Commit Graph

606 Commits

Author SHA1 Message Date
SatsAllDay 4b77e7a1a9
Limit scope of API Keys (#989)
* first pass of disallowing certain APIs with API keys

Disallow the following APIs:
* item.act (zap)
* create withdrawal
* unlink auth method
* link unverified email

* disallow creating lnauths via API key to stop the flow of linking via lnauth

* undo the limitation on donating to rewards

* revert the assertion on createAuth

* assert no api key on createWithdrawal and sendToLNAddr

* incorporate PR feedback by adding API Key negative assertion to more mutations:

* `createInvite`
* `createAuth`
* `upsertWalletLND` by way of `upsertWallet`
* `upsertWalletLNAddr` by way of `upsertWallet`
2024-04-03 15:11:06 -05:00
keyan 2c9e668177 april million sat madness 2024-04-01 08:56:13 -05:00
keyan b12cf53630 specify non-reward days better 2024-03-31 14:21:08 -05:00
keyan 1e3a836fbc update reward notification for msm 2024-03-30 18:46:01 -05:00
Keyan 4c2fcec69b
Merge pull request #982 from stackernews/nav
Improved navigation with dedicated mobile navigation
2024-03-27 16:53:19 -05:00
keyan bfe5edcfe3 search all territories by default + more intuitive search filters 2024-03-26 18:37:40 -05:00
ekzyis 17a0106fcc Hash API keys with SHA-256 and never show them again 2024-03-26 22:33:18 +01:00
ekzyis 922d2394fd Remove unnecessary withdrawl field 2024-03-26 02:10:46 +01:00
ekzyis 3388f818cf Add withdrawal notifications 2024-03-26 00:50:48 +01:00
keyan edb3dd365c denormalize last zap on item for notification querying 2024-03-24 14:16:29 -05:00
Keyan a7b0272200
denormalize replies (#958) 2024-03-23 23:15:00 -05:00
SatsAllDay 7087647cc0
Add top stackers, spender, and cowboys to newsletter (#954)
* Add top cowboys, stackers, and spenders to newsletter

* Rearrange to match the issue title

* fix top spenders `by` variable

* Update user resolver for top users `spending` `by` value

* wrap in try catch to not have errors break the script execution

return the array as defined whenever an error occurs
2024-03-23 12:23:31 -05:00
ekzyis 889d494eaf
Disable billing autorenew on transfer (#950) 2024-03-20 19:59:06 -05:00
ekzyis a22db1a6a3
Fix timing between billedLastAt and billPaidUntil (#952) 2024-03-20 19:52:38 -05:00
ekzyis b35302ccdc
Fix territory transfer sent to everyone (#946) 2024-03-20 16:45:30 -05:00
ekzyis d237861ff5
Use module path aliases (#938)
* Use module path aliases

* fix broken refactor

* path mapping for svgs, style, and remaining places (bonus: lose babel dep)

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 19:37:31 -05:00
ekzyis 22ff832efb
Don't export sendUserNotification (#937)
* Rename file to webPush.js

* Move webPush code into lib/webPush

* Don't export sendUserNotification

* Fix null in deposit push notification

* restore deposit notification change

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 17:43:04 -05:00
ekzyis 687d71f246
Purchase archived territories (#897)
* Handle archived territories in territory form

* Use dedicated mutation

* Add sanity check for eternal territories

* Fix fields and cost ignored

* Remove no longer needed manual validation in upsertSub

* Remove founder check

* Always check if sub is archived

Using { abortEarly: false } now since previously, if no description was not given, we wouldn't detect if the sub was archived since validation would abort on empty descriptions.

Only on submission all fields would get validated but since we ignore archived errors during submission, the user would never see that the sub is archived before submission
+ the wrong mutation would run if archived is not already true before submission.

Hence, we need to validate all fields always.

There is currently still a bug where the validation does not immediately run but maybe this can be fixed by simply using validateImmediately on the Formik component.

* Fix archived warning not shown after first render

* Only create transfers if owner actually changes

* Reuse helper functions in lib/territory.js

* Rename var to editing

* Use onChange instead of validation override

* Run same validation on server for unarchiving

* Fix 'territory archived' shown during edits

* Use && instead of ternary operator for conditional query

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-03-19 17:23:59 -05:00
ekzyis b03295ce59
Put all Web Push code into lib/webPush.js (#936)
* Rename file to webPush.js

* Move webPush code into lib/webPush
2024-03-19 15:48:13 -05:00
ekzyis 3e56bbe9c0 Don't filter by pins in home 2024-03-17 16:47:13 +01:00
ekzyis 687012d1a0
API Keys (#915)
* Generate API key in settings

* Check x-api-key for GraphQL API requests

* Don't fallback to cookie if x-api-key header was provided

* Select all session fields

* Fix error if API key not found

* Fix style in settings via form-label className

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-03-14 15:32:34 -05:00
ekzyis 501885cfa0
Ignore if sub belongs to user during existence check (#904)
* Ignore if sub belongs to user during existence check

* Remove code no longer needed

* Fix territory edit

Territory edits were broken because validation failed for existing territories and if you edit an territory, it obviously already exists.

