Use payjoin crate

Cargo.toml

@@ -11,7 +11,9 @@ spec = "config_spec.toml"
 test_paths = []
 
 [dependencies]
-bitcoin = { version = "0.27.0", features = ["use-serde"] }
+bitcoin = { version = "0.28.1", features = ["use-serde"] }
+bip78 = { git = "https://github.com/dangould/rust-payjoin", branch = "receive-logic-v3", features = ["sender", "receiver" ] }
+url = "2.2.2"
 hyper = "0.14.9"
 tonic_lnd = "0.4.0"
 tokio = { version = "1.7.1", features = ["rt-multi-thread"] }

src/main.rs

@@ -6,6 +6,7 @@ use std::fmt;
 use std::sync::{Arc, Mutex};
 
 use args::ArgError;
+use bip78::receiver::*;
 use bitcoin::util::address::Address;
 use bitcoin::util::psbt::PartiallySignedTransaction;
 use bitcoin::{Script, TxOut};
@@ -181,7 +182,7 @@ impl From<tonic_lnd::Error> for CheckError {
 async fn ensure_connected(client: &mut tonic_lnd::Client, node: &P2PAddress) {
     let pubkey = node.node_id.to_string();
     let peer_addr =
-        tonic_lnd::rpc::LightningAddress { pubkey: pubkey, host: node.as_host_port().to_string() };
+        tonic_lnd::rpc::LightningAddress { pubkey, host: node.as_host_port().to_string() };
 
     let connect_req =
         tonic_lnd::rpc::ConnectPeerRequest { addr: Some(peer_addr), perm: true, timeout: 60 };
@@ -266,6 +267,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
     Ok(())
 }
 
+pub(crate) struct Headers(hyper::HeaderMap);
+impl bip78::receiver::Headers for Headers {
+    fn get_header(&self, key: &str) -> Option<&str> { self.0.get(key)?.to_str().ok() }
+}
+
 async fn handle_web_req(
     mut handler: Handler,
     req: Request<Body>,
@@ -293,60 +299,79 @@ async fn handle_web_req(
             dbg!(req.uri().query());
 
             let mut lnd = handler.client;
-            let query = req
-                .uri()
-                .query()
-                .into_iter()
-                .flat_map(|query| query.split('&'))
-                .map(|kv| {
-                    let eq_pos = kv.find('=').unwrap();
-                    (&kv[..eq_pos], &kv[(eq_pos + 1)..])
-                })
-                .collect::<std::collections::HashMap<_, _>>();
-
-            if query.get("disableoutputsubstitution") == Some(&"1") {
-                panic!("Output substitution must be enabled");
-            }
-            let base64_bytes = hyper::body::to_bytes(req.into_body()).await?;
-            let bytes = base64::decode(&base64_bytes).unwrap();
-            let mut reader = &*bytes;
-            let mut psbt = PartiallySignedTransaction::consensus_decode(&mut reader).unwrap();
-            eprintln!("Received transaction: {:#?}", psbt);
-            for input in &mut psbt.global.unsigned_tx.input {
-                // clear signature
-                input.script_sig = bitcoin::blockdata::script::Script::new();
+
+            // extract original PSBT from HTTP request
+            // TODO: `UncheckedProposal` is not really the proposal, but the original PSBT? Is the naming wrong?
+            // TODO: Unneeded and/or undocumented traits in bip-78 library? (`Proposal`, `Headers`)
+            // TODO: We should really save the original PSBT just in case the sender does not sign
+            //  and broadcast the proposed PSBT, or some other error occurs
+            let headers = Headers(req.headers().clone());
+            let query = req.uri().query().map(ToString::to_string);
+            let body_bytes = dbg!(hyper::body::to_bytes(req.into_body()).await?);
+            let proposal = UncheckedProposal::from_request(&*body_bytes, query.as_deref(), headers)
+                .expect("received invalid proposal - TODO: handle this error properly");
+            if proposal.is_output_substitution_disabled() {
+                panic!("Output substitution must be enabled"); // TODO: Proper checks for `pjos`
             }
+            let proposal = proposal
+                .assume_interactive_receive_endpoint() // TODO Check
+                .assume_no_inputs_owned() // TODO Check
+                .assume_no_mixed_input_scripts() // This check is silly and could be ignored
+                .assume_no_inputs_seen_before(); // TODO
+
+            // `psbt` is going to ACTUALLY be the proposal PSBT
+            let mut psbt = proposal.psbt().clone();
+            eprintln!("Received transaction: {:#?}", psbt); // but not yet
+            psbt.unsigned_tx
+                .input
+                .iter_mut()
+                .for_each(|txin| txin.script_sig = bitcoin::Script::new());
+
+            // find our output
+            // TODO: Would it be possible that the user sends to multiple outputs that we own?
             let (our_output, scheduled_payjoin) = handler
                 .payjoins
-                .find(&mut psbt.global.unsigned_tx.output)
+                .find(&mut psbt.unsigned_tx.output)
                 .expect("the transaction doesn't contain our output");
-            let total_channel_amount: bitcoin::Amount = scheduled_payjoin
+
+            // TODO: make this a member fn of `ScheduledPayJoin`
+            // TODO: make sure it is impossible to create a BIP21pj linked to `ScheduledPayJoin`
+            //  with a "total channel amount" larger than requested + fee
+            let total_channel_amount = scheduled_payjoin
                 .channels
                 .iter()
                 .map(|channel| channel.amount)
                 .fold(bitcoin::Amount::ZERO, std::ops::Add::add);
+
+            // TODO: make this a member fn of `ScheduledPayJoin`
             let fees = calculate_fees(
                 scheduled_payjoin.channels.len() as u64,
                 scheduled_payjoin.fee_rate,
                 scheduled_payjoin.wallet_amount != bitcoin::Amount::ZERO,
             );
 
