2022-01-05 20:37:34 +00:00
|
|
|
import { createInvoice, decodePaymentRequest, payViaPaymentRequest } from 'ln-service'
|
2023-07-23 15:08:43 +00:00
|
|
|
import { GraphQLError } from 'graphql'
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
import crypto from 'crypto'
|
2021-05-20 01:09:32 +00:00
|
|
|
import serialize from './serial'
|
2021-12-14 16:42:54 +00:00
|
|
|
import { decodeCursor, LIMIT, nextCursorEncoded } from '../../lib/cursor'
|
2021-12-15 16:50:11 +00:00
|
|
|
import lnpr from 'bolt11'
|
2021-12-16 20:02:17 +00:00
|
|
|
import { SELECT } from './item'
|
2022-05-19 14:22:25 +00:00
|
|
|
import { lnurlPayDescriptionHash } from '../../lib/lnurl'
|
2022-12-19 22:27:52 +00:00
|
|
|
import { msatsToSats, msatsToSatsDecimal } from '../../lib/format'
|
2023-02-08 19:38:04 +00:00
|
|
|
import { amountSchema, lnAddrSchema, ssValidate, withdrawlSchema } from '../../lib/validate'
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
import { ANON_BALANCE_LIMIT_MSATS, ANON_INV_PENDING_LIMIT, ANON_USER_ID, BALANCE_LIMIT_MSATS, INV_PENDING_LIMIT } from '../../lib/constants'
|
|
|
|
|
import { datePivot } from '../../lib/time'
|
2021-05-11 15:52:50 +00:00
|
|
|
|
2022-03-23 18:54:39 +00:00
|
|
|
export async function getInvoice (parent, { id }, { me, models }) {
|
|
|
|
|
const inv = await models.invoice.findUnique({
|
|
|
|
|
where: {
|
|
|
|
|
id: Number(id)
|
|
|
|
|
},
|
|
|
|
|
include: {
|
|
|
|
|
user: true
|
|
|
|
|
}
|
|
|
|
|
})
|
2021-05-20 01:09:32 +00:00
|
|
|
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
if (!inv) {
|
|
|
|
|
throw new GraphQLError('invoice not found', { extensions: { code: 'BAD_INPUT' } })
|
|
|
|
|
}
|
|
|
|
|
if (inv.user.id === ANON_USER_ID) {
|
|
|
|
|
return inv
|
|
|
|
|
}
|
|
|
|
|
if (!me) {
|
|
|
|
|
throw new GraphQLError('you must be logged in', { extensions: { code: 'FORBIDDEN' } })
|
|
|
|
|
}
|
2022-03-23 18:54:39 +00:00
|
|
|
if (inv.user.id !== me.id) {
|
2023-07-23 15:08:43 +00:00
|
|
|
throw new GraphQLError('not ur invoice', { extensions: { code: 'FORBIDDEN' } })
|
2022-03-23 18:54:39 +00:00
|
|
|
}
|
2021-05-20 01:09:32 +00:00
|
|
|
|
2023-08-08 18:19:31 +00:00
|
|
|
try {
|
|
|
|
|
inv.nostr = JSON.parse(inv.desc)
|
|
|
|
|
} catch (err) {
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 18:54:39 +00:00
|
|
|
return inv
|
|
|
|
|
}
|
|
|
|
|
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
export function createHmac (hash) {
|
|
|
|
|
const key = Buffer.from(process.env.INVOICE_HMAC_KEY, 'hex')
|
|
|
|
|
return crypto.createHmac('sha256', key).update(Buffer.from(hash, 'hex')).digest('hex')
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-23 18:54:39 +00:00
|
|
|
export default {
|
|
|
|
|
Query: {
|
|
|
|
|
invoice: getInvoice,
|
2021-05-13 01:51:37 +00:00
|
|
|
withdrawl: async (parent, { id }, { me, models, lnd }) => {
|
2021-05-20 01:09:32 +00:00
|
|
|
if (!me) {
|
2023-07-23 15:08:43 +00:00
|
|
|
throw new GraphQLError('you must be logged in', { extensions: { code: 'FORBIDDEN' } })
|
2021-05-20 01:09:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const wdrwl = await models.withdrawl.findUnique({
|
|
|
|
|
where: {
|
|
|
|
|
id: Number(id)
|
|
|
|
|
},
|
|
|
|
|
include: {
|
|
|
|
|
user: true
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
2021-06-27 03:09:39 +00:00
|
|
|
if (wdrwl.user.id !== me.id) {
|
