Commit Graph

46 Commits

Author SHA1 Message Date
ekzyis 4623743c8f
fix cookie pointer override during account switching (#1783) 2024-12-31 13:05:20 -06:00
ekzyis 6bae1f1a89
Fix account switching anon login (#1618)
* Always switch to user we just logged in as

If we're logged in and switch to anon and then use login to get into our previous account instead of using 'switch accounts', we only updated the JWT but we didn't switch to the user.

* Fix getToken unaware of multi-auth middleware

If we use login with new credentials while switched to anon (multi_auth.user-id === 'anonymous'), we updated the pubkey because getToken wasn't aware of the switch and thus believed we're logged in as a user.

This is fixed by applying the middleware before calling getToken.
2024-11-20 07:05:42 -06:00
ekzyis 406ae81693
Fixes around account switching / authentication (#1575)
* Fix missing page reload after account switch on logout

* Fix missing key

* Explain why we set multi_auth cookies on login/signup

* Fix 500 if multi_auth cookie missing
2024-11-11 09:16:32 -06:00
ekzyis afb71012af
Only send push notification if referrer was updated (#1562) 2024-11-09 14:00:07 -06:00
k00b f9ed1ee6f5 upgrade non-(apparently)-breaking major versions 2024-10-12 18:06:07 -05:00
ekzyis be7ea41d03
Always set Secure for multi auth cookies in prod (#1404) 2024-09-13 13:00:16 -05:00
ekzyis a32d1f2177
Use X-Forwarded-Proto to detect scheme (#1403) 2024-09-13 12:27:52 -05:00
ekzyis a6713f9793
Account Switching (#644)
* WIP: Account switching

* Fix empty USER query

ANON_USER_ID was undefined and thus the query for @anon had no variables.

* Apply multiAuthMiddleware in /api/graphql

* Fix 'you must be logged in' query error on switch to anon

* Add smart 'switch account' button

"smart" means that it only shows if there are accounts to which one can switch

* Fix multiAuth not set in backend

* Comment fixes, minor changes

* Use fw-bold instead of 'selected'

* Close dropdown and offcanvas

Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work.

For the offcanvas, we need to pass down handleClose.

* Use button to add account

* Some pages require hard reload on account switch

* Reinit settings form on account switch

* Also don't refetch WalletHistory

* Formatting

* Use width: fit-content for standalone SignUpButton

* Remove unused className

* Use fw-bold and text-underline on selected

* Fix inconsistent padding of login buttons

* Fix duplicate redirect from /settings on anon switch

* Never throw during refetch

* Throw errors which extend GraphQLError

* Only use meAnonSats if logged out

* Use reactive variable for meAnonSats

The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats.

Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables.

We do this now and thus also don't need the useEffect hack in item-info.js anymore.

* Switch to new user

* Fix missing cleanup during logout

If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set.

This meant that during logout, the other 'multi_auth.*' cookies were not deleted.

This broke the account switch modal.

This is fixed by setting the 'multi_auth.user-id' cookie on login.

Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set).

* Fix comments in middleware

* Remove unnecessary effect dependencies

setState is stable and thus only noise in effect dependencies

* Show but disable unavailable auth methods

* make signup button consistent with others

* Always reload page on switch

* refine account switch styling

* logout barrier

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: k00b <k00b@stacker.news>
2024-09-12 13:05:11 -05:00
Keyan 3bada4b5da
new referral scheme (#1255)
* capture/store data for new referral scheme

* simplify signup/forever referral rules

* no self-referrals and other fixes

* better post/comment distinction and support /items/1/related
2024-07-07 11:12:02 -05:00
SatsAllDay 15f9950477
Store hashed and salted email addresses (#1111)
* first pass of hashing user emails

* use salt

* add a salt to .env.development (prod salt needs to be kept a secret)
* move `hashEmail` util to a new util module

* trigger a one-time job to migrate existing emails via the worker

so we can use the salt from an env var

* move newsletter signup

move newsletter signup to prisma adapter create user with email code path
so we can still auto-enroll email accounts without having to persist the email address
in plaintext

* remove `email` from api key session lookup query

* drop user email index before dropping column

* restore email column, just null values instead

* fix function name

* fix salt and hash raw sql statement

* update auth methods email type in typedefs from str to bool

* remove todo comment

* lowercase email before hashing during migration

* check for emailHash and email to accommodate migration window

update our lookups to check for a matching emailHash, and then a matching
email, in that order, to accommodate the case that a user tries to login
via email while the migration is running, and their account has not yet been migrated

also update sndev to have a command `./sndev email` to launch the mailhog inbox in your browser

also update `./sndev login` to hash the generated email address and insert it into the db record

