counterweight/secajs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nostr challenge step much more robust

Browse source
This commit is contained in:
counterweight 2025-02-13 01:17:49 +01:00
parent 805ad5fad9
commit 564dcb8083
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
7 changed files with 99 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/errors.js
View file

@ -5,6 +5,13 @@ class ChallengedUsedError extends Error {
} }
} }
class AlreadyUsedError extends Error {
constructor(message) {
super(message);
this.name = "AlreadyUsedError"
}
}
class InvalidSignatureError extends Error { class InvalidSignatureError extends Error {
constructor(message) { constructor(message) {
super(message); super(message);
@ -27,8 +34,7 @@ class NotFoundError extends Error {
} }
module.exports = { module.exports = {
ChallengedUsedError, AlreadyUsedError,
InvalidSignatureError, InvalidSignatureError,
AppInvitedUsedError,
NotFoundError NotFoundError
}; };

39
src/public/javascript/invite.js
View file

@ -10,19 +10,28 @@ window.onload = function () {
async function acceptInvite() { async function acceptInvite() {
if (!window.nostr) { let challengeResponse;
console.log("No Nostr extension found."); try {
return { success: false, error: "No Nostr extension detected." }; challengeResponse = await fetch('/api/signup/nostr-challenge', {
method: 'GET',
headers: {
'Content-Type': 'application/json'
}
});
} catch (error) {
console.log(`Something went wrong: ${error}`);
return;
} }
try {
const challengeResponse = await fetch("/api/signup/nostr-challenge");
if (!challengeResponse.ok) throw new Error("Failed to fetch challenge");
const { challenge } = await challengeResponse.json(); const { challenge } = await challengeResponse.json();
const pubkey = await window.nostr.getPublicKey(); let pubkey;
try {
pubkey = await window.nostr.getPublicKey();
} catch (error) {
document.querySelector('#rejected-nostr-nudges').style.display = 'block';
return;
}
const event = { const event = {
kind: 22242, kind: 22242,
created_at: Math.floor(Date.now() / 1000), created_at: Math.floor(Date.now() / 1000),
@ -31,7 +40,13 @@ async function acceptInvite() {
pubkey: pubkey pubkey: pubkey
}; };
const signedEvent = await window.nostr.signEvent(event); let signedEvent;
try {
signedEvent = await window.nostr.signEvent(event);
} catch (error) {
document.querySelector('#rejected-nostr-nudges').style.display = 'block';
return;
}
const verifyResponse = await fetch("/api/signup/nostr-verify", { const verifyResponse = await fetch("/api/signup/nostr-verify", {
method: "POST", method: "POST",
@ -42,8 +57,4 @@ async function acceptInvite() {
if (verifyResponse.status === 200) { if (verifyResponse.status === 200) {
} }
} catch (error) { }
} }

40
src/routes/apiRoutes.js
View file

@ -1,5 +1,4 @@
const express = require('express'); const express = require('express');
const crypto = require("crypto");
const invitesService = require('../services/invitesService'); const invitesService = require('../services/invitesService');
const nostrService = require('../services/nostrService'); const nostrService = require('../services/nostrService');
@ -9,17 +8,48 @@ const errors = require('../errors');
const router = express.Router(); const router = express.Router();
router.get('/signup/nostr-challenge', async (req, res) => { router.get('/signup/nostr-challenge', async (req, res) => {
console.log("I'm heeeere")
const inviteUuid = req.cookies.inviteUuid; const inviteUuid = req.cookies.inviteUuid;
const signUpChallenge = await invitesService.createSignUpChallenge( let signUpChallenge;
try {
signUpChallenge = await invitesService.createSignUpChallenge(
inviteUuid inviteUuid
) )
} catch (error) {
if (error instanceof errors.NotFoundError) {
return res.status(404).json({
success: false,
message: 'Could not find invite with that id.'
})
}
const relatedNostrChallenge = await nostrService.getNostrChallenge( if (error instanceof errors.AlreadyUsedError) {
return res.status(410).json({
success: false,
message: 'That invite has already been used.'
})
}
return res.status(500).json({
success: false,
message: 'Unexpected error.'
})
}
let relatedNostrChallenge;
try {
relatedNostrChallenge = await nostrService.getNostrChallenge(
signUpChallenge.nostr_challenge_uuid signUpChallenge.nostr_challenge_uuid
) )
} catch (error) {
return res.status(500).json({
success: false,
message: 'Unexpected error.'
})
}
res.status(200).json({ 'challenge': relatedNostrChallenge.challenge }); return res.status(200).json({ 'challenge': relatedNostrChallenge.challenge });
}); });
@ -34,7 +64,7 @@ router.post("/signup/nostr-verify", async (req, res) => {
if (error instanceof TimeoutError) { if (error instanceof TimeoutError) {
console.error('The challenge is outdated.'); console.error('The challenge is outdated.');
} }
if (error instanceof errors.ChallengedUsedError) { if (error instanceof errors.AlreadyUsedError) {
console.error('The challenge was already used, request a new one.'); console.error('The challenge was already used, request a new one.');
} }
if (error instanceof errors.InvalidSignatureError) { if (error instanceof errors.InvalidSignatureError) {

