Skip to content

Commit

Permalink
Verify blind signature
Browse files Browse the repository at this point in the history
  • Loading branch information
benthecarman committed Feb 24, 2024
1 parent f16d3ce commit 0759dd9
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 3 deletions.
7 changes: 7 additions & 0 deletions src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ use log::{error, info};
use nostr_sdk::nostr::{key::FromSkStr, Keys};
use secp256k1::{All, Secp256k1};
use std::{path::PathBuf, str::FromStr, sync::Arc};
use tbs::AggregatePublicKey;
use tokio::signal::unix::{signal, SignalKind};
use tokio::sync::oneshot;
use tower_http::cors::{AllowOrigin, CorsLayer};
Expand Down Expand Up @@ -57,6 +58,7 @@ pub struct State {
pub secp: Secp256k1<All>,
pub nostr: nostr_sdk::Client,
pub domain: String,
pub auth_pk: AggregatePublicKey,
}

#[tokio::main]
Expand All @@ -80,6 +82,10 @@ async fn main() -> anyhow::Result<()> {
.await
.expect("should set up mints");

let auth_pk = std::env::var("AUTH_PK").expect("AUTH_PK must be set");
// no from_str impl so just decode from serde
let auth_pk: AggregatePublicKey = serde_json::from_str(&auth_pk).expect("Invalid AUTH_PK");

// nostr
let nostr_nsec_str = std::env::var("NSEC").expect("FM_DB_PATH must be set");
let nostr_sk = Keys::from_sk_str(&nostr_nsec_str).expect("Invalid NOSTR_SK");
Expand All @@ -102,6 +108,7 @@ async fn main() -> anyhow::Result<()> {
secp,
nostr,
domain,
auth_pk,
};

// spawn a task to check for previous pending invoices
Expand Down
7 changes: 5 additions & 2 deletions src/register.rs
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ pub async fn register(
return Err((StatusCode::BAD_REQUEST, "Unavailable".to_string()));
}

if !req.verify(state.auth_pk) {
return Err((StatusCode::UNAUTHORIZED, "Invalid blind sig".to_string()));
}
// todo save nonce to db and check for replay attacks

match state.db.check_name_available(req.name.clone()) {
Ok(true) => (),
Ok(false) => {
Expand All @@ -47,8 +52,6 @@ pub async fn register(
}
};

// TODO verify blinded info

// make sure the federation is either already added or connectable
if !state.mm.check_has_federation(req.federation_id).await {
let invite_code = match InviteCode::from_str(&req.federation_invite_code) {
Expand Down
10 changes: 9 additions & 1 deletion src/routes.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ use log::{debug, error};
use nostr::prelude::XOnlyPublicKey;
use serde::{de, Deserialize, Deserializer, Serialize};
use std::{collections::HashMap, fmt::Display, str::FromStr};
use tbs::AggregatePublicKey;
use url::Url;

pub async fn check_username(
Expand All @@ -38,7 +39,14 @@ pub struct RegisterRequest {
pub pubkey: String,
pub federation_id: FederationId,
pub federation_invite_code: String,
// TODO blinded message info
pub msg: tbs::Message,
pub sig: tbs::Signature,
}

impl RegisterRequest {
pub fn verify(&self, pubkey: AggregatePublicKey) -> bool {
tbs::verify(self.msg, self.sig, pubkey)
}
}

impl From<RegisterRequest> for NewAppUser {
Expand Down

0 comments on commit 0759dd9

Please sign in to comment.