einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-01-24 12:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔒 Add manual hex validation for LNURL-Auth parameters k1 and key with improved test coverage

Browse Source
This commit is contained in:
HolgerHatGarKeineNode
2026-01-17 17:25:21 +01:00
parent da43bcf81f
commit 74263a4581
2 changed files with 38 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/LnurlAuthController.php
View File

@@ -24,11 +24,24 @@ final class LnurlAuthController extends Controller
{
try {
$validated = $request->validate([
'k1' => ['required', 'string', 'hex', 'size:128'],
'k1' => ['required', 'string', 'size:64'],
'sig' => ['required', 'string'],
'key' => ['required', 'string', 'hex', 'min:64', 'max:66'],
'key' => ['required', 'string', 'min:64', 'max:66'],
]);
// Validate hex format manually
if (! ctype_xdigit($validated['k1'])) {
throw ValidationException::withMessages([
'k1' => ['The k1 field must be a valid hexadecimal string.'],
]);
}
if (! ctype_xdigit($validated['key'])) {
throw ValidationException::withMessages([
'key' => ['The key field must be a valid hexadecimal string.'],
]);
}
$isVerified = lnurl\auth($validated['k1'], $validated['sig'], $validated['key']);
if (! $isVerified) {