Skip to content

Commit

Permalink
nip46: check signatures incoming from bunkers by default.
Browse files Browse the repository at this point in the history
  • Loading branch information
@fiatjaf
fiatjaf committed Nov 12, 2024
1 parent a0bf181 commit f57ceef
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions nip46/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ type BunkerClient struct {

// memoized
getPublicKeyResponse string

// SkipSignatureCheck can be set if you don't want to double-check incoming signatures
SkipSignatureCheck bool
}

// ConnectBunker establishes an RPC connection to a NIP-46 signer using the relays and secret provided in the bunkerURL.
Expand Down Expand Up @@ -178,6 +181,15 @@ func (bunker *BunkerClient) SignEvent(ctx context.Context, evt *nostr.Event) err
if err == nil {
err = easyjson.Unmarshal([]byte(resp), evt)
}

if !bunker.SkipSignatureCheck {
if ok := evt.CheckID(); !ok {
return fmt.Errorf("sign_event response from bunker has invalid id")
}
if ok, _ := evt.CheckSignature(); !ok {
return fmt.Errorf("sign_event response from bunker has invalid signature")
}
}
return err
}

Expand Down

0 comments on commit f57ceef

Please sign in to comment.