Refactor function signatures where appropriate#481
Refactor function signatures where appropriate#481benalleng wants to merge 8 commits intopayjoin:masterfrom
Conversation
| .send() | ||
| .await | ||
| .with_context(|| "HTTP request failed")?; | ||
| let response_str = response.text().await.with_context(|| "Failed to read seponse")?; |
There was a problem hiding this comment.
Does this seem like an ok way to turn this into a string?
There was a problem hiding this comment.
i think so.
previously the response body was copied into a Vec<u8>, and then given as a io::Read. .text(), otoh, treats it as a utf8 string, not all &[u8]-ish things can be made into a String and subsequently a &str, but since this is v1 that should be OK, the data should be base64 followed by query param encoded data, all of which should be ASCII.
however, it seems a bit more defensive, and consistent with v2 to think of all responses as &[u8], so that the payjoin crate is responsible for handling that error, if we change the signature to take a &str, then payjoin-cli and other wallets would be responsible for enforcing this part of BIP78's rules which they should be rather agnostic about, similarly to how the payjoin crate should be agnostic to transport errors etc (and by the same token should not accept a response object as its argument).
nit:
| let response_str = response.text().await.with_context(|| "Failed to read seponse")?; | |
| let response_str = response.text().await.with_context(|| "Failed to read reponse")?; |
There was a problem hiding this comment.
It seems fine, though the extract context is probably unnecessary. I might also suggest doing it inline like it was before:
let psbt = ctx.process_response(&response.text().await?).map_err(|e| {
...
benalleng
changed the title
nothingmuch
left a comment
nothingmuch
left a comment
There was a problem hiding this comment.
Partial review, I'm not sure how strongly I feel about &[u8] in place of &str, I think I could be convinced that that's just bikeshedding but I think the separation of responsibilities arguments is more than just bikeshedding.
I would very much appreciate it if the commits were split up, some of it is trivial refactoring, other parts are a bit more semantic, it all looks good to me but I found it a little noisy to read the large diff as small changes touch many different files, and reviewing commit by commit would be easier, we can always squash later with no effort if that feels too noisy (but I'm personally partial to small commits):
validate_input_utxosremovetreat_missing_as_errorparamprocess_response,&mut impl std::io::Read->&[u8]extract_v2,Url->&Urlnew_v1(Url, Vec<u8>)->(&Url, &[u8])- making
ohttp_decapsulatepub(crate)(seems appropriate but not sure i understand the rationale, if it's just because that's possible then cACK) decrypt_message_b...
some of these are really trivial but touch many files
some of these are a bit more subtle
it would make sense IMO to have one commit per changed fn, and maybe even separate v1 and v2 code into separate pull requests?
| .send() | ||
| .await | ||
| .with_context(|| "HTTP request failed")?; | ||
| let response_str = response.text().await.with_context(|| "Failed to read seponse")?; |
There was a problem hiding this comment.
i think so.
previously the response body was copied into a Vec<u8>, and then given as a io::Read. .text(), otoh, treats it as a utf8 string, not all &[u8]-ish things can be made into a String and subsequently a &str, but since this is v1 that should be OK, the data should be base64 followed by query param encoded data, all of which should be ASCII.
however, it seems a bit more defensive, and consistent with v2 to think of all responses as &[u8], so that the payjoin crate is responsible for handling that error, if we change the signature to take a &str, then payjoin-cli and other wallets would be responsible for enforcing this part of BIP78's rules which they should be rather agnostic about, similarly to how the payjoin crate should be agnostic to transport errors etc (and by the same token should not accept a response object as its argument).
nit:
| let response_str = response.text().await.with_context(|| "Failed to read seponse")?; | |
| let response_str = response.text().await.with_context(|| "Failed to read reponse")?; |
| let mut res_str = String::new(); | ||
| response.read_to_string(&mut res_str).map_err(InternalValidationError::Io)?; | ||
| let proposal = Psbt::from_str(&res_str).map_err(|_| ResponseError::parse(&res_str))?; | ||
| pub fn process_response(self, response: &str) -> Result<Psbt, ResponseError> { |
There was a problem hiding this comment.
The note in #405 says response could be a &[u8], but I agree using &str seems more straightforward.
@DanGould is there a reason we should use bytes instead of a string?
There was a problem hiding this comment.
Seems @nothingmuch addressed this same question in his review and I missed it when writing this.
| .send() | ||
| .await | ||
| .with_context(|| "HTTP request failed")?; | ||
| let response_str = response.text().await.with_context(|| "Failed to read seponse")?; |
There was a problem hiding this comment.
It seems fine, though the extract context is probably unnecessary. I might also suggest doing it inline like it was before:
let psbt = ctx.process_response(&response.text().await?).map_err(|e| {
...
|
Re rust-payjoin/payjoin/src/receive/v1.rs Lines 95 to 97 in 34ee78d however, a similar limit was not included in payjoin-cli prior to this PR, or in the sender: rust-payjoin/payjoin/src/send/v1.rs Line 277 in 34ee78d I opened #483, but since this PR changes the process_response function signature, maybe it'd be more convenient to address the payjoin-cli part of this in this PR at your discretion |
benalleng
force-pushed
the
audit-fn-signatures
branch
from
e370ef5 to
3f975c6
Compare
hybrid keys should be refs here
benalleng
force-pushed
the
audit-fn-signatures
branch
from
ff028f5 to
6d4833c
Compare
benalleng
force-pushed
the
audit-fn-signatures
branch
from
6d4833c to
85aaf0b
Compare
There was a problem hiding this comment.
This is closer but still needs work. I notice separate commits and updated comments are headed in the right direction.
In order to be merged, each commit needs to build and should pass checks, lints, and tests. See the README's Contributing section and ask me questions to run these locally to prepare for a push. From what I can tell, none of these commits yet build or pass tests, perhaps because commits depend on changes from each other.
It seems like some changes like ee2ddfb are sufficient to stand alone as independent PRs to merge in short order.
To get some of this merged I recommend picking just one change out of the many split commits here, starting a fresh branch from master, and organizing the new commit message to follow the seven rules listed here. That'd let you model an ideal PR flow in the most minimal sense, in isolation. Then, I think you'd have an easier time packing a few of these remaining changes together in a PR with multiple commits for another more ambitious PR review and merge after.
|
Changing to draft for now to have as an easy reference but will eventually plan to close in favor of separating these into more easily digested PRs |
|
Closing this as it's being re-implemented in smaller PR chunks |
4 participants
Many of these function signatures were audited in #405 and implemented here.
I am going to leave any new function signatures outside of the ones here to a new PR so I don't bloat this PR anymore than it already is.