fd8510d59f
Our invoice IDs can be enumerated. So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself. Random payment hashes prevent this. Also, since we delete invoices after use, using database IDs as proof of payments are not suitable. If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
58 lines
1.1 KiB
JavaScript
58 lines
1.1 KiB
JavaScript
import { gql } from 'graphql-tag'
|
|
|
|
export default gql`
|
|
extend type Query {
|
|
invoice(id: ID!): Invoice!
|
|
withdrawl(id: ID!): Withdrawl!
|
|
connectAddress: String!
|
|
walletHistory(cursor: String, inc: String): History
|
|
}
|
|
|
|
extend type Mutation {
|
|
createInvoice(amount: Int!): Invoice!
|
|
createWithdrawl(invoice: String!, maxFee: Int!): Withdrawl!
|
|
sendToLnAddr(addr: String!, amount: Int!, maxFee: Int!): Withdrawl!
|
|
}
|
|
|
|
type Invoice {
|
|
id: ID!
|
|
createdAt: Date!
|
|
hash: String!
|
|
bolt11: String!
|
|
expiresAt: Date!
|
|
cancelled: Boolean!
|
|
confirmedAt: Date
|
|
satsReceived: Int
|
|
}
|
|
|
|
type Withdrawl {
|
|
id: ID!
|
|
createdAt: Date!
|
|
hash: String!
|
|
bolt11: String!
|
|
satsPaying: Int!
|
|
satsPaid: Int
|
|
satsFeePaying: Int!
|
|
satsFeePaid: Int
|
|
status: String
|
|
}
|
|
|
|
type Fact {
|
|
id: ID!
|
|
factId: ID!
|
|
bolt11: String
|
|
createdAt: Date!
|
|
sats: Float!
|
|
satsFee: Float
|
|
status: String
|
|
type: String!
|
|
description: String
|
|
item: Item
|
|
}
|
|
|
|
type History {
|
|
facts: [Fact!]!
|
|
cursor: String
|
|
}
|
|
`
|