sign(event);
|
|
const authorizationScheme = includeAuthorizationScheme ? _authorizationScheme : "";
|
|
return authorizationScheme + import_base.base64.encode(utf8Encoder.encode(JSON.stringify(signedEvent)));
|
|
}
|
|
async function validateToken(token, url, method) {
|
|
const event = await unpackEventFromToken(token).catch((error) => {
|
|
throw error;
|
|
});
|
|
const valid = await validateEvent2(event, url, method).catch((error) => {
|
|
throw error;
|
|
});
|
|
return valid;
|
|
}
|
|
async function unpackEventFromToken(token) {
|
|
if (!token) {
|
|
throw new Error("Missing token");
|
|
}
|
|
token = token.replace(_authorizationScheme, "");
|
|
const eventB64 = utf8Decoder.decode(import_base.base64.decode(token));
|
|
if (!eventB64 || eventB64.length === 0 || !eventB64.startsWith("{")) {
|
|
throw new Error("Invalid token");
|
|
}
|
|
const event = JSON.parse(eventB64);
|
|
return event;
|
|
}
|
|
function validateEventTimestamp(event) {
|
|
if (!event.created_at) {
|
|
return false;
|
|
}
|
|
return Math.round(new Date().getTime() / 1e3) - event.created_at < 60;
|
|
}
|
|
function validateEventKind(event) {
|
|
return event.kind === HTTPAuth;
|
|
}
|
|
function validateEventUrlTag(event, url) {
|
|
const urlTag = event.tags.find((t) => t[0] === "u");
|
|
if (!urlTag) {
|
|
return false;
|
|
}
|
|
return urlTag.length > 0 && urlTag[1] === url;
|
|
}
|
|
function validateEventMethodTag(event, method) {
|
|
const methodTag = event.tags.find((t) => t[0] === "method");
|
|
if (!methodTag) {
|
|
return false;
|
|
}
|
|
return methodTag.length > 0 && methodTag[1].toLowerCase() === method.toLowerCase();
|
|
}
|
|
function hashPayload(payload) {
|
|
const hash = (0, import_sha2562.sha256)(utf8Encoder.encode(JSON.stringify(payload)));
|
|
return (0, import_utils4.bytesToHex)(hash);
|
|
}
|
|
function validateEventPayloadTag(event, payload) {
|
|
const payloadTag = event.tags.find((t) => t[0] === "payload");
|
|
if (!payloadTag) {
|
|
return false;
|
|
}
|
|
const payloadHash = hashPayload(payload);
|
|
return payloadTag.length > 0 && payloadTag[1] === payloadHash;
|
|
}
|
|
async function validateEvent2(event, url, method, body) {
|
|
if (!verifyEvent(event)) {
|
|
throw new Error("Invalid nostr event, signature invalid");
|
|
}
|
|
if (!validateEventKind(event)) {
|
|
throw new Error("Invalid nostr event, kind invalid");
|
|
}
|
|
if (!validateEventTimestamp(event)) {
|
|
throw new Error("Invalid nostr event, created_at timestamp invalid");
|
|
}
|
|
if (!validateEventUrlTag(event, url)) {
|
|
throw new Error("Invalid nostr event, url tag invalid");
|
|
}
|
|
if (!validateEventMethodTag(event, method)) {
|
|
throw new Error("Invalid nostr event, method tag invalid");
|
|
}
|
|
if (Boolean(body) && typeof body === "object" && Object.keys(body).length > 0) {
|
|
if (!validateEventPayloadTag(event, body)) {
|
|
throw new Error("Invalid nostr event, payload tag does not match request body hash");
|
|
}
|
|
}
|
|
return true;
|
|
}
|