Stabilize external error types #403
Comments
Expose descriptive, accurate send errors so that we can switch on them in implementations and mark payjoin sessions in persistent storage accurately. We only want to spawn sessions that are capable of making forward progress and drop those that cannot. Patch overview: 1. housekeeping 2. Introduce specific SenderBuilder errors 3. make CreateRequestError v2 only since v1 can only make have sender builder errors 4. separate the modules to reduce feature flags This separation is incomplete because I'm still uncertain what to do with send::ValidationError's feature gated variants. Do I make a send::ValidationError and a send::v2::ValidationError separate? How do those get handled in ResponseError? Does ResponseError get split into two versions, or do I just leave a feature gated variant? That's left for the next PR predicated on this design being an appropriate one. Note this pays back some tech debt but leaves some slop in payjoin-cli. Rather than making this PR 10 commits to review I left combining FeeRate parsing to a later PR (#452). This error puts us on the path to #392 and #403
This big move isolates v1/v2 module-specific error variants into clean module v1/v2 error modules. There are probably too many `impl<From>` for error variants, but this addresses the module structure first with this PR and will be followed by taking a magnifying glass to the way specific variants are handled. This still also leaves `OutputSubstitutionError`, `SelectionError` and `InputContributionError` from producing JSON error responses to cancel a session with a v2 receiver. We're going to need to address that as part of #403. v2 Error variants also improperly produce JSON errors, but I think the way this was done by abusing `fmt::Display` is also an antipattern to fix at the same time that's addressed. I'd like to leave the JSON receiver error fixes to a follow up since what gets revealed is potentially sensitive and we should be reviewing that change with extra scrutiny. See: #312, #392, #403
See #480 `InternalInputContributionError` has only one error variant as a result of this, which means it's a smell to clean up in #403 One thing I note is that the BIP says "Our recommendation for <code>maxadditionalfeecontribution=</code> is <code>originalPSBTFeeRate * 110</code>." and our actual use is `let recommended_additional_fee = min_fee_rate * input_weight;` where input_weight is 110 only where mixed inputs appear. I did not remove the `expected_input_weight` function for a blanket 110 recommendation, which I believe is in line with actual incentives to use a matching input. but I could go either way.
|
There are a few remaining
|
|
While we're doing this, I'd like to see |
Our reference must not panic if input contribution fails, but instead show best practice for a non-automated receiver where the sender may choose to try to payjoin again or broadcast the transaction extracted from the original PSBT. This is an implementation of my best idea for receiver error handling in [my comment](#403 (comment)) in #403 After this I think the only things to stabilize receiver errors is to decide whether the single-variant `ContributionError` is correct and to mark errors as non-exhaustive, and potentially expose variants as public.
|
Until we're sure we can remove the |
|
Currently we use opaque type externally because we aren't sure which variants will stay. Eventually these should be transparent and we can remove the Internal variants.
The text was updated successfully, but these errors were encountered: