Commit Graph

54 Commits

Author SHA1 Message Date
k00b dce5762f63 get vault working 2024-10-30 13:49:57 -05:00
Riccardo Balbo b70dbeb6d6 user vault and server side client wallets 2024-10-30 13:41:09 -05:00
k00b 4b18498651 hide cowboy hat -> essentials 2024-10-14 17:52:40 -05:00
Keyan 245419185f
wallet streaks (#1468)
* wallet streaks backend

* notifications and badges

* reuseable streak fragment

* squash migrations

* push notifications

* update cowboy notification setting label text
2024-10-11 19:14:18 -05:00
Keyan e48cd61721
remove unused fields from me fragment (#1466) 2024-10-09 11:56:29 -05:00
k00b 153455983e Revert "Encrypted device sync (#1373)"
This reverts commit a9a566a79f.
2024-10-04 15:00:13 -05:00
Riccardo Balbo a9a566a79f
Encrypted device sync (#1373)
* user vault

* code cleanup and fixes

* improve ui

* prevent name collisions between users on the same device

* some improvements

* implement storage migration

* comments and cleanup

* make connect button primary instead of warning

* move show passphrase in new line (improvement for small screen devices)

* make show passphrase field readOnly

* fixes

* fix vault key unsync

* implicit migration

* move device sync under  general tab

* fix locally disabled wallets and default wallet selection

* improve text

* remove useless SSR check

* add auth checks

* Rename variables

* Fix missing await

* Refactor local<>vault storage interface

I've changed quite some things here. Attempt of a summary:

* storageKey is now only controlled by useVaultStorageState

I've noticed that dealing with how storage keys are generated (to apply user scope) was handled in two places: the existing wallet code and in the new vault code.

This was confusing and error-prone. I've fixed that by completely relying on the new vault code to generate correct storage keys.

* refactored migration

Migration now simply encrypts any existing local wallets and sends them to the server. On success, the local unencrypted version is deleted.

The previous code seemed to unnecessarily generate new local entries prefixed by 'vault:'.

However, since we either use unencrypted local state OR use the encrypted vault on the server for the data, I didn't see any need for these.

Migration seems to work just as well as before.

* removed unnecessary state

In the <DeviceSync> component, enabled & connected were using a unnecessary combo of useState+useEffect.

They were only using variables that are always available during render so simple assignments were enough.

* other minor changes include:

  * early returns
  * remove unnecessary SSR checks in useEffect or useCallback
  * formatting, comments
  * remove unnecessary me? to expose possible bugs

* Fix missing dependency for useZap

This didn't cause any bugs because useWallet returns everything we need on first render.

This caused a bug with E2EE device sync branch though since there the wallet is loaded async.

This meant that during payment, the wallet config was undefined.

* Assume JSON during encryption and decryption

* Fix stale value from cache served on next fetches

* Add wallet.perDevice field

This adds 'perDevice' as a new wallet field to force local storage. For example, WebLN should not be synced across devices.

* Remove debug buttons

* Rename userVault -> vault

* Update console.log's

* revert some of the migration and key handling changes. restore debug buttons for testing

* Fix existing wallets not loaded

* Pass in localOnly and generate localStorageKey once

* Small refactor of migration

* Fix wallet drag and drop

* Add passphrase copy button

* Fix priorityOnly -> skipTests

* Disable autocompletion for reset confirmation prompt

* Show wrong passphrase as input error

* Move code into components/device-sync.js

* Import/export passphrase via QR code

* Fix modal back button invisible in light mode

* Fix modal closed even on connect error

* Use me-2 for cancel/close button

* Some rephrasing

* Fix wallet detach

* Remove debug buttons

* Fix QR code scan in dark mode

* Don't allow custom passphrases

* More rephrasing

* Only use schema if not enabled

* Fix typo in comment

* Replace 'generate passphrase' button with reload icon

* Add comment about IV reuse in GCM

* Use 600k iterations as recommended by OWASP

* Set extractable to false where not needed

* use-vault fallbacks to local storage only for anonymous users

* fix localStorage reset on logout

* add copy button

* move reset out of modals

* hide server side errors

* hardened passphrase storage

* do not show passphrase even if hardened storage is disabled (ie. indexeddb not supported)

* show qr code button on passphrase creation

* use toast for serverside error

* Move key (de)serialization burden to get/setLocalKey functions

* password textarea and remove qr

* don't print plaintext vault values into console

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: k00b <k00b@stacker.news>
2024-10-01 14:55:01 -05:00
ekzyis dcbe83f155
Add wss:// to user relays by default (#1412) 2024-09-18 15:42:48 -05:00
ekzyis a6713f9793
Account Switching (#644)
* WIP: Account switching

* Fix empty USER query

ANON_USER_ID was undefined and thus the query for @anon had no variables.