2023-07-23 15:08:43 +00:00
|
|
|
throw new GraphQLError('not ur withdrawal', { extensions: { code: 'FORBIDDEN' } })
|
2021-05-20 01:09:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return wdrwl
|
2021-06-02 23:15:28 +00:00
|
|
|
},
|
|
|
|
|
connectAddress: async (parent, args, { lnd }) => {
|
2021-06-03 22:08:00 +00:00
|
|
|
return process.env.LND_CONNECT_ADDRESS
|
2021-11-30 15:23:26 +00:00
|
|
|
},
|
2021-12-16 17:27:12 +00:00
|
|
|
walletHistory: async (parent, { cursor, inc }, { me, models, lnd }) => {
|
2021-11-30 15:23:26 +00:00
|
|
|
const decodedCursor = decodeCursor(cursor)
|
2021-12-15 16:50:11 +00:00
|
|
|
if (!me) {
|
2023-07-23 15:08:43 +00:00
|
|
|
throw new GraphQLError('you must be logged in', { extensions: { code: 'FORBIDDEN' } })
|
2021-12-15 16:50:11 +00:00
|
|
|
}
|
2021-11-30 15:23:26 +00:00
|
|
|
|
2021-12-16 20:17:50 +00:00
|
|
|
const include = new Set(inc?.split(','))
|
2021-12-16 17:27:12 +00:00
|
|
|
const queries = []
|
|
|
|
|
|
|
|
|
|
if (include.has('invoice')) {
|
|
|
|
|
queries.push(
|
|
|
|
|
`(SELECT ('invoice' || id) as id, id as "factId", bolt11, created_at as "createdAt",
|
|
|
|
|
COALESCE("msatsReceived", "msatsRequested") as msats, NULL as "msatsFee",
|
|
|
|
|
CASE WHEN "confirmedAt" IS NOT NULL THEN 'CONFIRMED'
|
|
|
|
|
WHEN "expiresAt" <= $2 THEN 'EXPIRED'
|
|
|
|
|
WHEN cancelled THEN 'CANCELLED'
|
|
|
|
|
ELSE 'PENDING' END as status,
|
|
|
|
|
'invoice' as type
|
|
|
|
|
FROM "Invoice"
|
|
|
|
|
WHERE "userId" = $1
|
|
|
|
|
AND created_at <= $2)`)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (include.has('withdrawal')) {
|
|
|
|
|
queries.push(
|
|
|
|
|
`(SELECT ('withdrawal' || id) as id, id as "factId", bolt11, created_at as "createdAt",
|
|
|
|
|
CASE WHEN status = 'CONFIRMED' THEN "msatsPaid"
|
|
|
|
|
ELSE "msatsPaying" END as msats,
|
|
|
|
|
CASE WHEN status = 'CONFIRMED' THEN "msatsFeePaid"
|
|
|
|
|
ELSE "msatsFeePaying" END as "msatsFee",
|
|
|
|
|
COALESCE(status::text, 'PENDING') as status,
|
|
|
|
|
'withdrawal' as type
|
|
|
|
|
FROM "Withdrawl"
|
|
|
|
|
WHERE "userId" = $1
|
|
|
|
|
AND created_at <= $2)`)
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-16 20:02:17 +00:00
|
|
|
if (include.has('stacked')) {
|
|
|
|
|
queries.push(
|
|
|
|
|
`(SELECT ('stacked' || "Item".id) as id, "Item".id as "factId", NULL as bolt11,
|
2022-11-15 20:51:55 +00:00
|
|
|
MAX("ItemAct".created_at) as "createdAt", sum("ItemAct".msats) as msats,
|
2021-12-16 20:02:17 +00:00
|
|
|
0 as "msatsFee", NULL as status, 'stacked' as type
|
|
|
|
|
FROM "ItemAct"
|
|
|
|
|
JOIN "Item" on "ItemAct"."itemId" = "Item".id
|
2022-11-23 18:12:09 +00:00
|
|
|
WHERE act = 'TIP'
|
2022-04-19 18:32:39 +00:00
|
|
|
AND (("Item"."userId" = $1 AND "Item"."fwdUserId" IS NULL)
|
|
|
|
|
OR ("Item"."fwdUserId" = $1 AND "ItemAct"."userId" <> "Item"."userId"))
|
|
|
|
|
AND "ItemAct".created_at <= $2
|
2021-12-16 20:02:17 +00:00
|
|
|
GROUP BY "Item".id)`)
|
2022-03-17 20:13:19 +00:00
|
|
|
queries.push(
|
2022-09-12 18:55:34 +00:00
|
|
|
`(SELECT ('earn' || min("Earn".id)) as id, min("Earn".id) as "factId", NULL as bolt11,
|
|
|
|
|
created_at as "createdAt", sum(msats),
|
2022-03-17 20:13:19 +00:00
|
|
|
0 as "msatsFee", NULL as status, 'earn' as type
|
|
|
|
|
FROM "Earn"
|
2022-09-12 18:55:34 +00:00
|
|
|
WHERE "Earn"."userId" = $1 AND "Earn".created_at <= $2
|
|
|
