Encryption removed (#674)

* wip: removing crypto code

* refactor: remove DB encryption refs; update docs and comments

* feat: bumped mostro-core version - removed some comment about encryption

* chore: fix clippy

* chore: fix fmt

* chore: rabbit nipticks

* fix: fixed in a proper way the full privacy mode child orders creation

Author: arkanoider

.gitignore

@@ -7,6 +7,7 @@ lnurl-test-server/target
 # IDE's
 .idea
 .vscode
+.cursor
 
 # settings file
 settings.toml

Cargo.lock

@@ -70,7 +70,7 @@ reqwest = { version = "0.12.1", default-features = false, features = [
   "json",
   "rustls-tls",
 ] }
-mostro-core = { version = "0.7.1", features = ["sqlx"] }
+mostro-core = { version = "0.8.0", features = ["sqlx"] }
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
 clap = { version = "4.5.45", features = ["derive"] }

Cargo.toml

@@ -18,6 +18,8 @@ These files are copied to `docker/config/lnd/` during the build process.
   - Used in `compose.yml` for port mapping
   - Example: `export MOSTRO_RELAY_LOCAL_PORT=7000`
 
+- `MOSTRO_DB_PASSWORD`: Not used (database encryption was removed). Kept in `compose.yml` for backward compatibility; can be omitted or left empty.
+
 ## Usage Examples
 
 ### Linux/macOS

docker/ENV_VARIABLES.md

@@ -74,36 +74,7 @@ To build and run the Docker container using Docker Compose, follow these steps:
    MOSTRO_RELAY_LOCAL_PORT=7000 make docker-up
    ```
 
-5. Configure `MOSTRO_DB_PASSWORD` for non-interactive startup (`docker compose up -d`):
-
-   - New DB + encryption enabled: set a strong password.
-   - New DB + cleartext DB: set it to empty.
-   - Existing encrypted DB: you must set the same password used when the DB was created.
-   - Existing cleartext DB: keep it empty.
-
-   ```sh
-   # Enable DB encryption
-   MOSTRO_DB_PASSWORD=YOUR_STRONG_PASSWORD_HERE
-   ```
-
-   ```sh
-   # Disable DB encryption (cleartext DB)
-   MOSTRO_DB_PASSWORD=
-   ```
-
-   One-shot override from command line:
-
-   ```sh
-   MOSTRO_DB_PASSWORD="YOUR_STRONG_PASSWORD_HERE" make docker-up
-   ```
-
-   ```sh
-   MOSTRO_DB_PASSWORD="" make docker-up
-   ```
-
-   For a persistent value, place the same `MOSTRO_DB_PASSWORD=...` line in `docker/.env`.
-
-   For more details about environment variables, see [ENV_VARIABLES.md](ENV_VARIABLES.md).
+5. **Note:** Database encryption has been removed. The `MOSTRO_DB_PASSWORD` environment variable (if set in `compose.yml`) is no longer used for the database; you can omit it. For more details about environment variables, see [ENV_VARIABLES.md](ENV_VARIABLES.md).
 
 6. Run the docker compose file:
 

docker/README.md

@@ -73,15 +73,15 @@ Take a dispute for resolution.
 - `error_message`: Optional error message if operation failed
 
 ### 5. Validate Database Password
-Validate the database password for encrypted databases.
+Kept for backward compatibility. Database encryption has been removed; this RPC always succeeds and does not validate a password.
 
 **Request:**
-- `password`: Database password to validate
+- `password`: Ignored
 - `request_id`: Optional request identifier
 
 **Response:**
-- `success`: Boolean indicating password validity
-- `error_message`: Optional error message if validation failed
+- `success`: Always `true`
+- `error_message`: Always `None`
 
 ### 6. Get Version
 Retrieve the Mostro daemon version.

docs/RPC.md

@@ -7,9 +7,9 @@ with an in-memory rate limiter that tracks failed attempts per client IP.
 
 ## Problem
 
-The `ValidateDbPassword` endpoint accepts a password and validates it against the
-stored admin hash. Without protection, an attacker with network access to the RPC
-interface could systematically try passwords at thousands of attempts per second.
+The `ValidateDbPassword` endpoint is kept for backward compatibility (database
+encryption was removed, so it always succeeds). The rate limiter remains to
+throttle abuse of this endpoint.
 
