The lnbits from motorina0

INT to BIGIT migration for Postgres

wallet.adminkey - is it secure for watch-only wallet?

The watch-only wallet extension is independent of the current wallet.

Can a user with an adminKey for a random wallet do write operations?

const wallet = this.g.user.wallets[0]

LNbits.api.request(
        'PUT',
        `/watchonly/api/v1/address/${addressData.id}`,
        wallet.adminkey,
        {note: addressData.note}
      )

serial port

Cannot access navigator.serial from:

http://0.0.0.0:8000
http://....

Can access navigator.serial from:

http://localhost:8000/

Test here: https://permission.site/
Live sample here: https://www.serialterminal.com/

Fix Large PSBT over serial

Works fine over SD Card
maybe the encryption?
Eg:

# commands.in.txt

# Do not persist `seed` and `password` info on the device (by default they will be persisted)
/pair - - - false

# Provide new password and seed for restore
/restore my-password-1 link pool sudden unfair illness west sister helmet hard rally boring tool avoid fantasy solar company favorite net cluster truly miss reduce margin memory

# Authenticate
/password my-password-1

# Get the xpub testnet segwit
/xpub Testnet m/84'/1'/0'

# Sign the PSBT
/psbt Testnet cHNidP8BAP1TAgIAAAAMzf5/BuBeCqCWZ+RivpcY/e21Jtn9vvH8gHuwvNkOnxkBAAAAAP////+Hn42wOqm8jnaSCOOYZT0+d+4NKmuWBn0OxPftM1KdUQIAAAAA/////871rmzxARRlZvlQbOgiR/rCTWyOOIdlLuVgS/36AHCsAAAAAAD/////imYgKdDmHM5Kg//s6Zvhj5IlXAjCOV5klHZhtn7SlI4AAAAAAP/////xiaWFOXSQawa2hVTQ6oLp1Xj/gbcEsu5LpWUJPqKzSQAAAAAA/////7Vx3PbTMI3UNIsT3E2jvhynF7PFWeIGv+o7zw/Uk8dcAQAAAAD/////8YmlhTl0kGsGtoVU0OqC6dV4/4G3BLLuS6VlCT6is0kBAAAAAP/////pXU8fa5qtSFf9YJtA2L+W+SJHStlTs2eXacXpPA3pYgAAAAAA/////5aY8YAiNAr4OygEx0s+VR14KnqzI/3EfHe05IdiwJbMAAAAAAD/////zvWubPEBFGVm+VBs6CJH+sJNbI44h2Uu5WBL/foAcKwBAAAAAP////+sdVlvMFHON1KHjhakLYEZ2o6GKBVOd1oXh+Pr7U5gUAEAAAAA/////xCowAUa812PWH3tvaT7MUFN9ff0lzArJP4w7IpJHzqfAQAAAAD/////AwAAAAAAAAAAFgAUkUZAtTL/lbfNRjgydCOohWsGhpwNwxMAAAAAABYAFMASSfFLRv3ZAVDK1nLgVfcN+EWTUS0mAAAAAAAWABTv/ulUIE7C/FggwqXSSIyzAGII3gAAAAAAAQD9/QACAAAAAAEBP3Iuws/0k6kqL8IEzTVrnBkd7+hm/uDkKZXf3Y1sDGcBAAAAAP////8