From d13a9e5477700ae033b7a68c30b1678539cc1e69 Mon Sep 17 00:00:00 2001
From: gsovereignty <gsovereignty@proton.me>
Date: Mon, 29 Jul 2024 19:12:36 +0800
Subject: [PATCH] problem: we are not validating zapper pubkey

---
 src/components/ProductPurchases.svelte | 47 ++++++++++++++++++++++----
 src/lib/event_helpers/rockets.ts       | 21 +++++++++++-
 src/lib/helpers.ts                     | 20 ++++++++++-
 3 files changed, 80 insertions(+), 8 deletions(-)

diff --git a/src/components/ProductPurchases.svelte b/src/components/ProductPurchases.svelte
index acd793b..24e04c2 100644
--- a/src/components/ProductPurchases.svelte
+++ b/src/components/ProductPurchases.svelte
@@ -1,12 +1,12 @@
 <script lang="ts">
 	import * as Table from '@/components/ui/table';
-	import { ZapPurchase, type RocketProduct } from '@/event_helpers/rockets';
+	import { ValidateZapPublisher, ZapPurchase, type RocketProduct } from '@/event_helpers/rockets';
 	import { unixToRelativeTime } from '@/helpers';
 	import { ndk } from '@/ndk';
 	import { NDKEvent } from '@nostr-dev-kit/ndk';
 	import { Avatar, Name } from '@nostr-dev-kit/ndk-svelte-components';
 	import { onDestroy, onMount } from 'svelte';
-	import { derived } from 'svelte/store';
+	import { derived, writable } from 'svelte/store';
 
 	export let product: RocketProduct;
 	export let rocket: NDKEvent;
@@ -32,7 +32,7 @@
 		});
 	});
 
-	let purchases = derived(zaps, ($zaps) => {
+	let validZaps = derived(zaps, ($zaps) => {
 		let zapMap = new Map<string, ZapPurchase>();
 		for (let z of $zaps) {
 			let zapPurchase = new ZapPurchase(z);
@@ -43,10 +43,46 @@
 		return zapMap;
 	});
 
+	let zapsNotInRocket = derived(validZaps, ($validZaps) => {
+		let zapMap = new Map<string, ZapPurchase>();
+		for (let [id, z] of $validZaps) {
+			if (!z.IncludedInRocketState(rocket)) {
+				zapMap.set(id, z);
+			}
+		}
+		return zapMap;
+	});
+
+	let validPubkeys = writable(new Set<string>())
+
+	zapsNotInRocket.subscribe((z) => {
+		z.forEach((z) => {
+			ValidateZapPublisher(rocket, z.ZapReceipt).then((result) => {
+				if (result) {
+					validPubkeys.update(existing=>{
+						existing.add(z.ZapReceipt.pubkey);
+						return existing
+					})
+				}
+			});
+		});
+	});
+
+	let validatedZapsNotInRocket = derived([zapsNotInRocket, validPubkeys], ([$zapsNotInRocket, $validPubkeys]) => {
+		let zapMap = new Map<string, ZapPurchase>();
+		for (let [id, zap] of $zapsNotInRocket) {
+			if ($validPubkeys.has(zap.ZapReceipt.pubkey)) {
+				zapMap.set(id, zap);
+			}
+		}
+		return zapMap;
+	});
+
+	//todo: get existing purchases from rocket and render them
+
 	//todo: update rocket event with confirmed zaps if we have votepower
 </script>
 
-{#if $purchases.size > 0}
 	<Table.Root>
 		<Table.Caption
 			class="mt-0 caption-top text-center text-lg font-semibold tracking-tight text-card-foreground"
@@ -60,7 +96,7 @@
 			</Table.Row>
 		</Table.Header>
 		<Table.Body>
-			{#each $purchases as [id, purchase], _ (id)}
+			{#each $validatedZapsNotInRocket as [id, purchase], _ (id)}
 				<Table.Row
 					on:click={() => {
 						console.log(purchase.ZapReceipt.rawEvent());
@@ -89,4 +125,3 @@
 			{/each}
 		</Table.Body>
 	</Table.Root>
-{/if}
diff --git a/src/lib/event_helpers/rockets.ts b/src/lib/event_helpers/rockets.ts
index af6fc60..513464b 100644
--- a/src/lib/event_helpers/rockets.ts
+++ b/src/lib/event_helpers/rockets.ts
@@ -1,5 +1,6 @@
-import { NDKEvent, type NDKTag } from '@nostr-dev-kit/ndk';
+import { NDKEvent, NDKZap, type NDKTag } from '@nostr-dev-kit/ndk';
 import { MapOfVotes, MeritRequest, Votes } from './merits';
+import { getAuthorizedZapper } from '@/helpers';
 
 export class Rocket {
 	Event: NDKEvent;
@@ -337,6 +338,7 @@ export class ZapPurchase {
 		return false;
 	}
 	Valid(rocket: NDKEvent): boolean {
+
 		//todo: validate zapper pubkey is from a LSP specified in rocket
 		let valid = true;
 		if (!this.ValidAmount(rocket)) {
@@ -408,3 +410,20 @@ export function isValidUrl(string: string): boolean {
 export function RocketATagFilter(rocket: NDKEvent): string {
 	return `31108:${rocket.pubkey}:${rocket.dTag}`;
 }
+
+export async function ValidateZapPublisher(rocket:NDKEvent, zap:NDKEvent):Promise<boolean> {
+	return new Promise((resolve, reject)=>{
+		getAuthorizedZapper(rocket).then(pubkey=>{
+			if (pubkey == zap.pubkey) {
+				resolve(true)
+			} else {
+				reject()
+			}
+		}).catch(reject)
+		// let z = new NDKZap({ ndk: rocket.ndk!, zappedEvent: rocket, zappedUser: rocket.author });
+		// z.getZapEndpoint().then(x=>{
+		// 	console.log(x)
+		// 	resolve(true)
+		// }).catch(()=>{reject(false)})
+	})
+}
\ No newline at end of file
diff --git a/src/lib/helpers.ts b/src/lib/helpers.ts
index ea46464..7227511 100644
--- a/src/lib/helpers.ts
+++ b/src/lib/helpers.ts
@@ -1,4 +1,4 @@
-import type { NDKEvent } from '@nostr-dev-kit/ndk';
+import { NDKZap, type NDKEvent } from '@nostr-dev-kit/ndk';
 
 export function getRocketURL(e: NDKEvent): string {
 	let ignitionID = undefined;
@@ -143,3 +143,21 @@ function convertToGitHubApiUrl(issueUrl: string): URL | null {
 		return null;
 	}
 }
+
+export async function getAuthorizedZapper(rocket: NDKEvent): Promise<string> {
+	return new Promise((resolve, reject) => {
+		let z = new NDKZap({ ndk: rocket.ndk!, zappedEvent: rocket, zappedUser: rocket.author });
+		z.getZapEndpoint()
+			.then((url) => {
+				if (url) {
+					url = url.trim().replace('/callback', '');
+					fetch(url).then((result) => {
+						result.json().then((j) => {
+							resolve(j.nostrPubkey);
+						}).catch(reject);
+					});
+				} else {(reject())}
+			})
+			.catch(reject);
+	});
+}