This commit fixes this by ignoring the territory that we're currently editing.

* Fix existence check using stale cache

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-03-14 11:17:53 -05:00
ekzyis c8e65d5a23
Don't hide self in top even if hidden (#905)
* Don't hide self in top even if hidden

* Also don't hide self in top cowboys

* only use anon icon for anon stuff

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-13 19:26:59 -05:00
ekzyis 96d3034c66
Fix image fees undefined and not enforced if logged in (#909)
* Fix image fees not enforced

* Fix image fees undefined

* Add comment about return value
2024-03-13 16:08:55 -05:00
keyan 575a820a7a fix broken merge 2024-03-06 14:35:45 -06:00
Keyan 48aef15a07
use keyset pagination for notifications (#899) 2024-03-06 13:53:13 -06:00
ekzyis b379e7467f
Territory transfers (#878)
* Allow founders to transfer territories

* Log territory transfers in new AuditLog table

* Add territory transfer notifications

* Use polymorphic AuditEvent table

* Add setting for territory transfer notifications

* Add push notification

* Rename label from user to stacker

* More space between cancel and confirm button

* Remove AuditEvent table

The audit table is not necessary for territory transfers and only adds complexity and unrelated discussion to this PR.

Thinking about a future-proof schema for territory transfers and how/what to audit at the same time made my head spin.

Some thoughts I had:

1. Maybe using polymorphism for an audit log / audit events is not a good idea

Using polymorphism as is currently used in the code base (user wallets) means that every generic event must map to exactly one specialized event.

Is this a good requirement/assumption? It already didn't work well for naive auditing of territory transfers since we want events to be indexable by user (no array column) so every event needs to point to a single user but a territory transfer involves multiple users.

This made me wonder: Do we even need a table? Maybe the audit log for a user can be implemented using a view? This would also mean no data denormalization.

2. What to audit and how and why?

Most actions are already tracked in some way by necessity: zaps, items, mutes, payments, ...

In that case: what is the benefit of tracking these things individually in a separate table?

Denormalize simply for convenience or performance? Why no view (see previous point)? Use case needs to be more clearly defined before speccing out a schema.

* Fix territory transfer notification id conflict

* Use include instead of two separate queries

* Drop territory transfer setting

* Remove trigger usage

* Prevent transfers to yourself
2024-03-05 13:56:02 -06:00
keyan b16234630b better link rel attr handling 2024-03-04 19:20:14 -06:00
Keyan 0b0e36e3cb
Monthly rewards (#890)
* show placeholder for hidden stackers in top

* top rewardability views

* make territory revenue idependent job

* monthly rewards and leaderboard on rewards pages

* fix earn reschedule

* add query for rewards leaderboard

* reduce likelihood of rewards racing with views

* fix earn and refine values views
2024-03-01 10:28:55 -06:00
ekzyis 508008f586
Fix Sub.meSubscription not resolved on page load (#888) 2024-02-28 09:31:31 -06:00
ekzyis fa4f09ddca
Territory notifications for everyone (#870)
* Territory notifications

* Migrate old setting to new table

* Auto subscribe founders to their territories on creation

* Fix (un)subscribe not shown to founder

* Rename to toggleSubSubscription

* Fix inconsistency between toggleSubSubscription and toggleMuteSub

* Add dedicated button in header for following territories

* Don't drop noteTerritoryPosts column

* Fix db dip in Sub.meSubscription resolver

* Move territory subscribe to new territory context menu

* Decrease space between share icon and mute button

* Fix eslint
2024-02-23 09:12:49 -06:00
mzivil b0bf7add34
Show founded territories on profile (#868)
* add nterritories field to User

* add userSubs query

* show territories tab on user profiles

hide the tab if user has 0 territories, except when the
viewer navigated directly to the user's territories page

* add USER_WITH_SUBS query for user territories page

* add user territories page
2024-02-21 19:55:48 -06:00
mzivil 46a0af19eb
Make poll expiration configurable (#860)
* add poll expires at column to Item table

