chore: improve zapper validation

packages/app/src/Element/Note.tsx

@@ -115,7 +115,7 @@ export default function Note(props: NoteProps) {
   const zaps = useMemo(() => {
     const sortedZaps = getReactions(related, ev.Id, EventKind.ZapReceipt)
       .map(parseZap)
-      .filter(z => z.valid && z.zapper !== ev.PubKey);
+      .filter(z => z.valid && z.sender !== ev.PubKey);
     sortedZaps.sort((a, b) => b.amount - a.amount);
     return sortedZaps;
   }, [related]);

packages/app/src/Element/NoteFooter.tsx

@@ -65,7 +65,7 @@ export default function NoteFooter(props: NoteFooterProps) {
     type: "language",
   });
   const zapTotal = zaps.reduce((acc, z) => acc + z.amount, 0);
-  const didZap = zaps.some(a => a.zapper === login);
+  const didZap = zaps.some(a => a.sender === login);
   const longPress = useLongPress(
     e => {
       e.stopPropagation();

packages/app/src/Element/Reactions.tsx

@@ -98,7 +98,7 @@ const Reactions = ({ show, setShow, positive, negative, reposts, zaps }: Reactio
           {tab.value === 1 &&
             zaps.map(z => {
               return (
-                z.zapper && (
+                z.sender && (
                   <div key={z.id} className="reactions-item">
                     <div className="zap-reaction-icon">
                       <Icon name="zap" size={20} />
@@ -106,7 +106,7 @@ const Reactions = ({ show, setShow, positive, negative, reposts, zaps }: Reactio
                     </div>
                     <ProfileImage
                       autoWidth={false}
-                      pubkey={z.anonZap ? "" : z.zapper}
+                      pubkey={z.anonZap ? "" : z.sender}
                       subHeader={
                         <div className="f-ellipsis zap-comment" title={z.content}>
                           {z.content}

packages/app/src/Element/Timeline.tsx

@@ -99,7 +99,7 @@ export default function Timeline({
       }
       case EventKind.ZapReceipt: {
         const zap = parseZap(e);
-        return zap.e ? null : <Zap zap={zap} key={e.id} />;
+        return zap.event ? null : <Zap zap={zap} key={e.id} />;
       }
       case EventKind.Reaction:
       case EventKind.Repost: {

packages/app/src/Element/Zap.tsx

@@ -2,9 +2,9 @@ import "./Zap.css";
 import { useMemo } from "react";
 import { FormattedMessage, useIntl } from "react-intl";
 import { useSelector } from "react-redux";
-import { Event, HexKey, TaggedRawEvent } from "@snort/nostr";
+import { HexKey, TaggedRawEvent } from "@snort/nostr";
 
-import { decodeInvoice, sha256, unwrap } from "Util";
+import { decodeInvoice, InvoiceDetails, sha256, unwrap } from "Util";
 import { formatShort } from "Number";
 import Text from "Element/Text";
 import ProfileImage from "Element/ProfileImage";
@@ -20,103 +20,110 @@ function findTag(e: TaggedRawEvent, tag: string) {
   return maybeTag && maybeTag[1];
 }
 
-function getInvoice(zap: TaggedRawEvent) {
+function getInvoice(zap: TaggedRawEvent): InvoiceDetails | undefined {
   const bolt11 = findTag(zap, "bolt11");
   if (!bolt11) {
-    console.debug("Invalid zap: ", zap);
-    return {};
+    throw new Error("Invalid zap, missing bolt11 tag");
   }
-  const decoded = decodeInvoice(bolt11);
-  if (decoded) {
-    return { amount: decoded?.amount, hash: decoded?.descriptionHash };
-  }
-  return {};
+  return decodeInvoice(bolt11);
 }
 
