persist recovery, check if proofs are spent, add docs for recovery (#532)

Author: zupzup

crates/bcr-ebill-api/Cargo.toml

@@ -34,8 +34,11 @@ secp256k1.workspace = true
 bcr-wdc-webapi = { git = "https://github.com/BitcreditProtocol/wildcat", rev = "4437c3b809105df69ed459a9698cac8deb8d9210" }
 bcr-wdc-quote-client = { git = "https://github.com/BitcreditProtocol/wildcat", rev = "4437c3b809105df69ed459a9698cac8deb8d9210" }
 bcr-wdc-key-client = { git = "https://github.com/BitcreditProtocol/wildcat", rev = "4437c3b809105df69ed459a9698cac8deb8d9210" }
+bcr-wdc-swap-client = { git = "https://github.com/BitcreditProtocol/wildcat", rev = "4437c3b809105df69ed459a9698cac8deb8d9210" }
 cashu = { version = "0.9", default-features = false }
 rand = { version = "0.8" }
+hex = { version = "0.4" }
+
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
 reqwest = { workspace = true, features = ["json"] }

crates/bcr-ebill-api/src/external/mint.rs

@@ -1,5 +1,6 @@
 use std::str::FromStr;
 
+use crate::{constants::CURRENCY_CRSAT, util};
 use async_trait::async_trait;
 use bcr_ebill_core::{
     PostalAddress, ServiceTraitBounds,
@@ -9,8 +10,9 @@ use bcr_ebill_core::{
 };
 use bcr_wdc_key_client::KeyClient;
 use bcr_wdc_quote_client::QuoteClient;
+use bcr_wdc_swap_client::SwapClient;
 use bcr_wdc_webapi::quotes::{BillInfo, ResolveOffer, StatusReply};
-use cashu::{nut00 as cdk00, nut01 as cdk01, nut02 as cdk02};
+use cashu::{ProofsMethods, State, nut00 as cdk00, nut01 as cdk01, nut02 as cdk02};
 use thiserror::Error;
 
 /// Generic result type
@@ -43,34 +45,51 @@ pub enum Error {
     /// all errors originating from invalid keyset ids
     #[error("External Mint Invalid KeySet Id Error")]
     InvalidKeySetId,
+    /// all errors originating from invalid tokens
+    #[error("External Mint Invalid Token Error")]
+    InvalidToken,
+    /// all errors originating from tokens and mints not matching
+    #[error("External Mint Token and Mint don't match Error")]
+    TokenAndMintDontMatch,
     /// all errors originating from blind message generation
     #[error("External Mint BlindMessage Error")]
     BlindMessage,
+    /// an error constructing proofs from minting
+    #[error("External Mint ProofConstruction Error")]
+    ProofConstruction,
+    /// an error minting
+    #[error("External Mint Minting Error")]
+    Minting,
     /// all errors originating from the quote client
     #[error("External Mint Quote Client Error")]
     QuoteClient,
     /// all errors originating from the key client
     #[error("External Mint Key Client Error")]
     KeyClient,
+    /// all errors originating from the swap client
+    #[error("External Mint Swap Client Error")]
+    SwapClient,
 }
 
 #[cfg(test)]
 use mockall::automock;
 
-use crate::{constants::CURRENCY_CRSAT, util};
-
 #[cfg_attr(test, automock)]
 #[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait)]
 pub trait MintClientApi: ServiceTraitBounds {
+    /// Check if the given proofs were already spent
+    async fn check_if_proofs_are_spent(&self, mint_url: &str, proofs: &str) -> Result<bool>;
     /// Mint and return encoded token
     async fn mint(
         &self,
         mint_url: &str,
         keyset: cdk02::KeySet,
-        discounted_amount: u64,
         quote_id: &str,
         private_key: &str,
+        blinded_messages: Vec<cashu::BlindedMessage>,
+        secrets: Vec<cashu::secret::Secret>,
+        rs: Vec<cashu::SecretKey>,
     ) -> Result<String>;
     /// Check keyset info for a given keyset id with a given mint
     async fn get_keyset_info(&self, mint_url: &str, keyset_id: &str) -> Result<cdk02::KeySet>;
@@ -125,47 +144,86 @@ impl MintClient {
         );
         Ok(key_client)
     }
+
+    pub fn swap_client(&self, mint_url: &str) -> Result<SwapClient> {
+        let swap_client = bcr_wdc_swap_client::SwapClient::new(
+            reqwest::Url::parse(mint_url).map_err(|_| Error::InvalidMintUrl)?,
+        );
+        Ok(swap_client)
+    }
 }
 
