af9f462690 fix(docs): remove duplicate keys in wallet-rpc.md (theborakompanioni)
Pull request description:
Resolves#1552.
This is a hot fix to make the api docs served at https://joinmarket-org.github.io/joinmarket-clientserver/api/ work again.
Removes
```
'401':
$ref: "#/components/responses/401-Unauthorized"
```
in favor of
```
'401':
$ref: '#/components/responses/401-AuthenticationError'
```
when both are present.
This PR does not remove response `401-Unauthorized` completely, as it is still used and I am not totally sure which one of them is actually returned.
## How to test
```
cd docs/api
python3 -m http.server 9999
```
Then visit `http://localhost:9999` and verify that the page loads as expected.
ACKs for top commit:
kristapsk:
ACK af9f462690
Tree-SHA512: c876c7b18041307d7d9d6097ee756d45c09ca45a7d283f06014b30f96ad532d49395f1a47c6918b3c030859bff451443455220b4485598e49edd3320c5968f45
47bc77fd6b Fix some internal dependencies (Kristaps Kaupe)
Pull request description:
Alternative to #1543 (see [this comment](https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/1541#issuecomment-1699409791)).
* `txtorcon` is used by `jmbase` too, not only `jmdaemon`;
* get rid of `jmdaemon` dependency in `jmclient`.
Fixes#1540.
Fixes#1541.
ACKs for top commit:
AdamISZ:
utACK 47bc77fd6b
Tree-SHA512: f0c60172d286d5b8baeb46288291d3a7ade1a7ed4d7945cd4f11a7ed04aa118a665dee0c6da0ee346b6a8c5270d2616ad3a31bb37dcbcf027b0d844566793bcc
3fc74fbe2a Refactor and cleanup of blockchaininterface and related (Kristaps Kaupe)
Pull request description:
Summary of changes:
* Add typehints to `jmclient/jmclient/blockchaininterface.py` and `jmclient/jmclient/jsonrpc.py`;
* Move all methods called by external code to `BlockchainInterface` base class or add abstract methods there;
* <del>Remove broken `ElectrumWalletInterface` (we can re-introduce it later from history if somebody wants to fix it);</del><ins> (done in #1477)</ins>
* More dummy abstract method overrides for `DummyBlockchainInterface` (for tests);
* Alphabetical ordering of imports and other minor stuff;
* Behaviour change - previously fee estimation would fail if it could not get mempoolminfee, now will go with default 10 sat/vB.
#1460 was part of this, but did separate PR for that one, as it is simpler to review small refactoring changes.
This should make it more easy to: 1) write new code that uses blockchaininterface, 2) write new alternative implementations of `BlockchainInterface`.
Top commit has no ACKs.
Tree-SHA512: 7699de0419c1006ff3c6ac5da7d26055b8e3508c424b5bdd3117fea575d30ab21e8617b2d50ae7c8b2e76997d6f4b14781bb56fcdad4efc081d533a713666a31
Summary of changes:
* Add typehints to blockchaininterface.py and jsonrpc.py;
* Move all methods called by external code to BlockchainInterface base
class or add abstract methods there;
* More dummy abstract method overrides for DummyBlockchainInterface (for
tests);
* Alphabetical ordering of imports and other minor stuff;
* Behaviour change - previously fee estimation would fail if it could
not get mempoolminfee, now will go with default 10 sat/vB.
Co-authored-by: Pulp <51127079+PulpCattel@users.noreply.github.com>
The JWT validation update in PR 1480 contained a small error: by calling
the function get_POST_body() twice, the content of the request was
unavailable in the second call. This calls only once, but has the
downside of requiring a specific set of keys in the json request data.
Hence this might be fixed to be more flexible later, see comments in the
PR.
b2822ddb95 Implement wallet RPC's JWT token authority (roshii)
Pull request description:
Implement `jmclient.auth` module to manage JWT.
Upon successful authentication (e.g. unlock wallet), response includes both a `token` and a `refresh_token`. The former can be used for call authentication, valid for 30 min. After expiration, user can call `/token/refresh` endpoint with his expired access token in header and refresh token in POST call payload to get both a new access and refresh token. Refresh token is valid for 4 hours.