* update upsertPoll mutation for pollExpiresAt param

* use pollExpiresAt to show time left for poll

* correctly pluralize days for timeLeft

* correctly update pollExpiresAt when item is updated to remove poll expiration

* add DateTimePicker and DateTimeInput components to select datetimes

* update pollExpiresAt to be nullable and more than 1 day in the future

* hide time left text if poll has no expiration

* initialize pollExpiresAt with current value or default of 25 hours in the future

we add a one hour time buffer so that the user doesn't get a validation error
for pollExpiresAt if they post their poll within an hour from creation. there's
still a chance they'll hit the validation error but they should see the error
message toast

* add DateTimeInput into the options part of the poll form

add right padding to make room for the "clear" button.

allow field to be cleared (i.e. null pollExpiresAt) to allow
non-ending polls.

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-02-21 12:18:43 -06:00
keyan fe0d960208 handle other possible base64-like string encodings 2024-02-18 15:08:55 -06:00
keyan 3106850ce9 fix reference to old materialized view 2024-02-16 12:58:50 -06:00
Keyan 798fab097d
Make territory billing period changeable (#840)
* allow updates to territory billing

* simplify prorating

* handle updates during grace period and rehydrating archive
2024-02-16 12:25:12 -06:00
keyan 57917d47a2 fix lnaddr autowithdraw 2024-02-15 08:59:45 -06:00
Dillon 35d212573e
auto canceling bolt11s from lnd when auto dropped from DB (#793)
* auto canceling bolt11s from lnd when auto dropped from DB

* auto canceling bolt11s from lnd when auto dropped from DB

* removed semicolon for lint

* changed cancleHodlInvoic to deletePayment function

* updated code to account for failed LND deletes

* linter fixes

* updated to only remove hashes and bolt11's from model when successfully deleted from LND

* updated to revert unsuccessful deletes from LND and add those values back into the db

* linter fix and renaming for clarity

* updated WITH query

* added if statement to account for invoices not returning from db

* fixed linter

* reverted docker-compose.yml

* made it dry

* made it dry

* added a comment because the query might be confusing

* made query moar dry

* Query formatting

* Fix query returns number of rows instead of rows

* updated  to

* fixed linter

* removed lnbits dir

* removed gitignore and docker-compose.yml from pr

* added deleting from LND in wallet resolver

* linter + added missing import

* fixed merge conflict

* refine invoice deletion

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-02-14 17:31:25 -06:00
mzivil f59ee5df17
Add ranked territories to 'top' page (#828)
* add subViewGroup function to create view to read sub stats from

* add topSubs resolver to graphql query

* add TOP_SUBS query fragment

* add SUB_SORTS for top territory sorting

* add custom cache policy for topSubs

* add territories to top header select

* add top territories page

* add db views for sub stats

* configure sub_stats views to refresh by worker

* filter rows with empty subName

* update msats_spent calculation to include all ItemAct in sub

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-02-14 14:27:00 -06:00
Alex Lewin b3498fe277
Add Opt-in to Display Linked Accounts in Profile (#826)
* Add display linked accounts to settings

* Apply suggestions from code review

Co-authored-by: ekzyis <ek@stacker.news>

* small styling enhancements

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-02-14 13:33:31 -06:00
keyan 5c3c7fb185 allow more restricted macroons fix #827 2024-02-14 12:58:25 -06:00
ekzyis 0c3be0cd08
Fix saloon comments hidden in profile (#831) 2024-02-14 11:58:29 -06:00
keyan 2ce2580e8e fix posts not showing up in bookmarks 2024-02-14 09:12:00 -06:00
keyan a6aebd7004 fix comment bookmarks 2024-02-13 16:22:36 -06:00
Keyan ec4e1b5da7
LND autowithdraw (#806)
* wip

* wip

* improved validatation, test connection before save, code reuse

* worker send to lnd

* autowithdraw priority
2024-02-13 13:17:56 -06:00
mzivil 6355d7eabc
Add nsfw setting to territories (#788)
* add nsfw column to sub

* add nsfw boolean to territorySchema

* save nsfw value in upsertSub mutation

* return nsfw value from Sub query for correct value in edit territory form

* add nsfw checkbox to territory form

* add nsfw badge to territory header

* add nsfwMode to user

* show nsfw badge next to item territory

* exclude nsfw sub from items query

* show nsfw mode checkbox on settings page

* fix nsfw badge formatting

* separate user from current, signed in user

* update relationClause to join with sub table

* refactor to simplify hide nsfw sql

* filter nsfw items when viewing user items

* hide nsfw posts for logged out users

* filter nsfw subs based on user preference

* show nsfw sub name if logged out user is viewing the page

* show current sub at the top of the list instead of bottom

* always join item with sub to check nsfw

* check for sub presence before showing nsfw badge on item

* skip manually adding sub to select if sub is null

* fix relationClause to join with root item

* move moderation and nsfw into accordion

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-02-09 20:35:32 -06:00
Noah 02278c6073
Improved ux for domain only searches (#782)
* improves ux for url only searches

