c133be0589
Most users won't manually craft a NIP-78 kind-30078 event with a d=kez
tag — that needed a nostr client most folks don't have. So verifiers
now look in all three sensible spots and the user picks whichever is
easiest to publish:
1. Kind 0 (profile metadata) — kez fence in the `about` field
2. Kind 1 (text note) — kez fence in the post body
3. Kind 30078 (NIP-78) — envelope as event content (advanced)
Web (kez-chat/web):
• New verifier implementation (replaces the v0.1 stub). Adds nostr-
tools (~108 KB) under dynamic import so it lands in its own chunk
— initial JS only grew 128→130 KB.
• SimplePool.querySync against five public relays (Damus, nos.lol,
primal, snort, nostr.wine), 4s timeout, kinds [0,1,30078] in one
REQ. Returns ✓ on first match, with an evidence_url to njump.me.
• AddClaim instructions for nostr rewritten — "pick whichever is
easiest" with concrete steps for each.
Rust (kez-channels):
• Filter now includes kinds [0, 1, 30078], limit bumped to 200.
• extract_proof_body() pulls the right candidate out of each event:
- kind 0 → JSON-decode content, return `about`
- kind 1 / 30078 → return content as-is
• 4 new unit tests (extract_proof_body for each kind incl. malformed
profile) + 2 new integration tests:
- verifies_proof_from_profile_about_field
- verifies_proof_from_kind_1_post
• Updated existing integration tests for the new filter shape.
All 11 unit + 7 integration nostr tests pass. Live at https://kez.lat.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
205 lines
7.5 KiB
Rust
205 lines
7.5 KiB
Rust
//! Integration tests for the nostr channel using a fake `NostrFetcher`.
|
|
//! The real fetcher uses websockets to live relays; tests substitute
|
|
//! canned events so they're hermetic.
|
|
|
|
use std::sync::Arc;
|
|
|
|
use async_trait::async_trait;
|
|
use chrono::Utc;
|
|
use kez_channels::nostr::{
|
|
KEZ_NOSTR_KIND, NOSTR_KIND_NOTE, NOSTR_KIND_PROFILE, NostrChannel, NostrEvent, NostrFetcher,
|
|
NostrFilter,
|
|
};
|
|
use kez_channels::{Channel, ChannelError, ChannelResult};
|
|
use kez_core::{ClaimPayload, Identity, NostrSecret, SignedClaim, nostr_pubkey_hex};
|
|
|
|
struct CapturingFetcher {
|
|
events: Vec<NostrEvent>,
|
|
expected_authors: Vec<String>,
|
|
expected_kinds: Vec<u32>,
|
|
}
|
|
|
|
#[async_trait]
|
|
impl NostrFetcher for CapturingFetcher {
|
|
async fn fetch_events(&self, filter: &NostrFilter) -> ChannelResult<Vec<NostrEvent>> {
|
|
assert_eq!(filter.authors, self.expected_authors, "wrong authors filter");
|
|
assert_eq!(filter.kinds, self.expected_kinds, "wrong kinds filter");
|
|
Ok(self.events.clone())
|
|
}
|
|
}
|
|
|
|
struct FailingFetcher;
|
|
|
|
#[async_trait]
|
|
impl NostrFetcher for FailingFetcher {
|
|
async fn fetch_events(&self, _filter: &NostrFilter) -> ChannelResult<Vec<NostrEvent>> {
|
|
Err(ChannelError::Unreachable("all relays down".into()))
|
|
}
|
|
}
|
|
|
|
