upleb.uk

Public git repos — served from a NIP-34 GRASP relay at git.upleb.uk

summaryrefslogtreecommitdiff
path: root/CHECKLIST.md
diff options
context:
space:
mode:
Diffstat (limited to 'CHECKLIST.md')
-rw-r--r--CHECKLIST.md70
1 files changed, 43 insertions, 27 deletions
diff --git a/CHECKLIST.md b/CHECKLIST.md
index ba17adc..dc16b0b 100644
--- a/CHECKLIST.md
+++ b/CHECKLIST.md
@@ -21,55 +21,71 @@
21- [x] Fix ping tests (use `-I wlp59s0`) 21- [x] Fix ping tests (use `-I wlp59s0`)
22- [x] Tests 1-14: ALL PASSING 22- [x] Tests 1-14: ALL PASSING
23 23
24## Phase 2: E-Cash Payments — IN PROGRESS 24## Phase 2: E-Cash Payments — IN PROGRESS (commit `3f46bb8` + uncommitted fixes)
25### Code Written (commit `1263d86`) 25### Code Written
26- [x] Implement cashu.c/h (Cashu token parse, base64url, checkstate, mint validation) 26- [x] Implement cashu.c/h (Cashu token parse, base64url, checkstate, mint validation)
27- [x] Implement session.c/h (time-based allotment, expiry, secret tracking) 27- [x] Implement session.c/h (time-based allotment, expiry, secret tracking, MAC tracking)
28- [x] Implement tollgate_api.c/h (:2121 server, GET/POST /, /usage, /whoami) 28- [x] Implement tollgate_api.c/h (:2121 server, GET/POST /, /usage, /whoami)
29- [x] Update captive portal HTML with payment form 29- [x] Update captive portal HTML with payment form (Cashu token textarea + "Pay & Connect")
30- [x] Wire into tollgate_main.c (session_init, api_start, session_tick loop) 30- [x] Wire into tollgate_main.c (session_init, api_start, session_tick loop)
31- [x] Per-MAC access tracking: `firewall_get_mac_for_ip()` using `esp_wifi_ap_get_sta_list_with_ip()` + ARP fallback
32- [x] Two httpd instances: port 80 (captive portal) and port 2121 (TollGate API)
31 33
32### Bug Fixes (commit `aed51d8`) 34### Bug Fixes
33- [x] Stack overflow: httpd stack_size increased to 16384 in tollgate_api.c 35- [x] Stack overflow: httpd stack_size increased to 32768 (TLS+mbedTLS needs ~20KB)
34- [x] Heap allocations: b64, json_buf, post_body, resp_buf moved to heap in cashu.c 36- [x] Heap allocations: cashu_token_t, cashu_proof_state_t, json_buf, post_body all heap-allocated
35- [x] .env: MINT_URL updated to testnut.cashu.space 37- [x] TLS to mint: `esp_crt_bundle_attach` + `esp-tls` in CMakeLists.txt REQUIRES
36- [x] Makefile: replaced Go-based tokens target with nutshell wallet targets 38- [x] HTTP client: `open/write/fetch_headers/read` pattern (not `perform`)
39- [x] Token decode: dynamic `json_buf` sizing `malloc((b64_len * 3) / 4 + 4)`, strip trailing `\n`/`\r`
40- [x] POST body recv: loop `httpd_req_recv` until all `content_len` bytes read
41- [x] `secret_count` bug: capped at `MIN(proof_count, 5)` before `session_create`
42- [x] `config.c` default mint URL fixed to `testnut.cashu.space`
43- [x] Makefile: nutshell wallet targets (wallet-setup, wallet-info, mint-token, send-token)
44- [x] `tests/phase2.mjs`: `/whoami` test checks `includes('mac=')`
37 45
38### Infrastructure (ready now) 46### Infrastructure
39- [x] Upstream gateway on enx00e04c633a90 (192.168.2.0/24, metric 101, default route) 47- [x] Upstream gateway on enx00e04c633a90 (192.168.2.0/24, metric 101, default route)
40- [x] OpenWRT TollGate on enx00e04c683d2d (10.47.41.0/24, metric 20100, never-default) 48- [x] OpenWRT TollGate on enx00e04c683d2d (10.47.41.0/24, metric 20100, never-default)
41- [x] WiFi wlp59s0 free for ESP32 TollGate connection 49- [x] WiFi wlp59s0 free for ESP32 TollGate connection
42- [x] NetworkManager profile "TollGate-ESP32" created (manual 192.168.4.2/24, autoconnect=no) 50- [x] NetworkManager profile "TollGate-ESP32" created (manual 192.168.4.2/24, autoconnect=no)
51- [x] Mint URL verified: `testnut.cashu.space` works; `nofee.testnut.cashu.space` and `nofees.testnut.cashu.space` both broken
43 52
44### Tests Passing 53### Tests Passing
45- [x] Test 15: Advertisement valid (kind=10021 with price_per_step) — PASSING 54- [x] Test 15: Advertisement valid (kind=10021 with price_per_step) — PASSING
