Receive payjoin

Author: DanGould

Cargo.lock

@@ -33,7 +33,7 @@ lightning-rapid-gossip-sync = { version = "0.0.121" }
 lightning-background-processor = { version = "0.0.121", features = ["futures"] }
 lightning-transaction-sync = { version = "0.0.121", default-features = false, features = ["esplora-async-https"] }
 lightning-liquidity = "0.1.0-alpha.2"
-chrono = "0.4.22"
+chrono = "0.4.33"
 futures-util = { version = "0.3", default-features = false }
 reqwest = { version = "0.11", default-features = false, features = ["multipart", "json"] }
 async-trait = "0.1.68"
@@ -44,7 +44,8 @@ cbc = { version = "0.1", features = ["alloc"] }
 aes = { version = "0.8" }
 jwt-compact = { version = "0.8.0-beta.1", features = ["es256k"] }
 argon2 = { version = "0.5.0", features = ["password-hash", "alloc"] }
-payjoin = { version = "0.13.0", features = ["send", "base64"] }
+once_cell = "1.18.0"
+payjoin = { version = "0.15.0", features = ["v2", "send", "receive", "base64"] }
 bincode = "1.3.3"
 hex-conservative = "0.1.1"
 async-lock = "3.2.0"

mutiny-core/Cargo.toml

@@ -154,6 +154,9 @@ pub enum MutinyError {
     /// Cannot change password to the same password
     #[error("Cannot change password to the same password.")]
     SamePassword,
+    /// Error with payjoin
+    #[error("Payjoin error: {0}")]
+    Payjoin(crate::payjoin::Error),
     /// Payjoin request creation failed.
     #[error("Failed to create payjoin request.")]
     PayjoinCreateRequest,
@@ -569,6 +572,12 @@ impl From<nostr_sdk::signer::Error> for MutinyError {
     }
 }
 
+impl From<crate::payjoin::Error> for MutinyError {
+    fn from(e: crate::payjoin::Error) -> Self {
+        Self::Payjoin(e)
+    }
+}
+
 impl From<payjoin::send::CreateRequestError> for MutinyError {
     fn from(_e: payjoin::send::CreateRequestError) -> Self {
         Self::PayjoinCreateRequest

mutiny-core/src/error.rs

@@ -8,6 +8,7 @@
     type_alias_bounds
 )]
 extern crate core;
+extern crate payjoin as pj;
 
 pub mod auth;
 pub mod blindauth;
@@ -33,6 +34,7 @@ mod node;
 pub mod nodemanager;
 pub mod nostr;
 mod onchain;
+mod payjoin;
 mod peermanager;
 pub mod scorer;
 pub mod storage;
@@ -1498,11 +1500,64 @@ impl<S: MutinyStorage> MutinyWallet<S> {
             return Err(MutinyError::WalletOperationFailed);
         };
 
+        let (pj, ohttp) = {
+            use crate::payjoin::{OHTTP_RELAYS, PAYJOIN_DIR};
+            use anyhow::anyhow;
+
+            let ohttp_keys = crate::payjoin::fetch_ohttp_keys(
+                OHTTP_RELAYS[0].to_owned(),
+                PAYJOIN_DIR.to_owned(),
+            )
+            .await
+            .map_err(|e| anyhow!("Payjoin OHTTP fetch error {}", e))?;
+
+            let ohttp = base64::encode_config(
+                ohttp_keys
+                    .encode()
+                    .map_err(|_| MutinyError::PayjoinConfigError)?,
+                base64::URL_SAFE_NO_PAD,
+            );
+            let mut enroller = pj::receive::v2::Enroller::from_directory_config(
+                PAYJOIN_DIR.to_owned(),
+                ohttp_keys,
+                OHTTP_RELAYS[0].to_owned(), // TODO pick ohttp relay at random
+            );
+
+            // enroll client
+            let (req, context) = enroller.extract_req().unwrap();
+            let http_client = reqwest::Client::builder().build().unwrap();
+            let ohttp_response = http_client
+                .post(req.url)
+                .header("Content-Type", "message/ohttp-req")
+                .body(req.body)
+                .send()
+                .await
+                .map_err(|_| MutinyError::PayjoinCreateRequest)?;
+            let ohttp_response = ohttp_response.bytes().await.unwrap();
+            let enrolled = enroller
+                .process_res(ohttp_response.as_ref(), context)
+                .map_err(|_| MutinyError::PayjoinCreateRequest)?;
+            let pj_uri = enrolled.fallback_target();
+            log_debug!(self.logger, "{pj_uri}");
+            let wallet = self.node_manager.wallet.clone();
+            // run await payjoin task in the background as it'll keep polling the relay
+            let logger = self.logger.clone();
+            utils::spawn(async move {
+                match NodeManager::receive_payjoin(wallet, enrolled).await {
+                    Ok(pj_txid) => log_info!(logger, "Received payjoin txid: {}", pj_txid),
+                    Err(e) => log_error!(logger, "Payjoin error: {e}"),
+                }
+            });
+            (Some(pj_uri), Some(ohttp))
+        };
+
         Ok(MutinyBip21RawMaterials {
             address,
             invoice,
             btc_amount: amount.map(|amount| bitcoin::Amount::from_sat(amount).to_btc().to_string()),
             labels,
+            pj,
+            ohttp,
         })
     }
 