 #[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait)]
 impl MintClientApi for MintClient {
+    async fn check_if_proofs_are_spent(&self, mint_url: &str, proofs: &str) -> Result<bool> {
+        let token_mint_url =
+            cashu::MintUrl::from_str(mint_url).map_err(|_| Error::InvalidMintUrl)?;
+        let token = cashu::Token::from_str(proofs).map_err(|_| Error::InvalidToken)?;
+
+        if let cashu::Token::TokenV3(token_v3) = token {
+            if let Some(token_for_mint) = token_v3
+                .token
+                .into_iter()
+                .find(|t| t.mint == token_mint_url)
+            {
+                let ys = token_for_mint.proofs.ys().map_err(|_| Error::PubKey)?;
+                let proof_states =
+                    self.swap_client(mint_url)?
+                        .check_state(ys)
+                        .await
+                        .map_err(|e| {
+                            log::error!("Error checking if proofs are spent at {mint_url}: {e}");
+                            Error::SwapClient
+                        })?;
+                // all proofs have to be spent
+                let proofs_spent = proof_states
+                    .iter()
+                    .all(|ps| matches!(ps.state, State::Spent));
+                Ok(proofs_spent)
+            } else {
+                Err(Error::InvalidToken.into())
+            }
+        } else {
+            Err(Error::InvalidToken.into())
+        }
+    }
+
     async fn mint(
         &self,
         mint_url: &str,
         keyset: cdk02::KeySet,
-        discounted_amount: u64,
         quote_id: &str,
         private_key: &str,
+        blinded_messages: Vec<cashu::BlindedMessage>,
+        secrets: Vec<cashu::secret::Secret>,
+        rs: Vec<cashu::SecretKey>,
     ) -> Result<String> {
+        let token_mint_url =
+            cashu::MintUrl::from_str(mint_url).map_err(|_| Error::InvalidMintUrl)?;
         let secret_key = cdk01::SecretKey::from_hex(private_key).map_err(|_| Error::PrivateKey)?;
         let qid = uuid::Uuid::from_str(quote_id).map_err(|_| Error::InvalidMintRequestId)?;
 
-        // create blinded messages
-        let amounts: Vec<cashu::Amount> = cashu::Amount::from(discounted_amount).split();
-        let blinds = generate_blinds(keyset.id, &amounts)?;
-        let blinded_messages = blinds.iter().map(|b| b.0.clone()).collect::<Vec<_>>();
-
         // mint
         let blinded_signatures = self
             .key_client(mint_url)?
             .mint(qid, blinded_messages, secret_key)
             .await
             .map_err(|e| {
                 log::error!("Error minting at mint {mint_url}: {e}");
-                Error::KeyClient
+                Error::Minting
             })?;
 
         // create proofs
-        let secrets = blinds.iter().map(|b| b.1.clone()).collect::<Vec<_>>();
-        let rs = blinds.iter().map(|b| b.2.clone()).collect::<Vec<_>>();
-        let proofs =
-            cashu::dhke::construct_proofs(blinded_signatures, rs, secrets, &keyset.keys).unwrap();
+        let proofs = cashu::dhke::construct_proofs(blinded_signatures, rs, secrets, &keyset.keys)
+            .map_err(|e| {
+            log::error!("Couldn't construct proofs for {quote_id}: {e}");
+            Error::ProofConstruction
+        })?;
 
