* first pass of hashing user emails
* use salt
* add a salt to .env.development (prod salt needs to be kept a secret)
* move `hashEmail` util to a new util module
* trigger a one-time job to migrate existing emails via the worker
so we can use the salt from an env var
* move newsletter signup
move newsletter signup to prisma adapter create user with email code path
so we can still auto-enroll email accounts without having to persist the email address
in plaintext
* remove `email` from api key session lookup query
* drop user email index before dropping column
* restore email column, just null values instead
* fix function name
* fix salt and hash raw sql statement
* update auth methods email type in typedefs from str to bool
* remove todo comment
* lowercase email before hashing during migration
* check for emailHash and email to accommodate migration window
update our lookups to check for a matching emailHash, and then a matching
email, in that order, to accommodate the case that a user tries to login
via email while the migration is running, and their account has not yet been migrated
also update sndev to have a command `./sndev email` to launch the mailhog inbox in your browser
also update `./sndev login` to hash the generated email address and insert it into the db record
* update sndev help
* update awards.csv
* update the hack in next-auth to re-use the email supplied on input to `getUserByEmail`
* consolidate console.error logs
* create generic open command
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
* Allow deletion of wallet logs
* Refactor wallet logs client<>server glue code
* Use variant='link' and className='text-muted fw-bold nav-link' for clear & cancel
There is a bug though: 'clear' stays highlighted after modal is closed
* Include wallet in toast
* Delete logs on logout
* Fix ugly wallet name in confirm dialog
* Fix clear still highlighted after modal closed
* Only delete client wallet logs
* Fix ugly wallet name in toast
* Fix bad search and replace
* Use Wallet object as constant
* Also delete LNC logs on logout
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* first pass of a mute mgmt page, ported from subscription mgmt page pr
* adjust error message for mutes
* muted users -> muted stackers
* fix typo in component name
* env vars for polling intervals
add env vars for 4 different common polling intervals,
fast (1000), normal (30000), long (60000), extra long (300000)
use env vars in all `pollInterval` params to `useQuery`
* replace `setInterval`'s interval with `FAST_POLL_INTERVAL`
* first pass of a subscription management page under settings
* add tabs to settings ui
* NymActionDropdown
* update Apollo InMemoryCache to merge paginated list of my subscribed users
* various updates
* switch from UsersNullable to Users
* bake the nym action dropdwon into the user component
* add back fields to the user query
* `meSubscriptionPosts`, `meSubscriptionComments`, `meMute`
* Refetch my subscribed users when a user subscription is changed
* update user list to hide stats in the subscribed list users
* update my sub'd users fragment to remove unnecessary user fields
* memoize subscribe user context provider value to avoid re-renders
* use inner join instead of left join
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* throw error when unauthenticated
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
if `fetch` or `req.json` fails, catch those errors and return a default error to the user
if the res payload indicates error but doesn't return a `reason`, also return the same
default error message to the user
* Handle archived territories in territory form
* Use dedicated mutation
* Add sanity check for eternal territories
* Fix fields and cost ignored
* Remove no longer needed manual validation in upsertSub
* Remove founder check
* Always check if sub is archived
Using { abortEarly: false } now since previously, if no description was not given, we wouldn't detect if the sub was archived since validation would abort on empty descriptions.
Only on submission all fields would get validated but since we ignore archived errors during submission, the user would never see that the sub is archived before submission
+ the wrong mutation would run if archived is not already true before submission.
Hence, we need to validate all fields always.
There is currently still a bug where the validation does not immediately run but maybe this can be fixed by simply using validateImmediately on the Formik component.
* Fix archived warning not shown after first render
* Only create transfers if owner actually changes
* Reuse helper functions in lib/territory.js
* Rename var to editing
* Use onChange instead of validation override
* Run same validation on server for unarchiving
* Fix 'territory archived' shown during edits
* Use && instead of ternary operator for conditional query
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* Ignore if sub belongs to user during existence check
* Remove code no longer needed
* Fix territory edit
Territory edits were broken because validation failed for existing territories and if you edit an territory, it obviously already exists.
This commit fixes this by ignoring the territory that we're currently editing.
* Fix existence check using stale cache
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* Allow founders to transfer territories
* Log territory transfers in new AuditLog table
* Add territory transfer notifications
* Use polymorphic AuditEvent table
* Add setting for territory transfer notifications
* Add push notification
* Rename label from user to stacker
* More space between cancel and confirm button
* Remove AuditEvent table
The audit table is not necessary for territory transfers and only adds complexity and unrelated discussion to this PR.
