Commit Graph

68 Commits

Author SHA1 Message Date
ekzyis 0ebe097a70 Fix noisy changes in lib/validate
I moved the schema for lnbits, nwc and lnc out of lib/validate only to put them back in there later.

This commit should make the changeset cleaner by removing noise.
2024-07-07 18:31:41 +02:00
ekzyis 9bbf2056e9 Save dedicated enabled flag for server wallets
* wallet table now contains boolean column 'enabled'
* 'priority' is now a number everywhere
* use consistent order between how autowithdrawals are attempted and server wallets cards
2024-07-07 18:31:41 +02:00
ekzyis b96757b366 Move all validation schema into lib/validate 2024-07-07 18:31:41 +02:00
ekzyis 7b6602e386 wip: Add LNC 2024-07-07 18:31:40 +02:00
ekzyis 034cb4e8b2 Add NWC wallet 2024-07-07 18:31:40 +02:00
ekzyis b8b0a4f985 Add schema to wallet def 2024-07-07 18:31:40 +02:00
ekzyis b7353ddd69
Fix inverted lnbitsSchema env check (#1185) 2024-05-18 10:14:12 -05:00
ekzyis a585ba7f0a
Allow HTTP and HTTPS over Tor for LNbits (#1176) 2024-05-16 08:41:49 -05:00
ekzyis 98a27caaa9
Allow http: and ws: in dev CSP (#1126)
* Allow HTTP in dev build

* Also allow ws://
2024-05-03 14:17:10 -05:00
Keyan c3d709b025
add lnc attached wallet (#1104)
* add litd to docker env

* lnc payments

* handle locked wallet configuration

* create new lnc connection for every action

* ensure creds are decrypted before reconnecting

* perform permissions check
2024-04-26 21:22:30 -05:00
ekzyis 9f4d5e13aa
CLN autowithdrawal (#1042)
* Add CLN node to docker-compose.yml

* Attach CLN wallet via CLNRest

* Remove leading space

* Implement autowithdrawal to CLN in worker

* Fix UnhandledSchemeError during build

See https://github.com/vercel/next.js/discussions/33982

* Refactor CLN invoice code into @/lib/cln

* Fix missing env vars

* Fix validation error if rune invalid

* Update header

* Add rune placeholder

* Fix missing expiry for test invoice

* Remove nonsensical comment

* Remove unnecessary async

* Show level SUCCESS as OK in logs

* Add stacker_cln commands to sndev

* fix sndev posix compliance, add cln_withdraw

* give stacker_cln larger channels

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-04-14 17:34:21 -05:00
ekzyis 7774910292
Fix cert required (#1057) 2024-04-11 18:59:51 -05:00
ekzyis 3da299bddc Fix zapUndos not nullable in schema 2024-03-25 20:34:28 +01:00
ekzyis c2aef34ba2 Add threshold for zap undos 2024-03-25 20:34:28 +01:00
ekzyis d237861ff5
Use module path aliases (#938)
* Use module path aliases

* fix broken refactor

* path mapping for svgs, style, and remaining places (bonus: lose babel dep)

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 19:37:31 -05:00
ekzyis 687d71f246
Purchase archived territories (#897)
* Handle archived territories in territory form

* Use dedicated mutation

* Add sanity check for eternal territories

* Fix fields and cost ignored

* Remove no longer needed manual validation in upsertSub

* Remove founder check

* Always check if sub is archived

Using { abortEarly: false } now since previously, if no description was not given, we wouldn't detect if the sub was archived since validation would abort on empty descriptions.

Only on submission all fields would get validated but since we ignore archived errors during submission, the user would never see that the sub is archived before submission
+ the wrong mutation would run if archived is not already true before submission.

Hence, we need to validate all fields always.

There is currently still a bug where the validation does not immediately run but maybe this can be fixed by simply using validateImmediately on the Formik component.