         // generate token from proofs
-        let mint_url = cashu::MintUrl::from_str(mint_url).map_err(|_| Error::InvalidMintUrl)?;
         let token = cdk00::Token::new(
-            mint_url,
+            token_mint_url,
             proofs,
             None,
             cashu::CurrencyUnit::Custom(CURRENCY_CRSAT.into()),
@@ -276,20 +334,25 @@ impl MintClientApi for MintClient {
 
 pub fn generate_blinds(
     keyset_id: cashu::Id,
-    amounts: &[cashu::Amount],
-) -> Result<
-    Vec<(
-        cashu::BlindedMessage,
-        cashu::secret::Secret,
-        cashu::SecretKey,
-    )>,
-> {
-    let mut blinds = Vec::new();
+    discounted_amount: u64,
+) -> Result<(
+    Vec<cashu::BlindedMessage>,
+    Vec<cashu::secret::Secret>,
+    Vec<cashu::SecretKey>,
+)> {
+    let amounts: Vec<cashu::Amount> = cashu::Amount::from(discounted_amount).split();
+    let mut blinded_messages = Vec::with_capacity(amounts.len());
+    let mut secrets = Vec::with_capacity(amounts.len());
+    let mut rs = Vec::with_capacity(amounts.len());
+
     for amount in amounts {
-        let blind = generate_blind(keyset_id, *amount)?;
-        blinds.push(blind);
+        let blind = generate_blind(keyset_id, amount)?;
+        blinded_messages.push(blind.0);
+        secrets.push(blind.1);
+        rs.push(blind.2);
     }
-    Ok(blinds)
+
+    Ok((blinded_messages, secrets, rs))
 }
 
 pub fn generate_blind(
@@ -300,7 +363,7 @@ pub fn generate_blind(
     cashu::secret::Secret,
     cashu::SecretKey,
 )> {
-    let secret = cashu::secret::Secret::new(rand::random::<u64>().to_string());
+    let secret = cashu::secret::Secret::new(hex::encode(rand::random::<[u8; 32]>()));
     let (b_, r) =
         cashu::dhke::blind_message(secret.as_bytes(), None).map_err(|_| Error::BlindMessage)?;
     Ok((cashu::BlindedMessage::new(amount, kid, b_), secret, r))

