From c702d1b7603dff2d8c60d8fe5e1d71b250b3fc51 Mon Sep 17 00:00:00 2001 From: Kieran Date: Sun, 5 Mar 2023 16:58:34 +0000 Subject: [PATCH] chore: improve zapper validation --- packages/app/src/Element/Note.tsx | 2 +- packages/app/src/Element/NoteFooter.tsx | 2 +- packages/app/src/Element/Reactions.tsx | 4 +- packages/app/src/Element/Timeline.tsx | 2 +- packages/app/src/Element/Zap.tsx | 147 +++++++++++++----------- packages/app/src/Feed/ZapsFeed.ts | 2 +- packages/app/src/Number.ts | 4 +- packages/app/src/Util.ts | 5 +- 8 files changed, 89 insertions(+), 79 deletions(-) diff --git a/packages/app/src/Element/Note.tsx b/packages/app/src/Element/Note.tsx index fd71a55..e8d1aa7 100644 --- a/packages/app/src/Element/Note.tsx +++ b/packages/app/src/Element/Note.tsx @@ -115,7 +115,7 @@ export default function Note(props: NoteProps) { const zaps = useMemo(() => { const sortedZaps = getReactions(related, ev.Id, EventKind.ZapReceipt) .map(parseZap) - .filter(z => z.valid && z.zapper !== ev.PubKey); + .filter(z => z.valid && z.sender !== ev.PubKey); sortedZaps.sort((a, b) => b.amount - a.amount); return sortedZaps; }, [related]); diff --git a/packages/app/src/Element/NoteFooter.tsx b/packages/app/src/Element/NoteFooter.tsx index c9afd24..c96f3ec 100644 --- a/packages/app/src/Element/NoteFooter.tsx +++ b/packages/app/src/Element/NoteFooter.tsx @@ -65,7 +65,7 @@ export default function NoteFooter(props: NoteFooterProps) { type: "language", }); const zapTotal = zaps.reduce((acc, z) => acc + z.amount, 0); - const didZap = zaps.some(a => a.zapper === login); + const didZap = zaps.some(a => a.sender === login); const longPress = useLongPress( e => { e.stopPropagation(); diff --git a/packages/app/src/Element/Reactions.tsx b/packages/app/src/Element/Reactions.tsx index 5c6de90..60c9d09 100644 --- a/packages/app/src/Element/Reactions.tsx +++ b/packages/app/src/Element/Reactions.tsx @@ -98,7 +98,7 @@ const Reactions = ({ show, setShow, positive, negative, reposts, zaps }: Reactio {tab.value === 1 && zaps.map(z => { return ( - z.zapper && ( + z.sender && (
@@ -106,7 +106,7 @@ const Reactions = ({ show, setShow, positive, negative, reposts, zaps }: Reactio
{z.content} diff --git a/packages/app/src/Element/Timeline.tsx b/packages/app/src/Element/Timeline.tsx index 21c1961..fa00424 100644 --- a/packages/app/src/Element/Timeline.tsx +++ b/packages/app/src/Element/Timeline.tsx @@ -99,7 +99,7 @@ export default function Timeline({ } case EventKind.ZapReceipt: { const zap = parseZap(e); - return zap.e ? null : ; + return zap.event ? null : ; } case EventKind.Reaction: case EventKind.Repost: { diff --git a/packages/app/src/Element/Zap.tsx b/packages/app/src/Element/Zap.tsx index 0a9adad..cf86378 100644 --- a/packages/app/src/Element/Zap.tsx +++ b/packages/app/src/Element/Zap.tsx @@ -2,9 +2,9 @@ import "./Zap.css"; import { useMemo } from "react"; import { FormattedMessage, useIntl } from "react-intl"; import { useSelector } from "react-redux"; -import { Event, HexKey, TaggedRawEvent } from "@snort/nostr"; +import { HexKey, TaggedRawEvent } from "@snort/nostr"; -import { decodeInvoice, sha256, unwrap } from "Util"; +import { decodeInvoice, InvoiceDetails, sha256, unwrap } from "Util"; import { formatShort } from "Number"; import Text from "Element/Text"; import ProfileImage from "Element/ProfileImage"; @@ -20,103 +20,110 @@ function findTag(e: TaggedRawEvent, tag: string) { return maybeTag && maybeTag[1]; } -function getInvoice(zap: TaggedRawEvent) { +function getInvoice(zap: TaggedRawEvent): InvoiceDetails | undefined { const bolt11 = findTag(zap, "bolt11"); if (!bolt11) { - console.debug("Invalid