Add LightningPayjoin struct and Receiver trait

jbesraa · jbesraa · commit 1ab48abd84aa · 2024-04-22T17:21:23.000+03:00
Add new trait `Receiver` that should be implemented in order to
  utilise the library as a payjoin receiver.

  This trait covers functions that are used in the payjoin request
  validation steps and also in the channel opening phase.

  `LightningPayjoin` utilise the `Receiver` trait in order to handle
  incoming payjoin requests and either accept a normal payjoin
  transaction or open a channel with the funds.
diff --git a/lightning-payjoin/Cargo.toml b/lightning-payjoin/Cargo.toml
@@ -12,3 +12,6 @@ version = "0.0.1"
 [dependencies]
 bitcoin = "0.30.2"
 lightning = { git = "https://github.com/jbesraa/rust-lightning.git", rev = "d3e2d5a", features = ["std"] }
+payjoin = { git = "https://github.com/jbesraa/rust-payjoin.git", rev = "9e4f454", features = ["v2", "receive"] }
+tokio = { version = "1", features = ["full"] }
+reqwest = { version = "0.11", default-features = false, features = ["blocking"] }
diff --git a/lightning-payjoin/src/error.rs b/lightning-payjoin/src/error.rs
@@ -0,0 +1,111 @@
+use lightning::util::errors::APIError;
+
+#[derive(Debug)]
+pub enum Error {
+	Internal(InternalError),
+	Payjoin(payjoin::Error),
+}
+
+#[derive(Debug)]
+pub enum InternalError {
+	TokioJoinError(tokio::task::JoinError),
+	WalletOperationFailed,
+	OnchainTxSigningFailed,
+	FundingTxNotSigned,
+	FundingTxGenerationFailed(String),
+	NodeFailed,
+}
+
+impl From<tokio::task::JoinError> for InternalError {
+	fn from(value: tokio::task::JoinError) -> Self {
+		Self::TokioJoinError(value)
+	}
+}
+
+impl From<tokio::task::JoinError> for Error {
+	fn from(value: tokio::task::JoinError) -> Self {
+		Self::Internal(InternalError::TokioJoinError(value))
+	}
+}
+
+impl From<InternalError> for Error {
+	fn from(value: InternalError) -> Self {
+		Self::Internal(value)
+	}
+}
+
+impl From<payjoin::Error> for Error {
+	fn from(value: payjoin::Error) -> Self {
+		Self::Payjoin(value)
+	}
+}
+
+impl From<Error> for payjoin::Error {
+	fn from(value: Error) -> Self {
+		match value {
+			Error::Payjoin(e) => e,
+			_ => unreachable!(),
+		}
+	}
+}
+
+impl std::fmt::Display for InternalError {
+	fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+		match *self {
+			Self::TokioJoinError(ref e) => write!(f, "Tokio join error: {}", e),
+			Self::WalletOperationFailed => write!(f, "Wallet operation failed"),
+			Self::OnchainTxSigningFailed => write!(f, "Onchain transaction signing failed"),
+			Self::FundingTxNotSigned => write!(f, "Funding transaction not signed"),
+			Self::FundingTxGenerationFailed(ref e) => {
+				write!(f, "Failed to generate funding transaction: {}", e)
+			},
+			Self::NodeFailed => write!(f, "Node failed"),
+		}
+	}
+}
+
+impl std::fmt::Display for Error {
+	fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+		match *self {
+			Self::Internal(ref e) => write!(f, "Internal lightning_payjoin error: {}", e),
+			Self::Payjoin(ref e) => write!(f, "Payjoin error: {}", e),
+		}
+	}
+}
+
+// Maybe this should live in LDK-Node instead?