|
|
GROUP BY "userId", created_at)`)
|
2022-12-19 22:27:52 +00:00
|
|
|
queries.push(
|
|
|
|
|
`(SELECT ('referral' || "ReferralAct".id) as id, "ReferralAct".id as "factId", NULL as bolt11,
|
|
|
|
|
created_at as "createdAt", msats,
|
|
|
|
|
0 as "msatsFee", NULL as status, 'referral' as type
|
|
|
|
|
FROM "ReferralAct"
|
|
|
|
|
WHERE "ReferralAct"."referrerId" = $1 AND "ReferralAct".created_at <= $2)`)
|
2021-12-16 20:02:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (include.has('spent')) {
|
|
|
|
|
queries.push(
|
|
|
|
|
`(SELECT ('spent' || "Item".id) as id, "Item".id as "factId", NULL as bolt11,
|
2022-11-15 20:51:55 +00:00
|
|
|
MAX("ItemAct".created_at) as "createdAt", sum("ItemAct".msats) as msats,
|
2021-12-16 20:02:17 +00:00
|
|
|
0 as "msatsFee", NULL as status, 'spent' as type
|
|
|
|
|
FROM "ItemAct"
|
|
|
|
|
JOIN "Item" on "ItemAct"."itemId" = "Item".id
|
|
|
|
|
WHERE "ItemAct"."userId" = $1
|
|
|
|
|
AND "ItemAct".created_at <= $2
|
|
|
|
|
GROUP BY "Item".id)`)
|
2022-12-08 00:04:02 +00:00
|
|
|
queries.push(
|
|
|
|
|
`(SELECT ('donation' || "Donation".id) as id, "Donation".id as "factId", NULL as bolt11,
|
|
|
|
|
created_at as "createdAt", sats * 1000 as msats,
|
|
|
|
|
0 as "msatsFee", NULL as status, 'donation' as type
|
|
|
|
|
FROM "Donation"
|
|
|
|
|
WHERE "userId" = $1
|
|
|
|
|
AND created_at <= $2)`)
|
2021-12-16 20:02:17 +00:00
|
|
|
}
|
2021-12-14 16:42:54 +00:00
|
|
|
|
2021-12-16 17:27:12 +00:00
|
|
|
if (queries.length === 0) {
|
|
|
|
|
return {
|
|
|
|
|
cursor: null,
|
|
|
|
|
facts: []
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-26 16:01:31 +00:00
|
|
|
let history = await models.$queryRawUnsafe(`
|
2021-12-16 17:27:12 +00:00
|
|
|
${queries.join(' UNION ALL ')}
|
2021-12-14 16:42:54 +00:00
|
|
|
ORDER BY "createdAt" DESC
|
|
|
|
|
OFFSET $3
|
2021-12-15 16:50:11 +00:00
|
|
|
LIMIT ${LIMIT}`, me.id, decodedCursor.time, decodedCursor.offset)
|
|
|
|
|
|
|
|
|
|
history = history.map(f => {
|
|
|
|
|
if (f.bolt11) {
|
|
|
|
|
const inv = lnpr.decode(f.bolt11)
|
|
|
|
|
if (inv) {
|
|
|
|
|
const { tags } = inv
|
|
|
|
|
for (const tag of tags) {
|
|
|
|
|
if (tag.tagName === 'description') {
|
|
|
|
|
f.description = tag.data
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
switch (f.type) {
|
|
|
|
|
case 'withdrawal':
|
2023-07-31 17:47:41 +00:00
|
|
|
f.msats = (-1 * Number(f.msats)) - Number(f.msatsFee)
|
2021-12-16 20:02:17 +00:00
|
|
|
break
|
|
|
|
|
case 'spent':
|
2021-12-15 16:50:11 +00:00
|
|
|
f.msats *= -1
|
|
|
|
|
break
|
2022-12-08 00:04:02 +00:00
|
|
|
case 'donation':
|
|
|
|
|
f.msats *= -1
|
|
|
|
|
break
|
2021-12-15 16:50:11 +00:00
|
|
|
default:
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return f
|
|
|
|
|
})
|
2021-12-14 16:42:54 +00:00
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
cursor: history.length === LIMIT ? nextCursorEncoded(decodedCursor) : null,
|
|
|
|
|
facts: history
|
|
|
|
|
}
|
2021-04-30 21:42:51 +00:00
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
Mutation: {
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
createInvoice: async (parent, { amount, expireSecs = 3600 }, { me, models, lnd }) => {
|
|
|
|
|
await ssValidate(amountSchema, { amount })
|
|
|
|
|
|
|
|
|
|
let expirePivot = { seconds: expireSecs }
|
|
|
|
|
let invLimit = INV_PENDING_LIMIT
|
|
|
|
|