 See [Issue #569](https://github.com/MostroP2P/mostro/issues/569) for full details.
 
@@ -38,9 +38,8 @@ The `validate_db_password` method now:
 
 1. Extracts the client's remote address from the gRPC request
 2. Checks the rate limiter — returns `RESOURCE_EXHAUSTED` if locked out
-3. Validates the password against the stored hash
-4. On failure: records the attempt (triggers exponential backoff delay)
-5. On success: resets the client's failure state
+3. Does not validate a password (database encryption was removed); always succeeds
+4. On success: resets the client's failure state
 
 ### Audit Logging
 

docs/RPC_RATE_LIMITING.md

@@ -43,29 +43,25 @@ Before settings initialization, the daemon performs:
 
 ### Database Connection (db::connect)
 
-**Source**: `src/db.rs:480`
+**Source**: `src/db.rs`, function `connect()`.
 
-**Complex initialization process**:
+**Initialization**:
 
 1. **New database creation**:
    - Detects if database file exists
    - If new: runs all migrations from `migrations/` directory
    - Creates tables, indexes, and schema
 
-2. **Password encryption handling**:
-   - Checks if database is encrypted
-   - If encrypted: prompts for password interactively
-   - Validates password against stored hash
-   - Stores decrypted password in `config::MOSTRO_DB_PASSWORD`
-
-3. **Legacy migrations**:
+2. **Legacy migrations**:
    - Performs column migrations for backwards compatibility
    - Example: disputes table structure updates
 
-4. **Connection pooling**:
+3. **Connection pooling**:
    - Creates `SqlitePool` with configured connection limits
    - Stores in global `config::DB_POOL`
 
+**Note:** Database encryption has been removed; no password is used for the database.
+
 **Error handling**: Database connection errors halt startup
 
 ### Additional Boot Steps
@@ -163,7 +159,7 @@ pub static NOSTR_CLIENT: OnceLock<Client> = OnceLock::new();
 pub static LN_STATUS: OnceLock<LnStatus> = OnceLock::new();
 pub static DB_POOL: OnceLock<Arc<sqlx::SqlitePool>> = OnceLock::new();
 
-// Security
+// Security (MOSTRO_DB_PASSWORD unused; database encryption was removed)
 pub static MOSTRO_DB_PASSWORD: OnceLock<String> = OnceLock::new();
 
 // Message routing

docs/STARTUP_AND_CONFIG.md

@@ -21,8 +21,8 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         .await?;
 
     let mut client = AdminServiceClient::new(channel);
-    // Example 0: Validate database password
-    println!("Attempting to validate database password...");
+    // Example 0: ValidateDbPassword (backward compatibility; DB encryption removed, always succeeds)
+    println!("Calling ValidateDbPassword (backward-compat endpoint)...");
     let validate_request = tonic::Request::new(ValidateDbPasswordRequest {
         password: std::env::var("MOSTRO_DB_TEST_PASSWORD").unwrap_or_default(),
     });
@@ -31,10 +31,10 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         Ok(response) => {
             let resp = response.get_ref();
             if resp.success {
-                println!("✅ Database password validated successfully");
+                println!("✅ ValidateDbPassword returned success");
             } else {
                 println!(
-                    "❌ Failed to validate DB password: {:?}",
+                    "❌ ValidateDbPassword returned failure: {:?}",
                     resp.error_message
                 );
             }

examples/rpc_client.rs

@@ -16,7 +16,7 @@ service AdminService {
   // Take a dispute for resolution
   rpc TakeDispute(TakeDisputeRequest) returns (TakeDisputeResponse);
 
-  // Validate database password (when encryption is enabled)
+  // Validate database password (kept for backward compatibility; DB encryption removed)
   rpc ValidateDbPassword(ValidateDbPasswordRequest) returns (ValidateDbPasswordResponse);
 
   // Get Mostro version
@@ -71,7 +71,7 @@ message TakeDisputeResponse {
   optional string error_message = 2;
 }
 
-// Validate database password
+// Validate database password (backward compatibility; no longer used for DB encryption)
 message ValidateDbPasswordRequest {
   string password = 1;
 }