Commit Graph

33 Commits

Author SHA1 Message Date
Keyan 76218dccac
batch zap requests (#1424) 2024-09-24 09:38:48 -05:00
ekzyis be7ea41d03
Always set Secure for multi auth cookies in prod (#1404) 2024-09-13 13:00:16 -05:00
ekzyis a32d1f2177
Use X-Forwarded-Proto to detect scheme (#1403) 2024-09-13 12:27:52 -05:00
ekzyis a6713f9793
Account Switching (#644)
* WIP: Account switching

* Fix empty USER query

ANON_USER_ID was undefined and thus the query for @anon had no variables.

* Apply multiAuthMiddleware in /api/graphql

* Fix 'you must be logged in' query error on switch to anon

* Add smart 'switch account' button

"smart" means that it only shows if there are accounts to which one can switch

* Fix multiAuth not set in backend

* Comment fixes, minor changes

* Use fw-bold instead of 'selected'

* Close dropdown and offcanvas

Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work.

For the offcanvas, we need to pass down handleClose.

* Use button to add account

* Some pages require hard reload on account switch

* Reinit settings form on account switch

* Also don't refetch WalletHistory

* Formatting

* Use width: fit-content for standalone SignUpButton

* Remove unused className

* Use fw-bold and text-underline on selected

* Fix inconsistent padding of login buttons

* Fix duplicate redirect from /settings on anon switch

* Never throw during refetch

* Throw errors which extend GraphQLError

* Only use meAnonSats if logged out

* Use reactive variable for meAnonSats

The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats.

Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables.

We do this now and thus also don't need the useEffect hack in item-info.js anymore.

* Switch to new user

* Fix missing cleanup during logout

If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set.

This meant that during logout, the other 'multi_auth.*' cookies were not deleted.

This broke the account switch modal.

This is fixed by setting the 'multi_auth.user-id' cookie on login.

Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set).

* Fix comments in middleware

* Remove unnecessary effect dependencies

setState is stable and thus only noise in effect dependencies

* Show but disable unavailable auth methods

* make signup button consistent with others

* Always reload page on switch

* refine account switch styling

* logout barrier

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: k00b <k00b@stacker.news>
2024-09-12 13:05:11 -05:00
keyan 6e8d7ef1b8 allow slog logs to be disabled/configured 2024-07-01 16:48:54 -05:00
SatsAllDay 15f9950477
Store hashed and salted email addresses (#1111)
* first pass of hashing user emails

* use salt

* add a salt to .env.development (prod salt needs to be kept a secret)
* move `hashEmail` util to a new util module

* trigger a one-time job to migrate existing emails via the worker

so we can use the salt from an env var

* move newsletter signup

move newsletter signup to prisma adapter create user with email code path
so we can still auto-enroll email accounts without having to persist the email address
in plaintext

* remove `email` from api key session lookup query

* drop user email index before dropping column

* restore email column, just null values instead

* fix function name

* fix salt and hash raw sql statement

* update auth methods email type in typedefs from str to bool

* remove todo comment

* lowercase email before hashing during migration

* check for emailHash and email to accommodate migration window

update our lookups to check for a matching emailHash, and then a matching
email, in that order, to accommodate the case that a user tries to login
via email while the migration is running, and their account has not yet been migrated

also update sndev to have a command `./sndev email` to launch the mailhog inbox in your browser

also update `./sndev login` to hash the generated email address and insert it into the db record

* update sndev help

* update awards.csv

* update the hack in next-auth to re-use the email supplied on input to `getUserByEmail`

* consolidate console.error logs

* create generic open command

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-05-04 18:06:15 -05:00
ekzyis 17a0106fcc Hash API keys with SHA-256 and never show them again 2024-03-26 22:33:18 +01:00
ekzyis d237861ff5
Use module path aliases (#938)
* Use module path aliases

* fix broken refactor

* path mapping for svgs, style, and remaining places (bonus: lose babel dep)

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 19:37:31 -05:00
ekzyis 687012d1a0
API Keys (#915)
* Generate API key in settings

* Check x-api-key for GraphQL API requests

* Don't fallback to cookie if x-api-key header was provided

* Select all session fields

* Fix error if API key not found

* Fix style in settings via form-label className

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-03-14 15:32:34 -05:00
keyan a5e50821b7 gofac yourself 2023-12-14 11:30:51 -06:00
keyan c214d6283f enable prod graphql introspection 2023-11-22 09:16:40 -06:00
keyan 4a35c13ff3 embed graphql sandbox 2023-11-21 16:46:03 -06:00
keyan ddb69b5d9b remove slashtags temporarily 2023-08-16 19:49:00 -05:00
keyan c7e2623461 increase apollo slowlog threshold 2023-07-31 16:02:50 -05:00
keyan 5232b59625 upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
keyan 7542dd6cc4 upgrade to prisma 4 2023-07-26 19:18:42 -05:00
keyan 59f7b6ff26 Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""
This reverts commit 18910fa2ed.
2023-07-23 10:08:43 -05:00
keyan 18910fa2ed Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"
This reverts commit d0314ab73c.
2023-07-23 09:16:12 -05:00
keyan d0314ab73c shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades 2023-07-21 17:33:11 -05:00
keyan 9644a9f867 slashtags auth 2023-01-18 12:49:20 -06:00
keyan 525cab2573 upgrade deps 2022-11-06 11:28:58 -06:00
keyan aa4ac2ecc9 add ln addr + lnurl pay qr code to profile pages 2022-05-06 14:34:35 -05:00
keyan dc44764008 limit related queries in me query for SSR 2022-04-28 17:00:09 -05:00
keyan 934c5021a9 a few perf enhancements + gql slowlogs 2022-04-28 13:11:05 -05:00
keyan 8e0aaab161 refine module instantiation 2022-04-27 17:06:42 -05:00
keyan 188230c37c add notification settings 2022-04-21 17:50:02 -05:00
keyan 28b86af898 basic search query api 2022-01-26 09:35:14 -06:00
keyan ca1a95094c ssr everything 2021-09-30 10:46:58 -05:00
keyan bf73e98425 add lightning 2021-04-29 16:58:43 -05:00
keyan f7b92d64c3 improve resolver and provide sats/$ 2021-04-29 10:56:28 -05:00
keyan 28ed42fc29 more progress 2021-04-14 18:56:29 -05:00
keyan 9acde2df1c a bunch of increments 2021-04-12 13:05:09 -05:00
keyan 341b3a291a begin working on db schema 2021-03-25 14:29:24 -05:00