Anytime a new access token is issued, refresh token signature key is re-initialized, invalidating any previously issued token.
Tokens are scoped to a specific `wallet_name` and a generic `walletrpc` category, and should allow future upgrades such as authorization granularity.
Fixes https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/1297
Top commit has no ACKs.
Tree-SHA512: 44dd4338ceace04f838e92dae35b0df16b7d01d92599af57eb2652a9dcea0a41663128eec88f3e76efa0b6729a4b202122760b9ee0920863c128c0ec0ab2c83d
9f10af3adf Release notes and version for v0.9.10 (Kristaps Kaupe)
Pull request description:
My first attempt at doing release, please review!
Top commit has no ACKs.
Tree-SHA512: f52718385b90695aee6063f911d9705b5216c4aa7fc7574a4d5e8ed1e52fd3523485c3208c2c1e07f547c5f133f07642eb1198c17db35c8f73ea1276ffb8d704
e3681f7a8a Fixes websocket test in test_wallet_rpc.py (Adam Gibson)
Pull request description:
Prior to this commit, the test of the reception of a notification via the websocket would fail intermittently because the notification was being sent without waiting for the setup of the websocket connection to complete.
After this commit, we fire the notification event only after the setup and authentication check of the new websocket connection is complete.
ACKs for top commit:
roshii:
utACK e3681f7a8a
Tree-SHA512: b207a0a7d0d909dd523f2b344794c9f55bb08fdc1021ef41639a166c547947ce9b3f11ddb949c27f7dd607119f4d567e05dc1eae2aa760955eae96e139a02664
Prior to this commit, the test of the reception of a notification via
the websocket would fail intermittently because the notification was
being sent without waiting for the setup of the websocket connection to
complete.
After this commit, we fire the notification event only after the setup
and authentication check of the new websocket connection is complete.
88bd45b02e Parse URI params in guaranteed order, for duplicates, last one wins (Kristaps Kaupe)
cd1f394381 Add test coverage for is_bip21_uri() (Kristaps Kaupe)
6b2a248bb5 Add typehints to BIP21 code (Kristaps Kaupe)
Pull request description:
First commit adds typehints to BIP21 code, which now I try to do with any code I seriously touch.
Second commit adds test coverage for `is_bip21_uri()` public function.
Third commit makes sure we parse URI parameters in guaranteed order, if there are duplicates, last one wins. See https://github.com/bitcoin/bitcoin/pull/27928 for context.
ACKs for top commit:
AdamISZ:
tACK 88bd45b02e
Tree-SHA512: fcc0055dc2e12cff7d9246c6bd0207c7481da1070ca0d15b478456a1a5b57db61820fba3764ce5d9947565ded724fec2ef3c9856ab5055b5d2b0244395517afa
c9f6ac8610 RPC-API: add getinfo endpoint. (Adam Gibson)
Pull request description:
This commit creates a new endpoint /getinfo which currently returns only the version of Joinmarket (JM_CORE_VERSION) running in the backend joinmarketd. In future commits the returned dict may add more information, for example the current block height of the connected Bitcoin Core node.
Additionally, this commit fixes the response type of the /rescanblockchain endpoint as defined in the OpenAPI spec.
ACKs for top commit:
roshii:
tACK c9f6ac8610
kristapsk:
utACK c9f6ac8610
Tree-SHA512: 4ec6ea7311451068fa7b2f053598744588ec60557282b8f3ab82a5a1041fc04d0df5a31f9fc0ba403ffc5508c564abf4cb0e308c76fee6cd0650d5939b55f4bc
This commit creates a new endpoint /getinfo which currently returns only
the version of Joinmarket (JM_CORE_VERSION) running in the backend
joinmarketd. In future commits the returned dict may add more
information, for example the current block height of the connected
Bitcoin Core node.
Additionally, this commit fixes the response type of the
/rescanblockchain endpoint as defined in the OpenAPI spec.
