From f57ceef2dffa6fca9c178a1cf19bfa45b1326d3c Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@gmail.com>
Date: Tue, 12 Nov 2024 15:48:49 -0300
Subject: [PATCH] nip46: check signatures incoming from bunkers by default.

---
 nip46/client.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/nip46/client.go b/nip46/client.go
index 202224b..dc8e012 100644
--- a/nip46/client.go
+++ b/nip46/client.go
@@ -30,6 +30,9 @@ type BunkerClient struct {
 
 	// memoized
 	getPublicKeyResponse string
+
+	// SkipSignatureCheck can be set if you don't want to double-check incoming signatures
+	SkipSignatureCheck bool
 }
 
 // ConnectBunker establishes an RPC connection to a NIP-46 signer using the relays and secret provided in the bunkerURL.
@@ -178,6 +181,15 @@ func (bunker *BunkerClient) SignEvent(ctx context.Context, evt *nostr.Event) err
 	if err == nil {
 		err = easyjson.Unmarshal([]byte(resp), evt)
 	}
+
+	if !bunker.SkipSignatureCheck {
+		if ok := evt.CheckID(); !ok {
+			return fmt.Errorf("sign_event response from bunker has invalid id")
+		}
+		if ok, _ := evt.CheckSignature(); !ok {
+			return fmt.Errorf("sign_event response from bunker has invalid signature")
+		}
+	}
 	return err
 }