Receive payjoin

Author: DanGould

Cargo.lock

@@ -33,7 +33,7 @@ lightning-rapid-gossip-sync = { version = "0.0.121" }
 lightning-background-processor = { version = "0.0.121", features = ["futures"] }
 lightning-transaction-sync = { version = "0.0.121", default-features = false, features = ["esplora-async-https"] }
 lightning-liquidity = "0.1.0-alpha.2"
-chrono = "0.4.22"
+chrono = "0.4.33"
 futures-util = { version = "0.3", default-features = false }
 reqwest = { version = "0.11", default-features = false, features = ["multipart", "json"] }
 async-trait = "0.1.68"
@@ -44,7 +44,8 @@ cbc = { version = "0.1", features = ["alloc"] }
 aes = { version = "0.8" }
 jwt-compact = { version = "0.8.0-beta.1", features = ["es256k"] }
 argon2 = { version = "0.5.0", features = ["password-hash", "alloc"] }
-payjoin = { version = "0.13.0", features = ["send", "base64"] }
+once_cell = "1.18.0"
+payjoin = { version = "0.15.0", features = ["v2", "send", "receive", "base64"] }
 bincode = "1.3.3"
 hex-conservative = "0.1.1"
 async-lock = "3.2.0"

mutiny-core/Cargo.toml

@@ -154,6 +154,9 @@ pub enum MutinyError {
     /// Cannot change password to the same password
     #[error("Cannot change password to the same password.")]
     SamePassword,
+    /// Error with payjoin
+    #[error("Payjoin error: {0}")]
+    Payjoin(crate::payjoin::Error),
     /// Payjoin request creation failed.
     #[error("Failed to create payjoin request.")]
     PayjoinCreateRequest,
@@ -574,6 +577,12 @@ impl From<nostr_sdk::signer::Error> for MutinyError {
     }
 }
 
+impl From<crate::payjoin::Error> for MutinyError {
+    fn from(e: crate::payjoin::Error) -> Self {
+        Self::Payjoin(e)
+    }
+}
+
 impl From<payjoin::send::CreateRequestError> for MutinyError {
     fn from(_e: payjoin::send::CreateRequestError) -> Self {
         Self::PayjoinCreateRequest

mutiny-core/src/error.rs

@@ -8,6 +8,7 @@
     type_alias_bounds
 )]
 extern crate core;
+extern crate payjoin as pj;
 
 pub mod auth;
 pub mod blindauth;
@@ -33,6 +34,7 @@ mod node;
 pub mod nodemanager;
 pub mod nostr;
 mod onchain;
+mod payjoin;
 mod peermanager;
 pub mod scorer;
 pub mod storage;
@@ -1573,11 +1575,31 @@ impl<S: MutinyStorage> MutinyWallet<S> {
             return Err(MutinyError::WalletOperationFailed);
         };
 
+        let (pj, ohttp) = match self.node_manager.start_payjoin_session().await {
+            Ok((enrolled, ohttp_keys)) => {
+                let pj_uri = enrolled.fallback_target();
+                self.node_manager.spawn_payjoin_receiver(enrolled);
+                let ohttp = base64::encode_config(
+                    ohttp_keys
+                        .encode()
+                        .map_err(|_| MutinyError::PayjoinConfigError)?,
+                    base64::URL_SAFE_NO_PAD,
+                );
+                (Some(pj_uri), Some(ohttp))
+            }
+            Err(e) => {
+                log_error!(self.logger, "Error enrolling payjoin: {e}");
+                (None, None)
+            }
+        };
+
         Ok(MutinyBip21RawMaterials {
             address,
             invoice,
             btc_amount: amount.map(|amount| bitcoin::Amount::from_sat(amount).to_btc().to_string()),
             labels,
+            pj,
+            ohttp,
         })
     }
 

mutiny-core/src/lib.rs

@@ -2,6 +2,7 @@ use crate::auth::MutinyAuthClient;
 use crate::labels::LabelStorage;
 use crate::ldkstorage::CHANNEL_CLOSURE_PREFIX;
 use crate::logging::LOGGING_KEY;
+use crate::payjoin::Error as PayjoinError;
 use crate::utils::{sleep, spawn};
 use crate::MutinyInvoice;
 use crate::MutinyWalletConfig;
@@ -50,6 +51,7 @@ use lightning::{log_debug, log_error, log_info, log_trace, log_warn};
 use lightning_invoice::Bolt11Invoice;
 use lightning_transaction_sync::EsploraSyncClient;
 use payjoin::Uri;
+use pj::receive::v2::Enrolled;
 use reqwest::Client;
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
@@ -99,6 +101,8 @@ pub struct MutinyBip21RawMaterials {
     pub invoice: Option<Bolt11Invoice>,
     pub btc_amount: Option<String>,
     pub labels: Vec<String>,
+    pub pj: Option<String>,
+    pub ohttp: Option<String>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Eq, PartialEq)]
@@ -666,6 +670,34 @@ impl<S: MutinyStorage> NodeManager<S> {
         Err(MutinyError::WalletOperationFailed)
     }
 
