Settings page for adding verified nostr pubkeys

2023-03-08 13:44:18 +07:00
parent bc4d9ff528
commit 49de4007ab
21 changed files with 621 additions and 233 deletions
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -1,3 +1,5 @@
+require 'securerandom'
+
 class SettingsController < ApplicationController
  before_action :authenticate_user!
  before_action :set_main_nav_section
@@ -9,6 +11,9 @@ class SettingsController < ApplicationController
  end

  def show
+    if @settings_section == "experiments"
+      session[:shared_secret] ||= SecureRandom.base64(12)
+    end
  end

  def update
@@ -53,6 +58,36 @@ class SettingsController < ApplicationController
    redirect_to check_your_email_path, notice: msg
  end

+  def set_nostr_pubkey
+    signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
+    is_valid_id  = NostrManager::ValidateId.call(signed_event)
+    is_valid_sig = NostrManager::VerifySignature.call(signed_event)
+    is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
+
+    unless is_valid_id && is_valid_sig && is_correct_content
+      flash[:alert] = "Public key could not be verified"
+      http_status :unprocessable_entity and return
+    end
+
+    pubkey_taken = User.all_except(current_user).where(
+      ou: current_user.ou, nostr_pubkey: signed_event[:pubkey]
+    ).any?
+
+    if pubkey_taken
+      flash[:alert] = "Public key already in use for a different account"
+      http_status :unprocessable_entity and return
+    end
+
+    current_user.update! nostr_pubkey: signed_event[:pubkey]
+    session[:shared_secret] = nil
+
+    flash[:success] = "Public key verification successful"
+    http_status :ok
+  rescue
+    flash[:alert] = "Public key could not be verified"
+    http_status :unprocessable_entity and return
+  end
+
  private

    def set_main_nav_section
@@ -61,7 +96,7 @@ class SettingsController < ApplicationController

    def set_settings_section
      @settings_section = params[:section]
-      allowed_sections = [:profile, :account, :lightning, :xmpp]
+      allowed_sections = [:profile, :account, :lightning, :xmpp, :experiments]

      unless allowed_sections.include?(@settings_section.to_sym)
        redirect_to setting_path(:profile)
@@ -82,4 +117,10 @@ class SettingsController < ApplicationController
    def email_params
      params.require(:user).permit(:email, :current_password)
    end
+
+    def nostr_event_params
+      params.permit(signed_event: [
+        :id, :pubkey, :created_at, :kind, :tags, :content, :sig
+      ])
+    end
 end