fix(coordinator): downgrade django

2024-12-14 03:16:24 +00:00 · 2024-05-01 15:27:38 +01:00 · 2024-05-01 15:27:38 +01:00 · 37520557fc
commit 37520557fc
parent 107cbe65e3
3 changed files with 14 additions and 12 deletions
--- a/docs/assets/schemas/api-latest.yaml
+++ b/docs/assets/schemas/api-latest.yaml
@ -443,14 +443,17 @@ paths:
        - `update_invoice`
          - This action only is valid if you are the buyer. The `invoice`
            field needs to be present in the body and the value must be a
-            valid LN invoice as cleartext PGP message signed with the robot key. Make sure to perform this action only when
+            valid LN invoice as cleartext PGP message signed (SHA512) with the robot key.
+            The amount of the invoice should be `invoice_amount` minus the routing
+            budget whose parts per million should be specified by `routing_budget_ppm`.
+            Make sure to perform this action only when
            both the bonds are locked. i.e The status of your order is
            at least `6` (Waiting for trade collateral and buyer invoice)
        - `update_address`
          - This action is only valid if you are the buyer. This action is
            used to set an on-chain payout address if you wish to have your
            payout be received on-chain. Only valid if there is an address in the body as
-            cleartext PGP message signed with the robot key. This enables on-chain swap for the
+            cleartext PGP message signed (SHA512) with the robot key. This enables on-chain swap for the
            order, so even if you earlier had submitted a LN invoice, it
            will be ignored. You get to choose the `mining_fee_rate` as
            well. Mining fee rate is specified in sats/vbyte.
@ -470,9 +473,7 @@ paths:
            mid-trade so use this action carefully:

            - As a maker if you cancel an order after you have locked your
-              maker bond, you are returned your bond. This may change in
-              the future to prevent DDoSing the LN node and you won't be
-              returned the maker bond.
+              maker bond, you are returned your bond.
            - As a taker there is a time penalty involved if you `take` an
              order and cancel it without locking the taker bond.
            - For both taker or maker, if you cancel the order when both
@ -631,7 +632,7 @@ paths:
    post:
      operationId: reward_create
      description: Withdraw user reward by submitting an invoice. The invoice must
-        be send as cleartext PGP message signed with the robot key
+        be send as cleartext PGP message signed (SHA512) with the robot key
      summary: Withdraw reward
      tags:
      - reward
@ -721,12 +722,13 @@ paths:
        An authenticated request (has the token's sha256 hash encoded as base 91 in the Authorization header) will be
        returned the information about the state of a robot.

-        Make sure you generate your token using cryptographically secure methods. [Here's]() the function the Javascript
-        client uses to generate the tokens. Since the server only receives the hash of the
+        Make sure you generate your token using cryptographically secure methods.
+        Since the server only receives the hash of the
        token, it is responsibility of the client to create a strong token. Check
-        [here](https://github.com/RoboSats/robosats/blob/main/frontend/src/utils/token.js)
+        [here](https://github.com/RoboSats/robosats/blob/main/frontend/src/utils/token.ts)
        to see how the Javascript client creates a random strong token and how it validates entropy is optimal for tokens
        created by the user at will.
+        The PGP key should be an EdDSA ed25519/cert,sign+cv25519/encr key.

        `public_key` - PGP key associated with the user (Armored ASCII format)
        `encrypted_private_key` - Private PGP key. This is only stored on the backend for later fetching by
@ -737,7 +739,7 @@ paths:
        A gpg key can be created by:

        ```shell
-        gpg --full-gen-key
+        gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --full-gen-key
        ```

        it's public key can be exported in ascii armored format with:
--- a/requirements.txt
+++ b/requirements.txt
@ -1,4 +1,4 @@
-django==5.0.4
+django==4.2.11
 django-admin-relation-links==0.2.5
 django-celery-beat==2.6.0
 django-celery-results==2.5.1
--- a/requirements_dev.txt
+++ b/requirements_dev.txt
@ -1,4 +1,4 @@
 coverage==7.5.0
 ruff==0.4.2
-drf-openapi-tester==2.3.3
+drf-openapi-tester @ git+https://github.com/Reckless-Satoshi/drf-openapi-tester.git@soften-django-requirements
 pre-commit==3.7.0