* Apply multiAuthMiddleware in /api/graphql

* Fix 'you must be logged in' query error on switch to anon

* Add smart 'switch account' button

"smart" means that it only shows if there are accounts to which one can switch

* Fix multiAuth not set in backend

* Comment fixes, minor changes

* Use fw-bold instead of 'selected'

* Close dropdown and offcanvas

Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work.

For the offcanvas, we need to pass down handleClose.

* Use button to add account

* Some pages require hard reload on account switch

* Reinit settings form on account switch

* Also don't refetch WalletHistory

* Formatting

* Use width: fit-content for standalone SignUpButton

* Remove unused className

* Use fw-bold and text-underline on selected

* Fix inconsistent padding of login buttons

* Fix duplicate redirect from /settings on anon switch

* Never throw during refetch

* Throw errors which extend GraphQLError

* Only use meAnonSats if logged out

* Use reactive variable for meAnonSats

The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats.

Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables.

We do this now and thus also don't need the useEffect hack in item-info.js anymore.

* Switch to new user

* Fix missing cleanup during logout

If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set.

This meant that during logout, the other 'multi_auth.*' cookies were not deleted.

This broke the account switch modal.

This is fixed by setting the 'multi_auth.user-id' cookie on login.

Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set).

* Fix comments in middleware

* Remove unnecessary effect dependencies

setState is stable and thus only noise in effect dependencies

* Show but disable unavailable auth methods

* make signup button consistent with others

* Always reload page on switch

* refine account switch styling

* logout barrier

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: k00b <k00b@stacker.news>
2024-09-12 13:05:11 -05:00
ekzyis 0bf9fb0780
Fix layout shift between setting tabs (#1390) 2024-09-11 11:14:56 -05:00
ekzyis 2ad2cabb03
Remove overused fw-bold from infos (#1377) 2024-09-08 16:53:13 -05:00
Keyan 15b038cd78
refactor embeds to be reused (#1368)
* refactor embeds to be reused

* adjust the meaning of settings for embeds

* add wavlake embed (close #1359)

* add spotify embed (closes #1360)

* fix 'format' appearing in srcSet

* add nostr embed

* refine nostr embed

* Update components/media-or-link.js

Co-authored-by: ekzyis <ek@stacker.news>

* Update pages/settings/index.js

Co-authored-by: ekzyis <ek@stacker.news>

* ek suggestions

---------

Co-authored-by: ekzyis <ek@stacker.news>
2024-09-07 12:07:10 -05:00
ekzyis f05b29717a
Fix grammar in autodelete invoices info (#1371) 2024-09-07 10:01:27 -05:00
Keyan 07b98c3253
Optout of display of images and video (show them as links) (#1358)
* optout of display of images/video

* fix disableFreebies warning in settings

* preview trusted images

Co-authored-by: ekzyis <ek@stacker.news>

---------

Co-authored-by: ekzyis <ek@stacker.news>
2024-09-04 09:23:06 -05:00
Keyan 266e9a892d
Improve freebies (#1333)
* remove free posts

* deleted and freebie comments are always last
2024-08-26 19:23:07 -05:00
Keyan bc94ec7d28
disable freebies setting (#1320)
* disable freebies setting

* await in disableFreebie resolver + better info modal
2024-08-21 09:37:25 -05:00
Keyan c5f043c625
replace greeter mode with investment filter (#1291)
* replace greeter mode with investment filter

* change name to satsFilter

* drop freebie column

---------

Co-authored-by: k00b <k00b@stacker.news>
2024-08-11 18:47:03 -05:00
ekzyis 288fa37197
Only validate tipRandom if enabled (#1284)
* Only validate tipRandom if enabled

* Use consistent naming scheme for zap settings

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-08-03 19:51:15 -05:00
keyan 5d0e071939 better random zaps 2024-08-03 19:37:43 -05:00
ekzyis 0c3337fb97
More zap undo fixes IV (#1282)
* Add margin-top to zap undo input

* Update zap undo hint

* Fix zap undo pulse not reflecting zap amount
2024-08-02 17:41:47 -05:00
SatsAllDay dc0370ba17
random zap amounts (#1263)
* add random zapping support

adds an option to enable random zap amounts per stacker

configurable in settings, you can enable this feature and provide
an upper and lower range of your random zap amount

