stacker.news

History

ekzyis fd8510d59f Use payment hash instead of invoice id as proof of payment Our invoice IDs can be enumerated. So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself. Random payment hashes prevent this. Also, since we delete invoices after use, using database IDs as proof of payments are not suitable. If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.		2023-07-30 23:45:07 +02:00
..
admin.js	Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""	2023-07-23 10:08:43 -05:00
growth.js	upgrade to prisma 4	2023-07-26 19:18:42 -05:00
index.js	upgrade to prisma 4	2023-07-26 19:18:42 -05:00
invite.js	upgrade to prisma 4	2023-07-26 19:18:42 -05:00
item.js	Use payment hash instead of invoice id as proof of payment	2023-07-30 23:45:07 +02:00
lnurl.js	upgrade to prisma 4	2023-07-26 19:18:42 -05:00
message.js	Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""	2023-07-23 10:08:43 -05:00
notifications.js	upgrade to prisma 4	2023-07-26 19:18:42 -05:00
price.js	Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""	2023-07-23 10:08:43 -05:00
referrals.js	Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""	2023-07-23 10:08:43 -05:00
rewards.js	Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""	2023-07-23 10:08:43 -05:00
sub.js	upgrade to prisma 4	2023-07-26 19:18:42 -05:00
upload.js	upgrade to prisma 4	2023-07-26 19:18:42 -05:00
user.js	upgrade to prisma 4	2023-07-26 19:18:42 -05:00
wallet.js	Use payment hash instead of invoice id as proof of payment	2023-07-30 23:45:07 +02:00