fix: drop hash validation from NIP-57

lnurl/luds#234
syusui-s · Feb 12, 2024 · ee0be6b · ee0be6b
1 parent ff73a0e
commit ee0be6b
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 28 deletions.
diff --git a/src/components/modal/ZapRequestModal.tsx b/src/components/modal/ZapRequestModal.tsx
@@ -247,11 +247,8 @@ const ZapDialog: Component<ZapDialogProps> = (props) => {
     }
 
     const invoice = callbackResponse.pr;
-    await verifyInvoice(invoice, {
-      amountMilliSats,
-      metadata: endpointData.metadata,
-      zapRequest: callbackParams.zapRequest,
-    });
+
+    verifyInvoice(invoice, { amountMilliSats });
 
     return invoice;
   };

diff --git a/src/nostr/zap/fetchLnurlCallback.ts b/src/nostr/zap/fetchLnurlCallback.ts
@@ -40,7 +40,7 @@ const fetchLnurlCallback = async ({
     callbackUrl.searchParams.set('nostr', JSON.stringify(zapRequest));
   }
 
-  const res = await fetch(callbackUrl, { mode: 'cors' });
+  const res = await fetch(callbackUrl, { mode: 'cors', redirect: 'error' });
   // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
   const body = await res.json();
 

diff --git a/src/nostr/zap/fetchLnurlEndpoint.ts b/src/nostr/zap/fetchLnurlEndpoint.ts
@@ -84,7 +84,7 @@ export const parseLnurlEndpointMetadata = (
 };
 
 const fetchLnurlEndpoint = async (lnurl: string): Promise<LnurlEndpoint | LnurlError> => {
-  const res = await fetch(lnurl, { mode: 'cors' });
+  const res = await fetch(lnurl, { mode: 'cors', redirect: 'error' });
 
   // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
   const body = await res.json();

diff --git a/src/nostr/zap/verifyInvoice.ts b/src/nostr/zap/verifyInvoice.ts
@@ -1,28 +1,8 @@
-import { type Event as NostrEvent } from 'nostr-tools/pure';
-
 import { parseBolt11 } from '@/nostr/zap/bolt11';
-import sha256Hex from '@/utils/sha256Hex';
 
-const verifyInvoice = async (
-  bolt11: string,
-  requirements: { amountMilliSats: string; metadata: string; zapRequest?: NostrEvent },
-): Promise<void> => {
+const verifyInvoice = (bolt11: string, requirements: { amountMilliSats: string }) => {
   const payReq = parseBolt11(bolt11);
 
-  const description =
-    requirements.zapRequest != null
-      ? JSON.stringify(requirements.zapRequest)
-      : requirements.metadata;
-
-  if (payReq.tagsObject.description !== null && description === payReq.tagsObject.description) {
-    throw new Error("invalid invoice: description and didn't match");
-  }
-
-  const purposeCommitHash = await sha256Hex(description);
-  if (purposeCommitHash !== payReq.tagsObject.purpose_commit_hash) {
-    throw new Error("invalid invoice: hash value of purpose_commit_hash and didn't match");
-  }
-
   if (payReq.millisatoshis != null && payReq.millisatoshis !== requirements.amountMilliSats) {
     throw new Error("invalid invoice: amount didn't match");
   }