auth: delete the bunker private key when an access token is revoked

environments/review-update-vid-g70vyz/deployments/5013
Alex Gleason 2024-10-30 12:20:52 -05:00
rodzic 335f8eae6c
commit bee7673085
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 7211D1F99744FBB7
1 zmienionych plików z 9 dodań i 9 usunięć

Wyświetl plik

@ -123,15 +123,15 @@ function importCredentials(auth: SoapboxAuth, accessToken: string, account: Acco
function revokeNostr(accessToken: string): void { function revokeNostr(accessToken: string): void {
const { connections, revoke } = useBunkerStore.getState(); const { connections, revoke } = useBunkerStore.getState();
/** User pubkey from token. */ for (const conn of connections) {
const pubkey = connections.find((conn) => conn.accessToken === accessToken)?.pubkey; if (conn.accessToken === accessToken) {
// Revoke the Bunker connection.
// Revoke the Bunker connection. revoke(accessToken);
revoke(accessToken); // Revoke the user's private key.
keyring.delete(conn.pubkey);
// Revoke the private key, if it exists. // Revoke the bunker's private key.
if (pubkey) { keyring.delete(conn.bunkerPubkey);
keyring.delete(pubkey); }
} }
} }