From 855bf9c76f2e513c56ce2513c6a16b6ffc7c46d1 Mon Sep 17 00:00:00 2001
From: Chris Smith <chris@walletconnect.com>
Date: Sat, 20 Jan 2024 10:47:00 -0500
Subject: [PATCH] fix: get notifications not authorized

---
 .../handlers/notify_get_notifications.rs                 | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/services/websocket_server/handlers/notify_get_notifications.rs b/src/services/websocket_server/handlers/notify_get_notifications.rs
index 64925084..62f1716d 100644
--- a/src/services/websocket_server/handlers/notify_get_notifications.rs
+++ b/src/services/websocket_server/handlers/notify_get_notifications.rs
@@ -24,7 +24,7 @@ use {
         },
         state::AppState,
         types::{Envelope, EnvelopeType0},
-        utils::topic_from_key,
+        utils::{is_same_address, topic_from_key},
     },
     base64::Engine,
     chrono::Utc,
@@ -122,6 +122,13 @@ pub async fn handle(msg: PublishedMessage, state: &AppState) -> Result<(), Relay
             }
         }
 
+        if !is_same_address(&account, &subscriber.account) {
+            Err(RelayMessageServerError::NotifyServerError(
+                NotifyServerError::AccountNotAuthorized,
+            ))?;
+            // TODO change to client error?
+        }
+
         account
     };