- added `GET /payments/outgoing` endpoint: returns a list of
outgoing payments. Only Lightning outgoing payments are listed.
Other types of outgoing payments (splice, channel close, ...)
are ignored.
- updated `GET /payments/incoming` endpoint to accept new
parameters for paging and date filtering.
A new parameter `descriptionHash` has been added to `createinvoice`, which takes a 32-bytes hex string.
Either `description` or `descriptionHash` must be provided.
The `description` field is now limited to 128 characters.
A new `X-Phoenix-Signature` header is added to webhook calls, which contains the HMAC-SHA256 signature of the whole json body, encoded in utf-8, using the `webhook-secret` configuration parameter, also encoded in utf-8.
For example:
- webhook request body:
```
{
"type": "payment_received",
"timestamp": 1712785550079,
"amountSat": 8,
"paymentHash": "e628f8a516e9d3ee5e212a675f8d0c9dc5e7a5d500c5f4f91c62e9e921492653",
"externalId": null
}
```
- `webhook-secret` in `phoenix.conf`:`ef72d3b96324106dfbf83f2a4efeff7dddb4ce923e9664cb56baf34cc52936b6`
Will produce the header `X-Phoenix-Signature: 77ffc40401024fb417e45fdd002de06bdbf3b48b90d09d05cccd06462920aed7`
A `timestamp` has been added to the events, to provide protection against replay attacks. Users should check that the timestamp is not too old. Stripe uses a [5 min default tolerance](https://docs.stripe.com/webhooks#replay-attacks).
Suggested by @danielcharrua in #33.
A task has been added to generate a BuildVersions file
when building the project. Project's version can be
found in that file at runtime.
Also centralized declaration of the dependencies
versions to buildSrc.