+    pub async fn start_payjoin_session(
+        &self,
+    ) -> Result<(Enrolled, payjoin::OhttpKeys), PayjoinError> {
+        use crate::payjoin::{fetch_ohttp_keys, random_ohttp_relay, PAYJOIN_DIR};
+
+        let ohttp_keys = fetch_ohttp_keys(PAYJOIN_DIR.to_owned()).await?;
+        let http_client = reqwest::Client::builder().build()?;
+
+        let mut enroller = payjoin::receive::v2::Enroller::from_directory_config(
+            PAYJOIN_DIR.to_owned(),
+            ohttp_keys.clone(),
+            random_ohttp_relay().to_owned(),
+        );
+        let (req, context) = enroller.extract_req()?;
+        let ohttp_response = http_client
+            .post(req.url)
+            .header("Content-Type", "message/ohttp-req")
+            .body(req.body)
+            .send()
+            .await?;
+        let ohttp_response = ohttp_response.bytes().await?;
+        Ok((
+            enroller.process_res(ohttp_response.as_ref(), context)?,
+            ohttp_keys,
+        ))
+    }
+
+    // Send v1 payjoin request
     pub async fn send_payjoin(
         &self,
         uri: Uri<'_, NetworkUnchecked>,
@@ -740,6 +772,78 @@ impl<S: MutinyStorage> NodeManager<S> {
         Ok(txid)
     }
 
+    pub fn spawn_payjoin_receiver(&self, enrolled: Enrolled) {
+        let logger = self.logger.clone();
+        let wallet = self.wallet.clone();
+        utils::spawn(async move {
+            match Self::receive_payjoin(wallet, enrolled).await {
+                Ok(txid) => log_info!(logger, "Received payjoin txid: {txid}"),
+                Err(e) => log_error!(logger, "Error receiving payjoin: {e}"),
+            };
+        });
+    }
+
+    /// Poll the payjoin relay to maintain a payjoin session and create a payjoin proposal.
+    async fn receive_payjoin(
+        wallet: Arc<OnChainWallet<S>>,
+        mut enrolled: payjoin::receive::v2::Enrolled,
+    ) -> Result<Txid, MutinyError> {
+        let http_client = reqwest::Client::builder()
+            .build()
+            .map_err(PayjoinError::Reqwest)?;
+        let proposal: payjoin::receive::v2::UncheckedProposal =
+            Self::poll_for_fallback_psbt(&http_client, &mut enrolled).await?;
+        let original_tx = proposal.extract_tx_to_schedule_broadcast();
+        let mut payjoin_proposal = match wallet
+            .process_payjoin_proposal(proposal)
+            .map_err(|e| PayjoinError::ReceiverStateMachine(e.to_string()))
+        {
+            Ok(p) => p,
+            Err(e) => {
+                wallet.broadcast_transaction(original_tx).await?;
+                return Err(e.into());
+            }
+        };
+
+        let (req, ohttp_ctx) = payjoin_proposal
+            .extract_v2_req()
+            .map_err(|e| PayjoinError::ReceiverStateMachine(e.to_string()))?;
+        let res = http_client
+            .post(req.url)
+            .header("Content-Type", "message/ohttp-req")
+            .body(req.body)
+            .send()
+            .await
+            .map_err(PayjoinError::Reqwest)?;
+        let res = res.bytes().await.map_err(PayjoinError::Reqwest)?;
+        // enroll must succeed
+        let _res = payjoin_proposal
+            .deserialize_res(res.to_vec(), ohttp_ctx)
+            .map_err(|e| PayjoinError::ReceiverStateMachine(e.to_string()))?;
+        Ok(payjoin_proposal.psbt().clone().extract_tx().txid())
+    }
+
+    async fn poll_for_fallback_psbt(
+        client: &reqwest::Client,
+        enroller: &mut payjoin::receive::v2::Enrolled,
+    ) -> Result<payjoin::receive::v2::UncheckedProposal, PayjoinError> {
+        loop {
+            let (req, context) = enroller.extract_req()?;
+            let ohttp_response = client
+                .post(req.url)
+                .header("Content-Type", "message/ohttp-req")
+                .body(req.body)
+                .send()
+                .await?;
+            let ohttp_response = ohttp_response.bytes().await?;
+            let proposal = enroller.process_res(ohttp_response.as_ref(), context)?;
+            match proposal {
+                Some(proposal) => return Ok(proposal),
+                None => utils::sleep(5000).await,
+            }
+        }
+    }
+
     /// Sends an on-chain transaction to the given address.
     /// The amount is in satoshis and the fee rate is in sat/vbyte.
     ///

mutiny-core/src/nodemanager.rs

@@ -14,7 +14,7 @@ use bdk_esplora::EsploraAsyncExt;
 use bitcoin::bip32::{ChildNumber, DerivationPath, ExtendedPrivKey};
 use bitcoin::consensus::serialize;
 use bitcoin::psbt::{Input, PartiallySignedTransaction};
-use bitcoin::{Address, Network, OutPoint, ScriptBuf, Transaction, Txid};
+use bitcoin::{Address, Network, OutPoint, Script, ScriptBuf, Transaction, Txid};
 use esplora_client::AsyncClient;
 use hex_conservative::DisplayHex;
 use lightning::events::bump_transaction::{Utxo, WalletSource};
@@ -355,10 +355,103 @@ impl<S: MutinyStorage> OnChainWallet<S> {
         Ok(())
     }
 
