fix: logout user if signEvent's and auth's pubkeys are diff

2024-12-31 13:01:42 +01:00 · 2024-12-31 13:01:42 +01:00 · 8153ef03fb
commit 8153ef03fb
parent 84062f2ed0
1 changed files with 20 additions and 2 deletions
--- a/src/controllers/NostrController.ts
+++ b/src/controllers/NostrController.ts
@ -3,7 +3,10 @@ import { EventEmitter } from 'tseep'
 import store from '../store/store'
 import { SignedEvent } from '../types'
 import { LoginMethodContext } from '../services/LoginMethodStrategy/loginMethodContext'
-import { unixNow } from '../utils'
+import { clear, unixNow } from '../utils'
+import { LoginMethod } from '../store/auth/types'
+import { logout as nostrLogout } from 'nostr-login'
+import { userLogOutAction } from '../store/actions'

 export class NostrController extends EventEmitter {
  private static instance: NostrController
@ -65,7 +68,22 @@ export class NostrController extends EventEmitter {
    const loginMethod = store.getState().auth.loginMethod
    const context = new LoginMethodContext(loginMethod)

-    return await context.signEvent(event)
+    const authkey = store.getState().auth.usersPubkey
+    const signedEvent = await context.signEvent(event)
+    const pubkey = signedEvent.pubkey
+
+    // Forcefully log out the user if we detect missmatch between pubkeys
+    // Allow undefined authkey, intial log in
+    if (authkey && authkey !== pubkey) {
+      if (loginMethod === LoginMethod.nostrLogin) {
+        nostrLogout()
+      }
+      store.dispatch(userLogOutAction())
+      clear()
+      throw new Error('User missmatch.\n\nPlease log in again.')
+    }
+
+    return signedEvent
  }

  nip04Encrypt = async (receiver: string, content: string): Promise<string> => {