Closed benthecarman closed 1 month ago
Attention: Patch coverage is 53.48837%
with 40 lines
in your changes are missing coverage. Please review.
:exclamation: No coverage uploaded for pull request base (
master@646e42c
). Click here to learn what that means. Report is 10 commits behind head on master.:exclamation: Current head 6ef6583 differs from pull request most recent head 85ff68e. Consider uploading reports for the commit 85ff68e to get more accurate results
Files | Patch % | Lines |
---|---|---|
modules/fedimint-ln-client/src/lib.rs | 44.44% | 35 Missing :warning: |
modules/fedimint-ln-client/src/receive.rs | 78.26% | 5 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
I discussed a similar scheme with @Kodylow recently for a trusted but federated-custody LNURL server:
P
with LNURL server, receives LNURL U
U
:
P_i=tweak(P, i)
is derived by tweaking P
with a unique, continuous index i
IncomingContractOffer
where the preimage pre=preimage(P_i)
is derived from P_i
and the amount is the one from the LNURL request (this is where we need to trust the server to be honest)hash(pre)
and the respective amount and returned to the requesterlast
prev
up to which they scanned last timeP_prev,...,P_last
and start claim state machines for all non-empty, non-expired offers.This way the LNURL server, while being trusted, never holds any money.
A public key P_i=tweak(P, i) is derived by tweaking P with a unique, continuous index i
I wonder if just doing an xpub would be simpler
I wonder if just doing an xpub would be simpler
Conceptually not really, you basically do the same tweaking, just with more complexity involved. Maybe it's preferable because it's a bit more standardized, but not by much imo.
My thinking is that might help with privacy. If you see the keys just incrementing by 1 the gateway could correlate payments with a user whereas with a xpub they couldn't, only the lnurl server could
Oh sure, you'd hash pub key+idx to get the real tweak, then correlation isn't possible. That's how Tweakable::tweak
is implemented in Fedimint already.
Added the tweaking, just copy-pasted some of the code that you linked since it was in the wallet module
@elsirion tagging for visibility on support for receive on behalf of other user by pubkey
See 684551aa36920ff183d0d3976869e733916eee2b for a very hacky version of external invoice generation that needs a lot of refactoring to make it:
I think #4282 unblocked this PR.
Rebased the current changes, not really sure where to take it from here tbh
Rebased the current changes, not really sure where to take it from here tbh
To make this backwards compatible, you essentially need to map the old LightningReceiveSubmittedOffer
to the new one.
LightningReceiveSubmittedOffer
with no changes (can be called v0 or something)ReceivingKey
instead of KeyPair
get_database_migrations
of fedimint-ln-client
, add a new closure into the BTreeMap
where the closure reads the active/inactive states and checks if any of them are type LightningReceiveSubmittedOfferV0
(i.e with KeyPair
). From these "old" states, create the new LightningReceiveSubmittedOffer
and return it from the closure. There's an example migration in dummy-client
that does something similar. fedimint-ln-client
.This will essentially map the old state struct to the new one that you're adding. Hopefully that makes sense. We're doing a deep dive on this next week but feel free to ping me in the meantime.
I think I did this correctly, not sure how to test. Added as a separate commit for now for easier review
not sure how to test
Best way to test is probably to follow the dummy client example again.
create_client_states
in fedimint-ln-tests
and call it from snapshot_client-db_migrations
. Create the old state that you expect to be migrated.test_client_db_migrations
that verifies that all of the old states are now the new states.just snapshot-client-db-migrations fedimint-ln-tests
. This will re-generate the database backup with your new state written to the db and run the migration test, which will verify that the migration was successful.Okay got migration tests passing, actually caught a bug so that feels good
It changed some committed log files, not sure if those are supposed to be included or not
Responded to all review besides the fancier version of the db migrations, still figuring out how to properly do that
Alright think I got the fancy migrations working :rocket:
Failing tests?
Failing tests?
Needed to re generate, fixed
I don't want to block on this too much more since I think it's looking good and would like to get it in, but we should be able to add a test for this right? Maybe that can be done in a follow up.
I don't see where it reissues that received ecash
Trying to work on adding that, getting the tests to work for me has been a struggle, still figuring out what I'm doing wrong
got the beginnings of a test working, need to add functionality to claim the output now
need to add functionality to claim the output now
maybe this is better for a follow up, I am pretty lost on how to do this. Might be easier for someone else to do it so I am not blocking anything
I've squashed my commits now and have a test with a todo for claiming the final ecash
rebased
Looks good, just general question maybe to @elsirion are there any other changes that need to be made on the ecash claiming side for the client? would this affect recovery if it needs the tweaks for all the ecash received via external LN ? I don't see where it reissues that received ecash
@Kodylow modules don't have to know of each other, so anything we do in the LN module can't affect the e-cash module. All the LN module sees is an API that lets it dump money into a primary module that can keep it somehow. This primary module could be the e-cash module or some other hypothetical, maybe account-based, module.
The goal here is to be able to create a lightning invoice on behalf of another user and when it is paid the funds are locked to their key rather than our own.
Any feedback would be much appreciated!