* update sndev help

* update awards.csv

* update the hack in next-auth to re-use the email supplied on input to `getUserByEmail`

* consolidate console.error logs

* create generic open command

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-05-04 18:06:15 -05:00
keyan 1f466970b3 disallow referring self 2024-04-06 13:46:18 -05:00
keyan ffa86abdb3 fix referrer logic to work with lnauth/nostr auth 2024-04-02 20:25:35 -05:00
ekzyis d237861ff5
Use module path aliases (#938)
* Use module path aliases

* fix broken refactor

* path mapping for svgs, style, and remaining places (bonus: lose babel dep)

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 19:37:31 -05:00
ekzyis 22ff832efb
Don't export sendUserNotification (#937)
* Rename file to webPush.js

* Move webPush code into lib/webPush

* Don't export sendUserNotification

* Fix null in deposit push notification

* restore deposit notification change

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 17:43:04 -05:00
ekzyis b03295ce59
Put all Web Push code into lib/webPush.js (#936)
* Rename file to webPush.js

* Move webPush code into lib/webPush
2024-03-19 15:48:13 -05:00
Alex Lewin b3498fe277
Add Opt-in to Display Linked Accounts in Profile (#826)
* Add display linked accounts to settings

* Apply suggestions from code review

Co-authored-by: ekzyis <ek@stacker.news>

* small styling enhancements

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-02-14 13:33:31 -06:00
keyan 49e9131cfe don't return promise from authorize 2023-11-12 10:46:06 -06:00
keyan 94cbc902d6 remove jwt migrations 2023-10-13 19:58:16 -05:00
keyan da3d5ffd5f fix empty email profile in latest version of next-auth 2023-10-13 19:50:50 -05:00
ekzyis 425220d8cb
More push notification types (#530)
* Add push notifications for referrals

* Add push notifications for daily rewards

* Add push notifications for deposits

* Add push notifications for earning cowboy hats

* Use streak id to synchronize blurb

* Fix usage of magic number for blurbs

* Fix missing catch

* Add push notification for losing cowboy hats

* Fix null in deposit push notification

* Add push notification for invites

* Don't replace streak push notifications

* Fix missing unit in daily reward push notification title

* Attach sats to payload options instead of parsing title

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2023-10-04 18:20:52 -05:00
keyan df6575d701 remove slashtags completely 2023-08-17 13:40:21 -05:00
keyan ddb69b5d9b remove slashtags temporarily 2023-08-16 19:49:00 -05:00
ekzyis 7369bd819d
Add nostr login (#367)
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-07 19:50:01 -05:00
keyan ffb856ae88 fix oauth signup 2023-08-07 15:05:55 -05:00
keyan d04dc691df provide jwt migration 2023-07-30 14:03:24 -05:00
keyan 5232b59625 upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
keyan 93afd4ea9a fix credentials login/signup/link bug 2023-07-10 19:20:38 -05:00
keyan e8aa0a4dae users? => stackers? 2023-07-09 12:53:50 -05:00
keyan 59ee15b551 new user email copy 2023-06-19 17:42:47 -05:00
mvpratt 48b08d2aff limit oauth scope to minimum possible: public github info for user 2023-04-26 13:02:42 -05:00
keyan 9644a9f867 slashtags auth 2023-01-18 12:49:20 -06:00
keyan ae5c6c457f global modal + small fixes/enhancements 2023-01-10 17:13:37 -06:00
keyan 41226245c5 referrals 2022-12-19 16:27:52 -06:00
keyan 1df49e03d9 account linking 2022-06-08 16:26:44 -05:00
keyan aa4ac2ecc9 add ln addr + lnurl pay qr code to profile pages 2022-05-06 14:34:35 -05:00
keyan 771978d562 sub to newsletter on sign up 2022-05-04 13:29:30 -05:00
keyan 344958943c provide 'plain text' email login link for users using embedded browsers in their mobile email clients 2022-03-10 16:47:00 -06:00
keyan d102065479 don't request email from gh 2022-01-19 17:14:45 -06:00
keyan 18f4c9c88d create invite page 2021-10-15 12:56:54 -05:00
keyan 9a15c228dc add forgetten lnurl-auth files 2021-06-26 22:18:32 -05:00
keyan 2e26e421e7 lnurl-auth 2021-06-26 22:09:39 -05:00
keyan 17a79b2251 prepare for deployment 2021-06-02 10:23:30 -04:00
keyan 4f627e2a5c check for usernames on typing 2021-05-21 17:32:21 -05:00
keyan 8a462252af force unique user name 2021-05-21 14:34:40 -05:00
keyan 900b70da77 custom auth page 2021-04-24 16:05:07 -05:00
keyan 341b3a291a begin working on db schema 2021-03-25 14:29:24 -05:00