Commit Graph

118 Commits

Author SHA1 Message Date
ekzyis 17a0106fcc Hash API keys with SHA-256 and never show them again 2024-03-26 22:33:18 +01:00
ekzyis d237861ff5
Use module path aliases (#938)
* Use module path aliases

* fix broken refactor

* path mapping for svgs, style, and remaining places (bonus: lose babel dep)

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 19:37:31 -05:00
ekzyis 22ff832efb
Don't export sendUserNotification (#937)
* Rename file to webPush.js

* Move webPush code into lib/webPush

* Don't export sendUserNotification

* Fix null in deposit push notification

* restore deposit notification change

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 17:43:04 -05:00
ekzyis b03295ce59
Put all Web Push code into lib/webPush.js (#936)
* Rename file to webPush.js

* Move webPush code into lib/webPush
2024-03-19 15:48:13 -05:00
ekzyis 687012d1a0
API Keys (#915)
* Generate API key in settings

* Check x-api-key for GraphQL API requests

* Don't fallback to cookie if x-api-key header was provided

* Select all session fields

* Fix error if API key not found

* Fix style in settings via form-label className

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-03-14 15:32:34 -05:00
Alex Lewin b3498fe277
Add Opt-in to Display Linked Accounts in Profile (#826)
* Add display linked accounts to settings

* Apply suggestions from code review

Co-authored-by: ekzyis <ek@stacker.news>

* small styling enhancements

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-02-14 13:33:31 -06:00
keyan 61c64646b5 use capture microservice 2024-01-30 18:22:40 -06:00
keyan 86e8350994 autowithdraw to lightning address 2024-01-11 13:10:07 -06:00
ekzyis c267bf92fd
Fix TypeError (reading 'catch') (#742)
Co-authored-by: ekzyis <ek@stacker.news>
2024-01-10 14:18:41 -06:00
ekzyis 2151323c8d
Use LND subscriptions (#726)
* Use parallel invoice subscriptions

* Fix missing idempotency

* Log error

* Use cursor for invoice subscription

* Subscribe to outgoing payments for withdrawals

* Add TODO comments regarding migration to LND subscriptions

* Also use isPoll variable in checkInvoice

* Queue status check of pending withdrawals

* Use for loop to check pending withdrawals

* Reconnect to LND gRPC API on error

* Fix hash modified of applied migrations

* Separate wallet code from worker index

* refactor subscription code some more

* remove unnecessary subWrapper abstraction
* move all wallet related code into worker/wallet.js such that only a single import is needed in worker/index.js

* Migrate from polling to LND subscriptions

* Remove unnecessary reconnect code

* Add FIXME

* Add listener for HODL invoice updates

* Remove obsolete comment

* Update README

* Add job to cancel hodl invoice if expired

* Fix missing else

* small bug fixes and readability enhancements

* refine and add periodic redundant deposit/withdrawal checks

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-01-08 16:37:58 -06:00
keyan ee68bd2946 hide lnurlpay errors while still reporting errors accurately 2023-12-18 18:02:39 -06:00
keyan 13f3a89540 gofac node ip 2023-12-17 15:14:59 -06:00
keyan d3fac7f968 fix qr withdrawal 2023-12-15 18:13:24 -06:00
keyan a5e50821b7 gofac yourself 2023-12-14 11:30:51 -06:00
keyan c214d6283f enable prod graphql introspection 2023-11-22 09:16:40 -06:00
keyan 4a35c13ff3 embed graphql sandbox 2023-11-21 16:46:03 -06:00
keyan 49e9131cfe don't return promise from authorize 2023-11-12 10:46:06 -06:00
keyan 94cbc902d6 remove jwt migrations 2023-10-13 19:58:16 -05:00
keyan da3d5ffd5f fix empty email profile in latest version of next-auth 2023-10-13 19:50:50 -05:00
Satoshi Nakamoto e9c0c06779 Various LUD-18 fixes
* Debounce the `onAddrChange` event handler when sending to a LN Address,
so we more accurately display the input form for LUD-12 and LUD-18 options

