counterweight/secajs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nostr challenge step much more robust

Browse source
This commit is contained in:
counterweight 2025-02-13 01:17:49 +01:00
parent 805ad5fad9
commit 564dcb8083
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
7 changed files with 99 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/errors.js
View file

@ -5,6 +5,13 @@ class ChallengedUsedError extends Error {
}
}
class AlreadyUsedError extends Error {
constructor(message) {
super(message);
this.name = "AlreadyUsedError"
}
}
class InvalidSignatureError extends Error {
constructor(message) {
super(message);
@ -27,8 +34,7 @@ class NotFoundError extends Error {
}
module.exports = {
ChallengedUsedError,
AlreadyUsedError,
InvalidSignatureError,
AppInvitedUsedError,
NotFoundError
};

67
src/public/javascript/invite.js
View file

@ -10,40 +10,51 @@ window.onload = function () {
async function acceptInvite() {
if (!window.nostr) {
console.log("No Nostr extension found.");
return { success: false, error: "No Nostr extension detected." };
let challengeResponse;
try {
challengeResponse = await fetch('/api/signup/nostr-challenge', {
method: 'GET',
headers: {
'Content-Type': 'application/json'
}
});
} catch (error) {
console.log(`Something went wrong: ${error}`);
return;
}
const { challenge } = await challengeResponse.json();
let pubkey;
try {
const challengeResponse = await fetch("/api/signup/nostr-challenge");
if (!challengeResponse.ok) throw new Error("Failed to fetch challenge");
const { challenge } = await challengeResponse.json();
pubkey = await window.nostr.getPublicKey();
} catch (error) {
document.querySelector('#rejected-nostr-nudges').style.display = 'block';
return;
}
const event = {
kind: 22242,
created_at: Math.floor(Date.now() / 1000),
tags: [["challenge", challenge]],
content: "Sign this challenge to authenticate",
pubkey: pubkey
};
const pubkey = await window.nostr.getPublicKey();
let signedEvent;
try {
signedEvent = await window.nostr.signEvent(event);
} catch (error) {
document.querySelector('#rejected-nostr-nudges').style.display = 'block';
return;
}
const event = {
kind: 22242,
created_at: Math.floor(Date.now() / 1000),
tags: [["challenge", challenge]],
content: "Sign this challenge to authenticate",
pubkey: pubkey
};
const verifyResponse = await fetch("/api/signup/nostr-verify", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(signedEvent),
});
const signedEvent = await window.nostr.signEvent(event);
if (verifyResponse.status === 200) {
const verifyResponse = await fetch("/api/signup/nostr-verify", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(signedEvent),
});
if (verifyResponse.status === 200) {
}
} catch (error) { }
}
}

48
src/routes/apiRoutes.js
View file

@ -1,5 +1,4 @@
const express = require('express');
const crypto = require("crypto");
const invitesService = require('../services/invitesService');
const nostrService = require('../services/nostrService');
@ -9,17 +8,48 @@ const errors = require('../errors');
const router = express.Router();
router.get('/signup/nostr-challenge', async (req, res) => {
console.log("I'm heeeere")
const inviteUuid = req.cookies.inviteUuid;
const signUpChallenge = await invitesService.createSignUpChallenge(
inviteUuid
)
let signUpChallenge;
try {
signUpChallenge = await invitesService.createSignUpChallenge(
inviteUuid
)
} catch (error) {
if (error instanceof errors.NotFoundError) {
return res.status(404).json({
success: false,
message: 'Could not find invite with that id.'
})
}
const relatedNostrChallenge = await nostrService.getNostrChallenge(
signUpChallenge.nostr_challenge_uuid
)
if (error instanceof errors.AlreadyUsedError) {
return res.status(410).json({
success: false,
message: 'That invite has already been used.'
})
}
res.status(200).json({ 'challenge': relatedNostrChallenge.challenge });
return res.status(500).json({
success: false,
message: 'Unexpected error.'
})
}
let relatedNostrChallenge;
try {
relatedNostrChallenge = await nostrService.getNostrChallenge(
signUpChallenge.nostr_challenge_uuid
)
} catch (error) {
return res.status(500).json({
success: false,
message: 'Unexpected error.'
})
}
return res.status(200).json({ 'challenge': relatedNostrChallenge.challenge });
});
@ -34,7 +64,7 @@ router.post("/signup/nostr-verify", async (req, res) => {
if (error instanceof TimeoutError) {
console.error('The challenge is outdated.');
}
if (error instanceof errors.ChallengedUsedError) {
if (error instanceof errors.AlreadyUsedError) {
console.error('The challenge was already used, request a new one.');
}
if (error instanceof errors.InvalidSignatureError) {

15
src/routes/webRoutes.js
View file

@ -13,24 +13,23 @@ router.get('/invite/:inviteUuid', async (req, res) => {
res.cookie('inviteUuid', inviteUuid, { httpOnly: true, maxAge: 86400000 });
let invite;
try {
if (await !invitesService.appInviteExists(inviteUuid)) {
return res.status(404).render('error', { message: 'Invite not found' });
invite = await invitesService.getAppInvite(inviteUuid);
if (!invite) {
return res.status(404).render('error', { message: 'Invite not found.' });
}
const invite = await invitesService.getAppInvite(inviteUuid);
if (await invitesService.isAppInviteSpent(inviteUuid)) {
return res.render('invite_spent', { invite })
return res.status(410).render('invite_spent', { invite })
}
return res.render('invite', { invite });
} catch (error) {
console.error('Error fetching invite:', error);
return res.status(500).render('error', { message: 'An error occurred' });
}
return res.render('invite', { invite });
});
router.get('/private', authMiddleware, (req, res) => {

4
src/services/invitesService.js
View file

@ -49,7 +49,7 @@ async function createSignUpChallenge(appInviteUuid) {
}
if (await isAppInviteSpent(appInviteUuid)) {
throw new errors.AppInvitedUsedError("Invite has already been used.")
throw new errors.AlreadyUsedError("Invite has already been used.")
}
const nostrChallenge = await nostrService.createNostrChallenge()
@ -84,7 +84,7 @@ async function verifySignUpChallenge(signedEvent) {
console.log(`Found this signup challenge: ${signUpChallenge}`);
if (await nostrService.hasNostrChallengeBeenCompleted(challenge)) {
throw new errors.ChallengedUsedError("This challenge has already been used.");
throw new errors.AlreadyUsedError("This challenge has already been used.");
}
console.log(`I'm gonna verify the nostr challenge`);
const completedNostrChallenge = await nostrService.verifyNostrChallenge(signedEvent);

2
src/services/nostrService.js
View file

@ -58,7 +58,7 @@ async function verifyNostrChallenge(signedEvent) {
console.log("Checking if completed")
if (await hasNostrChallengeBeenCompleted(challenge)) {
throw new errors.ChallengedUsedError("Challenge already used, request new one.");
throw new errors.AlreadyUsedError("Challenge already used, request new one.");
}
console.log("Checking if valid")

3
src/views/invite.ejs
View file

@ -17,6 +17,9 @@
<form onsubmit="acceptInvite();return false">
<button id="nostr-signup" type="submit">Alta con Nostr</button>
</form>
<div id="rejected-nostr-nudges" style="display:none">
<p>Ups, parece que no has aceptado que usemos tus claves. Si te has equivocado, puedes intentarlo de nuevo.</p>
</div>
<div id="no-extension-nudges" style="display:none">
<p>¡Atención! No se ha encontrado una extensión de Nostr en tu navegador. Puedes usar: </p>
<ul>