Respond to invalid nwc commands properly

MutinyWallet · Dec 28, 2023 · 131bab4 · 131bab4
1 parent d1dda77
commit 131bab4
Showing 1 changed file with 75 additions and 7 deletions.
diff --git a/mutiny-core/src/nostr/nwc.rs b/mutiny-core/src/nostr/nwc.rs
@@ -367,13 +367,18 @@ impl NostrWalletConnect {
         Ok(())
     }
 
-    fn get_skipped_error_event(&self, event: &Event, message: String) -> anyhow::Result<Event> {
+    fn get_skipped_error_event(
+        &self,
+        event: &Event,
+        error_code: ErrorCode,
+        message: String,
+    ) -> anyhow::Result<Event> {
         let server_key = self.server_key.secret_key()?;
         let client_pubkey = self.client_key.public_key();
         let content = Response {
             result_type: Method::PayInvoice,
             error: Some(NIP47Error {
-                code: ErrorCode::Other,
+                code: error_code,
                 message,
             }),
             result: None,
@@ -416,11 +421,32 @@ impl NostrWalletConnect {
             let server_key = self.server_key.secret_key()?;
 
             let decrypted = decrypt(&server_key, &client_pubkey, &event.content)?;
-            let req: Request = Request::from_json(decrypted)?;
+            let req: Request = match Request::from_json(decrypted) {
+                Ok(req) => req,
+                Err(e) => {
+                    log_warn!(
+                        nostr_manager.logger,
+                        "Failed to parse request: {e}, skipping..."
+                    );
+                    return self
+                        .get_skipped_error_event(
+                            &event,
+                            ErrorCode::NotImplemented,
+                            "Failed to parse request.".to_string(),
+                        )
+                        .map(Some);
+                }
+            };
 
             // only respond to pay invoice requests
             if req.method != Method::PayInvoice {
-                return Ok(None);
+                return self
+                    .get_skipped_error_event(
+                        &event,
+                        ErrorCode::NotImplemented,
+                        "Command is not supported.".to_string(),
+                    )
+                    .map(Some);
             }
 
             let invoice = match req.params {
@@ -432,7 +458,11 @@ impl NostrWalletConnect {
             // if the invoice has expired, skip it
             if invoice.would_expire(utils::now()) {
                 return self
-                    .get_skipped_error_event(&event, "Invoice expired".to_string())
+                    .get_skipped_error_event(
+                        &event,
+                        ErrorCode::Other,
+                        "Invoice expired".to_string(),
+                    )
                     .map(Some);
             }
 
@@ -443,7 +473,11 @@ impl NostrWalletConnect {
                     "NWC Invoice amount not set, cannot pay: {invoice}"
                 );
                 return self
-                    .get_skipped_error_event(&event, "Invoice amount not set".to_string())
+                    .get_skipped_error_event(
+                        &event,
+                        ErrorCode::Other,
+                        "Invoice amount not set".to_string(),
+                    )
                     .map(Some);
             }
 
@@ -459,6 +493,7 @@ impl NostrWalletConnect {
                     return self
                         .get_skipped_error_event(
                             &event,
+                            ErrorCode::Other,
                             "Paying hodl invoices disabled".to_string(),
                         )
                         .map(Some);
@@ -1147,6 +1182,7 @@ mod wasm_test {
     use bitcoin::Network;
     use mockall::predicate::eq;
     use nostr::key::SecretKey;
+    use serde_json::json;
     use std::sync::{atomic::AtomicBool, Arc};
     use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure};
 
@@ -1259,6 +1295,31 @@ mod wasm_test {
         assert_eq!(result.unwrap(), None);
         check_no_pending_invoices(&storage);
 
+        // test unknown command
+        let event = {
+            let req = json!({"method": "fake_command", "params": {}});
+
+            let encrypted = encrypt(&uri.secret, &uri.public_key, req.to_string()).unwrap();
+            let p_tag = Tag::PublicKey {
+                public_key: uri.public_key,
+                relay_url: None,
+                alias: None,
+            };
+            EventBuilder::new(Kind::WalletConnectRequest, encrypted, [p_tag])
+                .to_event(&Keys::new(uri.secret))
+                .unwrap()
+        };
+        let result = nwc.handle_nwc_request(event, &node, &nostr_manager).await;
+        check_nwc_error_response(
+            result.unwrap().unwrap(),
+            &uri.secret,
+            NIP47Error {
+                code: ErrorCode::NotImplemented,
+                message: "Failed to parse request.".to_string(),
+            },
+        );
+        check_no_pending_invoices(&storage);
+
         // test unexpected command
         let event = {
             let req = Request {
@@ -1277,7 +1338,14 @@ mod wasm_test {
                 .unwrap()
         };
         let result = nwc.handle_nwc_request(event, &node, &nostr_manager).await;
-        assert_eq!(result.unwrap(), None);
+        check_nwc_error_response(
+            result.unwrap().unwrap(),
+            &uri.secret,
+            NIP47Error {
+                code: ErrorCode::NotImplemented,
+                message: "Command is not supported.".to_string(),
+            },
+        );
         check_no_pending_invoices(&storage);
 
         // test invalid invoice