Fix NIP-05 verification for domain-only identifiers#1049
Closed
markocic wants to merge 1 commit into
Closed
Conversation
Some users (e.g. dergigi.com) publish a NIP-05 metadata field that contains only a domain, without the "_@" prefix. Per the NIP-05 spec, when the local-part is omitted the client should look up the "_" entry in /.well-known/nostr.json. The previous implementation split on "@" and returned FAILED whenever the result did not have exactly two parts, so any domain-only or "@Domain" identifier was incorrectly marked as failed verification and the verified badge was hidden. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
NIP-05 verification was failing for users whose
nip05metadata field is a bare domain (e.g.dergigi.com) instead of_@dergigi.com. The previousperformVerificationsplit on@, required exactly 2 parts, and returnedFAILEDotherwise — so any domain-only identifier never received a verification badge.Per the NIP-05 spec, when the local-part is omitted the client should look up the
_entry in/.well-known/nostr.json. Reproduced live againstwss://nos.lol/wss://relay.dergigi.com: dergigi's current kind-0 metadata literally contains"nip05": "dergigi.com".Change
Routes domain-only (
dergigi.com) and@domain(@dergigi.com) inputs tolocalPart="_"before the existing domain-validation +_lookup, while keeping truly malformed inputs (foo@bar@baz, empty) on theFAILEDpath.data/caching/repository/.../nip05/Nip05VerificationServiceImpl.kt— acceptdomainand@domainas_@domaindata/caching/repository/.../nip05/Nip05VerificationServiceTest.kt— 3 new tests covering domain-only,@domain, and invalid-domain shorthand; updated the existing invalid-format test to a still-failing case (foo@bar@baz)Test plan
./gradlew :data:caching:repository:desktopTest --tests "net.primal.data.repository.nip05.Nip05VerificationServiceTest"— 25 tests / 0 failures, including the three new cases./gradlew :data:caching:repository:ktlintCheck— BUILD SUCCESSFUL./gradlew :data:caching:repository:detekt(JDK 21) — BUILD SUCCESSFULnip05is a bare domain (e.g.dergigi.com) and confirm the verified badge appearsNot security-sensitive: NIP-05 is informational (badge only); no auth/crypto/signer/wallet touch points.