From 9db89606cb1398f8115d42db126ff8cc6ed77c6d Mon Sep 17 00:00:00 2001 From: Reckless_Satoshi <90936742+Reckless-Satoshi@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:22:15 +0000 Subject: [PATCH] Deprecate unsigned invoices (#633) * Fix connected chat status * Delete option to submit unsigned address and invoices --- api/oas_schemas.py | 19 ++++++++++--------- api/views.py | 35 +++++++++-------------------------- 2 files changed, 19 insertions(+), 35 deletions(-) diff --git a/api/oas_schemas.py b/api/oas_schemas.py index 15ad1cde..bb2abfa4 100644 --- a/api/oas_schemas.py +++ b/api/oas_schemas.py @@ -205,7 +205,7 @@ class OrderViewSchema: Update an order `action` field is required and determines what is to be done. Below - is an explaination of what each action does: + is an explanation of what each action does: - `take` - If the order has not expired and is still public, on a @@ -220,13 +220,14 @@ class OrderViewSchema: - `update_invoice` - This action only is valid if you are the buyer. The `invoice` field needs to be present in the body and the value must be a - valid LN invoice. Make sure to perform this action only when + valid LN invoice as cleartext PGP message signed with the robot key. Make sure to perform this action only when both the bonds are locked. i.e The status of your order is - atleast `6` (Waiting for trade collateral and buyer invoice) + at least `6` (Waiting for trade collateral and buyer invoice) - `update_address` - This action is only valid if you are the buyer. This action is used to set an on-chain payout address if you wish to have your - payout be recieved on-chain. This enables on-chain swap for the + payout be received on-chain. Only valid if there is an address in the body as + cleartext PGP message signed with the robot key. This enables on-chain swap for the order, so even if you earlier had submitted a LN invoice, it will be ignored. You get to choose the `mining_fee_rate` as well. Mining fee rate is specified in sats/vbyte. @@ -237,7 +238,7 @@ class OrderViewSchema: - `11` - In dispute - `12` - Collaboratively cancelled - `13` - Sending satoshis to buyer - - `14` - Sucessful trade + - `14` - Successful trade - `15` - Failed lightning network routing - `17` - Maker lost dispute - `18` - Taker lost dispute @@ -246,13 +247,13 @@ class OrderViewSchema: mid-trade so use this action carefully: - As a maker if you cancel an order after you have locked your - maker bond, you are returend your bond. This may change in + maker bond, you are returned your bond. This may change in the future to prevent DDoSing the LN node and you won't be - returend the maker bond. + returned the maker bond. - As a taker there is a time penalty involved if you `take` an order and cancel it without locking the taker bond. - For both taker or maker, if you cancel the order when both - have locked thier bonds (status = `6` or `7`), you loose your + have locked their bonds (status = `6` or `7`), you loose your bond and a percent of it goes as "rewards" to your counterparty and some of it the platform keeps. This is to discourage wasting time and DDoSing the platform. @@ -524,7 +525,7 @@ class InfoViewSchema: class RewardViewSchema: post = { "summary": "Withdraw reward", - "description": "Withdraw user reward by submitting an invoice", + "description": "Withdraw user reward by submitting an invoice. The invoice must be send as cleartext PGP message signed with the robot key", "responses": { 200: { "type": "object", diff --git a/api/views.py b/api/views.py index ad5bc0ea..556e7052 100644 --- a/api/views.py +++ b/api/views.py @@ -534,14 +534,9 @@ class OrderView(viewsets.ViewSet): # 2) If action is 'update invoice' elif action == "update_invoice": # DEPRECATE post v0.5.1. - if "---" not in pgp_invoice: - valid_signature = True - invoice = pgp_invoice - else: - # END DEPRECATE. - valid_signature, invoice = verify_signed_message( - request.user.robot.public_key, pgp_invoice - ) + valid_signature, invoice = verify_signed_message( + request.user.robot.public_key, pgp_invoice + ) if not valid_signature: return Response( @@ -557,15 +552,9 @@ class OrderView(viewsets.ViewSet): # 2.b) If action is 'update address' elif action == "update_address": - # DEPRECATE post v0.5.1. - if "---" not in pgp_address: - valid_signature = True - address = pgp_address - else: - # END DEPRECATE. - valid_signature, address = verify_signed_message( - request.user.robot.public_key, pgp_address - ) + valid_signature, address = verify_signed_message( + request.user.robot.public_key, pgp_address + ) if not valid_signature: return Response( @@ -815,15 +804,9 @@ class RewardView(CreateAPIView): pgp_invoice = serializer.data.get("invoice") - # DEPRECATE post v0.5.1. - if "---" not in pgp_invoice: - valid_signature = True - invoice = pgp_invoice - else: - # END DEPRECATE. - valid_signature, invoice = verify_signed_message( - request.user.robot.public_key, pgp_invoice - ) + valid_signature, invoice = verify_signed_message( + request.user.robot.public_key, pgp_invoice + ) if not valid_signature: return Response(