gl_client/lnurl/pay/

mod.rs

use super::models::SuccessAction;
use super::utils::parse_lnurl;

use crate::lightning_invoice::Bolt11Invoice;
use crate::lnurl::{
    models::{LnUrlHttpClient, PayRequestCallbackResponse, PayRequestResponse},
    utils::parse_invoice,
};

use anyhow::{anyhow, ensure, Result};
use log::debug;
use reqwest::Url;

impl PayRequestResponse {
    /// Extract the "text/plain" description from the metadata JSON.
    pub fn description(&self) -> Option<String> {
        super::utils::extract_description_from_metadata(&self.metadata)
    }

    /// Validate this pay request response for a given amount.
    ///
    /// Checks the tag, amount range, and — for lightning addresses —
    /// that the metadata contains a matching identifier.
    pub fn validate(&self, identifier: &str, amount_msats: u64) -> Result<()> {
        if self.tag != "payRequest" {
            return Err(anyhow!("Expected tag to say 'payRequest'"));
        }

        if amount_msats < self.min_sendable {
            return Err(anyhow!(
                "Amount must be {} or greater",
                self.min_sendable
            ));
        }
        if amount_msats > self.max_sendable {
            return Err(anyhow!(
                "Amount must be {} or less",
                self.max_sendable
            ));
        }

        debug!(
            "Accepted range (in millisatoshis): {} - {}",
            self.min_sendable, self.max_sendable
        );

        // For lightning addresses, verify the identifier appears in metadata
        if !is_lnurl(identifier) {
            let entries: Vec<Vec<String>> =
                serde_json::from_str(&self.metadata)
                    .map_err(|e| anyhow!("Failed to deserialize metadata: {}", e))?;

            let found = entries.iter().any(|entry| {
                entry.len() >= 2
                    && (entry[0] == "text/email" || entry[0] == "text/identifier")
                    && entry[1] == identifier
            });

            if !found {
                return Err(anyhow!(
                    "The lightning address specified in the original request \
                     does not match what was found in the metadata array"
                ));
            }
        }

        Ok(())
    }

    /// Fetch an invoice from this pay request's callback endpoint.
    ///
    /// Builds the callback URL with the given amount and optional comment,
    /// fetches the invoice, validates it against the metadata, and returns
    /// the invoice string along with any success action.
    pub async fn get_invoice<T: LnUrlHttpClient>(
        &self,
        http_client: &T,
        amount_msats: u64,
        comment: Option<&str>,
    ) -> Result<(String, Option<SuccessAction>)> {
        fetch_invoice(http_client, &self.callback, amount_msats, comment).await
    }
}

/// Fetch an invoice from a pay-request callback URL.
///
/// This is the "phase 2" of the two-phase LNURL-pay flow: the caller
/// already has the callback URL from the initial `payRequest` response,
/// and now requests an invoice for a specific amount. The returned
/// invoice is validated to be parseable and match the requested amount.
pub async fn fetch_invoice<T: LnUrlHttpClient>(
    http_client: &T,
    callback: &str,
    amount_msats: u64,
    comment: Option<&str>,
) -> Result<(String, Option<SuccessAction>)> {
    let callback_url = build_callback_url(callback, amount_msats, comment)?;
    let raw: serde_json::Value = http_client.get_json(&callback_url).await?;

    if raw.get("status").and_then(|v| v.as_str()) == Some("ERROR") {
        let reason = raw
            .get("reason")
            .and_then(|v| v.as_str())
            .unwrap_or("unknown error");
        return Err(anyhow!("{}{}", LNURL_SERVICE_ERROR_PREFIX, reason));
    }

    let callback_response: PayRequestCallbackResponse = serde_json::from_value(raw)?;

    let invoice = parse_invoice(&callback_response.pr)?;
    validate_invoice(&invoice, amount_msats)?;
    Ok((invoice.to_string(), callback_response.success_action))
}

/// Prefix used on `fetch_invoice` errors that originate from the LNURL
/// service returning a `{"status":"ERROR"}` body. Callers can match on
/// this prefix to distinguish service-side rejections from transport
/// or parsing failures.
pub const LNURL_SERVICE_ERROR_PREFIX: &str = "LNURL service error: ";