mutiny-core/src/lib.rs

@@ -105,6 +105,8 @@ pub struct MutinyBip21RawMaterials {
     pub invoice: Option<Bolt11Invoice>,
     pub btc_amount: Option<String>,
     pub labels: Vec<String>,
+    pub pj: Option<String>,
+    pub ohttp: Option<String>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Eq, PartialEq)]
@@ -715,6 +717,7 @@ impl<S: MutinyStorage> NodeManager<S> {
         Err(MutinyError::WalletOperationFailed)
     }
 
+    // Send v1 payjoin request
     pub async fn send_payjoin(
         &self,
         uri: Uri<'_, NetworkUnchecked>,
@@ -789,6 +792,61 @@ impl<S: MutinyStorage> NodeManager<S> {
         Ok(txid)
     }
 
+    /// Poll the payjoin relay to maintain a payjoin session and create a payjoin proposal.
+    pub async fn receive_payjoin(
+        wallet: Arc<OnChainWallet<S>>,
+        mut enrolled: payjoin::receive::v2::Enrolled,
+    ) -> Result<Txid, MutinyError> {
+        use crate::payjoin::Error as PayjoinError;
+
+        let http_client = reqwest::Client::builder()
+            .build()
+            .map_err(PayjoinError::Reqwest)?;
+        let proposal: payjoin::receive::v2::UncheckedProposal =
+            Self::poll_for_fallback_psbt(&http_client, &mut enrolled).await?;
+        let mut payjoin_proposal = wallet
+            .process_payjoin_proposal(proposal)
+            .map_err(|_| crate::payjoin::Error::ReceiverStateMachine)?;
+
+        let (req, ohttp_ctx) = payjoin_proposal
+            .extract_v2_req()
+            .map_err(|_| PayjoinError::ReceiverStateMachine)?;
+        let res = http_client
+            .post(req.url)
+            .header("Content-Type", "message/ohttp-req")
+            .body(req.body)
+            .send()
+            .await
+            .map_err(PayjoinError::Reqwest)?;
+        let res = res.bytes().await.map_err(PayjoinError::Reqwest)?;
+        // enroll must succeed
+        let _res = payjoin_proposal
+            .deserialize_res(res.to_vec(), ohttp_ctx)
+            .map_err(|_| PayjoinError::ReceiverStateMachine)?;
+        Ok(payjoin_proposal.psbt().clone().extract_tx().txid())
+    }
+
+    async fn poll_for_fallback_psbt(
+        client: &reqwest::Client,
+        enroller: &mut payjoin::receive::v2::Enrolled,
+    ) -> Result<payjoin::receive::v2::UncheckedProposal, crate::payjoin::Error> {
+        loop {
+            let (req, context) = enroller.extract_req()?;
+            let ohttp_response = client
+                .post(req.url)
+                .header("Content-Type", "message/ohttp-req")
+                .body(req.body)
+                .send()
+                .await?;
+            let ohttp_response = ohttp_response.bytes().await?;
+            let proposal = enroller.process_res(ohttp_response.as_ref(), context)?;
+            match proposal {
+                Some(proposal) => return Ok(proposal),
+                None => utils::sleep(5000).await,
+            }
+        }
+    }
+
     /// Sends an on-chain transaction to the given address.
     /// The amount is in satoshis and the fee rate is in sat/vbyte.
     ///

mutiny-core/src/nodemanager.rs

@@ -14,7 +14,7 @@ use bdk_esplora::EsploraAsyncExt;
 use bitcoin::bip32::{ChildNumber, DerivationPath, ExtendedPrivKey};
 use bitcoin::consensus::serialize;
 use bitcoin::psbt::{Input, PartiallySignedTransaction};
-use bitcoin::{Address, Network, OutPoint, ScriptBuf, Transaction, Txid};
+use bitcoin::{Address, Network, OutPoint, Script, ScriptBuf, Transaction, Txid};
 use esplora_client::AsyncClient;
 use hex_conservative::DisplayHex;
 use lightning::events::bump_transaction::{Utxo, WalletSource};
@@ -355,10 +355,100 @@ impl<S: MutinyStorage> OnChainWallet<S> {
         Ok(())
     }
 
