Announce allowed purposes in gateway

nothingmuch · nothingmuch · commit 6282ffb2c76a · 2025-03-15T00:36:44.000+01:00
This change signals to relays (see payjoin/ohttp-relay#58) that even if the gateway is not known to the relay, requests are still allowed for the purposes of BIP 77. Because receivers choose the directory (which is its own gateway), but senders choose the relay, before introducing this functionality it this would have been the responsibility of the sender (or more realistically their wallet vendor) to choose an appropriate relay, one that accepts requests on behalf of the receiver's chosen directory. Rationale for adding a UUID: although arguably 64 bits of randomness is more than enough, and even just the string "BIP 77" is likely to be unique and unambiguous, adding a UUID practically ensures an opt-in is really an opt-in as 128 random bits would not be repeated except intentionally. Rationale for format: we just need a set of opaque identifiers, encoding the same way as TLS ALPN does makes sense since that's well specified, binary safe, easy to parse and places readonable limits on string lengths.
diff --git a/payjoin-directory/src/lib.rs b/payjoin-directory/src/lib.rs
@@ -187,7 +187,8 @@ async fn serve_payjoin_directory(
     let mut response = match (parts.method, path_segments.as_slice()) {
         (Method::POST, ["", ".well-known", "ohttp-gateway"]) =>
             handle_ohttp_gateway(body, pool, ohttp).await,
-        (Method::GET, ["", ".well-known", "ohttp-gateway"]) => get_ohttp_keys(&ohttp).await,
+        (Method::GET, ["", ".well-known", "ohttp-gateway"]) =>
+            handle_ohttp_gateway_get(&ohttp, &query).await,
         (Method::POST, ["", ""]) => handle_ohttp_gateway(body, pool, ohttp).await,
         (Method::GET, ["", "ohttp-keys"]) => get_ohttp_keys(&ohttp).await,
         (Method::POST, ["", id]) => post_fallback_v1(id, query, body, pool).await,
@@ -426,6 +427,16 @@ fn not_found() -> Response<BoxBody<Bytes, hyper::Error>> {
     res
 }
 
+async fn handle_ohttp_gateway_get(
+    ohttp: &Arc<Mutex<ohttp::Server>>,
+    query: &str,
+) -> Result<Response<BoxBody<Bytes, hyper::Error>>, HandlerError> {
+    match query {
+        "allowed_purposes" => Ok(get_ohttp_allowed_purposes().await),
+        _ => get_ohttp_keys(ohttp).await,
+    }
+}
+
 async fn get_ohttp_keys(
     ohttp: &Arc<Mutex<ohttp::Server>>,
 ) -> Result<Response<BoxBody<Bytes, hyper::Error>>, HandlerError> {
@@ -440,6 +451,23 @@ async fn get_ohttp_keys(
     Ok(res)
 }
 
+async fn get_ohttp_allowed_purposes() -> Response<BoxBody<Bytes, hyper::Error>> {
+    // Encode the magic string in the same format as a TLS ALPN protocol list (a
+    // U16BE length encoded list of U8 length encoded strings).
+    //
+    // The string is just "BIP77" followed by a UUID, that signals to relays
+    // that this OHTTP gateway will accept any requests associated with this
+    // purpose.
+    let mut res = Response::new(full(Bytes::from_static(
+        b"\x00\x01\x2aBIP77 454403bb-9f7b-4385-b31f-acd2dae20b7e",
+    )));
+
+    res.headers_mut()
+        .insert(CONTENT_TYPE, HeaderValue::from_static("application/x-ohttp-allowed-purposes"));
+
+    res
+}
+
 fn empty() -> BoxBody<Bytes, hyper::Error> {
     Empty::<Bytes>::new().map_err(|never| match never {}).boxed()
 }