828398fc1c RPC-API: read gaplimit from config (Adam Gibson)
Pull request description:
Prior to this commit, an attempt to change the gap limit used in wallet syncing, by setting gaplimit in the config via configset, would fail, since gaplimit was only being read from command line options. After this commit, the value of gaplimit in the POLICY section of the config, defaulting to 6, will be read and used in Wallet object creation, either via the createwallet or recoverwallet endpoints, or via the wallet opening operation in the unlockwallet endpoint. This can be used in combination with the rescanblockchain endpoint to allow discovery of funds in addresses beyond the default gap.
Top commit has no ACKs.
Tree-SHA512: 278f01f6cc0b5d8588da2d70a65de0151d3cfbbf4ff9f92b2318a8b035d260aa56df335cb76504e91cf5abde84dec5936d8b3c8bfdd15feb3f5fce47619e5873
c92120619e GitHub workflow update (test multiple Bitcoin Core versions) (Kristaps Kaupe)
Pull request description:
* <del>Remove Python 3.6 (EOL), add Python 3.10.</del><ins>Done in #1409</ins>
* Add support for testing against multiple Bitcoin Core versions, add 0.18.0 (oldest officially support for test suite) and <del>22.0</del><ins>25.0</ins> (latest stable release). Previously we tested against hardcoded 0.19.1. IMO testing against oldest supported and latest makes sense, if tests pass on both, they should pass on releases inbetween too, unless there is some behaviour affecting us changed twice.
Also changed Core downloads from bitcoin.org to bitcoincore.org.
For now, opening PR as a test and for discussion. <del>Will increase running time 2x.</del>
ACKs for top commit:
AdamISZ:
ACK c92120619e
kristapsk:
> ACK [c921206](c92120619e)
Tree-SHA512: 1b4d1c5037498923822448c00c7b53bbc133d7c9c5ad897884dd3fdc317145ad564e5de2df154b8ed39cdc21e2abdc18c6e945d243ba54199be68abcc39f7990
90fe9b2430 Fix pyaes dependency, should be in jmbase, not jmbitcoin (Kristaps Kaupe)
Pull request description:
Mistake was made while merging #1512.
ACKs for top commit:
AdamISZ:
ACK 90fe9b2430
Tree-SHA512: 30bc461bf7055bf8af81fc4165492c7f06bb6b923b7e92878dccbfb6d8e14d15950a7d3c5b9b5d681fbd8701cc3a028ad1f10bbc3b56346e387092c3eb88178b
Prior to this commit, an attempt to change the gap limit used in wallet
syncing, by setting gaplimit in the config via configset, would fail,
since gaplimit was only being read from command line options. After this
commit, the value of gaplimit in the POLICY section of the config,
defaulting to 6, will be read and used in Wallet object creation, either
via the createwallet or recoverwallet endpoints, or via the wallet
opening operation in the unlockwallet endpoint. This can be used in
combination with the rescanblockchain endpoint to allow discovery of
funds in addresses beyond the default gap.
9f4da21172 Document requirement of Python 3.7 or newer (Kristaps Kaupe)
63890eef66 Drop Python 3.6 support (Kristaps Kaupe)
Pull request description:
It's EOL since end of 2021 and 3.7+ will be minimum for #1484.
Top commit has no ACKs.
Tree-SHA512: abbb230c54c2657b83c52817d5afeae8d24110553200e54a5789c708958e8405e3fe93b3b84ddceb126dfa474548260bad6b227bd2b03acca914e431bd066dd2
e4f74b56f3 Deduplicate AES code (Kristaps Kaupe)
Pull request description:
There was almost identical code in `jmbitcoin/jmbitcoin/secp256k1_ecies.py` and `jmclient/jmclient/storage.py`, moved it to `jmbase`.
ACKs for top commit:
AdamISZ:
tACK e4f74b56f3
Tree-SHA512: 6dfe347b9a9c1efc126f42fa4e7f55587cb142454f349256c30bc4a2224ee62263bb6635d5bbe8ccd0d1d32ece5f554ab55cdf3bb7b61adde6bce2ae2d0a5108
d5c240b12e Refactor fee estimation code (Kristaps Kaupe)
Pull request description:
Part of splitting #1462 into smaller PRs for easier reviewing and testing.
Top commit has no ACKs.