* Fix archived warning not shown after first render

* Only create transfers if owner actually changes

* Reuse helper functions in lib/territory.js

* Rename var to editing

* Use onChange instead of validation override

* Run same validation on server for unarchiving

* Fix 'territory archived' shown during edits

* Use && instead of ternary operator for conditional query

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-03-19 17:23:59 -05:00
ekzyis 2ba4063645 Add setting for no referral links on copy 2024-03-17 16:23:03 +01:00
ekzyis 501885cfa0
Ignore if sub belongs to user during existence check (#904)
* Ignore if sub belongs to user during existence check

* Remove code no longer needed

* Fix territory edit

Territory edits were broken because validation failed for existing territories and if you edit an territory, it obviously already exists.

This commit fixes this by ignoring the territory that we're currently editing.

* Fix existence check using stale cache

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-03-14 11:17:53 -05:00
ekzyis b379e7467f
Territory transfers (#878)
* Allow founders to transfer territories

* Log territory transfers in new AuditLog table

* Add territory transfer notifications

* Use polymorphic AuditEvent table

* Add setting for territory transfer notifications

* Add push notification

* Rename label from user to stacker

* More space between cancel and confirm button

* Remove AuditEvent table

The audit table is not necessary for territory transfers and only adds complexity and unrelated discussion to this PR.

Thinking about a future-proof schema for territory transfers and how/what to audit at the same time made my head spin.

Some thoughts I had:

1. Maybe using polymorphism for an audit log / audit events is not a good idea

Using polymorphism as is currently used in the code base (user wallets) means that every generic event must map to exactly one specialized event.

Is this a good requirement/assumption? It already didn't work well for naive auditing of territory transfers since we want events to be indexable by user (no array column) so every event needs to point to a single user but a territory transfer involves multiple users.

This made me wonder: Do we even need a table? Maybe the audit log for a user can be implemented using a view? This would also mean no data denormalization.

2. What to audit and how and why?

Most actions are already tracked in some way by necessity: zaps, items, mutes, payments, ...

In that case: what is the benefit of tracking these things individually in a separate table?

Denormalize simply for convenience or performance? Why no view (see previous point)? Use case needs to be more clearly defined before speccing out a schema.

* Fix territory transfer notification id conflict

* Use include instead of two separate queries

* Drop territory transfer setting

* Remove trigger usage

* Prevent transfers to yourself
2024-03-05 13:56:02 -06:00
mzivil 46a0af19eb
Make poll expiration configurable (#860)
* add poll expires at column to Item table

* update upsertPoll mutation for pollExpiresAt param

* use pollExpiresAt to show time left for poll

* correctly pluralize days for timeLeft

* correctly update pollExpiresAt when item is updated to remove poll expiration

* add DateTimePicker and DateTimeInput components to select datetimes

* update pollExpiresAt to be nullable and more than 1 day in the future

* hide time left text if poll has no expiration

* initialize pollExpiresAt with current value or default of 25 hours in the future

we add a one hour time buffer so that the user doesn't get a validation error
for pollExpiresAt if they post their poll within an hour from creation. there's
still a chance they'll hit the validation error but they should see the error
message toast

* add DateTimeInput into the options part of the poll form

add right padding to make room for the "clear" button.

allow field to be cleared (i.e. null pollExpiresAt) to allow
non-ending polls.

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-02-21 12:18:43 -06:00
keyan fe0d960208 handle other possible base64-like string encodings 2024-02-18 15:08:55 -06:00
ekzyis 1444ff476e
Validate pubkey, relay URL and secret of NWC URL (#810)
* Validate pubkey, relay URL and secret of NWC URL

* Fix NWC secret regexp

* Use sequential validation in Yup schema

* Add note about possible mismatch between hostnames and pubkeys

* Remove unused param
2024-02-14 15:09:13 -06:00
Alex Lewin b3498fe277
Add Opt-in to Display Linked Accounts in Profile (#826)
* Add display linked accounts to settings