Thinking about a future-proof schema for territory transfers and how/what to audit at the same time made my head spin.
Some thoughts I had:
1. Maybe using polymorphism for an audit log / audit events is not a good idea
Using polymorphism as is currently used in the code base (user wallets) means that every generic event must map to exactly one specialized event.
Is this a good requirement/assumption? It already didn't work well for naive auditing of territory transfers since we want events to be indexable by user (no array column) so every event needs to point to a single user but a territory transfer involves multiple users.
This made me wonder: Do we even need a table? Maybe the audit log for a user can be implemented using a view? This would also mean no data denormalization.
2. What to audit and how and why?
Most actions are already tracked in some way by necessity: zaps, items, mutes, payments, ...
In that case: what is the benefit of tracking these things individually in a separate table?
Denormalize simply for convenience or performance? Why no view (see previous point)? Use case needs to be more clearly defined before speccing out a schema.
* Fix territory transfer notification id conflict
* Use include instead of two separate queries
* Drop territory transfer setting
* Remove trigger usage
* Prevent transfers to yourself
* show placeholder for hidden stackers in top
* top rewardability views
* make territory revenue idependent job
* monthly rewards and leaderboard on rewards pages
* fix earn reschedule
* add query for rewards leaderboard
* reduce likelihood of rewards racing with views
* fix earn and refine values views
* Territory notifications
* Migrate old setting to new table
* Auto subscribe founders to their territories on creation
* Fix (un)subscribe not shown to founder
* Rename to toggleSubSubscription
* Fix inconsistency between toggleSubSubscription and toggleMuteSub
* Add dedicated button in header for following territories
* Don't drop noteTerritoryPosts column
* Fix db dip in Sub.meSubscription resolver
* Move territory subscribe to new territory context menu
* Decrease space between share icon and mute button
* Fix eslint
* crosspost-item
* crosspost old items, update with nEventId
* Updating noteId encoding, cleaning up a little
* Fixing item-info condition, cleaning up
* Linting
* Add createdAt variable back
* Change instances of eventId to noteId
* Adding upsertNoteId mutation
* Cleaning up updateItem, using toasts to communivate success/failure in crosspost-item
* Linting
* Move crosspost to share button, make sure only OP can crosspost
* Lint
* Simplify conditions
* user might have no nostr extension installed
Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>
* change upsertNoteId to updateNoteID for resolver and mutations, change isOp to mine, remove unused noteId params
* Basic setup for crossposting poll / link items
* post rebase fixes and Bounty and job crossposts
* Job crossposting working
* adding back accidentally removed import
* Lint / rebase
* Outsource as much crossposting logic from discussion-form into use-crossposter as possible
* Fix incorrect property for user relays, fix itemId param in updateNoteId
* Fix toast messages / error cases in use-crossposter
* Update item forms to for updated use-crossposter hook
* CrosspostDropdownItem in share updated to accomodate use-crossposter update
* Encode paramaterized replacable event id's in naddress format with nostr-tools, bounty to follw nip-99 spec
* Increase timeout on relay connection / cleaning up
* No longer crossposting job
* Add blastr, fix crosspost button in item-info for polls/discussions, finish removing job crosspostr code
* Fix toaster error, create reusable crossposterror function to surface toaster
* Cleaning up / comments / linting
* Update copy
* Simplify CrosspostdropdownItem, keep replies from being crossposted
* Moved query for missing item fields when crossposting to use-crossposter hook
* Remove unneeded param in CrosspostDropdownItem, lint
* Small fixes post rebase
* Remove unused import
* fix nostr-tools version, fix package-lock.json
* Update components/item-info.js
Co-authored-by: ekzyis <ek@stacker.news>
* Remove unused param, determine poll item type from pollCost field, add mutiny strfry relay to defaults
* Update toaster implementations, use no-cache for item query, restructure crosspostItem to use await with try catch
* crosspost info modal that lives under adv-post-form now has dynamic crossposting info
* Move determineItemType into handleEventCreation, mover item/event handing outside of do ... while loop
* Lint
* Reconcile skip method with onCancel function in toaster
* Handle failedRelays being undefined
* determine item type from router.query.type if available otherwise use item fields
* Initiliaze failerRelays as undefined but handle error explicitly
* Lint
* Fix crosspost default value for link, poll, bounty forms
---------
Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* add poll expires at column to Item table
* update upsertPoll mutation for pollExpiresAt param
* use pollExpiresAt to show time left for poll
* correctly pluralize days for timeLeft
* correctly update pollExpiresAt when item is updated to remove poll expiration
* add DateTimePicker and DateTimeInput components to select datetimes
* update pollExpiresAt to be nullable and more than 1 day in the future
* hide time left text if poll has no expiration
* initialize pollExpiresAt with current value or default of 25 hours in the future
we add a one hour time buffer so that the user doesn't get a validation error
for pollExpiresAt if they post their poll within an hour from creation. there's
still a chance they'll hit the validation error but they should see the error
message toast
* add DateTimeInput into the options part of the poll form
add right padding to make room for the "clear" button.