-interface Zapper {
-  pubkey?: HexKey;
-  isValid: boolean;
-  isAnon: boolean;
-  content: string;
-}
-
-function getZapper(zap: TaggedRawEvent, dhash: string): Zapper {
-  let zapRequest = findTag(zap, "description");
-  if (zapRequest) {
+export function parseZap(zapReceipt: TaggedRawEvent): ParsedZap {
+  const invoice = getInvoice(zapReceipt);
+  let innerZapJson = findTag(zapReceipt, "description");
+  if (innerZapJson) {
     try {
-      if (zapRequest.startsWith("%")) {
-        zapRequest = decodeURIComponent(zapRequest);
+      if (innerZapJson.startsWith("%")) {
+        innerZapJson = decodeURIComponent(innerZapJson);
       }
-      const rawEvent: TaggedRawEvent = JSON.parse(zapRequest);
-      if (Array.isArray(rawEvent)) {
+      const zapRequest: TaggedRawEvent = JSON.parse(innerZapJson);
+      if (Array.isArray(zapRequest)) {
         // old format, ignored
-        return { isValid: false, isAnon: false, content: "" };
+        throw new Error("deprecated zap format");
       }
-      const anonZap = rawEvent.tags.some(a => a[0] === "anon");
-      const metaHash = sha256(zapRequest);
-      const ev = new Event(rawEvent);
-      const zapperIgnored = ZapperSpam.includes(zap.pubkey);
-      return {
-        pubkey: ev.PubKey,
-        isValid: dhash === metaHash && !zapperIgnored,
-        isAnon: anonZap,
-        content: rawEvent.content,
+      const anonZap = findTag(zapRequest, "anon");
+      const metaHash = sha256(innerZapJson);
+      const ret: ParsedZap = {
+        id: zapReceipt.id,
+        zapService: zapReceipt.pubkey,
+        amount: (invoice?.amount ?? 0) / 1000,
+        event: findTag(zapRequest, "e"),
+        sender: zapRequest.pubkey,
+        receiver: findTag(zapRequest, "p"),
+        valid: true,
+        anonZap: anonZap !== undefined,
+        content: zapRequest.content,
+        errors: [],
       };
+      if (invoice?.descriptionHash !== metaHash) {
+        ret.valid = false;
+        ret.errors.push("description_hash does not match zap request");
+      }
+      if (ZapperSpam.includes(zapReceipt.pubkey)) {
+        ret.valid = false;
+        ret.errors.push("zapper is banned");
+      }
+      if (findTag(zapRequest, "p") !== findTag(zapReceipt, "p")) {
+        ret.valid = false;
+        ret.errors.push("p tags dont match");
+      }
+      if (ret.event && ret.event !== findTag(zapReceipt, "e")) {
+        ret.valid = false;
+        ret.errors.push("e tags dont match");
+      }
+      if (findTag(zapRequest, "amount") === invoice?.amount) {
+        ret.valid = false;
+        ret.errors.push("amount tag does not match invoice amount");
+      }
+      if (!ret.valid) {
+        console.debug("Invalid zap", ret);
+      }
+      return ret;
     } catch (e) {
-      console.warn("Invalid zap", zapRequest);
+      console.debug("Invalid zap", zapReceipt, e);
     }
   }
-  return { isValid: false, isAnon: false, content: "" };
+  return {
+    id: zapReceipt.id,
+    zapService: zapReceipt.pubkey,
+    amount: 0,
+    valid: false,
+    anonZap: false,
+    errors: ["invalid zap, parsing failed"],
+  };
 }
 
 export interface ParsedZap {
   id: HexKey;
-  e?: HexKey;
-  p: HexKey;
+  event?: HexKey;
+  receiver?: HexKey;
   amount: number;
-  content: string;
-  zapper?: HexKey;
+  content?: string;
+  sender?: HexKey;
   valid: boolean;
   zapService: HexKey;
   anonZap: boolean;
-}
-
-export function parseZap(zap: TaggedRawEvent): ParsedZap {
-  const { amount, hash } = getInvoice(zap);
-  const zapper = hash ? getZapper(zap, hash) : ({ isValid: false, content: "" } as Zapper);
-  const e = findTag(zap, "e");
-  const p = unwrap(findTag(zap, "p"));
-  return {
-    id: zap.id,
-    e,
-    p,
-    amount: Number(amount) / 1000,
-    zapper: zapper.pubkey,
-    content: zapper.content,
-    valid: zapper.isValid,
-    zapService: zap.pubkey,
-    anonZap: zapper.isAnon,
-  };
+  errors: Array<string>;
 }
 
 const Zap = ({ zap, showZapped = true }: { zap: ParsedZap; showZapped?: boolean }) => {
-  const { amount, content, zapper, valid, p } = zap;
+  const { amount, content, sender, valid, receiver } = zap;
   const pubKey = useSelector((s: RootState) => s.login.publicKey);
 
