From a4678f82db435503c1257d41d5d06812c621f247 Mon Sep 17 00:00:00 2001 From: David Caseria Date: Thu, 31 Oct 2024 11:42:41 -0400 Subject: [PATCH] Check correct service key --- crates/cdk-nostr/src/nip47.rs | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/crates/cdk-nostr/src/nip47.rs b/crates/cdk-nostr/src/nip47.rs index bcc23426e..b4145b5c3 100644 --- a/crates/cdk-nostr/src/nip47.rs +++ b/crates/cdk-nostr/src/nip47.rs @@ -16,7 +16,7 @@ use nostr_sdk::{ nip47::{self, MakeInvoiceResponseResult, NostrWalletConnectURI}, }, Alphabet, Client, Event, EventBuilder, EventId, EventSource, Filter, JsonUtil, Keys, Kind, - PublicKey, SecretKey, SingleLetterTag, Tag, TagStandard, Timestamp, Url, + PublicKey, SecretKey, SingleLetterTag, Tag, TagKind, TagStandard, Timestamp, Url, }; use tokio::sync::{Mutex, RwLock}; @@ -114,6 +114,16 @@ impl NostrWalletConnect { if event.kind != Kind::WalletConnectRequest { return Err(Error::InvalidKind); } + let service_pubkey = PublicKey::from_str( + event + .get_tag_content(TagKind::SingleLetter(SingleLetterTag::lowercase( + Alphabet::P, + ))) + .ok_or(Error::MissingServiceKey)?, + )?; + if service_pubkey != self.keys.public_key() { + return Err(Error::InvalidServiceKey(service_pubkey)); + } let event_id = event.id; let mut response_events = self.response_event_cache.lock().await; @@ -576,12 +586,18 @@ pub enum Error { /// Invalid kind error. #[error("Invalid kind")] InvalidKind, + /// Invalid service key error. + #[error("Invalid service key: {0}")] + InvalidServiceKey(PublicKey), /// Error parsing an invoice. #[error(transparent)] InvoiceParse(#[from] lightning_invoice::ParseOrSemanticError), /// Nostr key error. #[error(transparent)] Key(#[from] nostr_sdk::key::Error), + /// Missing service key error. + #[error("Missing service key")] + MissingServiceKey, /// NIP-04 error. #[error(transparent)] Nip04(#[from] nip04::Error),