fix: more robust lightning receive

[douglaz]

Closes #3881

Timeout now will happen at the right time: when we're sure the preimage decryption is pending and the expiry time relative to the invoice timestamp has passed.

There are no risks anymore of the timeout not happening because the state machines have been interrupted or it incorrectly happening while the client is dealing with network issues.

[codecov]

Codecov Report

Attention: 5 lines in your changes are missing coverage. Please review.

Comparison is base (577ed73) 57.06% compared to head (8e03a82) 57.10%.
Report is 2 commits behind head on master.

Files	Patch %	Lines
modules/fedimint-ln-client/src/receive.rs	90.47%	2 Missing ⚠️
fedimint-load-test-tool/src/main.rs	0.00%	1 Missing ⚠️
modules/fedimint-ln-common/src/contracts/mod.rs	50.00%	1 Missing ⚠️
modules/fedimint-ln-server/src/lib.rs	95.45%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3929      +/-   ##
==========================================
+ Coverage   57.06%   57.10%   +0.04%     
==========================================
  Files         193      193              
  Lines       42916    42949      +33     
==========================================
+ Hits        24489    24528      +39     
+ Misses      18427    18421       -6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dpc]

thought: Not a problem of this PR, but would rename expiry_timestamp to expiry_timestamp_secs or something.

[dpc]

issue:

> date +%s
1702448004

Isn't 10% of 1702448004s ... 5 years? Do we really need such a buffer? Seems like 60s should be enough for everyone?

BTW. "buffer" seems like a wrong word. Would just inline it to not have to come up with a better name.

[elsirion]

The previous implementation applied it on top of the relative timeout. So 6min per hour.

[elsirion]

@douglaz the factor should be applied on the relative expiry time, not the absolute one.

[douglaz]

I'm sorry, my commit didn't include the fix. Look now.

[douglaz]

I like dpc's idea that this should be just an offset. You don't need it to be relative.

[dpc]

I think fixed offset between computers is much more likely than clocks going 10% slower/faster (which would right away caused fixed offset anyway). Unless I'm missing something.

BTW. Makes me wonder if federation should have a consensus on time as well. :D

[elsirion]

Also good to always allow a fixed grace period as long as there is one.

[elsirion]

nit: I avoided such expects more recently since a horribly misconfigured system might have a time from the past.

[douglaz]

If your system is so misconfigured you should expect things to blow up

[dpc]

Actually - for this to panic, the now() would have to return a date before unix epoch... ? Which is probably impossible at least on Linux, because the representation of time start with unix epoch?

[elsirion]

@douglaz the factor should be applied on the relative expiry time, not the absolute one.

Too tired for another review today, don't want to block unnecessarily.

[dpc]

praise: I like TOLERANCE much more. Sounds very inclusive, while BUFFER sounded needlessly exclusionary, so 👍 😄 👍

[fedimint-backports]

Successfully created backport PR for releases/v0.2:

• [Backport releases/v0.2] fix: more robust lightning receive #3939

[elsirion]

On closer inspection this looks more like a quick fix. Since the underlying timeout issue was hard to debug we re-introduce polling again for the one API call that can take longer than some built-in timeout. It's the pragmatic thing to do, but we should track fixing this issue properly.