aljaz/khatru
1
0
Fork 0
mirror of https://github.com/aljazceru/khatru.git synced 2025-12-18 14:04:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

management: check 'u' tag on authorization event.

Browse Source
This commit is contained in:
fiatjaf
2024-07-16 13:30:14 -03:00
parent b79f735e7a
commit 214b92ba3b
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nip86.go
View File

@@ -74,6 +74,9 @@ func (rl *Relay) HandleNIP86(w http.ResponseWriter, r *http.Request) {
} else if ok, _ := evt.CheckSignature(); !ok {
resp.Error = "invalid auth event"
goto respond
} else if uTag := evt.Tags.GetFirst([]string{"u", ""}); uTag == nil || getServiceBaseURL(r) != (*uTag)[1] {
resp.Error = "invalid 'u' tag"
goto respond
} else if pht := evt.Tags.GetFirst([]string{"payload", hex.EncodeToString(payloadHash[:])}); pht == nil {
resp.Error = "invalid auth event payload hash"
goto respond