refactor: skip serialization of feilds other then secret

This avoids wallet fingerprinting by only sending the secret when checking if a proof is spent as recommnded in the nut.
2026-02-08 14:45:47 +01:00 · 2023-12-18 23:21:58 +00:00
parent 299d4c9c05
commit 69bdb18dda
4 changed files with 20 additions and 2 deletions
--- a/crates/cashu-sdk/src/mint.rs
+++ b/crates/cashu-sdk/src/mint.rs
@@ -308,7 +308,7 @@ impl Mint {

        Ok(MeltBolt11Response {
            paid: true,
-            proof: preimage.to_string(),
+            payment_preimage: Some(preimage.to_string()),
            change,
        })
    }
--- a/crates/cashu-sdk/src/wallet.rs
+++ b/crates/cashu-sdk/src/wallet.rs
@@ -300,7 +300,7 @@ impl<C: Client> Wallet<C> {

        let melted = Melted {
            paid: true,
-            preimage: Some(melt_response.proof),
+            preimage: melt_response.payment_preimage,
            change: change_proofs,
        };

--- a/crates/cashu/src/error.rs
+++ b/crates/cashu/src/error.rs
@@ -33,6 +33,8 @@ pub enum Error {
    TokenNotVerifed,
    #[error("Invoice Amount undefined")]
    InvoiceAmountUndefined,
+    #[error("Proof missing required field")]
+    MissingProofField,
 }

 #[cfg(feature = "wallet")]
--- a/crates/cashu/src/nuts/nut00.rs
+++ b/crates/cashu/src/nuts/nut00.rs
@@ -389,6 +389,19 @@ impl From<Proof> for mint::Proof {
    }
 }

+impl TryFrom<mint::Proof> for Proof {
+    type Error = Error;
+
+    fn try_from(mint_proof: mint::Proof) -> Result<Proof, Self::Error> {
+        Ok(Self {
+            id: mint_proof.id.ok_or(Error::MissingProofField)?,
+            amount: mint_proof.amount.ok_or(Error::MissingProofField)?,
+            secret: mint_proof.secret,
+            c: mint_proof.c.ok_or(Error::MissingProofField)?,
+        })
+    }
+}
+
 pub mod mint {
    use serde::{Deserialize, Serialize};

@@ -401,13 +414,16 @@ pub mod mint {
    #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
    pub struct Proof {
        /// Amount in satoshi
+        #[serde(skip_serializing)]
        pub amount: Option<Amount>,
        /// Secret message
+        #[serde(skip_serializing)]
        pub secret: Secret,
        /// Unblinded signature
        #[serde(rename = "C")]
        pub c: Option<PublicKey>,
        /// `Keyset id`
+        #[serde(skip_serializing)]
        pub id: Option<Id>,
    }