* updates with sn nym

* add back original implementation when query has more than url: filter

* eliminates use of wildcards

* adds docs for testing search in a way that more closely resembles prod

* fixes lint issues

---------

Co-authored-by: utanapishtim <utnapishtim.utanapishtim@gmail.com>
2024-02-07 18:45:11 -06:00
ekzyis 46eeb729c3 Fix pinned items don't show up in home 2024-02-04 22:15:18 +01:00
keyan c23f1f82bc allow pins to be zapped but not from pin position 2024-02-03 15:27:36 -06:00
mzivil 986ba582e5 fix lint errors 2024-02-02 16:06:33 -05:00
mzivil 7ff02ebe30 rename mutated hostname and pathname variables to avoid confusion 2024-02-02 15:57:34 -05:00
mzivil db7c4c3d76 rename uri to uriRegex to avoid confusion 2024-02-02 15:50:18 -05:00
mzivil 99e547e6ae fix all hacker news and bitcoin talk links showing up as dupes
It looks like a regression was introduced at some point, because
the `uri` that's compared against the `whitelist` is a regular
expression and not the url hostname + pathname as it was originally
written.

This brings back the original behavior of comparing the whitelist
against the hostname + pathname
2024-02-02 15:46:30 -05:00
mzivil 068f1e9eba use stripTrailingSlash for uriRegex in dupes 2024-02-02 15:45:49 -05:00
mzivil 4076727ed3 fix yewtu.be links showing up as dupes of each other 2024-02-02 12:43:24 -05:00
benthecarman e4c1c9bade
Remove description hash check for lnurl 2024-01-31 12:21:26 +00:00
ekzyis d1ed72bb85
Allow territory founders to pin items (#767)
* Add pinning of items

* Fix empty section in context menu

* Pin comments

* Fix layout shift during comment pinning

* Add comments, rename, formatting

* Max 3 pins allowed

* Fix argument

* Fix missing position update for other items

* Improve error message

* only show saloon in home

* refine pinItem style and transaction usage

* pin styling enhancements

* simpler handling of excess pins

* fix pin positioning like mergePins

* give existing pins null subName

* prevent empty items on load

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-01-30 11:04:56 -06:00
keyan d8f4071afb refine serialization retries 2024-01-28 13:26:32 -06:00
keyan eb99fcef9e improve stat gathering 2024-01-19 15:19:26 -06:00
keyan c41ad5d469 fix for 404 on empty search results 2024-01-19 15:12:47 -06:00
keyan 61a66127d1 search/related posts refinements 2024-01-17 17:39:48 -06:00
keyan fe5991112e support query quoting for exact matches 2024-01-16 20:01:06 -06:00
keyan 9af3388353 semantic search 2024-01-15 17:22:57 -06:00
ekzyis b7413e9e32 Fix 'column Item.day does not exist' 2024-01-14 19:10:31 +01:00
ekzyis 40f2697675 Disallow automated withdrawals to same node 2024-01-13 17:32:54 +01:00
keyan b530b611f5 disable self sends in autowithdraw 2024-01-12 09:37:50 -06:00
keyan 1dae33312f allow territories to be renamed 2024-01-11 17:48:08 -06:00
keyan 86e8350994 autowithdraw to lightning address 2024-01-11 13:10:07 -06:00
ekzyis bdf9b1f0fd
Territory post notifications (#745)
* Notify founders of new posts

* Only merge notifications of same territory

* Show territory posts in /notifications

* Don't notify on own posts
2024-01-11 11:27:54 -06:00
ekzyis 39c9775c4c
Fix TypeError on item creation if JIT invoicing is used (#744)
* Fix TypeError on item creation if JIT invoicing is used

* Fix bad if body

---------

Co-authored-by: ekzyis <ek@stacker.news>
2024-01-10 19:24:49 -06:00
ekzyis 2151323c8d
Use LND subscriptions (#726)
* Use parallel invoice subscriptions

* Fix missing idempotency

* Log error

* Use cursor for invoice subscription

* Subscribe to outgoing payments for withdrawals

* Add TODO comments regarding migration to LND subscriptions

* Also use isPoll variable in checkInvoice

* Queue status check of pending withdrawals

* Use for loop to check pending withdrawals

* Reconnect to LND gRPC API on error

* Fix hash modified of applied migrations

* Separate wallet code from worker index

* refactor subscription code some more

* remove unnecessary subWrapper abstraction
* move all wallet related code into worker/wallet.js such that only a single import is needed in worker/index.js