15
src/routes/webRoutes.js
View file

@ -13,24 +13,23 @@ router.get('/invite/:inviteUuid', async (req, res) => {
res.cookie('inviteUuid', inviteUuid, { httpOnly: true, maxAge: 86400000 }); res.cookie('inviteUuid', inviteUuid, { httpOnly: true, maxAge: 86400000 });
let invite;
try { try {
invite = await invitesService.getAppInvite(inviteUuid);
if (await !invitesService.appInviteExists(inviteUuid)) { if (!invite) {
return res.status(404).render('error', { message: 'Invite not found' }); return res.status(404).render('error', { message: 'Invite not found.' });
} }
const invite = await invitesService.getAppInvite(inviteUuid);
if (await invitesService.isAppInviteSpent(inviteUuid)) { if (await invitesService.isAppInviteSpent(inviteUuid)) {
return res.render('invite_spent', { invite }) return res.status(410).render('invite_spent', { invite })
} }
return res.render('invite', { invite });
} catch (error) { } catch (error) {
console.error('Error fetching invite:', error); console.error('Error fetching invite:', error);
return res.status(500).render('error', { message: 'An error occurred' }); return res.status(500).render('error', { message: 'An error occurred' });
} }
return res.render('invite', { invite });
}); });
router.get('/private', authMiddleware, (req, res) => { router.get('/private', authMiddleware, (req, res) => {

4
src/services/invitesService.js
View file

@ -49,7 +49,7 @@ async function createSignUpChallenge(appInviteUuid) {
} }
if (await isAppInviteSpent(appInviteUuid)) { if (await isAppInviteSpent(appInviteUuid)) {
throw new errors.AppInvitedUsedError("Invite has already been used.") throw new errors.AlreadyUsedError("Invite has already been used.")
} }
const nostrChallenge = await nostrService.createNostrChallenge() const nostrChallenge = await nostrService.createNostrChallenge()
@ -84,7 +84,7 @@ async function verifySignUpChallenge(signedEvent) {
console.log(`Found this signup challenge: ${signUpChallenge}`); console.log(`Found this signup challenge: ${signUpChallenge}`);
if (await nostrService.hasNostrChallengeBeenCompleted(challenge)) { if (await nostrService.hasNostrChallengeBeenCompleted(challenge)) {
throw new errors.ChallengedUsedError("This challenge has already been used."); throw new errors.AlreadyUsedError("This challenge has already been used.");
} }
console.log(`I'm gonna verify the nostr challenge`); console.log(`I'm gonna verify the nostr challenge`);
const completedNostrChallenge = await nostrService.verifyNostrChallenge(signedEvent); const completedNostrChallenge = await nostrService.verifyNostrChallenge(signedEvent);

2
src/services/nostrService.js
View file

@ -58,7 +58,7 @@ async function verifyNostrChallenge(signedEvent) {
console.log("Checking if completed") console.log("Checking if completed")
if (await hasNostrChallengeBeenCompleted(challenge)) { if (await hasNostrChallengeBeenCompleted(challenge)) {
throw new errors.ChallengedUsedError("Challenge already used, request new one."); throw new errors.AlreadyUsedError("Challenge already used, request new one.");
} }
console.log("Checking if valid") console.log("Checking if valid")

3
src/views/invite.ejs
View file

@ -17,6 +17,9 @@
<form onsubmit="acceptInvite();return false"> <form onsubmit="acceptInvite();return false">
<button id="nostr-signup" type="submit">Alta con Nostr</button> <button id="nostr-signup" type="submit">Alta con Nostr</button>
</form> </form>
<div id="rejected-nostr-nudges" style="display:none">
<p>Ups, parece que no has aceptado que usemos tus claves. Si te has equivocado, puedes intentarlo de nuevo.</p>
</div>
<div id="no-extension-nudges" style="display:none"> <div id="no-extension-nudges" style="display:none">
<p>¡Atención! No se ha encontrado una extensión de Nostr en tu navegador. Puedes usar: </p> <p>¡Atención! No se ha encontrado una extensión de Nostr en tu navegador. Puedes usar: </p>
<ul> <ul>