/// Build a callback URL with amount and optional comment query parameters.
fn build_callback_url(
    callback: &str,
    amount: u64,
    comment: Option<&str>,
) -> Result<String> {
    let mut url = Url::parse(callback)?;
    url.query_pairs_mut()
        .append_pair("amount", &amount.to_string());
    if let Some(c) = comment {
        if !c.is_empty() {
            url.query_pairs_mut().append_pair("comment", c);
        }
    }
    Ok(url.to_string())
}

/// Validate a BOLT11 invoice against the user-requested amount.
fn validate_invoice(invoice: &Bolt11Invoice, amount_msats: u64) -> Result<()> {
    ensure!(
        invoice.amount_milli_satoshis().unwrap_or_default() == amount_msats,
        "Amount found in invoice was not equal to the amount found in the original request\n\
         Request amount: {}\nInvoice amount: {:?}",
        amount_msats,
        invoice.amount_milli_satoshis()
    );
    Ok(())
}

/// Decrypt an AES-256-CBC encrypted success action payload (LUD-10).
///
/// - `preimage`: 32-byte payment preimage (used as the AES key)
/// - `ciphertext_b64`: base64-encoded ciphertext
/// - `iv_b64`: base64-encoded IV (decodes to 16 bytes)
pub fn decrypt_aes_success_action(
    preimage: &[u8],
    ciphertext_b64: &str,
    iv_b64: &str,
) -> Result<String> {
    use aes::Aes256;
    use base64::{engine::general_purpose::STANDARD, Engine};
    use cbc::cipher::{block_padding::Pkcs7, BlockDecryptMut, KeyIvInit};

    let ciphertext = STANDARD
        .decode(ciphertext_b64)
        .map_err(|e| anyhow!("Invalid base64 ciphertext: {}", e))?;
    let iv = STANDARD
        .decode(iv_b64)
        .map_err(|e| anyhow!("Invalid base64 IV: {}", e))?;

    if preimage.len() != 32 {
        return Err(anyhow!(
            "Payment preimage must be 32 bytes, got {}",
            preimage.len()
        ));
    }
    if iv.len() != 16 {
        return Err(anyhow!("IV must be 16 bytes, got {}", iv.len()));
    }

    type Aes256CbcDec = cbc::Decryptor<Aes256>;
    let decryptor = Aes256CbcDec::new_from_slices(preimage, &iv)
        .map_err(|e| anyhow!("AES init failed: {}", e))?;

    let plaintext_bytes = decryptor
        .decrypt_padded_vec_mut::<Pkcs7>(&ciphertext)
        .map_err(|e| anyhow!("AES decryption failed: {}", e))?;

    String::from_utf8(plaintext_bytes)
        .map_err(|e| anyhow!("Decrypted data is not valid UTF-8: {}", e))
}

fn is_lnurl(lnurl_identifier: &str) -> bool {
    const LNURL_PREFIX: &str = "LNURL";
    lnurl_identifier
        .trim()
        .to_uppercase()
        .starts_with(LNURL_PREFIX)
}

/// Resolve an LNURL or lightning address to an invoice in one shot.
///
/// Convenience function that combines resolution + validation + invoice
/// fetching. For a two-phase flow, use `PayRequestResponse::get_invoice()`
/// directly after resolving.
pub async fn resolve_lnurl_to_invoice<T: LnUrlHttpClient>(
    http_client: &T,
    lnurl_identifier: &str,
    amount_msats: u64,
    comment: Option<&str>,
) -> Result<(String, Option<SuccessAction>)> {
    let url = match is_lnurl(lnurl_identifier) {
        true => parse_lnurl(lnurl_identifier)?,
        false => parse_lightning_address(lnurl_identifier)?,
    };

    debug!("Domain: {}", Url::parse(&url).unwrap().host().unwrap());

    let pay_request: PayRequestResponse =
        http_client.get_pay_request_response(&url).await?;

    pay_request.validate(lnurl_identifier, amount_msats)?;
    pay_request.get_invoice(http_client, amount_msats, comment).await
}

/// Parse a lightning address into its well-known LNURL-pay URL (LUD-16).
pub fn parse_lightning_address(lightning_address: &str) -> Result<String> {
    let parts: Vec<&str> = lightning_address.split('@').collect();

    if parts.len() != 2 {
        return Err(anyhow!(
            "The provided lightning address is improperly formatted"
        ));
    }

    let username = parts[0];
    let domain = parts[1];

    if username.is_empty() {
        return Err(anyhow!("Username can not be empty"));
    }
    if domain.is_empty() {
        return Err(anyhow!("Domain can not be empty"));
    }

