Nest address screening inside V1 config

Since address screening is only relevant when V1 is enabled, it doesn't
make much sense to expose the blocked_* config otherwise. This replaces
the `enable_v1` bool with a new `v1` config section. The presence /
absence of that config section indicates whether to enable v1 or not,
and blocked address settings can be configured within that section if
the access-control feature is enabled.

Author: spacebear21

payjoin-directory/src/lib.rs

@@ -94,6 +94,19 @@ impl BlockedAddresses {
     }
 }
 
+/// V1 protocol configuration.
+///
+/// Its presence in [`Service`] enables the V1 fallback path;
+/// its contents carry optional blocklist screening.
+#[derive(Clone, Default)]
+pub struct V1 {
+    blocked_addresses: Option<BlockedAddresses>,
+}
+
+impl V1 {
+    pub fn new(blocked_addresses: Option<BlockedAddresses>) -> Self { Self { blocked_addresses } }
+}
+
 fn parse_address_lines(text: &str) -> std::collections::HashSet<bitcoin::ScriptBuf> {
     text.lines()
         .filter_map(|l| {
@@ -117,8 +130,7 @@ pub struct Service<D: Db> {
     db: D,
     ohttp: ohttp::Server,
     sentinel_tag: SentinelTag,
-    enable_v1: bool,
-    blocked_addresses: Option<BlockedAddresses>,
+    v1: Option<V1>,
 }
 
 impl<D: Db, B> tower::Service<Request<B>> for Service<D>
@@ -142,13 +154,8 @@ where
 }
 
 impl<D: Db> Service<D> {
-    pub fn new(db: D, ohttp: ohttp::Server, sentinel_tag: SentinelTag, enable_v1: bool) -> Self {
-        Self { db, ohttp, sentinel_tag, enable_v1, blocked_addresses: None }
-    }
-
-    pub fn with_blocked_addresses(mut self, addrs: BlockedAddresses) -> Self {
-        self.blocked_addresses = Some(addrs);
-        self
+    pub fn new(db: D, ohttp: ohttp::Server, sentinel_tag: SentinelTag, v1: Option<V1>) -> Self {
+        Self { db, ohttp, sentinel_tag, v1 }
     }
 
     #[cfg(feature = "_manual-tls")]
@@ -294,7 +301,7 @@ impl<D: Db> Service<D> {
         B: Body<Data = Bytes> + Send + 'static,
         B::Error: Into<BoxError>,
     {
-        if self.enable_v1 {
+        if self.v1.is_some() {
             self.post_fallback_v1(id, query, body).await
         } else {
             let _ = (id, query, body);
@@ -382,7 +389,7 @@ impl<D: Db> Service<D> {
         match (parts.method, path_segments.as_slice()) {
             (Method::POST, &["", id]) => self.post_mailbox(id, body).await,
             (Method::GET, &["", id]) => self.get_mailbox(id).await,
-            (Method::PUT, &["", id]) if self.enable_v1 => self.put_payjoin_v1(id, body).await,
+            (Method::PUT, &["", id]) if self.v1.is_some() => self.put_payjoin_v1(id, body).await,
             _ => Ok(not_found()),
         }
     }
@@ -472,7 +479,7 @@ impl<D: Db> Service<D> {
             Err(_) => return Ok(bad_request_body_res),
         };
 
-        if let Some(blocked) = &self.blocked_addresses {
+        if let Some(blocked) = self.v1.as_ref().and_then(|v| v.blocked_addresses.as_ref()) {
             let scripts = blocked.0.read().await;
             if !scripts.is_empty() {
                 match screen_v1_addresses(&body_str, &scripts) {
@@ -763,12 +770,12 @@ mod tests {
 
     use super::*;
 
