Chode: migrate to JSON v2

go.mod

@@ -1,6 +1,6 @@
 module github.com/lescuer97/nutmix
 
-go 1.25.4
+go 1.26
 
 require (
 	github.com/BurntSushi/toml v1.5.0
@@ -91,6 +91,7 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.11 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
+	github.com/go-json-experiment/json v0.0.0-20260214004413-d219187c3433 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-macaroon-bakery/macaroonpb v1.0.0 // indirect

go.sum

@@ -193,6 +193,8 @@ github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
 github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
 github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
 github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
+github.com/go-json-experiment/json v0.0.0-20260214004413-d219187c3433 h1:vymEbVwYFP/L05h5TKQxvkXoKxNvTpjxYKdF1Nlwuao=
+github.com/go-json-experiment/json v0.0.0-20260214004413-d219187c3433/go.mod h1:tphK2c80bpPhMOI4v6bIc2xWywPfbqi1Z06+RcrMkDg=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=

internal/routes/admin/auth.go

@@ -101,13 +101,13 @@ func LoginPost(mint *mint.Mint, loginKey *secp256k1.PrivateKey, adminNostrPubkey
 		// parse data for login
 		slog.Debug("Attempting log in")
 		var nostrEvent nostr.Event
-		err := c.BindJSON(&nostrEvent)
+		err := utils.DecodeJSONV2(c, &nostrEvent)
 		if err != nil {
 			slog.Debug(
 				"Incorrect body",
 				slog.String(utils.LogExtraInfo, err.Error()),
 			)
-			c.JSON(400, "Malformed body request")
+			utils.JSON(c, 400, "Malformed body request")
 			return
 		}
 		ctx := c.Request.Context()
@@ -149,7 +149,7 @@ func LoginPost(mint *mint.Mint, loginKey *secp256k1.PrivateKey, adminNostrPubkey
 		}
 
 		if nostrLogin.Activated {
-			c.JSON(403, "This login value was already used, please reload the page")
+			utils.JSON(c, 403, "This login value was already used, please reload the page")
 			return
 		}
 
@@ -200,7 +200,7 @@ func LoginPost(mint *mint.Mint, loginKey *secp256k1.PrivateKey, adminNostrPubkey
 
 		c.SetCookie(AdminAuthKey, token, 3600, "/", "", false, true)
 		c.Header("HX-Redirect", "/admin")
-		c.JSON(200, nil)
+		utils.JSON(c, 200, nil)
 	}
 }
 

internal/routes/admin/keysets.go

@@ -65,12 +65,11 @@ func RotateSatsSeed(adminHandler *adminHandler) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		var rotateRequest RotateRequest
 		if c.ContentType() == gin.MIMEJSON {
-			// Use Decode instead of BindJSON to have more control if needed,
-			// but BindJSON calls UnmarshalJSON which we defined.
-			err := c.BindJSON(&rotateRequest)
+			// JSON requests are decoded with strict unknown-field rejection.
+			err := utils.DecodeJSONV2(c, &rotateRequest)
 			if err != nil {
-				slog.Error("BindJSON error", slog.Any("error", err))
-				c.JSON(400, nil)
+				slog.Error("DecodeJSONV2 error", slog.Any("error", err))
+				utils.JSON(c, 400, nil)
 				return
 			}
 		} else {
@@ -140,7 +139,7 @@ func RotateSatsSeed(adminHandler *adminHandler) gin.HandlerFunc {
 		}
 
 		if c.ContentType() == gin.MIMEJSON {
-			c.JSON(200, nil)
+			utils.JSON(c, 200, nil)
 		} else {
 
 			c.Header("HX-Trigger", "recharge-keyset")

internal/routes/auth.go

@@ -16,7 +16,7 @@ func AuthActivatedMiddleware(mint *m.Mint) gin.HandlerFunc {
 
 		if !mint.Config.MINT_REQUIRE_AUTH {
 			slog.Warn(fmt.Errorf("tried using route that does not exist because auth not being active").Error())
-			c.JSON(404, "route does not exists")
+			utils.JSON(c, 404, "route does not exists")
 			c.Abort()
 			return
 		}
@@ -33,11 +33,11 @@ func v1AuthRoutes(r *gin.Engine, mint *m.Mint) {
 		keys, err := mint.Signer.GetAuthActiveKeys()
 		if err != nil {
 			slog.Warn("mint.Signer.GetAuthActiveKeys()", slog.Any("error", err))
-			c.JSON(400, cashu.ErrorCodeToResponse(cashu.KEYSET_NOT_KNOW, nil))
+			utils.JSON(c, 400, cashu.ErrorCodeToResponse(cashu.KEYSET_NOT_KNOW, nil))
 			return
 		}
 
