RoboSats v0.5.0-alpha: Upgraded Robot Authentication & More
RoboSats is a simple, private, and trust-minimized way to exchange bitcoin for national currencies via the Lightning Network.
- "First release of the v0.5 minor version. This one comes with a lot of the pre-requisites needed for a coordinator backend that is fully enabled for the federated frontend."
- "We are now ~80% in our development towards the MVP federation, soon initiating the decentralization RoboSats!"
- "Existing robots will stop working on the next release if you do not update ASAP your client to v0.5.0."
- "In addition, other robots will see your status as "Inactive" (red dot) until you update. The referral system is now deprecated. Using a url like
.../robot/<param>
will now generate a new robot on-the-fly (but if you use an old referral link you will not be able to generate a new robot)." - "Robot authentication has been upgraded. New robots will use a token based auth (instead of sessionid+csrf). New authentications for never seen before auth tokens
base91(sha256(robot_token))
will generate a new robot identity on-the-fly. Existing robots without an auth token, will be upgraded to the new auth method on their first login attemp if the frontend client has been updated to v0.5.0."
What's new
Mechanics
- "Referral reward system has been eliminated. The referral system is not compatible with a multi-coordinator system. Maybe in the future we can come up with ideas to implement a new referral system for the new many-clients/many-coordinators model."
- "Fairer bond slashing. When a maker bond is slashed on an order where the taker took a smaller order size (range orders), part of the slashed bond is rewarded back to the maker. This solves the issue with uneven stakes for orders with large amount range size where the taker takes an amount smaller than the maximum. Therefore, the max range size can now be safely increased for more versatile orders. It has now been increased from
x8
tox15
." - "Max allowed mining fee for onchain payouts is raised from 100 Sats/vByte to 500 Sats/vByte. This limit is intended only to prevent fat-fingers mistakes. However, current mempool conditions do require of fees larger than 100 Sats/vByte."
- "Some easy disputes (e.g. your peer never shows up) are solved automatically. This increases speed and lowers custody risks. Helps with one of the main reason for disputes: robot token lost."
Backend
- "Bump to django 4.2 from django 3. Bump to channels, daphne, drf and drf-spectacular."
- "New middlewaMechanicsre for authentication
RobotTokenSHA256
. Builds over django-rest-framework token auth. Uses the sha256(robot.token) encoded as base91 as authentication token. Never seen before tokens will get a new user and robot generated on-the-fly, existing tokens are logged in (updated last_login field)." - "Disable CSRF."
- "Upgraded Coordinator panel. Improved tools, simplified search functions, dark model, renamed models and headers. There is still a lot of work to do, but this is the first part of the work towards making the coordinator panel more accessible to new coordinators."
- "Super optimized the size of the coordinator Docker image from 687 MB to 313 MB. In the spirit of making a RoboSats coordinator easier to run."
Frontend
- "Japanese is now available (Go to Settings -> Languages). Contributed by @aaroniumii."
- "Authentication now only based on
base91(sha256(token))
. This will enable many cool things down the road, but right now it should allow, for example, having multiple tabs with different robots. (Note, your garage will not be consistent across tabs! everytime a new tab is opened, the current state of the garage is loaded from the browser local storage, then on any garage change it will overwrite the object in your browser storage (potentially overwritting robots created on another browser tab)." - "The OrderDetails page shows a preliminary summary (click the expand button) with Satoshis to be sent/receive on the order amount row. This value is on preliminary, as the final trade price is only acquired at the moment the taker bond is locked."
- "There is a new helper text with an approximate amount in Satoshis that you are taking just below the text input for orders with range."
- "Trade summary export button also includes payment_hash and preimage of the lightning payment or address and txid of the onchain payment (only for buyers)."
- "The token entropy (bits entropy and shannon entropy) is now computed in the frontend. If the token does not look complex enough (>128 bits of entropy and >4 shannon entropy), the frontend will not allow creating the robot for the safety of the user. You can see your robot's entropy value by downloading the json of the token garage."
- "Visiting the route
domain/robot/<robot_token>
will directly log you into that robot. This is the new use for that route param after deprecating the referral codes." - "New payment icons: Advcash, Rakuten Pay."
- "It is now possible to have regular QR codes (dark dots over white background) while using the dark theme. Head to Settings and use the new switch for light/dark QR codes."
- "Many small maintainability and consistency improvements: e.g, navigation bar tabs and / browser router is now better linked. currentOrder is better linked with browser router params."
New Contributors
- @aaroniumii made their first contribution in #479.
Full Changelog: v0.4.3-alpha...v0.5.0-alpha