fn make_event(pubkey_hex: &str, content: String) -> NostrEvent {
|
|
NostrEvent {
|
|
id: "0".repeat(64),
|
|
pubkey: pubkey_hex.to_owned(),
|
|
created_at: Utc::now().timestamp(),
|
|
kind: KEZ_NOSTR_KIND,
|
|
tags: vec![vec!["d".to_owned(), "kez".to_owned()]],
|
|
content,
|
|
sig: "f".repeat(128),
|
|
}
|
|
}
|
|
|
|
fn sign_for_self() -> (NostrSecret, Identity, SignedClaim) {
|
|
let secret = NostrSecret::generate();
|
|
let identity = Identity::parse(format!("nostr:{}", secret.npub())).unwrap();
|
|
let signed = SignedClaim::sign(
|
|
ClaimPayload::new(identity.clone(), identity.clone(), Utc::now()),
|
|
&secret,
|
|
)
|
|
.unwrap();
|
|
(secret, identity, signed)
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn verifies_self_published_proof_from_relay() {
|
|
let (_secret, identity, signed) = sign_for_self();
|
|
let pubkey_hex = nostr_pubkey_hex(&identity).unwrap();
|
|
let compact = signed.to_compact().unwrap();
|
|
|
|
let fetcher = CapturingFetcher {
|
|
events: vec![make_event(&pubkey_hex, compact)],
|
|
expected_authors: vec![pubkey_hex.clone()],
|
|
expected_kinds: vec![NOSTR_KIND_PROFILE, NOSTR_KIND_NOTE, KEZ_NOSTR_KIND],
|
|
};
|
|
|
|
let channel = NostrChannel::with_fetcher(Arc::new(fetcher));
|
|
let hit = channel.fetch_and_verify(&identity).await.unwrap();
|
|
assert_eq!(hit.proof, signed);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn skips_events_whose_pubkey_field_mismatches() {
|
|
// Relay returns an event with a forged content-pubkey discrepancy:
|
|
// event.pubkey claims to be someone else even though the filter asked
|
|
// for `identity`. We must not trust the content in that case.
|
|
let (_secret_a, identity_a, signed_a) = sign_for_self();
|
|
let (_secret_b, identity_b, _signed_b) = sign_for_self();
|
|
let pubkey_b_hex = nostr_pubkey_hex(&identity_b).unwrap();
|
|
let compact_a = signed_a.to_compact().unwrap();
|
|
|
|
let fetcher = CapturingFetcher {
|
|
events: vec![make_event(&pubkey_b_hex, compact_a)],
|
|
expected_authors: vec![nostr_pubkey_hex(&identity_a).unwrap()],
|
|
expected_kinds: vec![NOSTR_KIND_PROFILE, NOSTR_KIND_NOTE, KEZ_NOSTR_KIND],
|
|
};
|
|
|
|
let channel = NostrChannel::with_fetcher(Arc::new(fetcher));
|
|
let err = channel.fetch_and_verify(&identity_a).await.unwrap_err();
|
|
assert!(
|
|
matches!(err, ChannelError::NotFound(_)),
|
|
"expected NotFound (all events rejected by author check), got {err:?}"
|
|
);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn rejects_proof_signed_for_different_subject() {
|
|
// The event is correctly authored, but the embedded claim is for a
|
|
// different identity. The subject-mismatch check must fire.
|
|
let (secret_a, identity_a, _signed_self_a) = sign_for_self();
|
|
let (_secret_b, identity_b, _signed_self_b) = sign_for_self();
|
|
let pubkey_a_hex = nostr_pubkey_hex(&identity_a).unwrap();
|
|
|
|
// A signs a claim with subject == B (legitimate proof but for B, not A).
