diff --git a/pages/api/lnurlp/[username]/pay.js b/pages/api/lnurlp/[username]/pay.js index f691edf3..14edbee9 100644 --- a/pages/api/lnurlp/[username]/pay.js +++ b/pages/api/lnurlp/[username]/pay.js @@ -19,9 +19,13 @@ export default async ({ query: { username, amount, nostr, comment } }, res) => { if (nostr) { noteStr = decodeURIComponent(nostr) const note = JSON.parse(noteStr) - const hasPTag = note.tags?.filter(t => t[0] === 'p').length >= 1 + // It MUST have only one p tag + const hasPTag = note.tags?.filter(t => t[0] === 'p').length === 1 + // It MUST have 0 or 1 e tags const hasETag = note.tags?.filter(t => t[0] === 'e').length <= 1 - if (schnorr.verify(note.sig, note.id, note.pubkey) && hasPTag && hasETag) { + // If there is an amount tag, it MUST be equal to the amount query parameter + const eventAmount = note.tags?.find(t => t[0] === 'amount')?.[1] + if (schnorr.verify(note.sig, note.id, note.pubkey) && hasPTag && hasETag && (!eventAmount || Number(eventAmount) === Number(amount))) { description = user.hideInvoiceDesc ? undefined : 'zap' descriptionHash = createHash('sha256').update(noteStr).digest('hex') } else { diff --git a/worker/nostr.js b/worker/nostr.js index c6819776..764b5aad 100644 --- a/worker/nostr.js +++ b/worker/nostr.js @@ -31,12 +31,12 @@ export function nip57 ({ boss, lnd, models }) { const desc = JSON.parse(inv.desc) const ptag = desc.tags.filter(t => t?.length >= 2 && t[0] === 'p')[0] const etag = desc.tags.filter(t => t?.length >= 2 && t[0] === 'e')[0] + const atag = desc.tags.filter(t => t?.length >= 2 && t[0] === 'a')[0] const relays = desc.tags.find(t => t?.length >= 2 && t[0] === 'relays').slice(1) const tags = [ptag] - if (etag) { - tags.push(etag) - } + if (etag) tags.push(etag) + if (atag) tags.push(atag) tags.push(['bolt11', lnInv.request]) tags.push(['description', inv.desc]) tags.push(['preimage', lnInv.secret])