From a371e98e9e402ba0ee4b674687f6dc71352eb78c Mon Sep 17 00:00:00 2001
From: enes <enes@nostrdev.com>
Date: Fri, 22 Nov 2024 16:31:38 +0100
Subject: [PATCH] feat(signature): verify hash

---
 .../MarkTypeStrategy/Signature/index.tsx      | 29 ++++++++++++-------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/src/components/MarkTypeStrategy/Signature/index.tsx b/src/components/MarkTypeStrategy/Signature/index.tsx
index 16ee971..5915ab2 100644
--- a/src/components/MarkTypeStrategy/Signature/index.tsx
+++ b/src/components/MarkTypeStrategy/Signature/index.tsx
@@ -15,14 +15,9 @@ export const SignatureStrategy: MarkStrategy = {
   render: MarkRenderSignature,
   encryptAndUpload: async (value, encryptionKey) => {
     // Value is the stringified signature object
-    // Encode it as text to the arrayBuffer
+    // Encode it to the arrayBuffer
     const encoder = new TextEncoder()
     const uint8Array = encoder.encode(value)
-    const hash = await getHash(uint8Array)
-
-    if (!hash) {
-      throw new Error("Can't get file hash.")
-    }
 
     if (!encryptionKey) {
       throw new Error('Signature requires an encryption key')
@@ -34,6 +29,11 @@ export const SignatureStrategy: MarkStrategy = {
       encryptionKey
     )
 
+    const hash = await getHash(encryptedArrayBuffer)
+    if (!hash) {
+      throw new Error("Can't get encrypted file hash.")
+    }
+
     // Create the encrypted json file from array buffer and hash
     const file = new File([encryptedArrayBuffer], `${hash}.json`)
 
@@ -51,7 +51,7 @@ export const SignatureStrategy: MarkStrategy = {
         }
       }
     } else {
-      // Handle offline?
+      // TOOD: offline
     }
 
     return value
@@ -65,6 +65,15 @@ export const SignatureStrategy: MarkStrategy = {
       responseType: 'arraybuffer'
     })
 
+    // Verify hash
+    const parts = value.split('/')
+    const urlHash = parts[parts.length - 1]
+    const hash = await getHash(encryptedArrayBuffer.data)
+    if (hash !== urlHash) {
+      // TODO: handle hash verification failing
+      throw new Error('Unable to verify signature')
+    }
+
     const arrayBuffer = await decryptArrayBuffer(
       encryptedArrayBuffer.data,
       encryptionKey
@@ -76,11 +85,11 @@ export const SignatureStrategy: MarkStrategy = {
     if (arrayBuffer) {
       // decode json
       const decoder = new TextDecoder()
-      const value = decoder.decode(arrayBuffer)
-      return value
+      const json = decoder.decode(arrayBuffer)
+      return json
     }
 
-    // Handle offline?
+    // TOOD: offline
     return value
   }
 }