55- [x] Test 16: Valid payment (POST :2121/ with valid Cashu token → kind=1022 session) — PASSING
56- [x] Test 17: Usage tracking after payment (GET :2121/usage → active usage) — PASSING
57- [x] Test 18: Internet after payment (ping through TollGate works) — PASSING
58- [x] Test 19: Invalid token rejected (POST garbage → 400, kind=21023) — PASSING
59- [x] Test 20: Spent token rejected (reuse token → kind=21023) — PASSING
60- [x] Test 21: Wrong mint rejected (POST token from wrong mint → kind=21023) — PASSING
61- [x] Test: /whoami returns ip=X.X.X.X mac=XX:XX:XX:XX:XX:XX — PASSING
62- [x] Test: Portal has payment form (Cashu token input + Pay button) — PASSING
46 63
47### Tests Blocked (need hardware flash + test) 64### Tests Not Yet Run (need hardware + time)
48- [ ] Test 16: Valid payment (POST :2121/ with valid Cashu token → kind=1022 session)
49- [ ] Test 17: Usage tracking after payment (GET :2121/usage → active usage)
50- [ ] Test 18: Internet after payment (ping through TollGate works)
51- [ ] Test 19: Invalid token rejected (POST garbage → 400, kind=21023)
52- [ ] Test 20: Spent token rejected (reuse token → 402, kind=21023)
53- [ ] Test 21: Wrong mint rejected (POST token from wrong mint → 402)
54- [ ] Test 22: Session expiry (wait for allotment → internet blocked) 65- [ ] Test 22: Session expiry (wait for allotment → internet blocked)
55- [ ] Test 23: Session renewal (second payment → allotment extended) 66- [ ] Test 23: Session renewal (second payment → allotment extended)
56- [ ] Test 24: Portal payment form visible in browser 67- [ ] Test 24: Portal payment form visible in browser (Playwright)
57- [ ] Test 25: Two clients pay independently 68- [ ] Test 25: Two clients pay independently
58- [ ] Test 26: Client isolation (only payer gets internet) 69- [ ] Test 26: Client isolation (only payer gets internet)
59- [ ] Test 27: Full e2e: portal → pay → browse 70- [ ] Test 27: Full e2e: portal → pay → browse
60 71
61### Next Steps (TDD cycle) 72### Captive Portal Detection Fix
621. Flash firmware to ESP32 board A (`make flash-a`) 73- [x] Added DoT reject server on port 853 (TCP RST forces DNS fallback to port 53)
632. Connect WiFi to TollGate AP: `nmcli con up TollGate-ESP32` 74- [x] DNS hijack now returns NXDOMAIN for ALL non-A query types (prevents DNS leaks)
643. Run Phase 2 discovery test: `TOLLGATE_IP=192.168.4.1 node tests/phase2.mjs` 75- [x] Shorter TTL on hijack responses (10s) for faster detection
654. If Test 15 still passes, proceed to Test 19 (invalid token — no mint needed) 76- [x] Explicit 302 redirect handlers for all captive detection URIs (/generate_204, /hotspot-detect.html, etc.)
665. Mint a test token: `make mint-token AMOUNT=21` 77- [x] HTTP request logging for captive detection endpoints
676. Run full Phase 2 with token: `TEST_TOKEN=$(cashu --env-mint testnut.cashu.space send --legacy 21) TOLLGATE_IP=192.168.4.1 node tests/phase2.mjs` 78- [x] DNS query logging for unauthenticated clients
687. Fix any failures, commit + push when tests pass 79- [ ] **Needs verification with actual GrapheneOS phone**
69 80
70## Phase 3: nucula Wallet + Reseller — NOT STARTED 81## Phase 3: nucula Wallet + ESP32-to-ESP32 Payments — NOT STARTED
71- [ ] Extract nucula wallet into components/cashu_wallet/ 82- [ ] Extract nucula wallet into components/cashu_wallet/
72- [ ] Replace simple melt with Wallet::receive() 83- [ ] Replace simple melt with Wallet::receive()
73- [ ] Implement payout.c/h (background melt-to-LN) 84- [ ] Implement payout.c/h (background melt-to-LN)
74- [ ] Implement upstream_client.c/h (reseller mode) 85- [ ] Implement upstream_client.c/h (reseller mode)
86- [ ] ESP32-to-ESP32 payments (ESP32 generates/proves tokens to pay another ESP32 TollGate)
75- [ ] Tests 28-38 87- [ ] Tests 28-38
88
89## Phase 4: ESP32-to-OpenWRT TollGate Interop — NOT STARTED
90- [ ] ESP32 pays OpenWRT TollGate using Cashu tokens
91- [ ] Interoperability testing with existing OpenWRT TollGate on enx00e04c683d2d
generated by cgit v1.2.3 (git 2.39.1) at 2026-06-05 00:31:14 +0000