zap: ", zap); - return {}; + throw new Error("Invalid zap, missing bolt11 tag"); } - const decoded = decodeInvoice(bolt11); - if (decoded) { - return { amount: decoded?.amount, hash: decoded?.descriptionHash }; - } - return {}; + return decodeInvoice(bolt11); } -interface Zapper { - pubkey?: HexKey; - isValid: boolean; - isAnon: boolean; - content: string; -} - -function getZapper(zap: TaggedRawEvent, dhash: string): Zapper { - let zapRequest = findTag(zap, "description"); - if (zapRequest) { +export function parseZap(zapReceipt: TaggedRawEvent): ParsedZap { + const invoice = getInvoice(zapReceipt); + let innerZapJson = findTag(zapReceipt, "description"); + if (innerZapJson) { try { - if (zapRequest.startsWith("%")) { - zapRequest = decodeURIComponent(zapRequest); + if (innerZapJson.startsWith("%")) { + innerZapJson = decodeURIComponent(innerZapJson); } - const rawEvent: TaggedRawEvent = JSON.parse(zapRequest); - if (Array.isArray(rawEvent)) { + const zapRequest: TaggedRawEvent = JSON.parse(innerZapJson); + if (Array.isArray(zapRequest)) { // old format, ignored - return { isValid: false, isAnon: false, content: "" }; + throw new Error("deprecated zap format"); } - const anonZap = rawEvent.tags.some(a => a[0] === "anon"); - const metaHash = sha256(zapRequest); - const ev = new Event(rawEvent); - const zapperIgnored = ZapperSpam.includes(zap.pubkey); - return { - pubkey: ev.PubKey, - isValid: dhash === metaHash && !zapperIgnored, - isAnon: anonZap, - content: rawEvent.content, + const anonZap = findTag(zapRequest, "anon"); + const metaHash = sha256(innerZapJson); + const ret: ParsedZap = { + id: zapReceipt.id, + zapService: zapReceipt.pubkey, + amount: (invoice?.amount ?? 0) / 1000, + event: findTag(zapRequest, "e"), + sender: zapRequest.pubkey, + receiver: findTag(zapRequest, "p"), + valid: true, + anonZap: anonZap !== undefined, + content: zapRequest.content, + errors: [], }; + if (invoice?.descriptionHash !== metaHash) { + ret.valid = false; + ret.errors.push("description_hash does not match zap request"); + } + if (ZapperSpam.includes(zapReceipt.pubkey)) { + ret.valid = false; + ret.errors.push("zapper is banned"); + } + if (findTag(zapRequest, "p") !== findTag(zapReceipt, "p")) { + ret.valid = false; + ret.errors.push("p tags dont match"); + } + if (ret.event && ret.event !== findTag(zapReceipt, "e")) { + ret.valid = false; + ret.errors.push("e tags dont match"); + } + if (findTag(zapRequest, "amount") === invoice?.amount) { + ret.valid = false; + ret.errors.push("amount tag does not match invoice amount"); + } + if (!ret.valid) { + console.debug("Invalid zap", ret); + } + return ret; } catch (e) { - console.warn("Invalid zap", zapRequest); + console.debug("Invalid zap", zapReceipt, e); } } - return { isValid: false, isAnon: false, content: "" }; + return { + id: zapReceipt.id, + zapService: zapReceipt.pubkey, + amount: 0, + valid: false, + anonZap: false, + errors: ["invalid zap, parsing failed"], + }; } export interface ParsedZap { id: HexKey; - e?: HexKey; - p: HexKey; + event?: HexKey; + receiver?: HexKey; amount: number; - content: string; - zapper?: HexKey; + content?: string; + sender?: HexKey; valid: boolean; zapService: HexKey; anonZap: boolean; -} - -export function parseZap(zap: TaggedRawEvent): ParsedZap { - const { amount, hash } = getInvoice(zap); - const zapper = hash ? getZapper(zap, hash) : ({ isValid: false, content: "" } as Zapper); - const e = findTag(zap, "e"); - const p = unwrap(findTag(zap, "p")); - return { - id: zap.id, - e, - p, - amount: Number(amount) / 1000, - zapper: zapper.pubkey, - content: zapper.content, - valid: zapper.isValid, - zapService: zap.pubkey, - anonZap: zapper.isAnon, - }; + errors: Array; } const Zap = ({ zap, showZapped = true }: { zap: ParsedZap; showZapped?: boolean }) => { - const { amount, content, zapper, valid, p } = zap; + const { amount, content, sender, valid, receiver } = zap; const pubKey = useSelector((s: RootState) => s.login.publicKey); - return valid && zapper ? ( + return valid && sender ? (