+    fn is_mine(&self, script: &Script) -> Result<bool, MutinyError> {
+        Ok(self.wallet.try_read()?.is_mine(script))
+    }
+
     pub fn list_utxos(&self) -> Result<Vec<LocalOutput>, MutinyError> {
         Ok(self.wallet.try_read()?.list_unspent().collect())
     }
 
+    pub fn process_payjoin_proposal(
+        &self,
+        proposal: payjoin::receive::v2::UncheckedProposal,
+    ) -> Result<payjoin::receive::v2::PayjoinProposal, payjoin::Error> {
+        use payjoin::Error;
+
+        // Receive Check 1 bypass: We're not an automated payment processor.
+        let proposal = proposal.assume_interactive_receiver();
+        log::trace!("check1");
+
+        // Receive Check 2: receiver can't sign for proposal inputs
+        let proposal = proposal.check_inputs_not_owned(|input| {
+            self.is_mine(input).map_err(|e| Error::Server(e.into()))
+        })?;
+        log::trace!("check2");
+
+        // Receive Check 3: receiver can't sign for proposal inputs
+        let proposal = proposal.check_no_mixed_input_scripts()?;
+        log::trace!("check3");
+
+        // Receive Check 4: have we seen this input before?
+        let payjoin = proposal.check_no_inputs_seen_before(|_input| {
+            // This check ensures an automated sender does not get phished. It is not necessary for interactive payjoin **where the sender cannot generate bip21s from us**
+            // assume false since Mutiny is not an automatic payment processor
+            Ok(false)
+        })?;
+        log::trace!("check4");
+
+        let mut provisional_payjoin =
+            payjoin.identify_receiver_outputs(|output: &payjoin::bitcoin::Script| {
+                self.is_mine(output).map_err(|e| Error::Server(e.into()))
+            })?;
+        self.try_contributing_inputs(&mut provisional_payjoin)
+            .map_err(|e| Error::Server(e.into()))?;
+
+        // Outputs may be substituted for e.g. batching at this stage
+        // We're not doing this yet.
+
+        let payjoin_proposal = provisional_payjoin.finalize_proposal(
+            |psbt| {
+                let mut psbt = psbt.clone();
+                let wallet = self
+                    .wallet
+                    .try_read()
+                    .map_err(|_| Error::Server(MutinyError::WalletSigningFailed.into()))?;
+                wallet
+                    .sign(&mut psbt, SignOptions::default())
+                    .map_err(|_| Error::Server(MutinyError::WalletSigningFailed.into()))?;
+                Ok(psbt)
+            },
+            // TODO: check Mutiny's minfeerate is present here
+            Some(payjoin::bitcoin::FeeRate::MIN),
+        )?;
+        let payjoin_proposal_psbt = payjoin_proposal.psbt();
+        log::debug!(
+            "Receiver's Payjoin proposal PSBT Rsponse: {:#?}",
+            payjoin_proposal_psbt
+        );
+        Ok(payjoin_proposal)
+    }
+
+    fn try_contributing_inputs(
+        &self,
+        payjoin: &mut payjoin::receive::v2::ProvisionalProposal,
+    ) -> Result<(), MutinyError> {
+        use payjoin::bitcoin::Amount;
+
+        let available_inputs = self.list_utxos()?;
+        let candidate_inputs: std::collections::HashMap<Amount, OutPoint> = available_inputs
+            .iter()
+            .map(|i| (Amount::from_sat(i.txout.value), i.outpoint))
+            .collect();
+
+        let selected_outpoint = payjoin
+            .try_preserving_privacy(candidate_inputs)
+            .map_err(|_| anyhow!("no privacy-preserving selection available"))?;
+        let selected_utxo = available_inputs
+            .iter()
+            .find(|i| i.outpoint == selected_outpoint)
+            .ok_or(anyhow!("This shouldn't happen. Failed to retrieve the privacy preserving utxo from those we provided to the seclector."))?;
+        log::debug!("selected utxo: {:#?}", selected_utxo);
+
+        payjoin.contribute_witness_input(selected_utxo.txout.clone(), selected_outpoint);
+        Ok(())
+    }
+
     pub fn list_transactions(
         &self,
         include_raw: bool,