* Migrate from polling to LND subscriptions

* Remove unnecessary reconnect code

* Add FIXME

* Add listener for HODL invoice updates

* Remove obsolete comment

* Update README

* Add job to cancel hodl invoice if expired

* Fix missing else

* small bug fixes and readability enhancements

* refine and add periodic redundant deposit/withdrawal checks

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-01-08 16:37:58 -06:00
keyan 6495ce9454 keep citext cast from 8996fd0 2024-01-03 21:02:04 -06:00
keyan 26e0dd6f7e Revert "fix #703"
This reverts commit 8996fd085a.
2024-01-03 20:39:26 -06:00
keyan 8996fd085a fix #703 2024-01-03 16:12:33 -06:00
keyan 717f8d1ef6 territory billing notifications 2024-01-03 15:20:10 -06:00
keyan 76b63240db fix territory mutes for logged out 2023-12-30 19:45:41 -06:00
keyan 0999004646 mute territories in overflow 2023-12-30 19:41:16 -06:00
keyan f267137662 add muted section to territory select 2023-12-30 18:19:42 -06:00
keyan 214e863458 mute territories 2023-12-30 17:16:09 -06:00
keyan baee771d67 add gofacurself grace period 2023-12-30 17:15:21 -06:00
keyan dc15be914c opt-in moderation for territory founders 2023-12-29 18:05:16 -06:00
keyan 9698679d38 attempt another fix for #411 2023-12-28 14:44:56 -06:00
keyan 45e7503784 improve outlawed comment ux 2023-12-27 18:14:22 -06:00
keyan 6170853d72 unify idempotent act and act 2023-12-27 10:15:18 -06:00
keyan 73ad93f2bb idempotent zaps 2023-12-26 20:27:52 -06:00
keyan 374a7985da unify zap/downzap/bounty mutation 2023-12-26 16:51:47 -06:00
keyan 67a9fe23cf stablize act mutation reference 2023-12-26 15:55:48 -06:00
keyan 6633b9f894 don't bail if node is unannounced 2023-12-23 14:27:01 -06:00
keyan 01bc3dd752 catch query errors 2023-12-20 20:05:09 -06:00
st4rgut24 e9a5d22a6e
Add chain fees to price carousel (#658)
* add chain fees to price carousel

* restore check for valid carousel values

* add nym to contributors

---------

Co-authored-by: stargut <stargut@starguts-MacBook-Pro.local>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2023-12-20 16:06:22 -06:00
keyan 65744364f1 undo zap/downzap and improve downzap ux 2023-12-19 19:55:19 -06:00
keyan efd48afd61 auth updating note id 2023-12-19 12:31:24 -06:00
Austin Kelsay 5737027c0f
Nostr crossposting improvements (#629)
* Add nostr event id field to items

* crosspost-item

* crosspost old items, update with nEventId

* Updating noteId encoding, cleaning up a little

* Fixing item-info condition, cleaning up

* Linting

* Spacing nit

* Add createdAt variable back

* Change instances of eventId to noteId

* Adding upsertNoteId mutation

* Cleaning up updateItem, using toasts to communivate success/failure in crosspost-item

* Linting

* Fix type

* Move crosspost to share button, make sure only OP can crosspost

* Lint

* Simplify conditions

* user might have no nostr extension installed

Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>

* change upsertNoteId to updateNoteID for resolver and mutations, change isOp to mine, remove unused noteId params

* Use nostr.com for linking out with noteId

* lint

* add noopener to window.open call

* Simplify condition, throw GraphQLError

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>
2023-12-19 11:48:48 -06:00
keyan ee68bd2946 hide lnurlpay errors while still reporting errors accurately 2023-12-18 18:02:39 -06:00
keyan 13f3a89540 gofac node ip 2023-12-17 15:14:59 -06:00
ekzyis db36076541
Mix error messages to hide user balance (#693)
Co-authored-by: ekzyis <ek@stacker.news>
2023-12-17 13:25:20 -06:00
keyan d3fac7f968 fix qr withdrawal 2023-12-15 18:13:24 -06:00
keyan 71bbf34f36 remove unused param 2023-12-14 12:01:09 -06:00
keyan a5e50821b7 gofac yourself 2023-12-14 11:30:51 -06:00
keyan 6763ef7bf0 fix comment edit bug 2023-12-10 19:26:25 -06:00