crates/bcr-ebill-api/src/service/bill_service/service.rs

@@ -302,7 +302,8 @@ impl BillService {
                     .get_offer(&mint_request.mint_request_id)
                     .await
                 {
-                    if offer.proofs.is_none() {
+                    // only if there are no proofs yet and proofs are not spent
+                    if offer.proofs.is_none() && !offer.proofs_spent {
                         debug!(
                             "Checking for keyset info for {}",
                             &mint_request.mint_request_id
@@ -351,15 +352,39 @@ impl BillService {
                                     "Keyset found and minting for {}",
                                     &mint_request.mint_request_id
                                 );
+                                // generate blinds
+                                let (blinded_messages, secrets, rs) =
+                                    external::mint::generate_blinds(
+                                        keyset_info.id,
+                                        offer.discounted_sum,
+                                    )?;
+                                // persist recovery data in case something goes wrong after minting
+                                // getting here a second time for this offer will fail, which is OK
+                                // since it means that either minting, or proof creation failed and we can't
+                                // detect which one reliably
+                                // with the secrets and rs, we can re-create the blinded messages and get
+                                // blinded signatures from the mint using the mint, OR the recovery endpoint
+                                self.mint_store
+                                    .add_recovery_data_to_offer(
+                                        &mint_request.mint_request_id,
+                                        &secrets
+                                            .iter()
+                                            .map(|s| s.to_string())
+                                            .collect::<Vec<String>>(),
+                                        &rs.iter().map(|r| r.to_string()).collect::<Vec<String>>(),
+                                    )
+                                    .await?;
                                 // mint and generate proofs
                                 let proofs = self
                                     .mint_client
                                     .mint(
                                         &mint_cfg.default_mint_url,
                                         keyset_info,
-                                        offer.discounted_sum,
                                         &mint_request.mint_request_id,
                                         &private_key,
+                                        blinded_messages,
+                                        secrets,
+                                        rs,
                                     )
                                     .await?;
                                 // store proofs on the offer
@@ -371,6 +396,40 @@ impl BillService {
                                 info!("No keyset available for {}", mint_request.mint_request_id);
                             }
                         };
+                    } else if offer.proofs.is_some() && !offer.proofs_spent {
+                        debug!(
+                            "Checking if proofs for {} are spent",
+                            &mint_request.mint_request_id
+                        );
+                        if let Some(proofs) = offer.proofs {
+                            match self
+                                .mint_client
+                                .check_if_proofs_are_spent(&mint_cfg.default_mint_url, &proofs)
+                                .await
+                            {
+                                Ok(spent) => {
+                                    if spent {
+                                        debug!(
+                                            "Proofs for {} are spent - updating",
+                                            &mint_request.mint_request_id
+                                        );
+                                        self.mint_store
+                                            .set_proofs_to_spent_for_offer(
+                                                &mint_request.mint_request_id,
+                                            )
+                                            .await?;
+                                    }
+                                }
+                                Err(e) => {
+                                    error!(
+                                        "Could not check if proofs are spent for {}: {e}",
+                                        &mint_request.mint_request_id
+                                    );
+                                }
+                            }
+                        }
+                    } else {
+                        // proofs spent - nothing to do
                     }
                 }
             }

crates/bcr-ebill-api/src/tests/mod.rs

@@ -92,6 +92,13 @@ pub mod tests {
                 new_status: &MintRequestStatus,
             ) -> Result<()>;
             async fn add_proofs_to_offer(&self, mint_request_id: &str, proofs: &str) -> Result<()>;
+            async fn add_recovery_data_to_offer(
+                &self,
+                mint_request_id: &str,
+                secrets: &[String],
+                rs: &[String],
+            ) -> Result<()>;
+            async fn set_proofs_to_spent_for_offer(&self, mint_request_id: &str) -> Result<()>;
             async fn add_offer(
                 &self,
                 mint_request_id: &str,

crates/bcr-ebill-core/src/mint/mod.rs

@@ -46,8 +46,22 @@ pub struct MintOffer {
     pub discounted_sum: u64,
     /// The proofs, encoded as a custom Tokenv3
     pub proofs: Option<String>,
+    /// Whether the proofs were spent according to the mint
+    pub proofs_spent: bool,
+    /// The recovery data, if something goes wrong between minting and token generation
+    pub recovery_data: Option<MintOfferRecoveryData>,
 }
 
+/// Mint offer recovery data
+#[derive(Debug, Clone)]
+pub struct MintOfferRecoveryData {
+    /// The secrets of the blinds we used
+    pub secrets: Vec<String>,
+    /// The rs of the blinds we used
+    pub rs: Vec<String>,
+}
+
+/// The state of a mint request
 #[derive(Debug, Clone)]
 pub struct MintRequestState {
     /// There always is a request

crates/bcr-ebill-persistence/src/constants.rs

@@ -28,6 +28,8 @@ pub const DB_STATUS_ACCEPTED: &str = "status_accepted";
 pub const DB_MINT_NODE_ID: &str = "mint_node_id";
 pub const DB_MINT_REQUEST_ID: &str = "mint_request_id";
 pub const DB_PROOFS: &str = "proofs";
+pub const DB_RECOVERY_DATA: &str = "recovery_data";
+pub const DB_PROOFS_SPENT: &str = "proofs_spent";
 pub const DB_MINT_REQUESTER_NODE_ID: &str = "requester_node_id";
 pub const DB_SEARCH_TERM: &str = "search_term";