stacker.news/api/resolvers
ekzyis fd8510d59f Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.

Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
2023-07-30 23:45:07 +02:00
..
imgproxy enhance image detection and proxy 2023-07-13 15:18:04 -05:00
admin.js snl live banner 2023-06-20 09:57:06 -05:00
growth.js upgrade to prisma 3 2023-07-26 11:01:31 -05:00
index.js upgrade to prisma 4 2023-07-26 19:18:42 -05:00
invite.js upgrade to prisma 4 2023-07-26 19:18:42 -05:00
item.js Use payment hash instead of invoice id as proof of payment 2023-07-30 23:45:07 +02:00
lnurl.js Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" 2023-07-23 10:08:43 -05:00
message.js Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" 2023-07-23 10:08:43 -05:00
notifications.js upgrade to prisma 3 2023-07-26 11:01:31 -05:00
price.js require sub selection, allow editting 2023-05-10 19:30:51 -05:00
referrals.js upgrade to prisma 4 2023-07-26 19:18:42 -05:00
rewards.js upgrade to prisma 4 2023-07-26 19:18:42 -05:00
search.js Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" 2023-07-23 10:08:43 -05:00
serial.js Add anon zaps 2023-07-30 23:45:07 +02:00
sub.js Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" 2023-07-23 10:08:43 -05:00
upload.js Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" 2023-07-23 10:08:43 -05:00
user.js upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
wallet.js Add anon zaps 2023-07-30 23:45:07 +02:00