-    async fn test_service(enable_v1: bool) -> Service<FilesDb> {
+    async fn test_service(v1: Option<V1>) -> Service<FilesDb> {
         let dir = tempfile::tempdir().expect("tempdir");
         let db = FilesDb::init(Duration::from_millis(100), dir.keep()).await.expect("db init");
         let ohttp: ohttp::Server =
             key_config::gen_ohttp_server_config().expect("ohttp config").into();
-        Service::new(db, ohttp, SentinelTag::new([0u8; 32]), enable_v1)
+        Service::new(db, ohttp, SentinelTag::new([0u8; 32]), v1)
     }
 
     /// A valid ShortId encoded as bech32 for use in URL paths.
@@ -785,7 +792,7 @@ mod tests {
 
     #[tokio::test]
     async fn post_v1_when_disabled_returns_version_unsupported() {
-        let mut svc = test_service(false).await;
+        let mut svc = test_service(None).await;
         let id = valid_short_id_path();
         let req = Request::builder()
             .method(Method::POST)
@@ -802,7 +809,7 @@ mod tests {
 
     #[tokio::test]
     async fn post_v1_with_invalid_body_returns_reject() {
-        let mut svc = test_service(true).await;
+        let mut svc = test_service(Some(V1::new(None))).await;
         let id = valid_short_id_path();
         let req = Request::builder()
             .method(Method::POST)
@@ -819,7 +826,7 @@ mod tests {
 
     #[tokio::test]
     async fn post_v1_with_no_receiver_returns_unavailable() {
-        let mut svc = test_service(true).await;
+        let mut svc = test_service(Some(V1::new(None))).await;
         let id = valid_short_id_path();
         let req = Request::builder()
             .method(Method::POST)

payjoin-directory/src/main.rs

@@ -29,7 +29,8 @@ async fn main() -> Result<(), BoxError> {
         .await
         .expect("Failed to initialize persistent storage");
 
-    let service = Service::new(db, ohttp.into(), SentinelTag::new([0u8; 32]), config.enable_v1);
+    let v1 = if config.enable_v1 { Some(V1::new(None)) } else { None };
+    let service = Service::new(db, ohttp.into(), SentinelTag::new([0u8; 32]), v1);
 
     let listener = TcpListener::bind(config.listen_addr).await?;
 

payjoin-mailroom/config.example.toml

@@ -13,6 +13,20 @@
 # Request timeout in seconds
 # timeout = 30
 
+# --- V1 protocol ---
+# Uncomment the [v1] section to enable V1 fallback support.
+# (address screening requires `access-control` feature)
+# [v1]
+
+# Path to a local file containing blocked Bitcoin addresses (one per line).
+# blocked_addresses_path = "/path/to/blocked_addresses.txt"
+
+# URL to periodically fetch an updated blocked-address list from.
+# blocked_addresses_url = "https://example.com/blocked_addresses.txt"
+
+# How often (in seconds) to refresh the remote address list (default: 86400).
+# blocked_addresses_refresh_secs = 86400
+
 # --- Access-control (requires `access-control` feature) ---
 # [access_control]
 
@@ -23,13 +37,3 @@
 
 # ISO 3166-1 alpha-2 country codes whose requests should be blocked.
 # blocked_regions = ["CU", "IR", "KP", "SY"]
-
-# Path to a local file containing blocked Bitcoin addresses (one per line).
-# Used for V1 PSBT screening.
-# blocked_addresses_path = "/path/to/blocked_addresses.txt"
-
-# URL to periodically fetch an updated blocked-address list from.
-# blocked_addresses_url = "https://example.com/blocked_addresses.txt"
-
-# How often (in seconds) to refresh the remote address list (default: 86400).
-# blocked_addresses_refresh_secs = 86400

payjoin-mailroom/src/config.rs

@@ -12,7 +12,7 @@ pub struct Config {
     pub storage_dir: PathBuf,
     #[serde(deserialize_with = "deserialize_duration_secs")]
     pub timeout: Duration,
-    pub enable_v1: bool,
+    pub v1: Option<V1Config>,
     #[cfg(feature = "telemetry")]
     pub telemetry: Option<TelemetryConfig>,
     #[cfg(feature = "acme")]
@@ -21,6 +21,21 @@ pub struct Config {
     pub access_control: Option<AccessControlConfig>,
 }
 