* Remove explicit URI encoding of Payer Data when sending to a LN Addr, since we're getting encoding for free via URLSearchParams

* Append `@stacker.news` to identifier values sent in payer data

* Don't do extra decoding when receiving LUD-18 data
2023-10-05 10:27:01 -04:00
keyan c77d761ab6 Merge branch 'fix' 2023-10-04 19:35:09 -05:00
keyan 0767b23d80 remove payer data encoding before going to db 2023-10-04 19:34:32 -05:00
ekzyis 425220d8cb
More push notification types (#530)
* Add push notifications for referrals

* Add push notifications for daily rewards

* Add push notifications for deposits

* Add push notifications for earning cowboy hats

* Use streak id to synchronize blurb

* Fix usage of magic number for blurbs

* Fix missing catch

* Add push notification for losing cowboy hats

* Fix null in deposit push notification

* Add push notification for invites

* Don't replace streak push notifications

* Fix missing unit in daily reward push notification title

* Attach sats to payload options instead of parsing title

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2023-10-04 18:20:52 -05:00
SatsAllDay 3acaee377b
LUD-18 Service Support (#518)
* first pass of LUD-18 support

* Various LUD-18 updates

* don't cache the well-known response, since it includes randomly generated single use values

* validate k1 from well-known response to pay URL

* only keep k1's for 10 minutes if they go unused

* fix validation logic to make auth object optional

* Various LUD18 updates

* move k1 cache to database

* store payer data in invoice db table

* show payer data in invoices on satistics page

* show comments and payer data on invoice page

* Show lud18 data in invoice notification

* PayerData component for easier display of info in invoice, notification, wallet history

* `payerData` -> `invoicePayerData` in fact schema

* Merge prisma migrations

* lint fixes

* worker job to clear out unused lnurlp requests after 30 minutes

* More linting

* Move migration to older

* WIP review

* enhance lud-18

* refine notification ui

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-10-03 14:35:53 -05:00
keyan 0dad69111e add a tag to zap receipts 2023-09-28 15:52:59 -05:00
SatsAllDay d60a589bc0
Implementing LUD-12 comments on payRequest in LNURLP Lightning Address flow (sending and receiving) (#498)
* Prototype implementing LUD-12 comments on payRequest in LNURLP Lightning Address flow

* Support sending comment when withdrawing to ln addr (LUD-12)

* Prevent `initialError` from being toasted informs multiple times

* delete the old create_invoice function

* improve lightning addr withdrawal styling

* allow lnaddr comment to show up in notifications

* enhance satistics

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-09-23 20:14:49 -05:00
ekzyis 3a7c3f7af2
Add setting to send diagnostics back to SN (#463)
* Add diagnostics settings & endpoint

Stackers can now help us to identify and fix bugs by enabling diagnostics.

This will send anonymized data to us.

For now, this is only used to send events around push notifications.

* Send diagnostics to slack

* Detect OS

* Diagnostics data is only pseudonymous, not anonymous

It's only pseudonymous since with additional knowledge (which stacker uses which fancy name), we could trace the events back to individual stackers.

Data is only anonymous if this is not possible - it must be irreversible.

* Check if window.navigator is defined

* Use Slack SDK

* Catch errors of slack requests

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2023-09-18 18:00:16 -05:00
keyan 5de7573362 update daily permalink 2023-09-12 20:21:16 -05:00
ekzyis e2548e718d
Remove orientation from manifest (#483)
This overrides OS auto-rotate settings on Android. This means that the PWA does auto-rotate even if the OS setting to auto-rotate is not enabled.

This property is experimental and only supported by Chromium-based browsers anyway.

Also, you can still manually rotate if you want.

Co-authored-by: ekzyis <ek@stacker.news>
2023-09-11 14:58:41 -05:00
ekzyis 07e065d4be
Fix negative maxWithdrawable (#438)
Co-authored-by: ekzyis <ek@stacker.news>
2023-08-23 15:32:42 -05:00
keyan df6575d701 remove slashtags completely 2023-08-17 13:40:21 -05:00
keyan ddb69b5d9b remove slashtags temporarily 2023-08-16 19:49:00 -05:00
SatsAllDay e6ee7f73c4
Make the web manifest dynamic to incorporate preferred color scheme (#398)
Remove the static manifest file and serve it via an API route instead.