Tree-SHA512: af1d75881ac7736c46ae8ac96a50808558b626c92f52ee290e68eb19d2e317d0e46c553f7087ed609788611c00de3c3783bf8246e7286da63673212a7f102b25
6cf2237ef8 Add space between address and comma for added utxos msg for easier selection by double clicking (Kristaps Kaupe)
Pull request description:
So that double clicking in terminal selects "address", not "address," in some terminal apps, for example, xfce4-terminal.
Before:
```
2023-07-17 19:25:38,528 [INFO] Added utxos=
xxx:0 - path: m/84'/0'/2'/0/y, address: bc1qsomething, value: 123456
```
After:
```
2023-07-17 19:25:38,528 [INFO] Added utxos=
xxx:0 - path: m/84'/0'/2'/0/y, address: bc1qsomething , value: 123456
```
Top commit has no ACKs.
Tree-SHA512: 59cc3cf245eef0d2747b419c23c396920b3bdb67f8fe95c05652194b0b1068dd0778b327f5e26fe5338b0747fa5f10c923f118cd0529a316231b02b8a6fd97db
9ce4e98aff JM requires Python 3.6+ currently (Kristaps Kaupe)
a85832a20c Remove deprecated check for Python 3+ (Kristaps Kaupe)
Pull request description:
Python 2 is not supported anymore, so no need to check for Python 3+ and JM currently requires 3.6+ not 3.3+.
Top commit has no ACKs.
Tree-SHA512: 611e7da4ddc9198e9794bf8c733ccd1fe57ccecbe8230081a143738da7b1cc7b59d36ea393791abc60b923b94cd926ec36edfbd0ff3180196fe7c886c86fce94
8255c1824f Alphabetical order of imports and add typehints (Kristaps Kaupe)
Pull request description:
Starting to look at #721, want to add typehints and other minor stuff to touched files, but will be easier for reviewers to have refactoring changes in separate PRs.
No typehints for `BlockchainInterface`, could not figure out how to solve circular import problem, flake8 doesn't like forward references.
Top commit has no ACKs.
Tree-SHA512: 60f5a39f460125da39ed27ce882ba1f77d436d7b15a0a0ccc880244d44115a378a3821b4fa21e22616189aba00559a84ee7688bddc35a6a76a5e9ef0c404900f
c7b59ae7c9 Bump werkzeug from 2.2.0 to 2.2.3 in /jmclient (dependabot[bot])
Pull request description:
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.2.0 to 2.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pallets/werkzeug/releases">werkzeug's releases</a>.</em></p>
<blockquote>
<h2>2.2.3</h2>
<p>This is a fix release for the 2.2.x release branch.</p>
<ul>
<li>Changes: <a href="https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3">https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3</a></li>
<li>Milestone: <a href="https://github.com/pallets/werkzeug/milestone/26?closed=1">https://github.com/pallets/werkzeug/milestone/26?closed=1</a></li>
</ul>
<p>This release contains security fixes for:</p>
<ul>
<li><a href="https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323">https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323</a></li>
<li><a href="https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q">https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q</a></li>
</ul>
<h2>2.2.2</h2>
<p>This is a fix release for the <a href="https://github.com/pallets/werkzeug/releases/tag/2.2.0">2.2.0</a> feature release.</p>
<ul>
<li>Changes: <a href="https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2">https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2</a></li>
<li>Milestone: <a href="https://github.com/pallets/werkzeug/milestone/25?closed=1">https://github.com/pallets/werkzeug/milestone/25?closed=1</a></li>
</ul>
<h2>2.2.1</h2>
<p>This is a fix release for the <a href="https://github.com/pallets/werkzeug/releases/tag/2.2.0">2.2.0</a> feature release.</p>
<ul>
<li>Changes: <a href="https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1">https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1</a></li>
<li>Milestone: <a href="https://github.com/pallets/werkzeug/milestone/24?closed=1">https://github.com/pallets/werkzeug/milestone/24?closed=1</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's changelog</a>.</em></p>
<blockquote>
<h2>Version 2.2.3</h2>
<p>Released 2023-02-14</p>
<ul>
<li>Ensure that URL rules using path converters will redirect with strict slashes when
the trailing slash is missing. :issue:<code>2533</code></li>
<li>Type signature for <code>get_json</code> specifies that return type is not optional when
<code>silent=False</code>. :issue:<code>2508</code></li>
<li><code>parse_content_range_header</code> returns <code>None</code> for a value like <code>bytes */-1</code>
where the length is invalid, instead of raising an <code>AssertionError</code>. :issue:<code>2531</code></li>
<li>Address remaining <code>ResourceWarning</code> related to the socket used by <code>run_simple</code>.