+/// V1 protocol configuration.
+///
+/// Present in [`Config`] to enable the V1 fallback path.
+/// Contains optional address-screening settings that only apply to V1.
+#[derive(Debug, Clone, Deserialize, Default)]
+#[serde(default)]
+pub struct V1Config {
+    #[cfg(feature = "access-control")]
+    pub blocked_addresses_path: Option<PathBuf>,
+    #[cfg(feature = "access-control")]
+    pub blocked_addresses_url: Option<String>,
+    #[cfg(feature = "access-control")]
+    pub blocked_addresses_refresh_secs: Option<u64>,
+}
+
 #[cfg(feature = "telemetry")]
 #[derive(Debug, Clone, Deserialize)]
 pub struct TelemetryConfig {
@@ -44,9 +59,6 @@ pub struct AcmeConfig {
 pub struct AccessControlConfig {
     pub geo_db_path: Option<PathBuf>,
     pub blocked_regions: Vec<String>,
-    pub blocked_addresses_path: Option<PathBuf>,
-    pub blocked_addresses_url: Option<String>,
-    pub blocked_addresses_refresh_secs: Option<u64>,
 }
 
 #[cfg(feature = "acme")]
@@ -72,7 +84,7 @@ impl Default for Config {
             listener: "[::]:8080".parse().expect("valid default listener address"),
             storage_dir: PathBuf::from("./data"),
             timeout: Duration::from_secs(30),
-            enable_v1: false,
+            v1: None,
             #[cfg(feature = "telemetry")]
             telemetry: None,
             #[cfg(feature = "acme")]
@@ -96,13 +108,13 @@ impl Config {
         listener: ListenerAddress,
         storage_dir: PathBuf,
         timeout: Duration,
-        enable_v1: bool,
+        v1: Option<V1Config>,
     ) -> Self {
         Self {
             listener,
             storage_dir,
             timeout,
-            enable_v1,
+            v1,
             #[cfg(feature = "telemetry")]
             telemetry: None,
             #[cfg(feature = "acme")]

payjoin-mailroom/src/lib.rs

@@ -39,12 +39,7 @@ pub async fn serve(config: Config, meter_provider: Option<SdkMeterProvider>) ->
     #[cfg(feature = "access-control")]
     let geoip = init_geoip(&config).await?;
 
-    #[allow(unused_mut)]
-    let mut directory = init_directory(&config, sentinel_tag).await?;
-    #[cfg(feature = "access-control")]
-    if let Some(blocked) = init_blocked_addresses(&config).await? {
-        directory = directory.with_blocked_addresses(blocked);
-    }
+    let directory = init_directory(&config, sentinel_tag).await?;
 
     let services = Services {
         directory,
@@ -87,12 +82,7 @@ pub async fn serve_manual_tls(
     #[cfg(feature = "access-control")]
     let geoip = init_geoip(&config).await?;
 
-    #[allow(unused_mut)]
-    let mut directory = init_directory(&config, sentinel_tag).await?;
-    #[cfg(feature = "access-control")]
-    if let Some(blocked) = init_blocked_addresses(&config).await? {
-        directory = directory.with_blocked_addresses(blocked);
-    }
+    let directory = init_directory(&config, sentinel_tag).await?;
 
     let services = Services {
         directory,
@@ -156,12 +146,7 @@ pub async fn serve_acme(
     #[cfg(feature = "access-control")]
     let geoip = init_geoip(&config).await?;
 
