From 0759dd975c6e76d67da45abc1ba3d235f0e7c391 Mon Sep 17 00:00:00 2001 From: benthecarman Date: Sat, 24 Feb 2024 16:11:08 +0000 Subject: [PATCH] Verify blind signature --- src/main.rs | 7 +++++++ src/register.rs | 7 +++++-- src/routes.rs | 10 +++++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/main.rs b/src/main.rs index 56f64de..3ca86c9 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,6 +7,7 @@ use log::{error, info}; use nostr_sdk::nostr::{key::FromSkStr, Keys}; use secp256k1::{All, Secp256k1}; use std::{path::PathBuf, str::FromStr, sync::Arc}; +use tbs::AggregatePublicKey; use tokio::signal::unix::{signal, SignalKind}; use tokio::sync::oneshot; use tower_http::cors::{AllowOrigin, CorsLayer}; @@ -57,6 +58,7 @@ pub struct State { pub secp: Secp256k1, pub nostr: nostr_sdk::Client, pub domain: String, + pub auth_pk: AggregatePublicKey, } #[tokio::main] @@ -80,6 +82,10 @@ async fn main() -> anyhow::Result<()> { .await .expect("should set up mints"); + let auth_pk = std::env::var("AUTH_PK").expect("AUTH_PK must be set"); + // no from_str impl so just decode from serde + let auth_pk: AggregatePublicKey = serde_json::from_str(&auth_pk).expect("Invalid AUTH_PK"); + // nostr let nostr_nsec_str = std::env::var("NSEC").expect("FM_DB_PATH must be set"); let nostr_sk = Keys::from_sk_str(&nostr_nsec_str).expect("Invalid NOSTR_SK"); @@ -102,6 +108,7 @@ async fn main() -> anyhow::Result<()> { secp, nostr, domain, + auth_pk, }; // spawn a task to check for previous pending invoices diff --git a/src/register.rs b/src/register.rs index 168b4f4..e1c574b 100644 --- a/src/register.rs +++ b/src/register.rs @@ -36,6 +36,11 @@ pub async fn register( return Err((StatusCode::BAD_REQUEST, "Unavailable".to_string())); } + if !req.verify(state.auth_pk) { + return Err((StatusCode::UNAUTHORIZED, "Invalid blind sig".to_string())); + } + // todo save nonce to db and check for replay attacks + match state.db.check_name_available(req.name.clone()) { Ok(true) => (), Ok(false) => { @@ -47,8 +52,6 @@ pub async fn register( } }; - // TODO verify blinded info - // make sure the federation is either already added or connectable if !state.mm.check_has_federation(req.federation_id).await { let invite_code = match InviteCode::from_str(&req.federation_invite_code) { diff --git a/src/routes.rs b/src/routes.rs index 06613c6..5d56793 100644 --- a/src/routes.rs +++ b/src/routes.rs @@ -16,6 +16,7 @@ use log::{debug, error}; use nostr::prelude::XOnlyPublicKey; use serde::{de, Deserialize, Deserializer, Serialize}; use std::{collections::HashMap, fmt::Display, str::FromStr}; +use tbs::AggregatePublicKey; use url::Url; pub async fn check_username( @@ -38,7 +39,14 @@ pub struct RegisterRequest { pub pubkey: String, pub federation_id: FederationId, pub federation_invite_code: String, - // TODO blinded message info + pub msg: tbs::Message, + pub sig: tbs::Signature, +} + +impl RegisterRequest { + pub fn verify(&self, pubkey: AggregatePublicKey) -> bool { + tbs::verify(self.msg, self.sig, pubkey) + } } impl From for NewAppUser {