ekzyis
/
stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
stacker.news/lib
History
ekzyis fd8510d59f Use payment hash instead of invoice id as proof of payment 
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.

Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
 		2023-07-30 23:45:07 +02:00
..
anonymous.js Use payment hash instead of invoice id as proof of payment 2023-07-30 23:45:07 +02:00
apollo.js Add anon zaps 2023-07-30 23:45:07 +02:00
clicks.js Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" 2023-07-23 10:08:43 -05:00
constants.js Add anon comments and posts (link, discussion, poll) 2023-07-30 23:45:07 +02:00
currency.js reuse validation on server 2023-02-08 13:39:53 -06:00
cursor.js fix new freebie bug and first page detection 2021-09-09 11:44:01 -05:00
format.js upgrade to prisma 4 2023-07-26 19:18:42 -05:00
item.js fix nested comment sorting 2023-07-25 19:45:35 -05:00
lnurl.js check invoice description hash against lnurl pay metadata 2022-05-19 09:22:25 -05:00
md.js fix back button behavior on select navigation 2023-07-25 15:29:45 -05:00
new-comments.js fix issues with new linting 2023-07-25 09:14:45 -05:00
nostr.js reuse validation on server 2023-02-08 13:39:53 -06:00
prisma-adapter.js account linking 2022-06-08 16:26:44 -05:00
rainbow.js new bolt 2021-12-05 11:37:55 -06:00
rand.js use rand lightning animation when not logged in 2021-07-16 11:47:18 -05:00
remark-mention.js fix mdast find and replace imports 2023-07-24 20:03:56 -05:00
remark-sub.js fix mdast find and replace imports 2023-07-24 20:03:56 -05:00
rss.js upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
time.js Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"" 2023-07-23 10:08:43 -05:00
url.js Render images without markdown and use image proxy (#245) 2023-07-12 19:10:01 -05:00
validate.js upgrade to prisma 4 2023-07-26 19:18:42 -05:00