-    #[allow(unused_mut)]
-    let mut directory = init_directory(&config, sentinel_tag).await?;
-    #[cfg(feature = "access-control")]
-    if let Some(blocked) = init_blocked_addresses(&config).await? {
-        directory = directory.with_blocked_addresses(blocked);
-    }
+    let directory = init_directory(&config, sentinel_tag).await?;
 
     let services = Services {
         directory,
@@ -231,7 +216,16 @@ async fn init_directory(
     let ohttp_keys_dir = config.storage_dir.join("ohttp-keys");
     let ohttp_config = init_ohttp_config(&ohttp_keys_dir)?;
 
-    Ok(payjoin_directory::Service::new(db, ohttp_config.into(), sentinel_tag, config.enable_v1))
+    let v1 = if config.v1.is_some() {
+        #[cfg(feature = "access-control")]
+        let blocked = init_blocked_addresses(config).await?;
+        #[cfg(not(feature = "access-control"))]
+        let blocked = None;
+        Some(payjoin_directory::V1::new(blocked))
+    } else {
+        None
+    };
+    Ok(payjoin_directory::Service::new(db, ohttp_config.into(), sentinel_tag, v1))
 }
 
 #[cfg(feature = "access-control")]
@@ -252,18 +246,18 @@ async fn init_geoip(
 async fn init_blocked_addresses(
     config: &Config,
 ) -> anyhow::Result<Option<payjoin_directory::BlockedAddresses>> {
-    let ac_config = match &config.access_control {
+    let v1_config = match &config.v1 {
         Some(c) => c,
         None => return Ok(None),
     };
 
     // Neither file nor URL configured
-    if ac_config.blocked_addresses_path.is_none() && ac_config.blocked_addresses_url.is_none() {
+    if v1_config.blocked_addresses_path.is_none() && v1_config.blocked_addresses_url.is_none() {
         return Ok(None);
     }
 
     // Load initial addresses from file if available
-    let blocked = match &ac_config.blocked_addresses_path {
+    let blocked = match &v1_config.blocked_addresses_path {
         Some(path) => {
             let text = access_control::load_blocked_address_text(path)?;
             let ba = payjoin_directory::BlockedAddresses::from_address_lines(&text);
@@ -274,10 +268,10 @@ async fn init_blocked_addresses(
     };
 
     // If URL configured, try initial fetch and spawn background updater
-    if let Some(url) = &ac_config.blocked_addresses_url {
+    if let Some(url) = &v1_config.blocked_addresses_url {
         let cache_path = config.storage_dir.join("blocked_addresses_cache.txt");
         let refresh = std::time::Duration::from_secs(
-            ac_config.blocked_addresses_refresh_secs.unwrap_or(86400),
+            v1_config.blocked_addresses_refresh_secs.unwrap_or(86400),
         );
 
         // Try initial fetch; fall back to cache on failure
@@ -432,7 +426,7 @@ mod tests {
             "[::]:0".parse().expect("valid listener address"),
             tempdir.path().to_path_buf(),
             Duration::from_secs(2),
-            false,
+            None,
         );
 
         let mut root_store = RootCertStore::empty();
@@ -527,7 +521,7 @@ mod tests {
             "[::]:0".parse().expect("valid listener address"),
             tempdir.path().to_path_buf(),
             Duration::from_secs(2),
-            false,
+            None,
         );
 
         let sentinel_tag = generate_sentinel_tag();

payjoin-test-utils/src/lib.rs

@@ -121,7 +121,7 @@ pub async fn init_directory(
         "[::]:0".parse().expect("valid listener address"),
         tempdir.path().to_path_buf(),
         Duration::from_secs(2),
-        true,
+        Some(payjoin_mailroom::config::V1Config::default()),
     );
 
     let tls_config = RustlsConfig::from_der(vec![local_cert_key.0], local_cert_key.1).await?;
@@ -149,7 +149,7 @@ async fn init_ohttp_relay(
         "[::]:0".parse().expect("valid listener address"),
         tempdir.path().to_path_buf(),
         Duration::from_secs(2),
-        false,
+        None,
     );
 
     let (port, handle) = payjoin_mailroom::serve_manual_tls(config, None, root_store)