18035566f8
A new `X-Phoenix-Signature` header is added to webhook calls, which contains the HMAC-SHA256 signature of the whole json body, encoded in utf-8, using the `webhook-secret` configuration parameter, also encoded in utf-8.
For example:
- webhook request body:
```
{
"type": "payment_received",
"timestamp": 1712785550079,
"amountSat": 8,
"paymentHash": "e628f8a516e9d3ee5e212a675f8d0c9dc5e7a5d500c5f4f91c62e9e921492653",
"externalId": null
}
```
- `webhook-secret` in `phoenix.conf`:`ef72d3b96324106dfbf83f2a4efeff7dddb4ce923e9664cb56baf34cc52936b6`
Will produce the header `X-Phoenix-Signature: 77ffc40401024fb417e45fdd002de06bdbf3b48b90d09d05cccd06462920aed7`
A `timestamp` has been added to the events, to provide protection against replay attacks. Users should check that the timestamp is not too old. Stripe uses a [5 min default tolerance](https://docs.stripe.com/webhooks#replay-attacks).
Suggested by @danielcharrua in #33.
phoenixd
phoenixd is the server equivalent of the popular phoenix wallet for mobile. It is written in Kotlin Multiplatform and runs natively on Linux, MacOS (x86 and ARM), and Windows (WSL).
Build
Native Linux/WSL
Requires libsqlite-dev and libcurl4-gnutls-dev, both compiled against glibc 2.19.
./gradlew packageLinuxX64
Native MacOS x64
./gradlew packageMacOSX64
Native MacOS arm64
./gradlew packageMacOSArm64
JVM
./gradlew distZip