    Ok(format!(
        "https://{}/.well-known/lnurlp/{}",
        domain, username
    ))
}

#[cfg(test)]
mod tests {
    use crate::lnurl::models::MockLnUrlHttpClient;
    use futures::future;
    use futures::future::Ready;
    use std::pin::Pin;

    use super::*;

    fn convert_to_async_return_value<T: Send + 'static>(
        value: T,
    ) -> Pin<Box<dyn std::future::Future<Output = T> + Send>> {
        let ready_future: Ready<_> = future::ready(value);
        Pin::new(Box::new(ready_future)) as Pin<Box<dyn std::future::Future<Output = T> + Send>>
    }

    #[test]
    fn test_parse_invoice() {
        let invoice_str = "lnbc100p1psj9jhxdqud3jxktt5w46x7unfv9kz6mn0v3jsnp4q0d3p2sfluzdx45tqcsh2pu5qc7lgq0xs578ngs6s0s68ua4h7cvspp5q6rmq35js88zp5dvwrv9m459tnk2zunwj5jalqtyxqulh0l5gflssp5nf55ny5gcrfl30xuhzj3nphgj27rstekmr9fw3ny5989s300gyus9qyysgqcqpcrzjqw2sxwe993h5pcm4dxzpvttgza8zhkqxpgffcrf5v25nwpr3cmfg7z54kuqq8rgqqqqqqqq2qqqqq9qq9qrzjqd0ylaqclj9424x9m8h2vcukcgnm6s56xfgu3j78zyqzhgs4hlpzvznlugqq9vsqqqqqqqlgqqqqqeqq9qrzjqwldmj9dha74df76zhx6l9we0vjdquygcdt3kssupehe64g6yyp5yz5rhuqqwccqqyqqqqlgqqqqjcqq9qrzjqf9e58aguqr0rcun0ajlvmzq3ek63cw2w282gv3z5uupmuwvgjtq2z55qsqqg6qqqyqqqrtnqqqzq3cqygrzjqvphmsywntrrhqjcraumvc4y6r8v4z5v593trte429v4hredj7ms5z52usqq9ngqqqqqqqlgqqqqqqgq9qrzjq2v0vp62g49p7569ev48cmulecsxe59lvaw3wlxm7r982zxa9zzj7z5l0cqqxusqqyqqqqlgqqqqqzsqygarl9fh38s0gyuxjjgux34w75dnc6xp2l35j7es3jd4ugt3lu0xzre26yg5m7ke54n2d5sym4xcmxtl8238xxvw5h5h5j5r6drg6k6zcqj0fcwg";

        let result = parse_invoice(invoice_str);
        assert!(result.is_ok());

        let invoice = result.unwrap();
        assert_eq!(invoice.amount_milli_satoshis().unwrap(), 10);
    }

    #[tokio::test]
    async fn test_lnurl_pay() {
        let mut mock_http_client = MockLnUrlHttpClient::new();

        mock_http_client.expect_get_pay_request_response().returning(|_url| {
            let x: PayRequestResponse = serde_json::from_str("{ \"callback\": \"https://cipherpunk.com/lnurlp/api/v1/lnurl/cb/1\", \"maxSendable\": 100000, \"minSendable\": 100, \"tag\": \"payRequest\", \"metadata\": \"[[\\\"text/plain\\\", \\\"Start the CoinTrain\\\"]]\" }").unwrap();
            convert_to_async_return_value(Ok(x))
        });

        mock_http_client.expect_get_json().returning(|_url| {
            let invoice = "lnbc1u1pjv9qrvsp5e5wwexctzp9yklcrzx448c68q2a7kma55cm67ruajjwfkrswnqvqpp55x6mmz8ch6nahrcuxjsjvs23xkgt8eu748nukq463zhjcjk4s65shp5dd6hc533r655wtyz63jpf6ja08srn6rz6cjhwsjuyckrqwanhjtsxqzjccqpjrzjqw6lfdpjecp4d5t0gxk5khkrzfejjxyxtxg5exqsd95py6rhwwh72rpgrgqq3hcqqgqqqqlgqqqqqqgq9q9qxpqysgq95njz4sz6h7r2qh7txnevcrvg0jdsfpe72cecmjfka8mw5nvm7tydd0j34ps2u9q9h6v5u8h3vxs8jqq5fwehdda6a8qmpn93fm290cquhuc6r";
            let callback_response_json = format!("{{\"pr\":\"{}\",\"routes\":[]}}", invoice);
            let x: serde_json::Value = serde_json::from_str(&callback_response_json).unwrap();
            convert_to_async_return_value(Ok(x))
        });

        let lnurl = "LNURL1DP68GURN8GHJ7CMFWP5X2UNSW4HXKTNRDAKJ7CTSDYHHVVF0D3H82UNV9UCSAXQZE2";
        let amount = 100000;

        let result = resolve_lnurl_to_invoice(&mock_http_client, lnurl, amount, None).await;
        assert!(result.is_ok());
    }