-  return valid && zapper ? (
+  return valid && sender ? (
     <div className="zap note card">
       <div className="header">
-        <ProfileImage autoWidth={false} pubkey={zapper} />
-        {p !== pubKey && showZapped && <ProfileImage autoWidth={false} pubkey={p} />}
+        <ProfileImage autoWidth={false} pubkey={sender} />
+        {receiver !== pubKey && showZapped && <ProfileImage autoWidth={false} pubkey={unwrap(receiver)} />}
         <div className="amount">
           <span className="amount-number">
-            <FormattedMessage {...messages.Sats} values={{ n: formatShort(amount) }} />
+            <FormattedMessage {...messages.Sats} values={{ n: formatShort(amount ?? 0) }} />
           </span>
         </div>
       </div>
-      {content.length > 0 && zapper && (
+      {(content?.length ?? 0) > 0 && sender && (
         <div className="body">
-          <Text creator={zapper} content={content} tags={[]} />
+          <Text creator={sender} content={unwrap(content)} tags={[]} />
         </div>
       )}
     </div>
@@ -130,8 +137,8 @@ interface ZapsSummaryProps {
 export const ZapsSummary = ({ zaps }: ZapsSummaryProps) => {
   const { formatMessage } = useIntl();
   const sortedZaps = useMemo(() => {
-    const pub = [...zaps.filter(z => z.zapper && z.valid)];
-    const priv = [...zaps.filter(z => !z.zapper && z.valid)];
+    const pub = [...zaps.filter(z => z.sender && z.valid)];
+    const priv = [...zaps.filter(z => !z.sender && z.valid)];
     pub.sort((a, b) => b.amount - a.amount);
     return pub.concat(priv);
   }, [zaps]);
@@ -141,17 +148,17 @@ export const ZapsSummary = ({ zaps }: ZapsSummaryProps) => {
   }
 
   const [topZap, ...restZaps] = sortedZaps;
-  const { zapper, amount, anonZap } = topZap;
+  const { sender, amount, anonZap } = topZap;
 
   return (
     <div className="zaps-summary">
       {amount && (
         <div className={`top-zap`}>
           <div className="summary">
-            {zapper && (
+            {sender && (
               <ProfileImage
                 autoWidth={false}
-                pubkey={anonZap ? "" : zapper}
+                pubkey={anonZap ? "" : sender}
                 overrideUsername={anonZap ? formatMessage({ defaultMessage: "Anonymous" }) : undefined}
               />
             )}

packages/app/src/Feed/ZapsFeed.ts

@@ -18,7 +18,7 @@ export default function useZapsFeed(pubkey?: HexKey) {
   const zaps = useMemo(() => {
     const profileZaps = zapsFeed.store.notes
       .map(parseZap)
-      .filter(z => z.valid && z.p === pubkey && z.zapper !== pubkey && !z.e);
+      .filter(z => z.valid && z.receiver === pubkey && z.sender !== pubkey && !z.event);
     profileZaps.sort((a, b) => b.amount - a.amount);
     return profileZaps;
   }, [zapsFeed]);

packages/app/src/Number.ts

@@ -8,7 +8,9 @@ export function formatShort(n: number) {
     return n;
   } else if (n < 1e6) {
     return `${intl.format(n / 1e3)}K`;
-  } else {
+  } else if (n < 1e9) {
     return `${intl.format(n / 1e6)}M`;
+  } else {
+    return `${intl.format(n / 1e9)}G`;
   }
 }

packages/app/src/Util.ts

@@ -240,12 +240,13 @@ export const delay = (t: number) => {
   });
 };
 
+export type InvoiceDetails = ReturnType<typeof decodeInvoice>;
 export function decodeInvoice(pr: string) {
   try {
     const parsed = invoiceDecode(pr);
 
     const amountSection = parsed.sections.find(a => a.name === "amount");
-    const amount = amountSection ? (amountSection.value as number) : NaN;
+    const amount = amountSection ? Number(amountSection.value as number | string) : undefined;
 
     const timestampSection = parsed.sections.find(a => a.name === "timestamp");
     const timestamp = timestampSection ? (timestampSection.value as number) : NaN;
@@ -256,7 +257,7 @@ export function decodeInvoice(pr: string) {
     const descriptionHashSection = parsed.sections.find(a => a.name === "description_hash")?.value;
     const paymentHashSection = parsed.sections.find(a => a.name === "payment_hash")?.value;
     const ret = {
-      amount: !isNaN(amount) ? amount : undefined,
+      amount: amount,
       expire: !isNaN(timestamp) && !isNaN(expire) ? timestamp + expire : undefined,
       timestamp: !isNaN(timestamp) ? timestamp : undefined,
       description: descriptionSection as string | undefined,