* Apply suggestions from code review

Co-authored-by: ekzyis <ek@stacker.news>

* small styling enhancements

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-02-14 13:33:31 -06:00
keyan 5c3c7fb185 allow more restricted macroons fix #827 2024-02-14 12:58:25 -06:00
keyan e57671ba9b dont imply required websocket fix #830 2024-02-14 11:55:08 -06:00
ekzyis 5eeaf671f8 Fix settings save requires relay set 2024-02-14 18:27:35 +01:00
Keyan ec4e1b5da7
LND autowithdraw (#806)
* wip

* wip

* improved validatation, test connection before save, code reuse

* worker send to lnd

* autowithdraw priority
2024-02-13 13:17:56 -06:00
ekzyis 8238d4d5be
Enforce HTTPS for LNbits (#809)
* Enforce HTTPS for LNbits

* Use URL constructor
2024-02-11 17:39:06 -06:00
mzivil 6355d7eabc
Add nsfw setting to territories (#788)
* add nsfw column to sub

* add nsfw boolean to territorySchema

* save nsfw value in upsertSub mutation

* return nsfw value from Sub query for correct value in edit territory form

* add nsfw checkbox to territory form

* add nsfw badge to territory header

* add nsfwMode to user

* show nsfw badge next to item territory

* exclude nsfw sub from items query

* show nsfw mode checkbox on settings page

* fix nsfw badge formatting

* separate user from current, signed in user

* update relationClause to join with sub table

* refactor to simplify hide nsfw sql

* filter nsfw items when viewing user items

* hide nsfw posts for logged out users

* filter nsfw subs based on user preference

* show nsfw sub name if logged out user is viewing the page

* show current sub at the top of the list instead of bottom

* always join item with sub to check nsfw

* check for sub presence before showing nsfw badge on item

* skip manually adding sub to select if sub is null

* fix relationClause to join with root item

* move moderation and nsfw into accordion

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-02-09 20:35:32 -06:00
ekzyis 310011f05d
Expose WebLN interface via React Context (#749)
* Add LNbits card

* Save LNbits Provider in WebLN context

* Check LNbits connection on save

* refactor: put LNbitsProvider into own file

* Pay invoices using WebLN provider from context

* Remove deprecated FIXME

* Try WebLN provider first

* Fix unhandled promise rejection

* Fix this in sendPayment

* Be optimistic regarding WebLN zaps

This wraps the WebLN payment promise with Apollo cache updates.

We will be optimistics and assume that the payment will succeed and update the cache accordingly.

When we notice that the payment failed, we undo this update.

* Bold strike on WebLN zap

If lightning strike animation is disabled, toaster will be used.

* Rename undo variable to amount

* Fix zap undo

* Add NWC card

* Attempt to check NWC connection using info event

* Fix NaN on zap

Third argument of update is reserved for context

* Fix TypeError in catch of QR code

* Add basic NWC payments

* Wrap LNbits getInfo with try/catch

* EOSE is enough to check NWC connection

* refactor: Wrap WebLN providers into own context

I should have done this earlier

* Show red indicator on error

* Fix useEffect return value

* Fix wrong usage of pubkey

The event pubkey is derived from the secret. Doesn't make sense to manually set it. It's also the wrong pubkey: we're not the wallet service.

* Use p tag in NWC request

* Add comment about required filter field

* Aesthetic changes to NWC sendPayment

* Add TODO about receipt verification

* Fix WebLN attempted again after error

* Fix undefined name

* Add code to mock NWC relay

* Revert "Bold strike on WebLN zap"

This reverts commit a9eb27daec0cd2ef30b56294b05e0056fb5b4184.

* Fix update undo

* Fix lightning strike before payment

* WIP: Wrap WebLN payments with toasts

* add toasts for pending, error, success
* while pending, invoice can be canceled
* there are still some race conditions between payiny the invoice / error on payment and invoice cancellation

* Fix invoice poll using stale value from cache

* Remove unnecessary if

* Make sure that pay_invoice is declared as supported

* Check if WebLN provider is enabled before calling sendPayment

* Fix bad retry

If WebLN payments failed due to insufficient balances, the promise resolved and thus the action was retried but failed immediately since the invoice (still) wasn't paid.