Change the background color of the PWA depending on the client hint provided data
2023-08-15 12:58:27 -05:00
ekzyis b9461b7eb3
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps

* Add anon comments and posts (link, discussion, poll)

* Use payment hash instead of invoice id as proof of payment

Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.

Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.

* Allow pay per invoice for stackers

The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"

* Fix onSuccess called twice

For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.

This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.

* Keep invoice modal open if focus is lost

* Skip anon user during trust calculation

* Add error handling

* Skip 'invoice not found' errors

* Remove duplicate insufficient funds handling

* Fix insufficient funds error detection

* Fix invoice amount for comments

* Allow pay per invoice for bounty and job posts

* Also strike on payment after short press

* Fix unexpected token 'export'

* Fix eslint

* Remove unused id param

* Fix comment copy-paste error

* Rename to useInvoiceable

* Fix unexpected token 'export'

* Fix onConfirmation called at every render

* Add invoice HMAC

This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.

Only the user which created the invoice knows the HMAC and thus can use the invoice hash.

* make anon posting less hidden, add anon info button explainer

* Fix anon users can't zap other anon users

* Always show repeat and contacts on action error

* Keep track of modal stack

* give anon an icon

* add generic date pivot helper

* make anon user's invoices expire in 5 minutes

* fix forgotten find and replace

* use datePivot more places

* add sat amounts to invoices

* reduce anon invoice expiration to 3 minutes

* don't abbreviate

* Fix [object Object] as error message

Any errors thrown here are already objects of shape { message: string }

* Fix empty invoice creation attempts

I stumbled across this while checking if anons can edit their items.

I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:

  Variable "$amount" of required type "Int!" was not provided.

I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.

* anon func mods, e.g. inv limits

* anon tips should be denormalized

* remove redundant meTotalSats

* correct overlay zap text for anon

* exclude anon from trust graph before algo runs

* remove balance limit on anon

* give anon a bio and remove cowboy hat/top stackers;

* make anon hat appear on profile

* concat hash and hmac and call it a token

* Fix localStorage cleared because error were swallowed

* fix qr layout shift

* restyle fund error modal

* Catch invoice errors in fund error modal

* invoice check backoff

* anon info typo

* make invoice expiration times have saner defaults

* add comma to anon info

* use builtin copy input label

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 18:50:57 -05:00
ekzyis 7369bd819d
Add nostr login (#367)
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-07 19:50:01 -05:00
keyan ffb856ae88 fix oauth signup 2023-08-07 15:05:55 -05:00
keyan c7e2623461 increase apollo slowlog threshold 2023-07-31 16:02:50 -05:00
keyan c909efb7b7 update wallet code to prisma 5, handle prisma 5 errors on serialization 2023-07-31 08:31:40 -05:00
keyan d04dc691df provide jwt migration 2023-07-30 14:03:24 -05:00
keyan 5232b59625 upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
keyan 7542dd6cc4 upgrade to prisma 4 2023-07-26 19:18:42 -05:00
keyan 672853a7ea upgrade to prisma 3 2023-07-26 11:01:31 -05:00
keyan ab2046ab0b fix issues with new linting 2023-07-25 09:14:45 -05:00
keyan dae9c64e96 more package updates 2023-07-24 19:50:55 -05:00
keyan 59f7b6ff26 Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""
This reverts commit 18910fa2ed.
2023-07-23 10:08:43 -05:00
keyan 18910fa2ed Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"
This reverts commit d0314ab73c.
2023-07-23 09:16:12 -05:00
keyan d0314ab73c shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades 2023-07-21 17:33:11 -05:00
keyan 93afd4ea9a fix credentials login/signup/link bug 2023-07-10 19:20:38 -05:00
keyan e8aa0a4dae users? => stackers? 2023-07-09 12:53:50 -05:00
keyan 59ee15b551 new user email copy 2023-06-19 17:42:47 -05:00