- added `GET /payments/outgoing` endpoint: returns a list of
outgoing payments. Only Lightning outgoing payments are listed.
Other types of outgoing payments (splice, channel close, ...)
are ignored.
- updated `GET /payments/incoming` endpoint to accept new
parameters for paging and date filtering.
A new parameter `descriptionHash` has been added to `createinvoice`, which takes a 32-bytes hex string.
Either `description` or `descriptionHash` must be provided.
The `description` field is now limited to 128 characters.
A new `X-Phoenix-Signature` header is added to webhook calls, which contains the HMAC-SHA256 signature of the whole json body, encoded in utf-8, using the `webhook-secret` configuration parameter, also encoded in utf-8.
For example:
- webhook request body:
```
{
"type": "payment_received",
"timestamp": 1712785550079,
"amountSat": 8,
"paymentHash": "e628f8a516e9d3ee5e212a675f8d0c9dc5e7a5d500c5f4f91c62e9e921492653",
"externalId": null
}
```
- `webhook-secret` in `phoenix.conf`:`ef72d3b96324106dfbf83f2a4efeff7dddb4ce923e9664cb56baf34cc52936b6`
Will produce the header `X-Phoenix-Signature: 77ffc40401024fb417e45fdd002de06bdbf3b48b90d09d05cccd06462920aed7`
A `timestamp` has been added to the events, to provide protection against replay attacks. Users should check that the timestamp is not too old. Stripe uses a [5 min default tolerance](https://docs.stripe.com/webhooks#replay-attacks).
Suggested by @danielcharrua in #33.
It makes much more sense to consider only the mining fee, for the absolute fee check, as it is volatile and amount-independent. The service fee is in % and predictable.
The default value is equivalent as before (1% of the default `auto-liquidity`, given that the previous value of 2% included the 1% liquidity service fee). Previous option is deprecated and explicitly rejected.
A task has been added to generate a BuildVersions file
when building the project. Project's version can be
found in that file at runtime.
Also centralized declaration of the dependencies
versions to buildSrc.
This abstract class catches errors and echoes a short message
instead of printing a stacktrace. This is especially useful
when the CLI cannot connect to phoenixd (e.g. wrong port). We
can also factorise some of the code.
There is now only one database file, phoenix.db. This
makes database backup easier.
Legacy channels closing parts have been removed (we
use a dedicated table to store closings).
The tables storing lightning outgoing payments have
been renamed for consistency by addingd a "lightning"
prefix. The related kotlin classes have been renamed
as well.