* Fix cache undo update

* Fix no cache update after QR payment

* refactor: Use fragments to undo cache updates

* Remove console.log

* Small changes to NWC relay mocking

* Return SendPaymentResponse

See https://www.webln.guide/building-lightning-apps/webln-reference/webln.sendpayment

* Also undo cache update on retry failure

* Disable NWC mocking

* Fix initialValue not set

But following warning is now shown in console:

"""
Warning: A component is changing a controlled input to be uncontrolled.
This is likely caused by the value changing from a defined to undefined, which should not happen.
Decide between using a controlled or uncontrolled input element for the lifetime of the component. More info: https://reactjs.org/link/controlled-components
"""

* Remove comment since only relevant for blastr (mutiny relay)

* Remove TODO

* Fix duplicate cache update

* Fix QR modal not closed after payment

* Ignore lnbits variable unused

* Use single relay connection for all NWC events

* Fix missing timer and subscription cleanup

* Remove TODO

Confirmed that nostr-tools verifies events and filters for us.

See https://github.com/nbd-wtf/nostr-tools/blob/master/abstract-relay.ts#L161

* Fix switch from controlled to uncontrolled input

* Show 'configure' on error

* Use budgetable instead of async

* Remove EOSE listener

Only nostr.mutinywallet.com didn't respond with info events due to implementation-specific reasons. This is no longer the case.

* Use invoice expiry for NWC timeout

I don't think there was a specific reason why I used 60 seconds initially.

* Validate LNbits config on save

* Validate NWC config on save

* Also show unattach if configuration is invalid

If unattach is only shown if configuration is valid, resetting the configuration is not possible while it's invalid. So we're stuck with a red wallet indicator.

* Fix detection of WebLN payment

It depended on a Apollo cache update function being available. But that is not the case for every WebLN payment.

* Fix formik bag lost

* Use payment instead of zap in toast

* autoscale capture svc by response time

* docs and changes for testing lnbits locally

* Rename configJSON to config

Naming of config object was inconsistent with saveConfig function which was annoying.

Also fixed other inconsistencies between LNbits and NWC provider.

* Allow setting of default payment provider

* Update TODO comment about provider priority

The list 'paymentMethods' is not used yet but is already implemented for future iterations.

* Add wallet security disclaimer

* Update labels

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-02-08 12:33:13 -06:00
ekzyis 40f2697675 Disallow automated withdrawals to same node 2024-01-13 17:32:54 +01:00
ekzyis 12f9c4761d Fix isNaN checks 2024-01-13 17:32:53 +01:00
keyan b530b611f5 disable self sends in autowithdraw 2024-01-12 09:37:50 -06:00
keyan 86e8350994 autowithdraw to lightning address 2024-01-11 13:10:07 -06:00
keyan 385b07a506 increase bounty limits 2023-12-27 10:23:54 -06:00
keyan 374a7985da unify zap/downzap/bounty mutation 2023-12-26 16:51:47 -06:00
keyan 4013c26bb7 add minimum title length 2023-12-08 14:31:06 -06:00
keyan 10203f565c territories 2023-12-04 21:34:06 -06:00
keyan aeb3ab40fa max length on text 2023-12-04 13:20:56 -06:00
rleed c1c1240eab
Add a setting for Default Withdrawal max fee (#552)
* add setting for default withdrawal max fee

* Update pages/settings.js

Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>

* remove extraneous fallback of 21

---------

Co-authored-by: rleed <rleed1@pm.me>
Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>
2023-10-20 19:09:41 -05:00
SatsAllDay 362f95add9
LUD-18 Wallet implementation (#531)
* LUD-18 Wallet implementation

Query the lightning address provider client-side to learn of capabilities

Conditionally render LUD-12 and LUD-18 fields based on what the remote
server says is supported

Allow identifier, name, and email to be sent from the SN side during the withdrawal flow. Auth seems too complicated for our use case, and idk about pubkey?

