From 16c7ae2a70c4da3ea41b862405007b7f280a2eb2 Mon Sep 17 00:00:00 2001 From: Airtune <84182637+Airtune@users.noreply.github.com> Date: Mon, 7 Aug 2023 22:16:23 -0400 Subject: [PATCH 1/2] +nip98.unpackEventFromToken +nip98.validateEvent --- nip98.test.ts | 55 ++++++++++++++++++++++++++++++++++++++++----------- nip98.ts | 16 +++++++++++++++ package.json | 2 +- 3 files changed, 60 insertions(+), 13 deletions(-) diff --git a/nip98.test.ts b/nip98.test.ts index 3d24d5d1..034f8f1c 100644 --- a/nip98.test.ts +++ b/nip98.test.ts @@ -1,7 +1,5 @@ -import {base64} from '@scure/base' -import {getToken, validateToken} from './nip98.ts' +import {getToken, unpackEventFromToken, validateEvent, validateToken} from './nip98.ts' import {Event, Kind, finishEvent} from './event.ts' -import {utf8Decoder} from './utils.ts' import {generatePrivateKey, getPublicKey} from './keys.ts' const sk = generatePrivateKey() @@ -12,9 +10,7 @@ describe('getToken', () => { finishEvent(e, sk) ) - const decodedResult: Event = JSON.parse( - utf8Decoder.decode(base64.decode(result)) - ) + const decodedResult: Event = await unpackEventFromToken(result) expect(decodedResult.created_at).toBeGreaterThan(0) expect(decodedResult.content).toBe('') @@ -31,9 +27,7 @@ describe('getToken', () => { finishEvent(e, sk) ) - const decodedResult: Event = JSON.parse( - utf8Decoder.decode(base64.decode(result)) - ) + const decodedResult: Event = await unpackEventFromToken(result) expect(decodedResult.created_at).toBeGreaterThan(0) expect(decodedResult.content).toBe('') @@ -57,9 +51,7 @@ describe('getToken', () => { expect(result.startsWith(authorizationScheme)).toBe(true) - const decodedResult: Event = JSON.parse( - utf8Decoder.decode(base64.decode(result.replace(authorizationScheme, ''))) - ) + const decodedResult: Event = await unpackEventFromToken(result) expect(decodedResult.created_at).toBeGreaterThan(0) expect(decodedResult.content).toBe('') @@ -136,4 +128,43 @@ describe('validateToken', () => { const result = validateToken(validToken, 'http://test.com', 'post') await expect(result).rejects.toThrow(Error) }) + + test('validateEvent returns true for valid decoded token with authorization scheme', async () => { + const validToken = await getToken( + 'http://test.com', + 'get', + e => finishEvent(e, sk), + true + ) + const decodedResult: Event = await unpackEventFromToken(validToken) + + const result = await validateEvent(decodedResult, 'http://test.com', 'get') + expect(result).toBe(true) + }) + + test('validateEvent throws an error for a wrong url', async () => { + const validToken = await getToken( + 'http://test.com', + 'get', + e => finishEvent(e, sk), + true + ) + const decodedResult: Event = await unpackEventFromToken(validToken) + + const result = validateEvent(decodedResult, 'http://wrong-test.com', 'get') + await expect(result).rejects.toThrow(Error) + }) + + test('validateEvent throws an error for a wrong method', async () => { + const validToken = await getToken( + 'http://test.com', + 'get', + e => finishEvent(e, sk), + true + ) + const decodedResult: Event = await unpackEventFromToken(validToken) + + const result = validateEvent(decodedResult, 'http://test.com', 'post') + await expect(result).rejects.toThrow(Error) + }) }) diff --git a/nip98.ts b/nip98.ts index fc56ae4d..05ac1646 100644 --- a/nip98.ts +++ b/nip98.ts @@ -65,6 +65,13 @@ export async function validateToken( url: string, method: string ): Promise { + const event = await unpackEventFromToken(token).catch((error) => { throw(error) }) + const valid = await validateEvent(event, url, method).catch((error) => { throw(error) }) + + return valid +} + +export async function unpackEventFromToken(token: string): Promise { if (!token) { throw new Error('Missing token') } @@ -76,6 +83,15 @@ export async function validateToken( } const event = JSON.parse(eventB64) as Event + + return event +} + +export async function validateEvent( + event: Event, + url: string, + method: string +): Promise { if (!event) { throw new Error('Invalid nostr event') } diff --git a/package.json b/package.json index 9b5903cf..e0279641 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "nostr-tools", - "version": "1.14.0", + "version": "1.14.1", "description": "Tools for making a Nostr client.", "repository": { "type": "git", From 4978c858e75748d46ba532a1512bcf01761fba8b Mon Sep 17 00:00:00 2001 From: Airtune <84182637+Airtune@users.noreply.github.com> Date: Tue, 8 Aug 2023 02:45:23 -0400 Subject: [PATCH 2/2] Update nip98.ts examples --- nip98.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nip98.ts b/nip98.ts index 05ac1646..b3138e8e 100644 --- a/nip98.ts +++ b/nip98.ts @@ -20,7 +20,7 @@ const _authorizationScheme = 'Nostr ' * * @example * const sign = window.nostr.signEvent - * await getToken('https://example.com/login', 'post', sign, true) + * await nip98.getToken('https://example.com/login', 'post', (e) => sign(e), true) */ export async function getToken( loginUrl: string, @@ -58,7 +58,7 @@ export async function getToken( * Validate token for NIP-98 flow. * * @example - * await validateToken('Nostr base64token', 'https://example.com/login', 'post') + * await nip98.validateToken('Nostr base64token', 'https://example.com/login', 'post') */ export async function validateToken( token: string,