+impl From<APIError> for Error {
+	fn from(value: APIError) -> Self {
+		match value {
+			APIError::APIMisuseError { err } => {
+				Self::Internal(InternalError::FundingTxGenerationFailed(err))
+			},
+			APIError::FeeRateTooHigh { err, feerate } => Self::Internal(
+				InternalError::FundingTxGenerationFailed(format!("{} feerate: {}", err, feerate)),
+			),
+			APIError::InvalidRoute { err } => {
+				Self::Internal(InternalError::FundingTxGenerationFailed(format!(
+					"Invalid route provided: {}",
+					err
+				)))
+			},
+			APIError::ChannelUnavailable { err } => Self::Internal(
+				InternalError::FundingTxGenerationFailed(format!("Channel unavailable: {}", err)),
+			),
+			APIError::MonitorUpdateInProgress => {
+				Self::Internal(InternalError::FundingTxGenerationFailed(
+					"Client indicated a channel monitor update is in progress but not yet complete"
+						.to_string(),
+				))
+			},
+			APIError::IncompatibleShutdownScript { script } => {
+				Self::Internal(InternalError::FundingTxGenerationFailed(format!(
+					"Provided a scriptpubkey format not accepted by peer: {}",
+					script
+				)))
+			},
+		}
+	}
+}
+
+impl std::error::Error for Error {}
diff --git a/lightning-payjoin/src/lib.rs b/lightning-payjoin/src/lib.rs
@@ -1 +1,273 @@
+// 1. Get payjoin_drectory and payjoin_relay urls
+// 2. Fetch payjoin_directory's ohttp_keys
+// 3. Create enroller from payjoin_directory, ohttp_keys and payjoin_relay
+// 4. Extract request from enroller
+// 5. Send request to payjoin_directory via payjoin_relay to enroll receiver
+// 6. Process response from payjoin_directory with `enroller.process_res`
+// 7. Store the enrolled receiver in `receive_store`(optional)
+// -- At this stage the receiver is enrolled and can receive payjoin requests but is actively polling for them --
+// -- When constructing payjoin uri use enrolled.fallback_target as payjoin_endpoint and ohttp_keys fetch in step 2 --
+//
+// For polling payjoin requests
+// 1. start loop { }
+// 2. Extract request from enrolled using `enrolled.extract_req`
+// 3. Send post request with request.url and request.body
+// 4. Process response from payjoin_directory with `enrolled.process_res`
+// 5. If proposal is received(return by `process_res`) break loop
+pub mod error;
 pub mod scheduler;
+
+use std::{ops::Deref, sync::Arc};
+
+use bitcoin::{address::NetworkChecked, psbt::Psbt, Address, Amount, ScriptBuf, Transaction};
+use lightning::ln::ChannelId;
+pub use payjoin::Url;
+use payjoin::{
+	receive::v2::{Enrolled, Enroller, PayjoinProposal, ProvisionalProposal},
+	PjUriBuilder,
+};
+use tokio::sync::Mutex;
+
+use crate::{
+	error::{Error, InternalError},
+	scheduler::{ChannelScheduler, ScheduledChannel},
+};
+
+/// Payjoin `Receiver` trait defines the behavior of the receiver side in a payjoin transaction
+/// withing a lightning network context.
+///
+/// Utilising payjoin transactions, a lightning node setup as a receiver can fund a channel from an
+/// incoming payjoin transaction saving additional on-chain transaction.
+pub trait Receiver {
+	fn get_new_address(&self) -> Result<Address<NetworkChecked>, Error>;
+	/// Used to validate that the inputs of the incoming payjoin transaction are not owned by the
+	/// receiver.  i.e make sure the sender of the transaction is not trying to pay the receiver
+	/// using the receiver's own funds.
+	fn check_inputs_not_owned(&self, script: &ScriptBuf) -> Result<bool, Error>;
+	/// Used to identify ouputs of the incoming payjoin request that are targeted to the receiver.
+	fn identify_my_outputs(&self, script: &ScriptBuf) -> Result<bool, Error>;
+	/// Sign PSBT with receivers wallet.
+	fn sign_tx(&self, psbt: &Psbt) -> Result<Psbt, Error>;
+	/// Check if the transaction can be broadcasted.
+	///
+	/// This is to make sure the original psbt proposed by the payjoin sender can be broadcasted to
+	/// the network. This checks if the transaction violates the consensus or policy rules.
+	fn can_broadcast(&self, transaction: &Transaction) -> Result<bool, Error>;
+	/// Notify the receiver `ChannelManager` that the funding transaction has been generated.
+	///
+	/// This is used after we have created the funding transaction from an incoming payjoin
+	/// request, we notify the `ChannelManager` so it can proceed with the channel opening process.