* Clear inputs if the new ln addr provier doesn't support those fields

* various ux improvements

* dynamic client-side validation for required payer data

* don't re-init form state on error

* correct min and max amount values

* only send applicable data to graphql api based on payerdata schema

* input type for numeric values (amount, max fee)

* update step for amount and max fee

* Fix identifier optional and field blur

* reuse more code

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-10-03 18:22:56 -05:00
SatsAllDay 3acaee377b
LUD-18 Service Support (#518)
* first pass of LUD-18 support

* Various LUD-18 updates

* don't cache the well-known response, since it includes randomly generated single use values

* validate k1 from well-known response to pay URL

* only keep k1's for 10 minutes if they go unused

* fix validation logic to make auth object optional

* Various LUD18 updates

* move k1 cache to database

* store payer data in invoice db table

* show payer data in invoices on satistics page

* show comments and payer data on invoice page

* Show lud18 data in invoice notification

* PayerData component for easier display of info in invoice, notification, wallet history

* `payerData` -> `invoicePayerData` in fact schema

* Merge prisma migrations

* lint fixes

* worker job to clear out unused lnurlp requests after 30 minutes

* More linting

* Move migration to older

* WIP review

* enhance lud-18

* refine notification ui

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-10-03 14:35:53 -05:00
keyan 51299820b9 fix module issues when running worker 2023-09-26 20:33:54 -05:00
keyan 370e3c1c48 raise boost minimum to 25k, enhance editing boost, JIT fund editing costs 2023-09-25 19:54:35 -05:00
SatsAllDay d60a589bc0
Implementing LUD-12 comments on payRequest in LNURLP Lightning Address flow (sending and receiving) (#498)
* Prototype implementing LUD-12 comments on payRequest in LNURLP Lightning Address flow

* Support sending comment when withdrawing to ln addr (LUD-12)

* Prevent `initialError` from being toasted informs multiple times

* delete the old create_invoice function

* improve lightning addr withdrawal styling

* allow lnaddr comment to show up in notifications

* enhance satistics

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-09-23 20:14:49 -05:00
ekzyis 3a7c3f7af2
Add setting to send diagnostics back to SN (#463)
* Add diagnostics settings & endpoint

Stackers can now help us to identify and fix bugs by enabling diagnostics.

This will send anonymized data to us.

For now, this is only used to send events around push notifications.

* Send diagnostics to slack

* Detect OS

* Diagnostics data is only pseudonymous, not anonymous

It's only pseudonymous since with additional knowledge (which stacker uses which fancy name), we could trace the events back to individual stackers.

Data is only anonymous if this is not possible - it must be irreversible.

* Check if window.navigator is defined

* Use Slack SDK

* Catch errors of slack requests

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2023-09-18 18:00:16 -05:00
SatsAllDay bc2363dfab
Verified contributors (#474)
* `isContributor`, `hideIsContributor` user fields and basic UI decoration on profile page

* Update verified contributor decoration on profile page

* Add contributors instructions

* update setting label

* Remove `isContributor` from DB, load contributors from file into memory

* fix merge error

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2023-09-18 13:57:02 -05:00
ekzyis 6df654b208
Hide wallet balance (#481)
* Hide wallet balance on long press

* Use setting to hide wallet balance

* Fix layout shift on hover

* Fix SSR warning about useLayoutEffect

See https://reactjs.org/link/uselayouteffect-ssr

* Also hide balance in wallet

---------

Co-authored-by: ekzyis <ek@stacker.news>
2023-09-12 12:19:26 -05:00
SatsAllDay 1a6dc879a2
Dependency inject `me` into post validation schemas to enforce no forwarding posts to self (#485)
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2023-09-12 11:56:59 -05:00
keyan 9064224fd3 allow input character overflow for editting 2023-09-11 19:59:36 -05:00