    #[tokio::test]
    async fn test_lnurl_pay_with_lightning_address() {
        let mut mock_http_client = MockLnUrlHttpClient::new();
        let lightning_address_username = "satoshi";
        let lightning_address_domain = "cipherpunk.com";
        let lnurl = format!(
            "{}@{}",
            lightning_address_username, lightning_address_domain
        );

        let lnurl_clone = lnurl.clone();
        mock_http_client.expect_get_pay_request_response().returning(move |url| {
            let expected_url = format!("https://{}/.well-known/lnurlp/{}", lightning_address_domain, lightning_address_username);
            assert_eq!(expected_url, url);

            let pay_request_json = format!("{{\"callback\": \"https://cipherpunk.com/lnurlp/api/v1/lnurl/cb/1\", \"maxSendable\": 100000, \"minSendable\": 100, \"tag\": \"payRequest\", \"metadata\": \"[[\\\"text/plain\\\", \\\"Start the CoinTrain\\\"], [\\\"text/identifier\\\", \\\"{}\\\"]]\" }}", lnurl_clone);

            let x: PayRequestResponse = serde_json::from_str(&pay_request_json).unwrap();
            convert_to_async_return_value(Ok(x))
        });

        mock_http_client.expect_get_json().returning(|_url| {
            let invoice = "lnbcrt1u1pj0ypx6sp5hzczugdw9eyw3fcsjkssux7awjlt68vpj7uhmen7sup0hdlrqxaqpp5gp5fm2sn5rua2jlzftkf5h22rxppwgszs7ncm73pmwhvjcttqp3qdy2tddjyar90p6z7urvv95kug3vyq39xarpwf6zqargv5syxmmfde28yctfdc396tpqtv38getcwshkjer9de6xjenfv4ezytpqyfekzar0wd5xjsrrd9cxsetjwp6ku6ewvdhk6gjat5xqyjw5qcqp29qxpqysgqujuf5zavazln2q9gks7nqwdgjypg2qlvv7aqwfmwg7xmjt8hy4hx2ctr5fcspjvmz9x5wvmur8vh6nkynsvateafm73zwg5hkf7xszsqajqwcf";
            let callback_response_json = format!("{{\"pr\":\"{}\",\"routes\":[]}}", invoice);
            let x: serde_json::Value = serde_json::from_str(&callback_response_json).unwrap();
            convert_to_async_return_value(Ok(x))
        });

        let amount = 100000;

        let result = resolve_lnurl_to_invoice(&mock_http_client, &lnurl, amount, None).await;
        assert!(result.is_ok());
    }

    #[tokio::test]
    async fn test_lnurl_pay_with_lightning_address_fails_with_empty_username() {
        let mock_http_client = MockLnUrlHttpClient::new();
        let lnurl = "@cipherpunk.com";
        let result = resolve_lnurl_to_invoice(&mock_http_client, lnurl, 100000, None).await;
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("Username can not be empty"));
    }

    #[tokio::test]
    async fn test_lnurl_pay_with_lightning_address_fails_with_empty_domain() {
        let mock_http_client = MockLnUrlHttpClient::new();
        let lnurl = "satoshi@";
        let result = resolve_lnurl_to_invoice(&mock_http_client, lnurl, 100000, None).await;
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("Domain can not be empty"));
    }

    #[tokio::test]
    async fn test_lnurl_pay_returns_error_on_invalid_lnurl() {
        let mock_http_client = MockLnUrlHttpClient::new();
        let lnurl = "LNURL1111111111111111111111111111111111111111111111111111111111111111111";

        let result = resolve_lnurl_to_invoice(&mock_http_client, lnurl, 100000, None).await;
        assert!(result.unwrap_err().to_string().contains("Failed to decode lnurl: invalid length"));
    }

