Mix error messages to hide user balance

[ekzyis]

One possible (temporary?) solution for #691 would be to not respond with a error message which tells that creating this invoice would exceed a limit.

By just responding with a different error message, the attacker cannot distinguish between "too many invoices" or "invoice would exceed limit". This isn't ideal but still a lot better imo.

I haven't tested this or checked if this would break something but if our code is good, we're not relying on error messages so this change should be fine.

edit: Okay, I will test this, don't want to rely on @huumn superhuman skills to know exactly the impact of every line of code changed just by looking at it, lol

TODO:

• test

---

Okay, pretty sure this doesn't break anything. I searched for all kind of substrings of the previous error message, and tested depositing and withdrawing. All good.

[kepford]

Fix looks good as a stop gap.

[kepford]

Maybe a longer term solution is to show the original message if the user is funding their own SN wallet. Not sure how difficult that is to do but it would be helpful. Maybe even just posting a help message on the wallet funding page stating the limit. That way it is more obvious to a user trying to fund their wallet.

[huumn]

Yep agreed. We are already getting people reporting this error and being confused.

[ekzyis]

show the original message if the user is funding their own SN wallet. Not sure how difficult that is to do but it would be helpful.

Mhh, since we can tell from the session who is trying to fund which wallet, I think this should be doable. Good idea!