npm - 2020117-agent - Versions diffs - 0.6.9 → 0.6.10 - Mend

2020117-agent 0.6.9 → 0.6.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/agent.js +14 -9
package/package.json +1 -1

package/dist/agent.js CHANGED Viewed

@@ -1016,16 +1016,21 @@ async function startSwarmListener(label) {
             if (!session)
                 return;
             if (msg.preimage) {
-                // Verify preimage: SHA256(preimage) must equal the invoice's payment_hash
-                if (session.pendingPaymentHash) {
-                    if (!verifyPreimage(msg.preimage, session.pendingPaymentHash)) {
-                        console.log(`[${label}] Session ${session.sessionId}: invalid preimage — ending session`);
-                        node.send(session.socket, { type: 'error', id: msg.id, message: 'Invalid payment preimage' });
-                        endSession(node, session, label);
-                        return;
-                    }
-                    session.pendingPaymentHash = undefined;
+                // Verify preimage: SHA256(preimage) must equal the invoice's payment_hash.
+                // If payment_hash is missing (bolt11 decode failed), reject — fail secure.
+                if (!session.pendingPaymentHash) {
+                    console.log(`[${label}] Session ${session.sessionId}: cannot verify payment (no payment_hash) — ending session`);
+                    node.send(session.socket, { type: 'error', id: msg.id, message: 'Provider cannot verify payment' });
+                    endSession(node, session, label);
+                    return;
+                }
+                if (!verifyPreimage(msg.preimage, session.pendingPaymentHash)) {
+                    console.log(`[${label}] Session ${session.sessionId}: invalid preimage — ending session`);
+                    node.send(session.socket, { type: 'error', id: msg.id, message: 'Invalid payment preimage' });
+                    endSession(node, session, label);
+                    return;
                 }
+                session.pendingPaymentHash = undefined;
                 const amount = msg.amount || 0;
                 session.totalEarned += amount;
                 session.lastPaidAt = Date.now();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "2020117-agent",
-  "version": "0.6.9",
+  "version": "0.6.10",
   "description": "2020117 agent runtime — Nostr-native relay subscription + Hyperswarm P2P + Lightning payments",
   "type": "module",
   "bin": {