From ee0be6b9eb8a94401765c1d7307166d3f70acfec Mon Sep 17 00:00:00 2001 From: Shusui MOYATANI Date: Mon, 12 Feb 2024 14:49:22 +0900 Subject: [PATCH] fix: drop hash validation from NIP-57 https://github.com/lnurl/luds/pull/234 --- src/components/modal/ZapRequestModal.tsx | 7 ++----- src/nostr/zap/fetchLnurlCallback.ts | 2 +- src/nostr/zap/fetchLnurlEndpoint.ts | 2 +- src/nostr/zap/verifyInvoice.ts | 22 +--------------------- 4 files changed, 5 insertions(+), 28 deletions(-) diff --git a/src/components/modal/ZapRequestModal.tsx b/src/components/modal/ZapRequestModal.tsx index af2de5d8..fa2f6357 100644 --- a/src/components/modal/ZapRequestModal.tsx +++ b/src/components/modal/ZapRequestModal.tsx @@ -247,11 +247,8 @@ const ZapDialog: Component = (props) => { } const invoice = callbackResponse.pr; - await verifyInvoice(invoice, { - amountMilliSats, - metadata: endpointData.metadata, - zapRequest: callbackParams.zapRequest, - }); + + verifyInvoice(invoice, { amountMilliSats }); return invoice; }; diff --git a/src/nostr/zap/fetchLnurlCallback.ts b/src/nostr/zap/fetchLnurlCallback.ts index 500460ed..57ee4582 100644 --- a/src/nostr/zap/fetchLnurlCallback.ts +++ b/src/nostr/zap/fetchLnurlCallback.ts @@ -40,7 +40,7 @@ const fetchLnurlCallback = async ({ callbackUrl.searchParams.set('nostr', JSON.stringify(zapRequest)); } - const res = await fetch(callbackUrl, { mode: 'cors' }); + const res = await fetch(callbackUrl, { mode: 'cors', redirect: 'error' }); // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment const body = await res.json(); diff --git a/src/nostr/zap/fetchLnurlEndpoint.ts b/src/nostr/zap/fetchLnurlEndpoint.ts index 4edae2ac..4b0debc2 100644 --- a/src/nostr/zap/fetchLnurlEndpoint.ts +++ b/src/nostr/zap/fetchLnurlEndpoint.ts @@ -84,7 +84,7 @@ export const parseLnurlEndpointMetadata = ( }; const fetchLnurlEndpoint = async (lnurl: string): Promise => { - const res = await fetch(lnurl, { mode: 'cors' }); + const res = await fetch(lnurl, { mode: 'cors', redirect: 'error' }); // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment const body = await res.json(); diff --git a/src/nostr/zap/verifyInvoice.ts b/src/nostr/zap/verifyInvoice.ts index 60bbe2fe..f39ca430 100644 --- a/src/nostr/zap/verifyInvoice.ts +++ b/src/nostr/zap/verifyInvoice.ts @@ -1,28 +1,8 @@ -import { type Event as NostrEvent } from 'nostr-tools/pure'; - import { parseBolt11 } from '@/nostr/zap/bolt11'; -import sha256Hex from '@/utils/sha256Hex'; -const verifyInvoice = async ( - bolt11: string, - requirements: { amountMilliSats: string; metadata: string; zapRequest?: NostrEvent }, -): Promise => { +const verifyInvoice = (bolt11: string, requirements: { amountMilliSats: string }) => { const payReq = parseBolt11(bolt11); - const description = - requirements.zapRequest != null - ? JSON.stringify(requirements.zapRequest) - : requirements.metadata; - - if (payReq.tagsObject.description !== null && description === payReq.tagsObject.description) { - throw new Error("invalid invoice: description and didn't match"); - } - - const purposeCommitHash = await sha256Hex(description); - if (purposeCommitHash !== payReq.tagsObject.purpose_commit_hash) { - throw new Error("invalid invoice: hash value of purpose_commit_hash and didn't match"); - } - if (payReq.millisatoshis != null && payReq.millisatoshis !== requirements.amountMilliSats) { throw new Error("invalid invoice: amount didn't match"); }