- - {p !== pubKey && showZapped && } + + {receiver !== pubKey && showZapped && }
- +
- {content.length > 0 && zapper && ( + {(content?.length ?? 0) > 0 && sender && (
- +
)}
@@ -130,8 +137,8 @@ interface ZapsSummaryProps { export const ZapsSummary = ({ zaps }: ZapsSummaryProps) => { const { formatMessage } = useIntl(); const sortedZaps = useMemo(() => { - const pub = [...zaps.filter(z => z.zapper && z.valid)]; - const priv = [...zaps.filter(z => !z.zapper && z.valid)]; + const pub = [...zaps.filter(z => z.sender && z.valid)]; + const priv = [...zaps.filter(z => !z.sender && z.valid)]; pub.sort((a, b) => b.amount - a.amount); return pub.concat(priv); }, [zaps]); @@ -141,17 +148,17 @@ export const ZapsSummary = ({ zaps }: ZapsSummaryProps) => { } const [topZap, ...restZaps] = sortedZaps; - const { zapper, amount, anonZap } = topZap; + const { sender, amount, anonZap } = topZap; return (
{amount && (
- {zapper && ( + {sender && ( )} diff --git a/packages/app/src/Feed/ZapsFeed.ts b/packages/app/src/Feed/ZapsFeed.ts index 1ff399b..6cad858 100644 --- a/packages/app/src/Feed/ZapsFeed.ts +++ b/packages/app/src/Feed/ZapsFeed.ts @@ -18,7 +18,7 @@ export default function useZapsFeed(pubkey?: HexKey) { const zaps = useMemo(() => { const profileZaps = zapsFeed.store.notes .map(parseZap) - .filter(z => z.valid && z.p === pubkey && z.zapper !== pubkey && !z.e); + .filter(z => z.valid && z.receiver === pubkey && z.sender !== pubkey && !z.event); profileZaps.sort((a, b) => b.amount - a.amount); return profileZaps; }, [zapsFeed]); diff --git a/packages/app/src/Number.ts b/packages/app/src/Number.ts index 904454b..a9a4084 100644 --- a/packages/app/src/Number.ts +++ b/packages/app/src/Number.ts @@ -8,7 +8,9 @@ export function formatShort(n: number) { return n; } else if (n < 1e6) { return `${intl.format(n / 1e3)}K`; - } else { + } else if (n < 1e9) { return `${intl.format(n / 1e6)}M`; + } else { + return `${intl.format(n / 1e9)}G`; } } diff --git a/packages/app/src/Util.ts b/packages/app/src/Util.ts index 2be25eb..137d95b 100644 --- a/packages/app/src/Util.ts +++ b/packages/app/src/Util.ts @@ -240,12 +240,13 @@ export const delay = (t: number) => { }); }; +export type InvoiceDetails = ReturnType; export function decodeInvoice(pr: string) { try { const parsed = invoiceDecode(pr); const amountSection = parsed.sections.find(a => a.name === "amount"); - const amount = amountSection ? (amountSection.value as number) : NaN; + const amount = amountSection ? Number(amountSection.value as number | string) : undefined; const timestampSection = parsed.sections.find(a => a.name === "timestamp"); const timestamp = timestampSection ? (timestampSection.value as number) : NaN; @@ -256,7 +257,7 @@ export function decodeInvoice(pr: string) { const descriptionHashSection = parsed.sections.find(a => a.name === "description_hash")?.value; const paymentHashSection = parsed.sections.find(a => a.name === "payment_hash")?.value; const ret = { - amount: !isNaN(amount) ? amount : undefined, + amount: amount, expire: !isNaN(timestamp) && !isNaN(expire) ? timestamp + expire : undefined, timestamp: !isNaN(timestamp) ? timestamp : undefined, description: descriptionSection as string | undefined,