refactor: skip serialization of feilds other then secret

This avoids wallet fingerprinting by only sending the secret when checking if a proof is spent as recommnded in the nut.
cashubtc · Dec 18, 2023 · 69bdb18 · 69bdb18
1 parent 299d4c9
commit 69bdb18
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 2 deletions.
diff --git a/crates/cashu-sdk/src/mint.rs b/crates/cashu-sdk/src/mint.rs
@@ -308,7 +308,7 @@ impl Mint {
 
         Ok(MeltBolt11Response {
             paid: true,
-            proof: preimage.to_string(),
+            payment_preimage: Some(preimage.to_string()),
             change,
         })
     }

diff --git a/crates/cashu-sdk/src/wallet.rs b/crates/cashu-sdk/src/wallet.rs
@@ -300,7 +300,7 @@ impl<C: Client> Wallet<C> {
 
         let melted = Melted {
             paid: true,
-            preimage: Some(melt_response.proof),
+            preimage: melt_response.payment_preimage,
             change: change_proofs,
         };
 

diff --git a/crates/cashu/src/error.rs b/crates/cashu/src/error.rs
@@ -33,6 +33,8 @@ pub enum Error {
     TokenNotVerifed,
     #[error("Invoice Amount undefined")]
     InvoiceAmountUndefined,
+    #[error("Proof missing required field")]
+    MissingProofField,
 }
 
 #[cfg(feature = "wallet")]

diff --git a/crates/cashu/src/nuts/nut00.rs b/crates/cashu/src/nuts/nut00.rs
@@ -389,6 +389,19 @@ impl From<Proof> for mint::Proof {
     }
 }
 
+impl TryFrom<mint::Proof> for Proof {
+    type Error = Error;
+
+    fn try_from(mint_proof: mint::Proof) -> Result<Proof, Self::Error> {
+        Ok(Self {
+            id: mint_proof.id.ok_or(Error::MissingProofField)?,
+            amount: mint_proof.amount.ok_or(Error::MissingProofField)?,
+            secret: mint_proof.secret,
+            c: mint_proof.c.ok_or(Error::MissingProofField)?,
+        })
+    }
+}
+
 pub mod mint {
     use serde::{Deserialize, Serialize};
 
@@ -401,13 +414,16 @@ pub mod mint {
     #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
     pub struct Proof {
         /// Amount in satoshi
+        #[serde(skip_serializing)]
         pub amount: Option<Amount>,
         /// Secret message
+        #[serde(skip_serializing)]
         pub secret: Secret,
         /// Unblinded signature
         #[serde(rename = "C")]
         pub c: Option<PublicKey>,
         /// `Keyset id`
+        #[serde(skip_serializing)]
         pub id: Option<Id>,
     }