allow field to be cleared (i.e. null pollExpiresAt) to allow
non-ending polls.
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* Validate pubkey, relay URL and secret of NWC URL
* Fix NWC secret regexp
* Use sequential validation in Yup schema
* Add note about possible mismatch between hostnames and pubkeys
* Remove unused param
* add subViewGroup function to create view to read sub stats from
* add topSubs resolver to graphql query
* add TOP_SUBS query fragment
* add SUB_SORTS for top territory sorting
* add custom cache policy for topSubs
* add territories to top header select
* add top territories page
* add db views for sub stats
* configure sub_stats views to refresh by worker
* filter rows with empty subName
* update msats_spent calculation to include all ItemAct in sub
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* add nsfw column to sub
* add nsfw boolean to territorySchema
* save nsfw value in upsertSub mutation
* return nsfw value from Sub query for correct value in edit territory form
* add nsfw checkbox to territory form
* add nsfw badge to territory header
* add nsfwMode to user
* show nsfw badge next to item territory
* exclude nsfw sub from items query
* show nsfw mode checkbox on settings page
* fix nsfw badge formatting
* separate user from current, signed in user
* update relationClause to join with sub table
* refactor to simplify hide nsfw sql
* filter nsfw items when viewing user items
* hide nsfw posts for logged out users
* filter nsfw subs based on user preference
* show nsfw sub name if logged out user is viewing the page
* show current sub at the top of the list instead of bottom
* always join item with sub to check nsfw
* check for sub presence before showing nsfw badge on item
* skip manually adding sub to select if sub is null
* fix relationClause to join with root item
* move moderation and nsfw into accordion
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* Add LNbits card
* Save LNbits Provider in WebLN context
* Check LNbits connection on save
* refactor: put LNbitsProvider into own file
* Pay invoices using WebLN provider from context
* Remove deprecated FIXME
* Try WebLN provider first
* Fix unhandled promise rejection
* Fix this in sendPayment
* Be optimistic regarding WebLN zaps
This wraps the WebLN payment promise with Apollo cache updates.
We will be optimistics and assume that the payment will succeed and update the cache accordingly.
When we notice that the payment failed, we undo this update.
* Bold strike on WebLN zap
If lightning strike animation is disabled, toaster will be used.
* Rename undo variable to amount
* Fix zap undo
* Add NWC card
* Attempt to check NWC connection using info event
* Fix NaN on zap
Third argument of update is reserved for context
* Fix TypeError in catch of QR code
* Add basic NWC payments
* Wrap LNbits getInfo with try/catch
* EOSE is enough to check NWC connection
* refactor: Wrap WebLN providers into own context
I should have done this earlier
* Show red indicator on error
* Fix useEffect return value
* Fix wrong usage of pubkey
The event pubkey is derived from the secret. Doesn't make sense to manually set it. It's also the wrong pubkey: we're not the wallet service.
* Use p tag in NWC request
* Add comment about required filter field
* Aesthetic changes to NWC sendPayment
* Add TODO about receipt verification
* Fix WebLN attempted again after error
* Fix undefined name
* Add code to mock NWC relay
* Revert "Bold strike on WebLN zap"
This reverts commit a9eb27daec0cd2ef30b56294b05e0056fb5b4184.
* Fix update undo
* Fix lightning strike before payment
* WIP: Wrap WebLN payments with toasts
* add toasts for pending, error, success
* while pending, invoice can be canceled
* there are still some race conditions between payiny the invoice / error on payment and invoice cancellation
* Fix invoice poll using stale value from cache
* Remove unnecessary if
* Make sure that pay_invoice is declared as supported
* Check if WebLN provider is enabled before calling sendPayment
* Fix bad retry
If WebLN payments failed due to insufficient balances, the promise resolved and thus the action was retried but failed immediately since the invoice (still) wasn't paid.