    #[tokio::test]
    async fn test_lnurl_pay_returns_error_on_amount_less_than_min_sendable() {
        let mut mock_http_client = MockLnUrlHttpClient::new();

        mock_http_client.expect_get_pay_request_response().returning(|_url| {
            let x: PayRequestResponse = serde_json::from_str("{ \"callback\": \"https://cipherpunk.com/lnurlp/api/v1/lnurl/cb/1\", \"maxSendable\": 100000, \"minSendable\": 100000, \"tag\": \"payRequest\", \"metadata\": \"[[\\\"text/plain\\\", \\\"Start the CoinTrain\\\"]]\" }").unwrap();
            convert_to_async_return_value(Ok(x))
        });

        let lnurl = "LNURL1DP68GURN8GHJ7CMFWP5X2UNSW4HXKTNRDAKJ7CTSDYHHVVF0D3H82UNV9UCSAXQZE2";
        let result = resolve_lnurl_to_invoice(&mock_http_client, lnurl, 1, None).await;
        assert!(result.unwrap_err().to_string().contains("Amount must be"));
    }

    #[tokio::test]
    async fn test_lnurl_pay_returns_error_on_amount_greater_than_max_sendable() {
        let mut mock_http_client = MockLnUrlHttpClient::new();

        mock_http_client.expect_get_pay_request_response().returning(|_url| {
            let x: PayRequestResponse = serde_json::from_str("{ \"callback\": \"https://cipherpunk.com/lnurlp/api/v1/lnurl/cb/1\", \"maxSendable\": 100000, \"minSendable\": 100000, \"tag\": \"payRequest\", \"metadata\": \"[[\\\"text/plain\\\", \\\"Start the CoinTrain\\\"]]\" }").unwrap();
            convert_to_async_return_value(Ok(x))
        });

        let lnurl = "LNURL1DP68GURN8GHJ7CMFWP5X2UNSW4HXKTNRDAKJ7CTSDYHHVVF0D3H82UNV9UCSAXQZE2";
        let result = resolve_lnurl_to_invoice(&mock_http_client, lnurl, 200000, None).await;
        assert!(result.unwrap_err().to_string().contains("Amount must be"));
    }

    #[test]
    fn test_aes_decrypt_known_vector() {
        use aes::Aes256;
        use base64::{engine::general_purpose::STANDARD, Engine};
        use cbc::cipher::{block_padding::Pkcs7, BlockEncryptMut, KeyIvInit};

        let key = [0x42u8; 32];
        let iv = [0x24u8; 16];
        let plaintext = b"hello world";

        // Encrypt
        type Aes256CbcEnc = cbc::Encryptor<Aes256>;
        let ciphertext = Aes256CbcEnc::new_from_slices(&key, &iv)
            .unwrap()
            .encrypt_padded_vec_mut::<Pkcs7>(plaintext);

        let ciphertext_b64 = STANDARD.encode(&ciphertext);
        let iv_b64 = STANDARD.encode(&iv);

        // Decrypt
        let result = decrypt_aes_success_action(&key, &ciphertext_b64, &iv_b64).unwrap();
        assert_eq!(result, "hello world");
    }

    #[test]
    fn test_aes_decrypt_wrong_preimage_length() {
        let result = decrypt_aes_success_action(&[0u8; 16], "YWJj", "MTIzNDU2Nzg5MDEyMzQ1Ng==");
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("32 bytes"));
    }

    #[test]
    fn test_pay_request_description() {
        let resp: PayRequestResponse = serde_json::from_str(
            r#"{"callback":"https://x.com/cb","maxSendable":1000,"minSendable":1,"tag":"payRequest","metadata":"[[\"text/plain\",\"Buy coffee\"]]"}"#
        ).unwrap();
        assert_eq!(resp.description(), Some("Buy coffee".to_string()));
    }

    #[test]
    fn test_pay_request_validate_amount_range() {
        let resp: PayRequestResponse = serde_json::from_str(
            r#"{"callback":"https://x.com/cb","maxSendable":10000,"minSendable":1000,"tag":"payRequest","metadata":"[[\"text/plain\",\"test\"]]"}"#
        ).unwrap();

        // In range
        assert!(resp.validate("LNURL1TEST", 5000).is_ok());
        // Below min
        assert!(resp.validate("LNURL1TEST", 500).is_err());
        // Above max
        assert!(resp.validate("LNURL1TEST", 20000).is_err());
    }
}