machankura/phoenixd_enclave
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62 Commits 2 Branches 0 Tags
Commit Graph

10 Commits

Author SHA1 Message Date
Pierre-Marie Padiou
18035566f8
Add authentication to webhook calls (#34) 
A new `X-Phoenix-Signature` header is added to webhook calls, which contains the HMAC-SHA256 signature of the whole json body, encoded in utf-8, using the `webhook-secret` configuration parameter, also encoded in utf-8. 

For example:
- webhook request body:
```
{
    "type": "payment_received",
    "timestamp": 1712785550079,
    "amountSat": 8,
    "paymentHash": "e628f8a516e9d3ee5e212a675f8d0c9dc5e7a5d500c5f4f91c62e9e921492653",
    "externalId": null
}
```
- `webhook-secret` in `phoenix.conf`:`ef72d3b96324106dfbf83f2a4efeff7dddb4ce923e9664cb56baf34cc52936b6`

Will produce the header `X-Phoenix-Signature: 77ffc40401024fb417e45fdd002de06bdbf3b48b90d09d05cccd06462920aed7`

A `timestamp` has been added to the events, to provide protection against replay attacks. Users should check that the timestamp is not too old. Stripe uses a [5 min default tolerance](https://docs.stripe.com/webhooks#replay-attacks).

Suggested by @danielcharrua in #33.
 2024-04-23 16:57:03 +02:00
pm47
f3251e78e5
explicit message in case of 4XX failures 
```
$ curl -u :bad-password http://127.0.0.1:9740/getinfo
Invalid authentication (use basic auth with the http password set in
phoenix.conf)

$ curl -u :4034..8232 http://127.0.0.1:9740/getinfowithtypo
Unknown endpoint (check api doc)

$ curl -u :4034..8232 -X POST http://127.0.0.1:9740/getinfowithtypo
Invalid http method (use the correct GET/POST)

```
 2024-03-25 18:14:20 +01:00
pm47
91e1ea6055
make invoice amount optional 2024-03-21 14:24:05 +01:00
pm47
97b6afce7c
name db with chain+nodeId 2024-03-21 13:20:43 +01:00
Dominique Padiou
9d460eeee5
Add version in log, command and api 
A task has been added to generate a BuildVersions file
when building the project. Project's version can be
found in that file at runtime.

Also centralized declaration of the dependencies
versions to buildSrc.
 2024-03-20 16:02:48 +01:00
pm47
6bffd418e8
add timestamps to logs 2024-03-20 14:04:41 +01:00
Dominique Padiou
9d984591bc
Add API endpoint to list payments by external id 
Creating an invoice now accepts an optional external id.
Also added new payment endpoints to the CLI.
 2024-03-11 21:04:10 +01:00
Dominique Padiou
3027bd1aca
Add table storing payments metadata 2024-03-11 17:59:20 +01:00
pm47
e6e6707685
do not explicitly reference client impl 2024-03-11 15:25:32 +01:00
Pierre-Marie Padiou
d791179125
Initial commit 2024-03-08 19:23:23 +01:00