+	fn funding_transaction_generated(
+		&self, temporary_channel_id: &ChannelId,
+		counterparty_node_id: bitcoin::secp256k1::PublicKey, funding_tx: bitcoin::Transaction,
+	) -> Result<(), Error>;
+}
+
+pub struct LightningPayjoin<P: Deref>
+where
+	P::Target: Receiver,
+{
+	receiver_handler: P,
+	channel_scheduler: Arc<Mutex<ChannelScheduler>>,
+	ohttp_keys: payjoin::OhttpKeys,
+	enrolled: Enrolled,
+}
+
+impl<P: Deref> LightningPayjoin<P>
+where
+	P::Target: Receiver,
+{
+	pub fn new(
+		receiver_handler: P, channel_scheduler: Arc<Mutex<ChannelScheduler>>,
+		payjoin_directory: Url, payjoin_relay: Url,
+	) -> Self {
+		let ohttp_keys =
+			fetch_ohttp_keys(payjoin_directory.clone(), payjoin_relay.clone()).unwrap();
+		let mut enroller = Enroller::from_directory_config(
+			payjoin_directory.clone(),
+			ohttp_keys.clone(),
+			payjoin_relay.clone(),
+		);
+		let (req, ctx) = enroller.extract_req().unwrap();
+		let agent = reqwest::blocking::Client::new();
+		let ohttp_response = agent
+			.post(req.url)
+			.body(req.body)
+			.header("Content-Type", payjoin::V2_REQ_CONTENT_TYPE)
+			.send()
+			.unwrap();
+		let mut ohttp_response = ohttp_response.error_for_status().unwrap();
+		let mut body = Vec::new();
+		let _ = ohttp_response.copy_to(&mut body).unwrap();
+		let enrolled = enroller.process_res(body.as_slice(), ctx).unwrap();
+
+		Self { receiver_handler, channel_scheduler, ohttp_keys, enrolled }
+	}
+
+	pub async fn process_request(&mut self) -> Result<(), Error> {
+		let proposal = match self.fetch_payjoin_proposal().await {
+			Ok(Some(proposal)) => proposal,
+			Ok(None) => return Ok(()),
+			Err(e) => return Err(e),
+		};
+
+		let min_fee_rate = bitcoin::FeeRate::from_sat_per_vb(1);
+		let provisional_proposal = self.validate_payjoin_request(proposal, min_fee_rate)?;
+		let channel = self
+			.channel_scheduler
+			.lock()
+			.await
+			.get_next_channel(bitcoin::Amount::from_sat(provisional_proposal.payjoin_amount()))
+			.cloned();
+		let finalized_proposal = if channel.is_some() {
+			self.accept_payjoin_with_channel_opening(provisional_proposal, channel.unwrap())
+				.await
+				.unwrap()
+		} else {
+			self.accept_payjoin_without_channel_opening(provisional_proposal).unwrap()
+		};
+		self.send_response(finalized_proposal).await
+	}
+
+	async fn send_response(&self, mut proposal: PayjoinProposal) -> Result<(), Error> {
+		let (res, _ctx) = proposal.extract_v2_req()?;
+		let agent = reqwest::Client::new();
+		let ohttp_response = agent
+			.post(res.url.as_str())
+			.header("Content-Type", payjoin::V2_REQ_CONTENT_TYPE)
+			.body(res.body)
+			.send()
+			.await
+			.unwrap();
+		assert!(ohttp_response.status().is_success());
+		Ok(())
+	}
+
+	async fn fetch_payjoin_proposal(
+		&mut self,
+	) -> Result<Option<payjoin::receive::v2::UncheckedProposal>, Error> {
+		let (req, context) = self.enrolled.extract_req().unwrap();
+		let agent = reqwest::Client::new();
+		let ohttp_response = agent
+			.post(req.clone().url.clone().as_str())
+			.header("Content-Type", payjoin::V2_REQ_CONTENT_TYPE)
+			.body(req.body)
+			.send()
+			.await;
+		match ohttp_response {
+			Ok(ohttp_response) => {
+				let ohttp_response = ohttp_response.error_for_status().unwrap();
+				let body = ohttp_response.bytes().await.unwrap();
+				let body = body.as_ref();
+				match self.enrolled.process_res(body, context).map_err(Error::from) {
+					Ok(Some(proposal)) => {
+						return Ok(Some(proposal));
+					},
+					Ok(None) => Ok(None),
+					Err(_) => panic!("Error processing response"),
+				}
+			},
+			Err(_e) => Ok(None),
+		}
+	}
+
+	pub fn construct_payjoin_uri(&self, amount: Amount) -> String {
+		let pj_receiver_address = self.receiver_handler.get_new_address().unwrap();
+		let pj_part = payjoin::Url::parse(&self.enrolled.fallback_target()).unwrap();
+		let pj_uri = PjUriBuilder::new(pj_receiver_address, pj_part, Some(self.ohttp_keys.clone()))
+			.amount(amount)
+			.build();
+		pj_uri.to_string()
+	}
+
+	fn validate_payjoin_request(
+		&self, proposal: payjoin::receive::v2::UncheckedProposal,
+		min_fee_rate: Option<bitcoin::FeeRate>,
+	) -> Result<ProvisionalProposal, Error> {
+		let proposal = proposal.check_broadcast_suitability(min_fee_rate, |t| {
+			Ok(self.receiver_handler.can_broadcast(t)?)