+            // TODO: not great
             assert_eq!(
                 our_output.value,
                 (total_channel_amount + scheduled_payjoin.wallet_amount + fees).as_sat()
             );
 
-            let chids = (0..scheduled_payjoin.channels.len())
+            let chan_ids = (0..scheduled_payjoin.channels.len())
                 .into_iter()
                 .map(|_| rand::random::<[u8; 32]>())
                 .collect::<Vec<_>>();
 
+            // these are channel-open txouts
             // no collect() because of async
             let mut txouts = Vec::with_capacity(scheduled_payjoin.channels.len());
 
-            for (channel, chid) in scheduled_payjoin.channels.iter().zip(&chids) {
+            // TODO: Creating `OpenChannelRequest` should be one thing, and async calls another
+            // TODO: Instead of interfacing with `tonic_lnd` directly, consider having a trait
+            //      so this can be extended in the future
+            // TODO: What if channel open fails or takes too long?
+            for (channel, chan_id) in scheduled_payjoin.channels.iter().zip(&chan_ids) {
                 let psbt_shim = tonic_lnd::rpc::PsbtShim {
-                    pending_chan_id: Vec::from(chid as &[_]),
+                    pending_chan_id: Vec::from(chan_id as &[_]),
                     base_psbt: Vec::new(),
                     no_publish: true,
                 };
@@ -383,7 +408,7 @@ async fn handle_web_req(
                 while let Some(message) =
                     update_stream.message().await.expect("failed to receive update")
                 {
-                    assert_eq!(message.pending_chan_id, chid);
+                    assert_eq!(message.pending_chan_id, chan_id);
                     if let Some(update) = message.update {
                         use tonic_lnd::rpc::open_status_update::Update;
                         match update {
@@ -392,9 +417,9 @@ async fn handle_web_req(
                                 let tx = PartiallySignedTransaction::consensus_decode(&mut bytes)
                                     .unwrap();
                                 eprintln!("PSBT received from LND: {:#?}", tx);
-                                assert_eq!(tx.global.unsigned_tx.output.len(), 1);
+                                assert_eq!(tx.unsigned_tx.output.len(), 1);
 
-                                txouts.extend(tx.global.unsigned_tx.output);
+                                txouts.extend(tx.unsigned_tx.output);
                                 break;
                             }
                             // panic?
@@ -412,17 +437,17 @@ async fn handle_web_req(
                 *our_output = channel_output;
             } else {
                 our_output.value = scheduled_payjoin.wallet_amount.as_sat();
-                psbt.global.unsigned_tx.output.push(channel_output)
+                psbt.unsigned_tx.output.push(channel_output)
             }
 
-            psbt.global.unsigned_tx.output.extend(txouts);
-            psbt.outputs.resize_with(psbt.global.unsigned_tx.output.len(), Default::default);
+            psbt.unsigned_tx.output.extend(txouts);
+            psbt.outputs.resize_with(psbt.unsigned_tx.output.len(), Default::default);
 
             eprintln!("PSBT to be given to LND: {:#?}", psbt);
             let mut psbt_bytes = Vec::new();
             psbt.consensus_encode(&mut psbt_bytes).unwrap();
 
-            for chid in &chids {
+            for chid in &chan_ids {
                 let psbt_verify = tonic_lnd::rpc::FundingPsbtVerify {
                     pending_chan_id: Vec::from(chid as &[_]),
                     funded_psbt: psbt_bytes.clone(),
@@ -441,7 +466,7 @@ async fn handle_web_req(
             }
 
             // Reset transaction state to be non-finalized
-            psbt = PartiallySignedTransaction::from_unsigned_tx(psbt.global.unsigned_tx)
+            let psbt = PartiallySignedTransaction::from_unsigned_tx(psbt.unsigned_tx.clone())
                 .expect("resetting tx failed");
             let mut psbt_bytes = Vec::new();
             eprintln!("PSBT that will be returned: {:#?}", psbt);