DZysAAAAAAAAWABQKCT/ztGfdP3UQIepqmI14LpXTh85WAAAAAAAAFgAUpmXAomChgqrO+xaiD3j8vmImnUEc4RMAAAAAABYAFJGLQlMwvG2Go8c0v35AiD/KEWuLAkcwRAIgeSRIg0o6Ua05A8gLGYAFHwndXTNV453uq4HIWbmQiUQCIC0brwqhLPweoylHdtKV7tci1BDXiOLSKn49sNC4SOp4ASECn9swTnHWA4JqRl6KZA7mGGLyzln9oSujcfbwDJL8WQIAAAAAIgYDSMaEXA2Gn31QgwOm3tdZPF2J3mGfKlBne3PIV7vQ8SUYf44P6VQAAIABAACAAAAAgAAAAAAWAAAAAAEA/f4AAgAAAAABAdr1m7w9CDSz2K0rp/21auJEjqu1WpJnhdjy5o7RkVG+AQAAAAD/////AxAnAAAAAAAAFgAU0Ej9/TG5WU7lmrb0k+5rJWsHYSV9shoAAAAAABYAFKcb3149KngpJW14lS4l1/zay3JfMHUAAAAAAAAWABSajP9Bn/IBTOnIXCRi9qw6OAzutQJIMEUCIQD4ZRYVnFv/F2docI3J78EwLEXhzgIwaXvskPClmQPPQwIgDiTha48sW8QLpHFfixrupvpl8JBFJ8Ai/MZBOKg/0A8BIQNd6gOgT/LpOLpUFW9sPr8Zm7Ar1hXl7oMS7mV15JZo0QAAAAAiBgJoEpcFJUNaUQ0PRpUAu5uNQUuhQZAiuGJZKvQNOYcjtBh/jg/pVAAAgAEAAIAAAACAAAAAAAsAAAAAAQD9cwECAAAAAAECimYgKdDmHM5Kg//s6Zvhj5IlXAjCOV5klHZhtn7SlI4BAAAAAP/////N/n8G4F4KoJZn5GK+lxj97bUm2f2+8fyAe7C82Q6fGQAAAAAA/////wJnFAAAAAAAABYAFNrkk9v6fQjl0x0Y3JL2xx9+gHZgOTAAAAAAAAAWABTdwEBzdhrH109ESf/GAs9nt7kqiQJIMEUCIQDNbnLjWAmGcKDuN1qLeti5uJRZRKM93e2En5YHAWWnRQIgfdhbT8WLzYYZAiVYP/kJNDOl71pCpXhJUwWaBIhOI/QBIQJie2yLk4iowTQ+UM9IHTC+wXsrJYnKz5K1LfiFAJGfdAJHMEQCIHQSMHCT9dV10CFZYVvrFOUriKna0feaAz4cRTILpCsuAiBs43AEWRVH51AcZ/h5UAjqUwKosAPDhikfayctlk/nHQEhAyBhruXzOpSrPa5rxiqeJiWr458QpLH0W3AMIIH2BMK1AAAAACIGAqanSBZ6t7mL6J6v4qk3f4OWHbTTK3sbGGAJgZn7nhIYGH+OD+lUAACAAQAAgAAAAIABAAAACgAAAAABAN8CAAAAAAEBP3Iuws/0k6kqL8IEzTVrnBkd7+hm/uDkKZXf3Y1sDGcAAAAAAP////8CVV8IAAAAAAAWABSLPVz1iNLEXAR3ATN/t4zj+MLTCAoaAAAAAAAAFgAUu9ZbX6b60racK50W/146gdEenPQCSDBFAiEA3HT397d31YOT7S9KcFFYaxKQMdNQcX7x+pvkNGQL0c4CIEatAVAPxkB90B6nHX4o7fC4VqveJkrKLA0uPv6MbBmcASECxu6VRYuJpUK/ppweJE1KdOzb14bggqbEMwOyc0yBNYcAAAAAIgYCHNl3Tf795uInFMdNLdaTo/f5Vj/oyS2Amiv0LplJ3lkYf44P6VQAAIABAACAAAAAgAEAAAAIAAAAAAEA/XQBAgAAAAABAs3+fwbgXgqglmfkYr6XGP3ttSbZ/b7x/IB7sLzZDp8ZAgAAAAD/////ZHu7U/jvni0SezNxViPoan9t2Zy5hspMe1bwOXmpxNoBAAAAAP////8CmsMTAAAAAAAWABTXIUO476zYxALzJGddNAVVUqdOhDkwAAAAAAAAFgAU81we3A84QOEPukb2p7UWY/blJVoCSDBFAiEA1emus0smwrfeCFhtsTkj+8BpUkCl0HvLsxCmykS+M0wCIAOmvISD9BtIo3fBcjU12ShBzkHj3mTVUhgbIJo7Ze65ASEDZq6NcNH5owrblxTgtN8Pj2vfpPeAEFAp4eDF1Hm0B1cCSDBFAiEA90t8e2eDuMvVAVcMwMdgRiwNIHLcabxSWjl40MYtH6wCIC+x6wt6ZYDQlE1+38Hbmth5VRBgNYtfaNxvkwLLVtnfASECVfowVMN5EoEQn+XlZJHKRKpbCBTKMq3nUMmJeW+BuwoAAAAAIgYCR5aYp5Q3aHMp7XZ8qKo0XeNPom6oHjYQG9nqcCECoOIYf44P6VQAAIABAACAAAAAgAEAAAAJAAAAAAEA/XcBAgAAAAABAtr1m7w9CDSz2K0rp/21auJEjqu1WpJnhdjy5o7RkVG+AAAAAAD/////hvl0J898L786y2epMI7HWtfNHEPMe/34vnsPJY0xNPsAAAAAAP////8Cs3cAAAAAAAAWABSnG99ePSp4KSVteJUuJdf82styX5g6AAAAAAAAGXapFCYa9EGQdfNM90REMsKmYStuk+HziKwCSDBFAiEA63VbTS7KmHBhXtmmGlA5zXYdNh6Qnc0Aqo74SmpQiP4CIBaEwfjn1UzVd5bTnbgRM3DHHjuZ25fj2RZu6GLAVdS8ASECxu6VRYuJpUK/ppweJE1KdOzb14bggqbEMwOyc0yBNYcCSDBFAiEA8X13RJWEDWIT2s/hXa+6VqYLBUBAA2AVJtmf0vjmZ7cCIDknli1t2EFqEtqXbfqtDjkIZYXCls5Z/f5o4Sxa8zQfASEDbSKhCgivNNcoT4rF61UIW5tauSZClR2UIiLs5auGUW4AAAAAIgYCGJfkAeXB1emobayl6F3TEKmCG8MBIpdIcqsL+WzwRI8Yf44P6SwAAIABAACAAAAAgAAAAAABAAAAAAEA/XQBAgAAAAABAs3+fwbgXgqglmfkYr6XGP3ttSbZ/b7x/IB7sLzZDp8ZAgAAAAD/////ZHu7U/jvni0SezNxViPoan9t2Zy5hspMe1bwOXmpxNoBAAAAAP////8CmsMTAAAAAAAWABTXIUO476zYxALzJGddNAVVUqdOhDkwAAAAAAAAFgAU81we3A84QOEPukb2p7UWY/blJVoCSDBFAiEA1emus0smwrfeCFhtsTkj+8BpUkCl0HvLsxCmykS+M0wCIAOmvISD9BtIo3fBcjU12ShBzkHj3mTVUhgbIJo7Ze65ASEDZq6NcNH5owrblxTgtN8Pj2vfpPeAEFAp4eDF1Hm0B1cCSDBFAiEA90t8e2eDuMvVAVcMwMdgRiwNIHLcabxSWjl40MYtH6wCIC+x6wt6ZYDQlE1+38Hbmth5VRBgNYtfaNxvkwLLVtnfASECVfowVMN5EoEQn+XlZJHKRKpbCBTKMq3nUMmJeW+BuwoAAAAAIgYDifDhYl6Sjm3MkbTsle900b+wdN4gSeGDm+rzCSCJR6kYf44P6VQAAIABAACAAAAAgAAAAAAVAAAAAAEA1gIAAAAAAQFeHaOWdX1YSgnj7rgpys52u1DwcFDxI1VTOlAaFsvhsQEAAAAXFgAUkUWIU4HI6dI1ooHSo7EElXFwsGL/////AQPmGwAAAAAAFgAUBygY8xLaUKwxTC433JZgWy68siMCRzBEAiBSfdyBNqoSlmWvm5Wk20OikneTnDEHaBciLEwK7Kc8+AIgS1CtIVQ6eqm930DhDaHsfb//OZRxlwaBh+nfD3YcwqEBIQPaskTjMdF7PZNhJJsZiWq7o8BD4Fkajm3rplcqjyxhZQAAAAAiBgI8O3oKQM7goHzkx5GR5AYOcvT+g/8aJFFHoxGko80WJRh/jg/pVAAAgAEAAIAAAACAAAAAAAIAAAAAAQDhAgAAAAABAV2VB+VwwUoOPPxAtBw0Hb+I97ln8IPwqcvcreqhV4ChAAAAAAD+////AhAnAAAAAAAAGXapFJ3tCk+D4LFekEXXiX/eV9Ik51HfiKzzDv4JAAAAABYAFBorEt9tYkK6D/CaEnWwWBfaHqg3AkcwRAIgDCO0ECL0MWnWDigEHJvuNaj5r40++rEbydYvSa/oVMYCICwxc9LYjfEY2sHK+N+sCi1A44wu4mg2i29IjFoBn+iFASEDkR3a6DjddLDK/64mQNFgU1UD4YWqvCd/MJ6RkcH/t54mUiMAIgYDE0ao5K60P30wBv3RlpbB/2OAkRKGeyqoIQh+JLR62zoYf44P6SwAAIABAACAAAAAgAAAAAADAAAAAAEA/XMBAgAAAAABAopmICnQ5hzOSoP/7Omb4Y+SJVwIwjleZJR2YbZ+0pSOAQAAAAD/////zf5/BuBeCqCWZ+RivpcY/e21Jtn9vvH8gHuwvNkOnxkAAAAAAP////8CZxQAAAAAAAAWABTa5JPb+n0I5dMdGNyS9scffoB2YDkwAAAAAAAAFgAU3cBAc3Yax9dPREn/xgLPZ7e5KokCSDBFAiEAzW5y41gJhnCg7jdai3rYubiUWUSjPd3thJ+WBwFlp0UCIH3YW0/Fi82GGQIlWD/5CTQzpe9aQqV4SVMFmgSITiP0ASECYntsi5OIqME0PlDPSB0wvsF7KyWJys+StS34hQCRn3QCRzBEAiB0EjBwk/XVddAhWWFb6xTlK4ip2tH3mgM+HEUyC6QrLgIgbONwBFkVR+dQHGf4eVAI6lMCqLADw4YpH2snLZZP5x0BIQMgYa7l8zqUqz2ua8YqniYlq+OfEKSx9FtwDCCB9gTCtQAAAAAiBgO/sGgb5IhfBJt4X4VsZGHE0Mh83I26PLII2ukOTxO6yxh/jg/pVAAAgAEAAIAAAACAAAAAAAQAAAAAAQD9RgICAAAAAxYXa2L4nIM4Mt5YrEdNjCL5X04ZjOn7WRUNmDBzMF/GAQAAAGpHMEQCIEaivDmPYQwawlQKM1dREdDGNI3tmyEM/exX6OayeRosAiBBa6wSnbRdLr8R4LAL/2g5ZRxmViRUGHEz9AhTIKC7pwEhA9BZ4Slr9Sxhlp6uBLlXP8Cif2VMnLuCysF1mHIKZA95/////3K4i6H5hjMtnw5OO1se79R0xCxnYhO/9sJY2aZRVTszAAAAAGtIMEUCIQCErHBU6O42j0xEqFyZuWZpmwFl5lkmEUkJDRKdquW8BgIgdoyfzKFbaHq3EWikUFGMU0XApDArpG9+7D+dFhk4lt0BIQJ9bgtDrNHbenMupaSsG0qnuG7r5Fewyo4Mabo4qGwaOP/////AlLfChPw9J5vhik9CgpJhsOLRP62g72eaIbaZsP0f9AAAAABqRzBEAiBAvbva7ih8gax0j2xPdqBJaGMKrysqsvxPB5shpViy/AIgPU0FAkmDVCAf2r+G1wOLVLlqphACyQDdHTgUDriN45QBIQIYl+QB5cHV6ahtrKXoXdMQqYIbwwEil0hyqwv5bPBEj/////8EDycAAAAAAAAWABTdwEBzdhrH109ESf/GAs9nt7kqiWEeAAAAAAAAGXapFIs1l92rADoglZg0Crq+xBkb2xJsiKz4ZRsAAAAAABl2qRQE3rcPmu70AtNTsFxuX1I7iwPtL4issxUAAAAAAAAWABS4OWlHiKf6z6lCrD0yTroVioJDcAAAAAAiBgLKCCNjNklV3+70kVLxR6yr4frcHZILNQUcqV4Edv5byRh/jg/pLAAAgAEAAIAAAACAAAAAAAQAAAAAAQD9dQECAAAAAAEC7ZySNkTJy/UCp7JAiTj+N72acW8Quh7RFyNaS3BQPZMAAAAAAP////8Ne1AEvHZ1959mkepwr4PjQMcGuP8yn6LigS1y+YcWNwEAAAAA/////wJLBwAAAAAAABYAFAwPVZYQEI/tADt28qQfq9jDsjuVZysAAAAAAAAZdqkUefxmNEba9baPtWJVkAynCFEHFiSIrAJHMEQCICqygCimx15sXsCthti2uTzNRY/e8gim9EuI3xKcXnPRAiAG7gj1XZXtsTtEGd4fi1lNHo0Te8LROrLxKhDnaV7t3QEhA4nw4WJeko5tzJG07JXvdNG/sHTeIEnhg5vq8wkgiUepAkcwRAIgFAen0emKKJNO/bhKF5DmWbCYh6VALnTa9N1T5HbUiCkCIFEKfRrG8oFgCMFt2SIj4l3C9/34M3vBewRy3MFOh0ClASECpbRzC58V968wn9BArDHbnQ8KmXB/JtwJTZthOtAS8YsAAAAAIgYD0FnhKWv1LGGWnq4EuVc/wKJ/ZUycu4LKwXWYcgpkD3kYf44P6SwAAIABAACAAAAAgAAAAAACAAAAACICAgUs4S+EGh6bucmNQHftrmojNusB10AJSuXIDJftwtalGOEmBk5UAACAAQAAgAAAAIABAAAAAAAAAAAAAA==