let balanceLimit = BALANCE_LIMIT_MSATS
|
|
|
|
|
let id = me?.id
|
2021-05-11 15:52:50 +00:00
|
|
|
if (!me) {
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
expirePivot = { minutes: 3 }
|
|
|
|
|
invLimit = ANON_INV_PENDING_LIMIT
|
|
|
|
|
balanceLimit = ANON_BALANCE_LIMIT_MSATS
|
|
|
|
|
id = ANON_USER_ID
|
2021-05-11 15:52:50 +00:00
|
|
|
}
|
|
|
|
|
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
const user = await models.user.findUnique({ where: { id } })
|
2022-05-06 19:32:20 +00:00
|
|
|
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
const expiresAt = datePivot(new Date(), expirePivot)
|
2023-02-15 17:20:26 +00:00
|
|
|
const description = `Funding @${user.name} on stacker.news`
|
2021-06-09 20:07:32 +00:00
|
|
|
try {
|
|
|
|
|
const invoice = await createInvoice({
|
2022-08-30 21:50:47 +00:00
|
|
|
description: user.hideInvoiceDesc ? undefined : description,
|
2021-06-09 20:07:32 +00:00
|
|
|
lnd,
|
|
|
|
|
tokens: amount,
|
|
|
|
|
expires_at: expiresAt
|
|
|
|
|
})
|
2021-05-11 15:52:50 +00:00
|
|
|
|
2022-01-05 20:37:34 +00:00
|
|
|
const [inv] = await serialize(models,
|
|
|
|
|
models.$queryRaw`SELECT * FROM create_invoice(${invoice.id}, ${invoice.request},
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
${expiresAt}::timestamp, ${amount * 1000}, ${user.id}::INTEGER, ${description},
|
|
|
|
|
${invLimit}::INTEGER, ${balanceLimit})`)
|
|
|
|
|
|
|
|
|
|
// the HMAC is only returned during invoice creation
|
|
|
|
|
// this makes sure that only the person who created this invoice
|
|
|
|
|
// has access to the HMAC
|
|
|
|
|
const hmac = createHmac(inv.hash)
|
2021-05-11 15:52:50 +00:00
|
|
|
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
return { ...inv, hmac }
|
2021-06-09 20:07:32 +00:00
|
|
|
} catch (error) {
|
2021-06-10 20:54:22 +00:00
|
|
|
console.log(error)
|
2021-06-09 20:07:32 +00:00
|
|
|
throw error
|
|
|
|
|
}
|
2021-05-12 23:04:19 +00:00
|
|
|
},
|
2022-01-23 17:21:55 +00:00
|
|
|
createWithdrawl: createWithdrawal,
|
|
|
|
|
sendToLnAddr: async (parent, { addr, amount, maxFee }, { me, models, lnd }) => {
|
2023-02-08 19:38:04 +00:00
|
|
|
await ssValidate(lnAddrSchema, { addr, amount, maxFee })
|
|
|
|
|
|
2022-01-23 17:21:55 +00:00
|
|
|
const [name, domain] = addr.split('@')
|
2022-01-24 18:36:08 +00:00
|
|
|
let req
|
|
|
|
|
try {
|
|
|
|
|
req = await fetch(`https://${domain}/.well-known/lnurlp/${name}`)
|
|
|
|
|
} catch (e) {
|
|
|
|
|
throw new Error(`error initiating protocol with https://${domain}`)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const res1 = await req.json()
|
2022-01-23 17:21:55 +00:00
|
|
|
if (res1.status === 'ERROR') {
|
|
|
|
|
throw new Error(res1.reason)
|
2021-05-25 00:08:56 +00:00
|
|
|
}
|
2021-05-12 23:04:19 +00:00
|
|
|
|
2022-01-23 17:21:55 +00:00
|
|
|
const milliamount = amount * 1000
|
|
|
|
|
// check that amount is within min and max sendable
|
|
|
|
|
if (milliamount < res1.minSendable || milliamount > res1.maxSendable) {
|
2023-07-23 15:08:43 +00:00
|
|
|
throw new GraphQLError(`amount must be >= ${res1.minSendable / 1000} and <= ${res1.maxSendable / 1000}`, { extensions: { code: 'BAD_INPUT' } })
|
2021-08-12 23:25:19 +00:00
|
|
|
}
|
|
|
|
|
|
2022-05-24 21:15:51 +00:00
|
|
|
const callback = new URL(res1.callback)
|
|
|
|
|
callback.searchParams.append('amount', milliamount)
|
|
|
|
|
|
2022-01-23 17:21:55 +00:00
