feat: update outgoing payment limits spec

[njlie]

Changes proposed in this pull request

• Prevents outgoing payment grant requests where debitAmount and receiveAmount are both included in the limits.

Context

Closes #471.

[changeset-bot]

🦋 Changeset detected

Latest commit: 6a474dd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@interledger/open-payments	Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[netlify]

✅ Deploy Preview for openpayments-preview ready!

Name	Link
🔨 Latest commit
🔍 Latest deploy log	https://app.netlify.com/sites/openpayments-preview/deploys/67e29d4638c80400b528c072
😎 Deploy Preview	https://deploy-preview-564--openpayments-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[mkurapov]

These types would allow the client to take in both receiveAmount or debitAmount (because of the old openapi-typescript lib). I've updated it here (and upgraded to TS 5 here) so we can get those in first)

[raducristianpopa]

I think we should add some runtime assertions as well when we are dealing with mutually exclusive types and not fully rely on TS errors.

[mkurapov]

Maybe we can throw an OpenPaymentsClientError here

[raducristianpopa]

I hoped that the openapi-typescript update will fix the XOR issue that we are facing for mutually exclusive types, but it looks like it is not generating proper XOR for oneOf. Right now, TypeScript will not complain if a client still provides both amounts.

Since this is a major bump, we can improve the types a bit. Let me know what you think about this.

[raducristianpopa]

Suggested change

	export type OutgoingPaymentLimitWithDebitAmount = Extract<
	ASComponents['schemas']['access-outgoing']['limits'],
	{ debitAmount: components['schemas']['amount'] }
	>
	export type OutgoingPaymentLimitWithReceiveAmount = Extract<
	ASComponents['schemas']['access-outgoing']['limits'],
	{ receiveAmount: components['schemas']['amount'] }
	>
	// From: https://github.com/microsoft/TypeScript/issues/14094#issuecomment-373782604
	type Without<T, U> = { [P in Exclude<keyof T, keyof U>]?: never }
	type XOR<T, U> = T | U extends object
	? (Without<T, U> & U) | (Without<U, T> & T)
	: T | U
	type XOR3<T, U, V> = XOR<T, XOR<U,V>>
	export type AccessOutgoingBase = {
	receiver?: ASComponents['schemas']['receiver']
	interval?: ASComponents['schemas']['interval']
	}
	export type AccessOutgoingWithDebitAmount = AccessOutgoingBase & {
	debitAmount: ASComponents['schemas']['amount']
	}
	export type AccessOutgoingWithReceiveAmount = AccessOutgoingBase & {
	receiveAmount: ASComponents['schemas']['amount']
	}
	export type AccessOutgoingLimits = XOR3<
	AccessOutgoingBase,
	AccessOutgoingWithDebitAmount,
	AccessOutgoingWithReceiveAmount
	>
	export type AccessOutgoing = {
	type: 'outgoing-payment'
	actions: ('create' | 'read' | 'read-all' | 'list' | 'list-all')[]
	identifier: string
	limits?: AccessOutgoingLimits
	}
	export type GrantRequestAccessItem =
	| ASComponents['schemas']['access-incoming']
	| AccessOutgoing
	| ASComponents['schemas']['access-quote']

With the new GrantRequestAccessItem, we can now update GrantRequest from

open-payments/packages/open-payments/src/types.ts

Lines 96 to 100 in 97612b4

	export type GrantRequest = {
	access_token: ASOperations['post-request']['requestBody']['content']['application/json']['access_token']
	client: ASOperations['post-request']['requestBody']['content']['application/json']['client']
	interact?: ASOperations['post-request']['requestBody']['content']['application/json']['interact']
	}

to:

export type GrantRequest = {
  access_token: { access: GrantRequestAccessItem[] }
  client: ASOperations['post-request']['requestBody']['content']['application/json']['client']
  interact?: ASOperations['post-request']['requestBody']['content']['application/json']['interact']
}

Now, if a client will provide both amounts, a TypeScript error will be raised - in their IDE or at transpilation time:

open-payments/packages/open-payments on  nl/471/outgoing-payment-limits-update [!?] via   v20.18.3 pnpm tsc --noEmit
src/scratchpad.ts:26:15 - error TS2322: Type '{ assetScale: number; assetCode: string; value: string; }' is not assignable to type 'undefined'.

26               receiveAmount: {
                 ~~~~~~~~~~~~~


Found 1 error in src/scratchpad.ts:26

[njlie]

This looks great! Thanks for writing it up. The discussion on native XOR implementation is very spirited...

[mkurapov]

@raducristianpopa I would think it would say is not assignable to type 'never'. instead, but it seems to do the trick

[raducristianpopa]

(if we proceed with the new types)

Suggested change

	(outgoingPaymentAccess?.limits as OutgoingPaymentLimitWithDebitAmount)
	?.debitAmount &&
	(outgoingPaymentAccess?.limits as OutgoingPaymentLimitWithReceiveAmount)
	?.receiveAmount
	(outgoingPaymentAccess?.limits as OutgoingAccessWithDebitAmount)
	?.debitAmount &&
	(outgoingPaymentAccess?.limits as OutgoingAccessWithReceiveAmount)
	?.receiveAmount

[raducristianpopa]

I'm thinking that oneOf might be the property we should go for? Based on OpenAPI docs:

oneOf – validates the value against exactly one of the subschemas
anyOf – validates the value against any (one or more) of the subschemas

[raducristianpopa]

I feel like this would help the SDK user find the source of the error more easily when using JS directly or when not caring about the TS errors.

Suggested change

	throw new OpenPaymentsClientError('Invalid Grant Request', {
	description: 'Invalid Request'
	})
	throw new OpenPaymentsClientError('Invalid Grant Request', {
	description: 'Invalid grant request. Both "debitAmount" and "receiveAmount" were provided. Please specify only one of them.'
	})

[raducristianpopa]

@njlie it looks like oneOf is working a bit differently from what I expected when reading the docs - https://swagger.io/docs/specification/v3_0/data-models/oneof-anyof-allof-not/#difference-between-anyof-and-oneof (???)

I think that the issue is with the interval and receiver properties since they "match" with multiple schemas when using oneOf. Reverting to anyOf should be the go to solution in this case. Sorry for putting you on the wrong track! 🙇‍♂️

[njlie]

@njlie it looks like oneOf is working a bit differently from what I expected when reading the docs - swagger.io/docs/specification/v3_0/data-models/oneof-anyof-allof-not#difference-between-anyof-and-oneof (???)

I think that the issue is with the interval and receiver properties since they "match" with multiple schemas when using oneOf. Reverting to anyOf should be the go to solution in this case. Sorry for putting you on the wrong track! 🙇‍♂️

I also interpreted it the same way as you, at first - so I thought I could "debug" what the issue with the validation was. But this explains why it's been so confusing. Thanks for flagging this anyways 👍

[mkurapov]

Interesting, so oneOf to properly work needs all the keys in the objects to be exclusive from one another? Pretty odd but good to know 🤷