Struct UncheckedOriginalPayload 

pub struct UncheckedOriginalPayload { /* private fields */ }

Available on crate feature v1 only.

The original PSBT and the optional parameters received from the sender.

This is the first typestate after the retrieval of the sender’s original proposal in the receiver’s workflow. At this stage, the receiver can verify that the original PSBT they have received from the sender is broadcastable to the network in the case of a payjoin failure.

The recommended usage of this typestate differs based on whether you are implementing an interactive (where the receiver takes manual actions to respond to the payjoin proposal) or a non-interactive (ex. a donation page which automatically generates a new QR code for each visit) payment receiver. For the latter, you should call Self::check_broadcast_suitability to check that the proposal is actually broadcastable (and, optionally, whether the fee rate is above the minimum limit you have set). These mechanisms protect the receiver against probing attacks, where a malicious sender can repeatedly send proposals to have the non-interactive receiver reveal the UTXOs it owns with the proposals it modifies.

If you are implementing an interactive payment receiver, then such checks are not necessary, and you can go ahead with calling Self::assume_interactive_receiver to move on to the next typestate.

Implementations

impl UncheckedOriginalPayload

pub fn from_request( body: &[u8], query: &str, headers: impl Headers, ) -> Result<Self, Error>

impl UncheckedOriginalPayload

pub fn check_broadcast_suitability( self, min_fee_rate: Option<FeeRate>, can_broadcast: impl Fn(&Transaction) -> Result<bool, ImplementationError>, ) -> Result<MaybeInputsOwned, Error>

Checks that the original PSBT in the proposal can be broadcasted.

If the receiver is a non-interactive payment processor (ex. a donation page which generates a new QR code for each visit), then it should make sure that the original PSBT is broadcastable as a fallback mechanism in case the payjoin fails. This validation would be equivalent to testmempoolaccept Bitcoin Core RPC call returning {"allowed": true,...}.

Receiver can optionally set a minimum fee rate which will be enforced on the original PSBT in the proposal. This can be used to further prevent probing attacks since the attacker would now need to probe the receiver with transactions which are both broadcastable and pay high fee. Unrelated to the probing attack scenario, this parameter also makes operating in a high fee environment easier for the receiver.

pub fn assume_interactive_receiver(self) -> MaybeInputsOwned

Moves on to the next typestate without any of the current typestate’s validations.

Use this for interactive payment receivers, where there is no risk of a probing attack since the receiver needs to manually create payjoin URIs.

Trait Implementations

impl Clone for UncheckedOriginalPayload

fn clone(&self) -> UncheckedOriginalPayload

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for UncheckedOriginalPayload

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.