Remove <code>prepare_socket</code>, which now happens when creating the server. :issue:<code>2421</code></li>
<li>Update pre-existing headers for <code>multipart/form-data</code> requests with the test
client. :issue:<code>2549</code></li>
<li>Fix handling of header extended parameters such that they are no longer quoted.
:issue:<code>2529</code></li>
<li><code>LimitedStream.read</code> works correctly when wrapping a stream that may not return
the requested size in one <code>read</code> call. :issue:<code>2558</code></li>
<li>A cookie header that starts with <code>=</code> is treated as an empty key and discarded,
rather than stripping the leading <code>==</code>.</li>
<li>Specify a maximum number of multipart parts, default 1000, after which a
<code>RequestEntityTooLarge</code> exception is raised on parsing. This mitigates a DoS
attack where a larger number of form/file parts would result in disproportionate
resource use.</li>
</ul>
<h2>Version 2.2.2</h2>
<p>Released 2022-08-08</p>
<ul>
<li>Fix router to restore the 2.1 <code>strict_slashes == False</code> behaviour
whereby leaf-requests match branch rules and vice
versa. :pr:<code>2489</code></li>
<li>Fix router to identify invalid rules rather than hang parsing them,
and to correctly parse <code>/</code> within converter arguments. :pr:<code>2489</code></li>
<li>Update subpackage imports in :mod:<code>werkzeug.routing</code> to use the
<code>import as</code> syntax for explicitly re-exporting public attributes.
:pr:<code>2493</code></li>
<li>Parsing of some invalid header characters is more robust. :pr:<code>2494</code></li>
<li>When starting the development server, a warning not to use it in a
production deployment is always shown. :issue:<code>2480</code></li>
<li><code>LocalProxy.__wrapped__</code> is always set to the wrapped object when
the proxy is unbound, fixing an issue in doctest that would cause it
to fail. :issue:<code>2485</code></li>
<li>Address one <code>ResourceWarning</code> related to the socket used by
<code>run_simple</code>. :issue:<code>2421</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="22a254fca2"><code>22a254f</code></a> release version 2.2.3</li>
<li><a href="517cac5a80"><code>517cac5</code></a> Merge pull request from GHSA-xg9f-g7g7-2323</li>
<li><a href="babc8d9e8c"><code>babc8d9</code></a> rewrite docs about request data limits</li>
<li><a href="09449ee779"><code>09449ee</code></a> clean up docs</li>
<li><a href="fe899d0cdf"><code>fe899d0</code></a> limit the maximum number of multipart form parts</li>
<li><a href="cf275f42ac"><code>cf275f4</code></a> Merge pull request from GHSA-px8h-6qxv-m22q</li>
<li><a href="8c2b4b82d0"><code>8c2b4b8</code></a> don't strip leading = when parsing cookie</li>
<li><a href="7c7ce5cb73"><code>7c7ce5c</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pallets/werkzeug/issues/2585">#2585</a>)</li>
<li><a href="19ae03e6a3"><code>19ae03e</code></a> [pre-commit.ci] auto fixes from pre-commit.com hooks</li>
<li><a href="a83d3b8bf0"><code>a83d3b8</code></a> [pre-commit.ci] pre-commit autoupdate</li>
<li>Additional commits viewable in <a href="https://github.com/pallets/werkzeug/compare/2.2.0...2.2.3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JoinMarket-Org/joinmarket-clientserver/network/alerts).
</details>
Top commit has no ACKs.
Tree-SHA512: 8df32d7fedba00b343d6a281f01bf6600e33927aa37b2910dfa9c44f1f24e0198c023ffbfd31f928307824fe06024e47bcf39fa08161e4c4d104e46640c9beee
Bitcoin Belly Button
roshii
Kristaps Kaupe
theborakompanioni
Adam Gibson