From 37520557fcecf4a86a6e4cedd0eea829d66c1fc4 Mon Sep 17 00:00:00 2001
From: Reckless_Satoshi <reckless.satoshi@protonmail.com>
Date: Wed, 1 May 2024 15:27:38 +0100
Subject: [PATCH] fix(coordinator): downgrade django

---
 docs/assets/schemas/api-latest.yaml | 22 ++++++++++++----------
 requirements.txt                    |  2 +-
 requirements_dev.txt                |  2 +-
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/docs/assets/schemas/api-latest.yaml b/docs/assets/schemas/api-latest.yaml
index b6a64a29..c184ac39 100644
--- a/docs/assets/schemas/api-latest.yaml
+++ b/docs/assets/schemas/api-latest.yaml
@@ -443,14 +443,17 @@ paths:
         - `update_invoice`
           - This action only is valid if you are the buyer. The `invoice`
             field needs to be present in the body and the value must be a
-            valid LN invoice as cleartext PGP message signed with the robot key. Make sure to perform this action only when
+            valid LN invoice as cleartext PGP message signed (SHA512) with the robot key.
+            The amount of the invoice should be `invoice_amount` minus the routing
+            budget whose parts per million should be specified by `routing_budget_ppm`.
+            Make sure to perform this action only when
             both the bonds are locked. i.e The status of your order is
             at least `6` (Waiting for trade collateral and buyer invoice)
         - `update_address`
           - This action is only valid if you are the buyer. This action is
             used to set an on-chain payout address if you wish to have your
             payout be received on-chain. Only valid if there is an address in the body as
-            cleartext PGP message signed with the robot key. This enables on-chain swap for the
+            cleartext PGP message signed (SHA512) with the robot key. This enables on-chain swap for the
             order, so even if you earlier had submitted a LN invoice, it
             will be ignored. You get to choose the `mining_fee_rate` as
             well. Mining fee rate is specified in sats/vbyte.
@@ -470,9 +473,7 @@ paths:
             mid-trade so use this action carefully:
 
             - As a maker if you cancel an order after you have locked your
-              maker bond, you are returned your bond. This may change in
-              the future to prevent DDoSing the LN node and you won't be
-              returned the maker bond.
+              maker bond, you are returned your bond.
             - As a taker there is a time penalty involved if you `take` an
               order and cancel it without locking the taker bond.
             - For both taker or maker, if you cancel the order when both
@@ -631,7 +632,7 @@ paths:
     post:
       operationId: reward_create
       description: Withdraw user reward by submitting an invoice. The invoice must
-        be send as cleartext PGP message signed with the robot key
+        be send as cleartext PGP message signed (SHA512) with the robot key
       summary: Withdraw reward
       tags:
       - reward
@@ -721,12 +722,13 @@ paths:
         An authenticated request (has the token's sha256 hash encoded as base 91 in the Authorization header) will be
         returned the information about the state of a robot.
 
-        Make sure you generate your token using cryptographically secure methods. [Here's]() the function the Javascript
-        client uses to generate the tokens. Since the server only receives the hash of the
+        Make sure you generate your token using cryptographically secure methods.
+        Since the server only receives the hash of the
         token, it is responsibility of the client to create a strong token. Check
-        [here](https://github.com/RoboSats/robosats/blob/main/frontend/src/utils/token.js)
+        [here](https://github.com/RoboSats/robosats/blob/main/frontend/src/utils/token.ts)
         to see how the Javascript client creates a random strong token and how it validates entropy is optimal for tokens
         created by the user at will.
+        The PGP key should be an EdDSA ed25519/cert,sign+cv25519/encr key.
 
         `public_key` - PGP key associated with the user (Armored ASCII format)
         `encrypted_private_key` - Private PGP key. This is only stored on the backend for later fetching by
@@ -737,7 +739,7 @@ paths:
         A gpg key can be created by:
 
         ```shell
-        gpg --full-gen-key
+        gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --full-gen-key
         ```
 
         it's public key can be exported in ascii armored format with:
diff --git a/requirements.txt b/requirements.txt
index 42c74fa7..54b51f92 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-django==5.0.4
+django==4.2.11
 django-admin-relation-links==0.2.5
 django-celery-beat==2.6.0
 django-celery-results==2.5.1
diff --git a/requirements_dev.txt b/requirements_dev.txt
index 3b52d48c..c04f2f5f 100644
--- a/requirements_dev.txt
+++ b/requirements_dev.txt
@@ -1,4 +1,4 @@
 coverage==7.5.0
 ruff==0.4.2
-drf-openapi-tester==2.3.3
+drf-openapi-tester @ git+https://github.com/Reckless-Satoshi/drf-openapi-tester.git@soften-django-requirements
 pre-commit==3.7.0
\ No newline at end of file