diff --git a/Cargo.lock b/Cargo.lock index 16ce515..8d54478 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1991,9 +1991,9 @@ dependencies = [ [[package]] name = "mostro-core" -version = "0.6.19" +version = "0.6.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "598112169173ad9c97abab86cb9b1aed551e78201bb938df5cd845f35edc0c08" +checksum = "926d9b23a394e7fc4e4aee38cb5e7a26c09766da67216ad63c730396c439fb63" dependencies = [ "anyhow", "bitcoin", diff --git a/Cargo.toml b/Cargo.toml index 2e81989..2f3358e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -38,7 +38,7 @@ uuid = { version = "1.8.0", features = [ "serde", ] } reqwest = { version = "0.12.1", features = ["json"] } -mostro-core = { version = "0.6.19", features = ["sqlx"] } +mostro-core = { version = "0.6.20", features = ["sqlx"] } tracing = "0.1.40" tracing-subscriber = { version = "0.3.18", features = ["env-filter"] } config = "0.14.0" diff --git a/src/app.rs b/src/app.rs index d96d395..1366aa2 100644 --- a/src/app.rs +++ b/src/app.rs @@ -68,56 +68,79 @@ fn warning_msg(action: &Action, e: anyhow::Error) { /// * `msg` - The message containing action details and trade index information. async fn check_trade_index(pool: &Pool, event: &UnwrappedGift, msg: &Message) { let message_kind = msg.get_inner_message_kind(); - if let Action::NewOrder | Action::TakeBuy | Action::TakeSell = message_kind.action { - match is_user_present(pool, event.sender.to_string()).await { - Ok(mut user) => { - if let (true, index) = message_kind.has_trade_index() { - let (_, sig): (Message, nostr_sdk::secp256k1::schnorr::Signature) = - serde_json::from_str(&event.rumor.content).unwrap(); - if index > user.last_trade_index - && msg - .get_inner_message_kind() - .verify_signature(event.rumor.pubkey, sig) - { - user.last_trade_index = index; - if let Err(e) = update_user_trade_index( - pool, - event.sender.to_string(), - user.last_trade_index, - ) - .await - { - tracing::error!("Error updating user trade index: {}", e); - } - } else { - tracing::info!("Invalid signature or trade index"); - send_cant_do_msg( - None, - msg.get_inner_message_kind().id, - Some(CantDoReason::InvalidTradeIndex), - &event.rumor.pubkey, - ) - .await; + + // Only process actions related to trading + if !matches!( + message_kind.action, + Action::NewOrder | Action::TakeBuy | Action::TakeSell + ) { + return; + } + + // If user is present, we check the trade index and signature + match is_user_present(pool, event.sender.to_string()).await { + Ok(user) => { + if let (true, index) = message_kind.has_trade_index() { + let content: (Message, Signature) = match serde_json::from_str::<( + Message, + nostr_sdk::secp256k1::schnorr::Signature, + )>(&event.rumor.content) + { + Ok(data) => data, + Err(e) => { + tracing::error!("Error deserializing content: {}", e); + return; } + }; + + let (_, sig) = content; + + if index <= user.last_trade_index { + tracing::info!("Invalid trade index"); + send_cant_do_msg( + None, + message_kind.id, + Some(CantDoReason::InvalidTradeIndex), + &event.rumor.pubkey, + ) + .await; + return; + } + + if !message_kind.verify_signature(event.rumor.pubkey, sig) { + tracing::info!("Invalid signature"); + send_cant_do_msg( + None, + message_kind.id, + Some(CantDoReason::InvalidSignature), + &event.rumor.pubkey, + ) + .await; + return; + } + + if let Err(e) = update_user_trade_index(pool, event.sender.to_string(), index).await + { + tracing::error!("Error updating user trade index: {}", e); } } - Err(_) => { - if let (true, last_trade_index) = message_kind.has_trade_index() { - let new_user: User = User { - pubkey: event.sender.to_string(), - last_trade_index, - ..Default::default() - }; - if let Err(e) = add_new_user(pool, new_user).await { - tracing::error!("Error creating new user: {}", e); - send_cant_do_msg( - None, - msg.get_inner_message_kind().id, - Some(CantDoReason::InvalidTextMessage), - &event.rumor.pubkey, - ) - .await; - } + } + Err(_) => { + if let (true, last_trade_index) = message_kind.has_trade_index() { + let new_user: User = User { + pubkey: event.sender.to_string(), + last_trade_index, + ..Default::default() + }; + if let Err(e) = add_new_user(pool, new_user).await { + tracing::error!("Error creating new user: {}", e); + send_cant_do_msg( + None, + msg.get_inner_message_kind().id, + Some(CantDoReason::InvalidTextMessage), + &event.rumor.pubkey, + ) + .await; } } } diff --git a/src/app/admin_take_dispute.rs b/src/app/admin_take_dispute.rs index 4c94093..e2f9281 100644 --- a/src/app/admin_take_dispute.rs +++ b/src/app/admin_take_dispute.rs @@ -87,11 +87,12 @@ pub async fn admin_take_dispute_action( }; let mut new_order = order.as_new_order(); + // Only in this case we use the trade pubkey fields to store the master pubkey new_order - .master_buyer_pubkey + .buyer_trade_pubkey .clone_from(&order.master_buyer_pubkey); new_order - .master_seller_pubkey + .seller_trade_pubkey .clone_from(&order.master_seller_pubkey); // Update dispute fields diff --git a/src/app/rate_user.rs b/src/app/rate_user.rs index bb2e343..a68a07a 100644 --- a/src/app/rate_user.rs +++ b/src/app/rate_user.rs @@ -94,7 +94,7 @@ pub async fn update_user_reputation_action( if message_sender == buyer { counterpart = order .master_seller_pubkey - .ok_or_else(|| Error::msg("Missing master seller pubkey"))?; + .ok_or_else(|| Error::msg("Missing seller identity pubkey"))?; buyer_rating = true; counterpart_trade_pubkey = order .buyer_pubkey @@ -102,7 +102,7 @@ pub async fn update_user_reputation_action( } else if message_sender == seller { counterpart = order .master_buyer_pubkey - .ok_or_else(|| Error::msg("Missing master buyer pubkey"))?; + .ok_or_else(|| Error::msg("Missing buyer identity pubkey"))?; seller_rating = true; counterpart_trade_pubkey = order .seller_pubkey diff --git a/src/flow.rs b/src/flow.rs index 02d63cb..e05f563 100644 --- a/src/flow.rs +++ b/src/flow.rs @@ -84,8 +84,8 @@ pub async fn hold_invoice_paid(hash: &str, request_id: Option) -> Result<() order_data.amount = new_amount; status = Status::WaitingBuyerInvoice; order_data.status = Some(status); - order_data.master_buyer_pubkey = None; - order_data.master_seller_pubkey = None; + order_data.buyer_trade_pubkey = None; + order_data.seller_trade_pubkey = None; // We ask to buyer for a new invoice send_new_order_msg( request_id,