-		c.JSON(200, keys)
+		utils.JSON(c, 200, keys)
 	})
 
 	auth.GET("/blind/keys/:id", func(c *gin.Context) {
@@ -47,30 +47,30 @@ func v1AuthRoutes(r *gin.Engine, mint *m.Mint) {
 
 		if err != nil {
 			slog.Warn("mint.Signer.GetAuthKeysById(id)", slog.Any("error", err))
-			c.JSON(400, cashu.ErrorCodeToResponse(cashu.KEYSET_NOT_KNOW, nil))
+			utils.JSON(c, 400, cashu.ErrorCodeToResponse(cashu.KEYSET_NOT_KNOW, nil))
 			return
 		}
 
-		c.JSON(200, keysets)
+		utils.JSON(c, 200, keysets)
 	})
 
 	auth.GET("/blind/keysets", func(c *gin.Context) {
 		keys, err := mint.Signer.GetAuthKeys()
 		if err != nil {
 			slog.Error("mint.Signer.GetAuthKeys()", slog.Any("error", err))
-			c.JSON(400, cashu.ErrorCodeToResponse(cashu.KEYSET_NOT_KNOW, nil))
+			utils.JSON(c, 400, cashu.ErrorCodeToResponse(cashu.KEYSET_NOT_KNOW, nil))
 			return
 		}
 
-		c.JSON(200, keys)
+		utils.JSON(c, 200, keys)
 	})
 
 	auth.POST("/blind/mint", func(c *gin.Context) {
 		var mintRequest cashu.PostMintBolt11Request
-		err := c.BindJSON(&mintRequest)
+		err := utils.DecodeJSONV2(c, &mintRequest)
 		if err != nil {
 			slog.Info("Incorrect body", slog.Any("error", err))
-			c.JSON(400, "Malformed body request")
+			utils.JSON(c, 400, "Malformed body request")
 			return
 		}
 
@@ -92,20 +92,20 @@ func v1AuthRoutes(r *gin.Engine, mint *m.Mint) {
 		if err != nil {
 			slog.Error("mint.Signer.GetKeys()", slog.Any("error", err))
 			errorCode, details := utils.ParseErrorToCashuErrorCode(err)
-			c.JSON(400, cashu.ErrorCodeToResponse(errorCode, details))
+			utils.JSON(c, 400, cashu.ErrorCodeToResponse(errorCode, details))
 			return
 		}
 		unit, err := mint.VerifyOutputs(tx, mintRequest.Outputs, keysets.Keysets)
 		if err != nil {
 			slog.Warn("mint.VerifyOutputs(mintRequest.Outputs)", slog.Any("error", err))
 			errorCode, details := utils.ParseErrorToCashuErrorCode(err)
-			c.JSON(400, cashu.ErrorCodeToResponse(errorCode, details))
+			utils.JSON(c, 400, cashu.ErrorCodeToResponse(errorCode, details))
 			return
 		}
 
 		if unit != cashu.AUTH {
 			details := `You can only use "auth" tokens in this endpoint`
-			c.JSON(400, cashu.ErrorCodeToResponse(cashu.UNIT_NOT_SUPPORTED, &details))
+			utils.JSON(c, 400, cashu.ErrorCodeToResponse(cashu.UNIT_NOT_SUPPORTED, &details))
 			return
 		}
 
@@ -118,15 +118,15 @@ func v1AuthRoutes(r *gin.Engine, mint *m.Mint) {
 
 		if amountBlindMessages > mint.Config.MINT_AUTH_MAX_BLIND_TOKENS {
 			slog.Warn("Trying to mint auth tokens over the limit")
-			c.JSON(400, cashu.ErrorCodeToResponse(cashu.MAXIMUM_BAT_MINT_LIMIT_EXCEEDED, nil))
+			utils.JSON(c, 400, cashu.ErrorCodeToResponse(cashu.MAXIMUM_BAT_MINT_LIMIT_EXCEEDED, nil))
 			return
 		}
 
 		blindedSignatures, recoverySigsDb, err := mint.Signer.SignBlindMessages(mintRequest.Outputs)
 		if err != nil {
 			slog.Warn("mint.Signer.SignBlindMessages(mintRequest.Outputs)", slog.Any("error", err))
 			errorCode, details := utils.ParseErrorToCashuErrorCode(err)
-			c.JSON(400, cashu.ErrorCodeToResponse(errorCode, details))
+			utils.JSON(c, 400, cashu.ErrorCodeToResponse(errorCode, details))
 			return
 		}
 
@@ -143,7 +143,7 @@ func v1AuthRoutes(r *gin.Engine, mint *m.Mint) {
 			return
 		}
 
-		c.JSON(200, cashu.PostMintBolt11Response{
+		utils.JSON(c, 200, cashu.PostMintBolt11Response{
 			Signatures: blindedSignatures,
 		})
 	})