+		})?;
+		let proposal = proposal.check_inputs_not_owned(|script| {
+			Ok(self.receiver_handler.check_inputs_not_owned(&script.to_owned())?)
+		})?;
+		let proposal = proposal.check_no_mixed_input_scripts()?;
+		let proposal = proposal.check_no_inputs_seen_before(|_outpoint| Ok(false))?;
+		let original_proposal = proposal.clone().identify_receiver_outputs(|script| {
+			Ok(self.receiver_handler.identify_my_outputs(&script.to_owned())?)
+		})?;
+		Ok(original_proposal)
+	}
+
+	fn accept_payjoin_without_channel_opening(
+		&self, provisional_proposal: ProvisionalProposal,
+	) -> Result<PayjoinProposal, Box<dyn std::error::Error>> {
+		// fixme: instead of psbt.clone() we should sign the psbt,
+		// but BDK adds bip32 derivation paths to the psbt which is not supported by payjoin
+		let finalized_proposal =
+			provisional_proposal.finalize_proposal(|psbt| Ok(psbt.clone()), None).unwrap();
+		Ok(finalized_proposal)
+	}
+
+	async fn accept_payjoin_with_channel_opening(
+		&self, provisional_proposal: ProvisionalProposal, channel: ScheduledChannel,
+	) -> Result<PayjoinProposal, Error> {
+		let mut proposal = provisional_proposal.clone();
+		let output_script = channel.output_script().expect("Output script should exist");
+		// substitute the output script with the channel output script
+		proposal.substitute_output_script(output_script.clone());
+		let finalized_proposal = proposal
+			.clone()
+			.finalize_proposal(|psbt| Ok(self.receiver_handler.sign_tx(&psbt)?), None)?;
+		let psbt = finalized_proposal.psbt();
+		let funding_tx = psbt.clone().extract_tx();
+		// tell the channel_scheduler that the funding tx has been created
+		self.channel_scheduler
+			.lock()
+			.await
+			.set_funding_tx_created(channel.channel_id(), psbt.clone());
+		let temporary_channel_id =
+			channel.temporary_channel_id().expect("Temporary channel id should exist");
+		// tell the counterparty node that the funding tx has been created
+		let _ = self.receiver_handler.funding_transaction_generated(
+			&temporary_channel_id,
+			channel.node_id(),
+			funding_tx.clone(),
+		)?;
+		// wait for the counterparty node to return FundingSigned message
+		let channel_scheduler = self.channel_scheduler.clone();
+		let is_funding_signed =
+			tokio::time::timeout(tokio::time::Duration::from_secs(3), async move {
+				loop {
+					let txid = funding_tx.txid();
+					if channel_scheduler.lock().await.is_funding_tx_signed(&txid) {
+						break;
+					}
+				}
+			})
+			.await;
+		match is_funding_signed {
+			Ok(_) => {
+				return Ok(finalized_proposal);
+			},
+			Err(_) => {
+				return Err(Error::Internal(InternalError::FundingTxNotSigned));
+			},
+		}
+	}
+}
+
+// should be used from payjoin_defaults crate, which will be published in the next release.
+// https://github.com/payjoin/rust-payjoin/tree/master/payjoin-defaults
+fn fetch_ohttp_keys(
+	payjoin_directory: Url, payjoin_relay: Url,
+) -> Result<payjoin::OhttpKeys, Error> {
+	let ohttp_keys_url = payjoin_directory.join("/ohttp-keys").unwrap();
+	let proxy = reqwest::blocking::Client::builder()
+		.proxy(reqwest::Proxy::all(payjoin_relay).unwrap())
+		.build()
+		.unwrap();
+	let mut res = proxy.get(ohttp_keys_url.as_str()).send().unwrap();
+	let mut body = Vec::new();
+	let _ = res.copy_to(&mut body).unwrap();
+	Ok(payjoin::OhttpKeys::decode(body.as_slice()).unwrap())
+}