|
|
let claim_for_b = SignedClaim::sign(
|
|
ClaimPayload::new(identity_b.clone(), identity_a.clone(), Utc::now()),
|
|
&secret_a,
|
|
)
|
|
.unwrap();
|
|
let compact = claim_for_b.to_compact().unwrap();
|
|
|
|
let fetcher = CapturingFetcher {
|
|
events: vec![make_event(&pubkey_a_hex, compact)],
|
|
expected_authors: vec![pubkey_a_hex.clone()],
|
|
expected_kinds: vec![NOSTR_KIND_PROFILE, NOSTR_KIND_NOTE, KEZ_NOSTR_KIND],
|
|
};
|
|
|
|
let channel = NostrChannel::with_fetcher(Arc::new(fetcher));
|
|
let err = channel.fetch_and_verify(&identity_a).await.unwrap_err();
|
|
assert!(
|
|
matches!(err, ChannelError::SubjectMismatch { .. }),
|
|
"expected SubjectMismatch, got {err:?}"
|
|
);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn no_events_yields_not_found() {
|
|
let (_s, identity, _signed) = sign_for_self();
|
|
let fetcher = CapturingFetcher {
|
|
events: vec![],
|
|
expected_authors: vec![nostr_pubkey_hex(&identity).unwrap()],
|
|
expected_kinds: vec![NOSTR_KIND_PROFILE, NOSTR_KIND_NOTE, KEZ_NOSTR_KIND],
|
|
};
|
|
let channel = NostrChannel::with_fetcher(Arc::new(fetcher));
|
|
let err = channel.fetch_and_verify(&identity).await.unwrap_err();
|
|
assert!(matches!(err, ChannelError::NotFound(_)));
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn verifies_proof_from_profile_about_field() {
|
|
// Most realistic UX: the proof lives inside the `about` field of a
|
|
// standard nostr profile event (kind 0). We must JSON-decode the
|
|
// content, pull `about`, and feed that to the parser.
|
|
let (_secret, identity, signed) = sign_for_self();
|
|
let pubkey_hex = nostr_pubkey_hex(&identity).unwrap();
|
|
let compact = signed.to_compact().unwrap();
|
|
let about = format!("hey, I'm here. proof: {compact}");
|
|
let profile_json = serde_json::to_string(&serde_json::json!({
|
|
"name": "tester",
|
|
"about": about,
|
|
"picture": "https://example.com/p.png",
|
|
}))
|
|
.unwrap();
|
|
|
|
let mut ev = make_event(&pubkey_hex, profile_json);
|
|
ev.kind = NOSTR_KIND_PROFILE;
|
|
ev.tags = vec![]; // kind-0 doesn't carry the d tag
|
|
|
|
let fetcher = CapturingFetcher {
|
|
events: vec![ev],
|
|
expected_authors: vec![pubkey_hex],
|
|
expected_kinds: vec![NOSTR_KIND_PROFILE, NOSTR_KIND_NOTE, KEZ_NOSTR_KIND],
|
|
};
|
|
let channel = NostrChannel::with_fetcher(Arc::new(fetcher));
|
|
let hit = channel.fetch_and_verify(&identity).await.unwrap();
|
|
assert_eq!(hit.proof, signed);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn verifies_proof_from_kind_1_post() {
|
|
// The user pasted the markdown block as a normal nostr post.
|
|
let (_secret, identity, signed) = sign_for_self();
|
|
let pubkey_hex = nostr_pubkey_hex(&identity).unwrap();
|
|
let markdown = signed.to_markdown_proof().unwrap();
|
|
|
|
let mut ev = make_event(&pubkey_hex, markdown);
|
|
ev.kind = NOSTR_KIND_NOTE;
|
|
ev.tags = vec![];
|
|
|
|
let fetcher = CapturingFetcher {
|
|
events: vec![ev],
|
|
expected_authors: vec![pubkey_hex],
|
|
expected_kinds: vec![NOSTR_KIND_PROFILE, NOSTR_KIND_NOTE, KEZ_NOSTR_KIND],
|
|
};
|
|
let channel = NostrChannel::with_fetcher(Arc::new(fetcher));
|
|
let hit = channel.fetch_and_verify(&identity).await.unwrap();
|
|
assert_eq!(hit.proof, signed);
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn fetcher_failure_surfaces_as_unreachable() {
|
|
let (_s, identity, _signed) = sign_for_self();
|
|
let channel = NostrChannel::with_fetcher(Arc::new(FailingFetcher));
|
|
let err = channel.fetch_and_verify(&identity).await.unwrap_err();
|
|
assert!(matches!(err, ChannelError::Unreachable(_)));
|
|
}
|