nostr-tools 0.14.3 → 0.16.1

package/event.js

@@ -18,7 +18,7 @@ export function serializeEvent(evt) {
     evt.pubkey,
     evt.created_at,
     evt.kind,
-    evt.tags || [],
+    evt.tags,
     evt.content
   ])
 }
@@ -30,8 +30,24 @@ export function getEventHash(event) {
   return Buffer.from(eventHash).toString('hex')
 }
 
-export function verifySignature(event) {
+export function validateEvent(event) {
   if (event.id !== getEventHash(event)) return false
+  if (typeof event.content !== 'string') return false
+  if (typeof event.created_at !== 'number') return false
+
+  if (!Array.isArray(event.tags)) return false
+  for (let i = 0; i < event.tags.length; i++) {
+    let tag = event.tags[i]
+    if (!Array.isArray(tag)) return false
+    for (let j = 0; j < tag.length; j++) {
+      if (typeof tag[j] === 'object') return false
+    }
+  }
+
+  return true
+}
+
+export function verifySignature(event) {
   return secp256k1.schnorr.verify(event.sig, event.id, event.pubkey)
 }
 

package/filter.js

@@ -1,20 +1,21 @@
 export function matchFilter(filter, event) {
-  if (filter.id && event.id !== filter.id) return false
-  if (filter.kind && event.kind !== filter.kind) return false
-  if (filter.author && event.pubkey !== filter.author) return false
+  if (filter.ids && filter.ids.indexOf(event.id) === -1) return false
+  if (filter.kinds && filter.kinds.indexOf(event.kind) === -1) return false
   if (filter.authors && filter.authors.indexOf(event.pubkey) === -1)
     return false
-  if (
-    filter['#e'] &&
-    !event.tags.find(([t, v]) => t === 'e' && v === filter['#e'])
-  )
-    return false
-  if (
-    filter['#p'] &&
-    !event.tags.find(([t, v]) => t === 'p' && v === filter['#p'])
-  )
-    return false
-  if (filter.since && event.created_at <= filter.since) return false
+
+  for (let f in filter) {
+    if (f[0] === '#') {
+      if (
+        filter[f] &&
+        !event.tags.find(([t, v]) => t === f.slice(1) && v === filter[f])
+      )
+        return false
+    }
+  }
+
+  if (filter.since && event.created_at < filter.since) return false
+  if (filter.until && event.created_at >= filter.until) return false
 
   return true
 }

package/index.js

@@ -4,6 +4,7 @@ import {relayPool} from './pool'
 import {
   getBlankEvent,
   signEvent,
+  validateEvent,
   verifySignature,
   serializeEvent,
   getEventHash
@@ -15,6 +16,7 @@ export {
   relayConnect,
   relayPool,
   signEvent,
+  validateEvent,
   verifySignature,
   serializeEvent,
   getEventHash,

package/nip04.js

@@ -1,6 +1,6 @@
 import aes from 'browserify-cipher'
 import {Buffer} from 'buffer'
-import randomBytes from 'randombytes'
+import {randomBytes} from '@noble/hashes/utils'
 import * as secp256k1 from '@noble/secp256k1'
 
 export function encrypt(privkey, pubkey, text) {

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "nostr-tools",
-  "version": "0.14.3",
+  "version": "0.16.1",
   "description": "Tools for making a Nostr client.",
   "repository": {
     "type": "git",
     "url": "https://github.com/fiatjaf/nostr-tools.git"
   },
   "dependencies": {
+    "@noble/hashes": "^0.5.7",
     "@noble/secp256k1": "^1.3.0",
     "browserify-cipher": ">=1",
     "buffer": ">=5",
@@ -14,7 +15,6 @@
     "dns-packet": "^5.2.4",
     "micro-bip32": "^0.1.0",
     "micro-bip39": "^0.1.3",
-    "randombytes": ">=2",
     "websocket-polyfill": "^0.0.3"
   },
   "keywords": [

package/relay.js

@@ -2,7 +2,7 @@
 
 import 'websocket-polyfill'
 
-import {verifySignature} from './event'
+import {verifySignature, validateEvent} from './event'
 import {matchFilters} from './filter'
 
 export function normalizeRelayURL(url) {
@@ -93,7 +93,8 @@ export function relayConnect(url, onNotice = () => {}, onError = () => {}) {
           let event = data[2]
 
           if (
-            (await verifySignature(event)) &&
+            validateEvent(event) &&
+            verifySignature(event) &&
             channels[channel] &&
             matchFilters(openSubs[channel], event)
           ) {