mutiny-core/src/onchain.rs

@@ -0,0 +1,58 @@
+use once_cell::sync::Lazy;
+use payjoin::OhttpKeys;
+use url::Url;
+
+pub(crate) static OHTTP_RELAYS: [Lazy<Url>; 3] = [
+    Lazy::new(|| Url::parse("https://ohttp.payjoin.org").expect("Invalid URL")),
+    Lazy::new(|| Url::parse("https://ohttp-relay.obscuravpn.io").expect("Invalid URL")),
+    Lazy::new(|| Url::parse("https://pj.bobspacebkk.com").expect("Invalid URL")),
+];
+
+pub(crate) static PAYJOIN_DIR: Lazy<Url> =
+    Lazy::new(|| Url::parse("https://payjo.in").expect("Invalid URL"));
+
+pub async fn fetch_ohttp_keys(
+    _ohttp_relay: Url,
+    directory: Url,
+) -> Result<OhttpKeys, Box<dyn std::error::Error>> {
+    let http_client = reqwest::Client::builder().build()?;
+
+    let ohttp_keys_res = http_client
+        .get(format!("{}/ohttp-keys", directory.as_ref()))
+        .send()
+        .await?
+        .bytes()
+        .await?;
+    Ok(OhttpKeys::decode(ohttp_keys_res.as_ref())?)
+}
+
+#[derive(Debug)]
+pub enum Error {
+    Reqwest(reqwest::Error),
+    ReceiverStateMachine,
+    Txid(bitcoin::hashes::hex::Error),
+}
+
+impl std::error::Error for Error {}
+
+impl std::fmt::Display for Error {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        match &self {
+            Error::Reqwest(e) => write!(f, "Reqwest error: {}", e),
+            Error::ReceiverStateMachine => write!(f, "Payjoin state machine error"),
+            Error::Txid(e) => write!(f, "Payjoin txid error: {}", e),
+        }
+    }
+}
+
+impl From<reqwest::Error> for Error {
+    fn from(e: reqwest::Error) -> Self {
+        Error::Reqwest(e)
+    }
+}
+
+impl From<payjoin::receive::Error> for Error {
+    fn from(_: payjoin::receive::Error) -> Self {
+        Error::ReceiverStateMachine
+    }
+}

mutiny-core/src/payjoin.rs

@@ -43,7 +43,7 @@ futures = "0.3.25"
 urlencoding = "2.1.2"
 once_cell = "1.18.0"
 hex-conservative = "0.1.1"
-payjoin = { version = "0.13.0", features = ["send", "base64"] }
+payjoin = { version = "0.15.0", features = ["send", "base64"] }
 fedimint-core = { git = "https://github.com/fedimint/fedimint", rev = "5ade2536015a12a7e003a42b159ccc4a431e1a32" }
 moksha-core = { git = "https://github.com/ngutech21/moksha", rev = "18d99977965662d46ccec29fecdb0ce493745917" }
 

mutiny-wasm/Cargo.toml

@@ -150,6 +150,9 @@ pub enum MutinyJsError {
     /// Cannot change password to the same password
     #[error("Cannot change password to the same password.")]
     SamePassword,
+    /// Payjoin failed
+    #[error("Payjoin failed: {0}")]
+    Payjoin(String),
     /// Payjoin request creation failed.
     #[error("Failed to create payjoin request.")]
     PayjoinCreateRequest,
@@ -239,6 +242,7 @@ impl From<MutinyError> for MutinyJsError {
             MutinyError::InvalidArgumentsError => MutinyJsError::InvalidArgumentsError,
             MutinyError::LspAmountTooHighError => MutinyJsError::LspAmountTooHighError,
             MutinyError::NetworkMismatch => MutinyJsError::NetworkMismatch,
+            MutinyError::Payjoin(e) => MutinyJsError::Payjoin(e.to_string()),
             MutinyError::PayjoinConfigError => MutinyJsError::PayjoinConfigError,
             MutinyError::PayjoinCreateRequest => MutinyJsError::PayjoinCreateRequest,
             MutinyError::PayjoinResponse(e) => MutinyJsError::PayjoinResponse(e.to_string()),