Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove api_payment table ? #24

Open
Asone opened this issue Feb 19, 2022 · 0 comments
Open

Remove api_payment table ? #24

Asone opened this issue Feb 19, 2022 · 0 comments
Labels
question Further information is requested

Comments

@Asone
Copy link
Owner

Asone commented Feb 19, 2022

The HTTP paywall guard uses an api_payment table that registers the generated invoices.

As using a table for GraphQL paywall seems necessary to ensure the client provided invoice fits a requested data query, it might not be an absolute necessity for the global HTTP paywall.

We could remove the table and just check the provided invoice exists and has been paid through the LND service.

However, doing so would induce that the HTTP server could never be 100% sure that the provided invoice has been generated in a HTTP request context. Then so, providing any invoice that exists in the LND service could allow to go through the paywall. A few checks could be made to reduce the capabilities of passing through with non related invoice like checking the invoice value or the memo.

I currently have no clue if it would be a good idea and will probably leave the mechanism as it is, but want to keep the question opened for further options.
@Asone Asone added the question Further information is requested label Feb 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Asone