nostr verification working

2025-02-12 00:44:17 +01:00 · 2025-02-12 00:44:17 +01:00 · 19667807bb
commit 19667807bb
parent f42ae5fc1d
8 changed files with 258 additions and 7 deletions
--- a/src/routes/apiRoutes.js
+++ b/src/routes/apiRoutes.js
@ -1,5 +1,5 @@
 const express = require('express');
-//const { generatePrivateKey, getPublicKey, verifySignature } = require("nostr-tools");
+const { getPublicKey, verifyEvent } = require("nostr-tools");
 const crypto = require("crypto");

 const appInviteService = require('../services/appInviteService');
@ -64,4 +64,40 @@ router.get('/nostr-challenge', async (req, res) => {
    res.json({ 'challenge': nostrChallenge.challenge });
 });

+
+router.post("/nostr-verify", async (req, res) => {
+    const signedEvent = req.body;
+
+    if (!signedEvent || !signedEvent.tags) {
+        return res.status(400).json({ success: false, error: "Invalid event format" });
+    }
+
+    const challengeTag = signedEvent.tags.find(tag => tag[0] === "challenge");
+    if (!challengeTag) {
+        return res.status(400).json({ success: false, error: "No challenge tag found" });
+    }
+
+    const challenge = challengeTag[1];
+
+    if (!(await nostrService.isNostrChallengeFresh(challenge))) {
+        return res.status(410).json({ success: false, error: "Challenge expired, request new one." })
+    }
+
+    if (await nostrService.hasNostrChallengeBeenCompleted(challenge)) {
+        return res.status(410).json({ success: false, error: "Challenge already used, request new one." })
+    }
+
+    const isSignatureValid = verifyEvent(signedEvent);
+    if (!isSignatureValid) {
+        return res.status(400).json({ success: false, error: "Invalid signature" });
+    }
+
+    await nostrService.completeNostrChallenge(
+        challenge,
+        signedEvent
+    )
+
+    return res.json({ success: true, signedEvent });
+});
+
 module.exports = router;