Commit Graph

25 Commits

Author SHA1 Message Date
ekzyis bb2212d51e Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.

Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
2023-08-10 07:10:07 +02:00
ekzyis 118f591d04 Merge branch 'master' into 266-zaps-without-account 2023-08-10 03:34:38 +02:00
ekzyis 67a0de3ea5
Notifications with nostr info (#368)
* Show zap message and pubkey in notifications

+ show zap request event in invoice view

* enhance ui

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-08 13:19:31 -05:00
ekzyis fd8510d59f Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.

Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
2023-07-30 23:45:07 +02:00
keyan 7542dd6cc4 upgrade to prisma 4 2023-07-26 19:18:42 -05:00
keyan 59f7b6ff26 Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""
This reverts commit 18910fa2ed.
2023-07-23 10:08:43 -05:00
keyan 18910fa2ed Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"
This reverts commit d0314ab73c.
2023-07-23 09:16:12 -05:00
keyan d0314ab73c shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades 2023-07-21 17:33:11 -05:00
keyan 41226245c5 referrals 2022-12-19 16:27:52 -06:00
keyan 1bf747c7c0 sats to msats 2022-11-16 10:57:03 -06:00
keyan 6373767ad5 remove unused gql type 2022-01-24 12:39:14 -06:00
keyan e37475f927 send to lightning address 2022-01-24 11:25:15 -06:00
keyan bbc34edf51 satistics done 2021-12-16 14:02:17 -06:00
keyan d92f58aaf4 inv & with satistics + filtering 2021-12-16 11:27:12 -06:00
keyan 06f5ed731e satisitics with invoice & withdrawal 2021-12-15 10:50:11 -06:00
keyan 8cdeb18216 WIP wallet history, inv/with graphql query 2021-12-14 10:42:54 -06:00
keyan ca54abcf09 WIP wallet history 2021-12-13 14:48:19 -06:00
keyan 4d161a8092 add sticky footer 2021-06-02 19:15:28 -04:00
keyan 157488ea5d make withdrawls mostly work 2021-05-13 16:19:51 -05:00
keyan ce55fdfe9c withdrawl page 2021-05-13 08:28:38 -05:00
keyan 7a8afd56c3 partial withdrawl 2021-05-12 20:51:37 -05:00
keyan d92fc12187 half done with wallets 2021-05-12 18:04:19 -05:00
keyan bc0389e622 invoiced ... WIP transactions 2021-05-11 10:52:50 -05:00
keyan 4b07edf6f5 ready for invoices 2021-05-06 16:15:22 -05:00
keyan 10d848b5bd collapse 'em 2021-04-30 16:42:51 -05:00