lnaddress

pay for address -> payment not detected, owner will not see address in the list
username conflict (gets the first one that matches)
- domain is not considered, causes description_hash missmatch
address valid even if not paid for

bowser wallet

Publish PSBT from OnchainWallet extension

PSBT produced outside the extension
but utxo and nonwithessutxo must be present for finalize

Mempool Space HTTP 429 - Too Many Requests

After 10-15 requests to mempool space, an error is returned.

Steps:

generate 20-40 new addresses using "Get Fresh Address"

Solution:

queue requests
check API for a batch mode

Further comments:

Rate Limit: mempool/mempool#752

Our API limits aren't disclosed, basically because if you have to ask then you will hit them. For this type of application it's best if you run your own node and query it locally.

fix: only first address is fetched

scan 20 addresses gap
rescan existing addresses (in case it was re-used)
Get Fresh Address - should start from the last unspent + 1 position
- otherwise the scanning becomes difficult
- this is how Trezor does it

make `conv.py` more generic

res = sq.execute("PRAGMA table_info(charges)");
print('### res', res.fetchall())

then based on the type of the column we can add the data conversion (to_timestamp(%s), %s::boolean)

we can crate a generic SQLite to Postgres conversion script, so we do not have to make updates when an extension is added/updated

SELECT name FROM sqlite_master WHERE type='table'

dynamic extension loading

external extensions

[watch-only-extension] features & bugs

Based on the provided master pubs:

scan for addresses on all master pub keys (address gap of 20)
- side use-case: select only one master pub
compute the total amount
- show sats/BTC

[watch-only] signer

testnet PSBT parse fail: micro-bitcoin/uBitcoin#18
add custom config
check fee difference
encrypt communication
encrypt at rest (with password)
check for buttons (next/back/ok)

Todo

inter-extension integration

I have noticed that there is a dependency from satspay extension to the watchonly one:

# lnbits/extensions/satspay/crud.py
from ..watchonly.crud import get_fresh_address, get_mempool, get_watch_wallet

The integration is done at the CRUD level.
This can be problematic since an extension can change its CRUD operations at will, they are not considered part of the public interface
A better & safer approach would be to ONLY have inter-extension communication via the views_api functions
- these functions are exposed as public APIs so they need to maintain a certain level of backwards compatibility anyway
- the function name (order of params, etc) can indeed change but that only requires an easy fix on the dependent extension

random ideas

LNURLp - dialog with payments (do not require to navigate to wallet)

[satspay] topics

timezone: DB on UTC
API calls to watch-only
- problematic
use async/await
check balance on UI side
BIP 71 invoice - like?
special chars in name (:) cause problems for json parse charge
add fiat conversion (mempool ws)
check usr leak

motorina0 / lnbits Goto Github PK

lnbits's People

Contributors

Watchers

lnbits's Issues

Todo

Recommend Projects

Recommend Topics

Recommend Org