Merge pull request #267 from Airtune/nip98-extract-pubkey

+nip98.unpackEventFromToken +nip98.validateEvent
nbd-wtf · Aug 8, 2023 · de7e128 · de7e128
2 parents 3368e8c + 4978c85
commit de7e128
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 15 deletions.
diff --git a/nip98.test.ts b/nip98.test.ts
@@ -1,7 +1,5 @@
-import {base64} from '@scure/base'
-import {getToken, validateToken} from './nip98.ts'
+import {getToken, unpackEventFromToken, validateEvent, validateToken} from './nip98.ts'
 import {Event, Kind, finishEvent} from './event.ts'
-import {utf8Decoder} from './utils.ts'
 import {generatePrivateKey, getPublicKey} from './keys.ts'
 
 const sk = generatePrivateKey()
@@ -12,9 +10,7 @@ describe('getToken', () => {
       finishEvent(e, sk)
     )
 
-    const decodedResult: Event = JSON.parse(
-      utf8Decoder.decode(base64.decode(result))
-    )
+    const decodedResult: Event = await unpackEventFromToken(result)
 
     expect(decodedResult.created_at).toBeGreaterThan(0)
     expect(decodedResult.content).toBe('')
@@ -31,9 +27,7 @@ describe('getToken', () => {
       finishEvent(e, sk)
     )
 
-    const decodedResult: Event = JSON.parse(
-      utf8Decoder.decode(base64.decode(result))
-    )
+    const decodedResult: Event = await unpackEventFromToken(result)
 
     expect(decodedResult.created_at).toBeGreaterThan(0)
     expect(decodedResult.content).toBe('')
@@ -57,9 +51,7 @@ describe('getToken', () => {
 
     expect(result.startsWith(authorizationScheme)).toBe(true)
 
-    const decodedResult: Event = JSON.parse(
-      utf8Decoder.decode(base64.decode(result.replace(authorizationScheme, '')))
-    )
+    const decodedResult: Event = await unpackEventFromToken(result)
 
     expect(decodedResult.created_at).toBeGreaterThan(0)
     expect(decodedResult.content).toBe('')
@@ -136,4 +128,43 @@ describe('validateToken', () => {
     const result = validateToken(validToken, 'http://test.com', 'post')
     await expect(result).rejects.toThrow(Error)
   })
+
+  test('validateEvent returns true for valid decoded token with authorization scheme', async () => {
+    const validToken = await getToken(
+      'http://test.com',
+      'get',
+      e => finishEvent(e, sk),
+      true
+    )
+    const decodedResult: Event = await unpackEventFromToken(validToken)
+
+    const result = await validateEvent(decodedResult, 'http://test.com', 'get')
+    expect(result).toBe(true)
+  })
+
+  test('validateEvent throws an error for a wrong url', async () => {
+    const validToken = await getToken(
+      'http://test.com',
+      'get',
+      e => finishEvent(e, sk),
+      true
+    )
+    const decodedResult: Event = await unpackEventFromToken(validToken)
+
+    const result = validateEvent(decodedResult, 'http://wrong-test.com', 'get')
+    await expect(result).rejects.toThrow(Error)
+  })
+
+  test('validateEvent throws an error for a wrong method', async () => {
+    const validToken = await getToken(
+      'http://test.com',
+      'get',
+      e => finishEvent(e, sk),
+      true
+    )
+    const decodedResult: Event = await unpackEventFromToken(validToken)
+
+    const result = validateEvent(decodedResult, 'http://test.com', 'post')
+    await expect(result).rejects.toThrow(Error)
+  })
 })
diff --git a/nip98.ts b/nip98.ts
@@ -20,7 +20,7 @@ const _authorizationScheme = 'Nostr '
  *
  * @example
  * const sign = window.nostr.signEvent
- * await getToken('https://example.com/login', 'post', sign, true)
+ * await nip98.getToken('https://example.com/login', 'post', (e) => sign(e), true)
  */
 export async function getToken(
   loginUrl: string,
@@ -58,13 +58,20 @@ export async function getToken(
  * Validate token for NIP-98 flow.
  *
  * @example
- * await validateToken('Nostr base64token', 'https://example.com/login', 'post')
+ * await nip98.validateToken('Nostr base64token', 'https://example.com/login', 'post')
  */
 export async function validateToken(
   token: string,
   url: string,
   method: string
 ): Promise<boolean> {
+  const event = await unpackEventFromToken(token).catch((error) => { throw(error) })
+  const valid = await validateEvent(event, url, method).catch((error) => { throw(error) })
+
+  return valid
+}
+
+export async function unpackEventFromToken(token: string): Promise<Event> {
   if (!token) {
     throw new Error('Missing token')
   }
@@ -76,6 +83,15 @@ export async function validateToken(
   }
 
   const event = JSON.parse(eventB64) as Event
+
+  return event
+}
+
+export async function validateEvent(
+  event: Event,
+  url: string,
+  method: string
+): Promise<boolean> {
   if (!event) {
     throw new Error('Invalid nostr event')
   }

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "nostr-tools",
-  "version": "1.14.0",
+  "version": "1.14.1",
   "description": "Tools for making a Nostr client.",
   "repository": {
     "type": "git",