* Fix cache undo update
* Fix no cache update after QR payment
* refactor: Use fragments to undo cache updates
* Remove console.log
* Small changes to NWC relay mocking
* Return SendPaymentResponse
See https://www.webln.guide/building-lightning-apps/webln-reference/webln.sendpayment
* Also undo cache update on retry failure
* Disable NWC mocking
* Fix initialValue not set
But following warning is now shown in console:
"""
Warning: A component is changing a controlled input to be uncontrolled.
This is likely caused by the value changing from a defined to undefined, which should not happen.
Decide between using a controlled or uncontrolled input element for the lifetime of the component. More info: https://reactjs.org/link/controlled-components
"""
* Remove comment since only relevant for blastr (mutiny relay)
* Remove TODO
* Fix duplicate cache update
* Fix QR modal not closed after payment
* Ignore lnbits variable unused
* Use single relay connection for all NWC events
* Fix missing timer and subscription cleanup
* Remove TODO
Confirmed that nostr-tools verifies events and filters for us.
See https://github.com/nbd-wtf/nostr-tools/blob/master/abstract-relay.ts#L161
* Fix switch from controlled to uncontrolled input
* Show 'configure' on error
* Use budgetable instead of async
* Remove EOSE listener
Only nostr.mutinywallet.com didn't respond with info events due to implementation-specific reasons. This is no longer the case.
* Use invoice expiry for NWC timeout
I don't think there was a specific reason why I used 60 seconds initially.
* Validate LNbits config on save
* Validate NWC config on save
* Also show unattach if configuration is invalid
If unattach is only shown if configuration is valid, resetting the configuration is not possible while it's invalid. So we're stuck with a red wallet indicator.
* Fix detection of WebLN payment
It depended on a Apollo cache update function being available. But that is not the case for every WebLN payment.
* Fix formik bag lost
* Use payment instead of zap in toast
* autoscale capture svc by response time
* docs and changes for testing lnbits locally
* Rename configJSON to config
Naming of config object was inconsistent with saveConfig function which was annoying.
Also fixed other inconsistencies between LNbits and NWC provider.
* Allow setting of default payment provider
* Update TODO comment about provider priority
The list 'paymentMethods' is not used yet but is already implemented for future iterations.
* Add wallet security disclaimer
* Update labels
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
* Use parallel invoice subscriptions
* Fix missing idempotency
* Log error
* Use cursor for invoice subscription
* Subscribe to outgoing payments for withdrawals
* Add TODO comments regarding migration to LND subscriptions
* Also use isPoll variable in checkInvoice
* Queue status check of pending withdrawals
* Use for loop to check pending withdrawals
* Reconnect to LND gRPC API on error
* Fix hash modified of applied migrations
* Separate wallet code from worker index
* refactor subscription code some more
* remove unnecessary subWrapper abstraction
* move all wallet related code into worker/wallet.js such that only a single import is needed in worker/index.js
* Migrate from polling to LND subscriptions
* Remove unnecessary reconnect code
* Add FIXME
* Add listener for HODL invoice updates
* Remove obsolete comment
* Update README
* Add job to cancel hodl invoice if expired
* Fix missing else
* small bug fixes and readability enhancements
* refine and add periodic redundant deposit/withdrawal checks
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
* Add nostr event id field to items
* crosspost-item
* crosspost old items, update with nEventId
* Updating noteId encoding, cleaning up a little
* Fixing item-info condition, cleaning up
* Linting
* Spacing nit
* Add createdAt variable back
* Change instances of eventId to noteId
* Adding upsertNoteId mutation
* Cleaning up updateItem, using toasts to communivate success/failure in crosspost-item
* Linting
* Fix type
* Move crosspost to share button, make sure only OP can crosspost
* Lint
* Simplify conditions
* user might have no nostr extension installed
Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>
* change upsertNoteId to updateNoteID for resolver and mutations, change isOp to mine, remove unused noteId params
* Use nostr.com for linking out with noteId
* lint
* add noopener to window.open call
* Simplify condition, throw GraphQLError
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>
* Toast on successful delete bot directive
* refactor duplicate code into a reusable function
* restore empty spacing lines to clean up the diff
* perf optimization, only query for deleteScheduledAt for your own items
* Issue a warning toast if the delete bot was mentioned but the item was not scheduled for deletion
* use bs-secondary color for warning
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>