+    fn is_mine(&self, script: &Script) -> Result<bool, MutinyError> {
+        Ok(self.wallet.try_read()?.is_mine(script))
+    }
+
     pub fn list_utxos(&self) -> Result<Vec<LocalOutput>, MutinyError> {
         Ok(self.wallet.try_read()?.list_unspent().collect())
     }
 
+    pub fn process_payjoin_proposal(
+        &self,
+        proposal: payjoin::receive::v2::UncheckedProposal,
+    ) -> Result<payjoin::receive::v2::PayjoinProposal, payjoin::Error> {
+        use payjoin::Error;
+
+        // Receive Check 1 bypass: We're not an automated payment processor.
+        let proposal = proposal.assume_interactive_receiver();
+        log::trace!("check1");
+
+        // Receive Check 2: receiver can't sign for proposal inputs
+        let proposal = proposal.check_inputs_not_owned(|input| {
+            self.is_mine(input).map_err(|e| Error::Server(e.into()))
+        })?;
+        log::trace!("check2");
+
+        // Receive Check 3: receiver can't sign for proposal inputs
+        let proposal = proposal.check_no_mixed_input_scripts()?;
+        log::trace!("check3");
+
+        // Receive Check 4: have we seen this input before?
+        let payjoin = proposal.check_no_inputs_seen_before(|_input| {
+            // This check ensures an automated sender does not get phished. It is not necessary for interactive payjoin **where the sender cannot generate bip21s from us**
+            // assume false since Mutiny is not an automatic payment processor
+            Ok(false)
+        })?;
+        log::trace!("check4");
+
+        let mut provisional_payjoin = payjoin.identify_receiver_outputs(|output| {
+            self.is_mine(output).map_err(|e| Error::Server(e.into()))
+        })?;
+        self.try_contributing_inputs(&mut provisional_payjoin)
+            .map_err(|e| Error::Server(e.into()))?;
+
+        // Outputs may be substituted for e.g. batching at this stage
+        // We're not doing this yet.
+
+        // Don't provide input to transactions with a fee rate below the low fee rate
+        // They might lock our coins up
+        let min_pj_fee_rate =
+            bitcoin::FeeRate::from_sat_per_kwu(self.fees.get_low_fee_rate() as u64);
+        let payjoin_proposal = provisional_payjoin.finalize_proposal(
+            |psbt| {
+                let mut psbt = psbt.clone();
+                let wallet = self
+                    .wallet
+                    .try_read()
+                    .map_err(|_| Error::Server(MutinyError::WalletSigningFailed.into()))?;
+                wallet
+                    .sign(&mut psbt, SignOptions::default())
+                    .map_err(|_| Error::Server(MutinyError::WalletSigningFailed.into()))?;
+                Ok(psbt)
+            },
+            Some(min_pj_fee_rate),
+        )?;
+        let payjoin_proposal_psbt = payjoin_proposal.psbt();
+        log::debug!(
+            "Receiver's Payjoin proposal PSBT Rsponse: {:#?}",
+            payjoin_proposal_psbt
+        );
+        Ok(payjoin_proposal)
+    }
+
+    fn try_contributing_inputs(
+        &self,
+        payjoin: &mut payjoin::receive::v2::ProvisionalProposal,
+    ) -> Result<(), MutinyError> {
+        use payjoin::bitcoin::Amount;
+
+        let available_inputs = self.list_utxos()?;
+        let candidate_inputs: std::collections::HashMap<Amount, OutPoint> = available_inputs
+            .iter()
+            .filter(|u| u.confirmation_time.is_confirmed())
+            .map(|i| (Amount::from_sat(i.txout.value), i.outpoint))
+            .collect();
+
+        let selected_outpoint = payjoin
+            .try_preserving_privacy(candidate_inputs)
+            .map_err(|_| anyhow!("no privacy-preserving selection available"))?;
+        let selected_utxo = available_inputs
+            .iter()
+            .find(|i| i.outpoint == selected_outpoint)
+            .ok_or(anyhow!("This shouldn't happen. Failed to retrieve the privacy preserving utxo from those we provided to the seclector."))?;
+        log::debug!("selected utxo: {:#?}", selected_utxo);
+
+        payjoin.contribute_witness_input(selected_utxo.txout.clone(), selected_outpoint);
+        Ok(())
+    }
+
     pub fn list_transactions(
         &self,
         include_raw: bool,