|
|
|
// call callback with amount
|
2022-05-24 21:15:51 +00:00
|
|
|
const res2 = await (await fetch(callback.toString())).json()
|
2022-01-23 17:21:55 +00:00
|
|
|
if (res2.status === 'ERROR') {
|
|
|
|
|
throw new Error(res2.reason)
|
|
|
|
|
}
|
2021-05-20 01:09:32 +00:00
|
|
|
|
2022-05-19 14:22:25 +00:00
|
|
|
// decode invoice
|
|
|
|
|
let decoded
|
|
|
|
|
try {
|
|
|
|
|
decoded = await decodePaymentRequest({ lnd, request: res2.pr })
|
|
|
|
|
} catch (error) {
|
|
|
|
|
console.log(error)
|
|
|
|
|
throw new Error('could not decode invoice')
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (decoded.description_hash !== lnurlPayDescriptionHash(res1.metadata)) {
|
|
|
|
|
throw new Error('description hash does not match')
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-23 17:21:55 +00:00
|
|
|
// take pr and createWithdrawl
|
|
|
|
|
return await createWithdrawal(parent, { invoice: res2.pr, maxFee }, { me, models, lnd })
|
2021-04-30 21:42:51 +00:00
|
|
|
}
|
2021-05-13 21:19:51 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
Withdrawl: {
|
2022-11-15 20:51:55 +00:00
|
|
|
satsPaying: w => msatsToSats(w.msatsPaying),
|
|
|
|
|
satsPaid: w => msatsToSats(w.msatsPaid),
|
|
|
|
|
satsFeePaying: w => msatsToSats(w.msatsFeePaying),
|
|
|
|
|
satsFeePaid: w => msatsToSats(w.msatsFeePaid)
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
Invoice: {
|
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps
* Add anon comments and posts (link, discussion, poll)
* Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.
Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
* Allow pay per invoice for stackers
The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"
* Fix onSuccess called twice
For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.
This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.
* Keep invoice modal open if focus is lost
* Skip anon user during trust calculation
* Add error handling
* Skip 'invoice not found' errors
* Remove duplicate insufficient funds handling
* Fix insufficient funds error detection
* Fix invoice amount for comments
* Allow pay per invoice for bounty and job posts
* Also strike on payment after short press
* Fix unexpected token 'export'
* Fix eslint
* Remove unused id param
* Fix comment copy-paste error
* Rename to useInvoiceable
* Fix unexpected token 'export'
* Fix onConfirmation called at every render
* Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.
Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
* make anon posting less hidden, add anon info button explainer
* Fix anon users can't zap other anon users
* Always show repeat and contacts on action error
* Keep track of modal stack
* give anon an icon
* add generic date pivot helper
* make anon user's invoices expire in 5 minutes
* fix forgotten find and replace
* use datePivot more places
* add sat amounts to invoices
* reduce anon invoice expiration to 3 minutes
* don't abbreviate
* Fix [object Object] as error message
Any errors thrown here are already objects of shape { message: string }
* Fix empty invoice creation attempts
I stumbled across this while checking if anons can edit their items.
I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:
Variable "$amount" of required type "Int!" was not provided.
I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.
