Merge branch 'signup-pow' into 'main'

Require POW on signup See merge request soapbox-pub/ditto!59
2023-11-21 03:22:31 +00:00 · 2023-11-21 03:22:31 +00:00 · 81971df7fd
parent 944c2a401d 595fb2cfc6
commit 81971df7fd
2 changed files with 24 additions and 2 deletions
--- a/src/app.ts
+++ b/src/app.ts
@ -115,7 +115,7 @@ app.post('/oauth/revoke', emptyObjectController);
 app.post('/oauth/authorize', oauthAuthorizeController);
 app.get('/oauth/authorize', oauthController);
-app.post('/api/v1/accounts', requireProof(), createAccountController);
+app.post('/api/v1/accounts', requireProof({ pow: 20 }), createAccountController);
 app.get('/api/v1/accounts/verify_credentials', requirePubkey, verifyCredentialsController);
 app.patch(
  '/api/v1/accounts/update_credentials',
--- a/src/utils.ts
+++ b/src/utils.ts
@ -107,9 +107,31 @@ function dedupeEvents<K extends number>(events: Event<K>[]): Event<K>[] {
  return [...new Map(events.map((event) => [event.id, event])).values()];
 }
 /** Return a copy of the event with the given tags removed. */
 function stripTags<E extends EventTemplate>(event: E, tags: string[] = []): E {
  if (!tags.length) return event;
  return {
    ...event,
    tags: event.tags.filter(([name]) => !tags.includes(name)),
  };
 }
 /** Ensure the template and event match on their shared keys. */
 function eventMatchesTemplate(event: Event, template: EventTemplate): boolean {
-  return getEventHash(event) === getEventHash({ pubkey: event.pubkey, ...template });
+  const whitelist = ['nonce'];
  event = stripTags(event, whitelist);
  template = stripTags(template, whitelist);
  if (template.created_at > event.created_at) {
    return false;
  }
  return getEventHash(event) === getEventHash({
    pubkey: event.pubkey,
    ...template,
    created_at: event.created_at,
  });
 }
 /** Test whether the value is a Nostr ID. */