* anon func mods, e.g. inv limits
* anon tips should be denormalized
* remove redundant meTotalSats
* correct overlay zap text for anon
* exclude anon from trust graph before algo runs
* remove balance limit on anon
* give anon a bio and remove cowboy hat/top stackers;
* make anon hat appear on profile
* concat hash and hmac and call it a token
* Fix localStorage cleared because error were swallowed
* fix qr layout shift
* restyle fund error modal
* Catch invoice errors in fund error modal
* invoice check backoff
* anon info typo
* make invoice expiration times have saner defaults
* add comma to anon info
* use builtin copy input label
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 23:50:57 +00:00
|
|
|
satsReceived: i => msatsToSats(i.msatsReceived),
|
|
|
|
|
satsRequested: i => msatsToSats(i.msatsRequested)
|
2021-12-16 20:02:17 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
Fact: {
|
|
|
|
|
item: async (fact, args, { models }) => {
|
|
|
|
|
if (fact.type !== 'spent' && fact.type !== 'stacked') {
|
|
|
|
|
return null
|
|
|
|
|
}
|
2023-07-26 16:01:31 +00:00
|
|
|
const [item] = await models.$queryRawUnsafe(`
|
2021-12-16 20:02:17 +00:00
|
|
|
${SELECT}
|
|
|
|
|
FROM "Item"
|
|
|
|
|
WHERE id = $1`, Number(fact.factId))
|
|
|
|
|
|
|
|
|
|
return item
|
2022-11-15 20:51:55 +00:00
|
|
|
},
|
2022-12-19 22:27:52 +00:00
|
|
|
sats: fact => msatsToSatsDecimal(fact.msats),
|
|
|
|
|
satsFee: fact => msatsToSatsDecimal(fact.msatsFee)
|
2021-04-30 21:42:51 +00:00
|
|
|
}
|
|
|
|
|
}
|
2022-01-23 17:21:55 +00:00
|
|
|
|
|
|
|
|
async function createWithdrawal (parent, { invoice, maxFee }, { me, models, lnd }) {
|
2023-02-08 19:38:04 +00:00
|
|
|
await ssValidate(withdrawlSchema, { invoice, maxFee })
|
2023-05-07 15:02:59 +00:00
|
|
|
|
|
|
|
|
// remove 'lightning:' prefix if present
|
|
|
|
|
invoice = invoice.replace(/^lightning:/, '')
|
|
|
|
|
|
2022-01-23 17:21:55 +00:00
|
|
|
// decode invoice to get amount
|
|
|
|
|
let decoded
|
|
|
|
|
try {
|
|
|
|
|
decoded = await decodePaymentRequest({ lnd, request: invoice })
|
|
|
|
|
} catch (error) {
|
|
|
|
|
console.log(error)
|
2023-07-23 15:08:43 +00:00
|
|
|
throw new GraphQLError('could not decode invoice', { extensions: { code: 'BAD_INPUT' } })
|
2022-01-23 17:21:55 +00:00
|
|
|
}
|
|
|
|
|
|
2022-11-15 20:51:55 +00:00
|
|
|
if (!decoded.mtokens || BigInt(decoded.mtokens) <= 0) {
|
2023-07-23 15:08:43 +00:00
|
|
|
throw new GraphQLError('your invoice must specify an amount', { extensions: { code: 'BAD_INPUT' } })
|
2022-01-23 17:21:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const msatsFee = Number(maxFee) * 1000
|
|
|
|
|
|
2022-05-06 19:32:20 +00:00
|
|
|
const user = await models.user.findUnique({ where: { id: me.id } })
|
|
|
|
|
|
2022-01-23 17:21:55 +00:00
|
|
|
// create withdrawl transactionally (id, bolt11, amount, fee)
|
|
|
|
|
const [withdrawl] = await serialize(models,
|
|
|
|
|
models.$queryRaw`SELECT * FROM create_withdrawl(${decoded.id}, ${invoice},
|
2022-05-06 19:32:20 +00:00
|
|
|
${Number(decoded.mtokens)}, ${msatsFee}, ${user.name})`)
|
2022-01-23 17:21:55 +00:00
|
|
|
|
|
|
|
|
payViaPaymentRequest({
|
|
|
|
|
lnd,
|
|
|
|
|
request: invoice,
|
|
|
|
|
// can't use max_fee_mtokens https://github.com/alexbosworth/ln-service/issues/141
|
|
|
|
|
max_fee: Number(maxFee),
|
|
|
|
|
pathfinding_timeout: 30000
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return withdrawl
|
|
|
|
|
}
|