* rename github eslint check to lint

this has been bothering me since we aren't using eslint for linting

* fixup! add random zapping support

* fixup! rename github eslint check to lint

* fixup! fixup! add random zapping support

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-07-26 22:37:03 -05:00
ekzyis 8a19fc0905
Use <Alert> for auth banner in /settings (#1238) 2024-06-12 18:16:54 -05:00
ekzyis 286f53f2b3
Update zap undos info (#1237) 2024-06-12 18:16:41 -05:00
ekzyis 2597eb56f3
Item mention notifications (#1208)
* Parse internal refs to links

* Item mention notifications

* Also parse item mentions as URLs

* Fix subType determined by referrer item instead of referee item

* Ignore subType

Considering if the item that was referred to was a post or comment made the code more complex than initially necessary.

For example, notifications for /notifications are deduplicated based on item id and the same item could refer to posts and comments, so to include "one of your posts" or "one of your comments" in the title would require splitting notifications based on the type of referred item.

I didn't want to do this but also wanted to have consistent notification titles between push and /notifications, so I use "items" in both places now, even though I think using "items" isn't ideal from a user perspective. I think it might be confusing.

* Fix rootText

* Replace full links to #<id> syntax in push notifications

* Refactor mention code into separate functions
2024-06-03 12:12:42 -05:00
ekzyis a7bc757514
Use same button to generate and delete API keys (#1210) 2024-05-30 16:24:18 -05:00
ekzyis 94cce9155d
Frontend payment UX cleanup (#1194)
* Replace useInvoiceable with usePayment hook

* Show WebLnError in QR code fallback

* Fix missing removal of old zap undo code

* Fix payment timeout message

* Fix unused arg in super()

* Also bail if invoice expired

* Fix revert on reply error

* Use JIT_INVOICE_TIMEOUT_MS constant

* Remove unnecessary PaymentContext

* Fix me as a dependency in FeeButtonContext

* Fix anon sats added before act success

* Optimistic updates for zaps

* Fix modal not closed after custom zap

* Optimistic update for custom zaps

* Optimistic update for bounty payments

* Consistent error handling for zaps and bounty payments

* Optimistic update for poll votes

* Use var balance in payment.request

* Rename invoiceable to prepaid

* Log cancelled invoices

* Client notifications

We now show notifications that are stored on the client to inform the user about following errors in the prepaid payment flow:

- if a payment fails
- if an invoice expires before it is paid
- if a payment was interrupted (for example via page refresh)
- if the action fails after payment

* Remove unnecessary passing of act

* Use AbortController for zap undos

* Fix anon zap update not updating bolt color

* Fix zap counted towards anon sats even if logged in

* Fix duplicate onComplete call

* Fix downzap type error

* Fix "missing field 'path' while writing result" error

* Pass full item in downzap props

The previous commit fixed cache updates for downzaps but then the cache update for custom zaps failed because 'path' wasn't included in the server response.

This commit is the proper fix.

* Parse lnc rpc error messages

* Add hash to InvoiceExpiredError
2024-05-28 12:18:54 -05:00
Tom Smith 2b2f2d589c
Show Alert Message on Settings Page (#1179)
* Show alert message

* Add extra line

* Use css var

* Restore lightning in filter

* Show alert at top of page
2024-05-17 10:47:06 -05:00
SatsAllDay 15f9950477
Store hashed and salted email addresses (#1111)
* first pass of hashing user emails

* use salt

* add a salt to .env.development (prod salt needs to be kept a secret)
* move `hashEmail` util to a new util module

* trigger a one-time job to migrate existing emails via the worker

so we can use the salt from an env var

* move newsletter signup

move newsletter signup to prisma adapter create user with email code path
so we can still auto-enroll email accounts without having to persist the email address
in plaintext

* remove `email` from api key session lookup query

* drop user email index before dropping column

* restore email column, just null values instead

* fix function name

* fix salt and hash raw sql statement

* update auth methods email type in typedefs from str to bool

* remove todo comment

* lowercase email before hashing during migration

* check for emailHash and email to accommodate migration window

update our lookups to check for a matching emailHash, and then a matching
email, in that order, to accommodate the case that a user tries to login
via email while the migration is running, and their account has not yet been migrated

also update sndev to have a command `./sndev email` to launch the mailhog inbox in your browser

also update `./sndev login` to hash the generated email address and insert it into the db record

* update sndev help

* update awards.csv

* update the hack in next-auth to re-use the email supplied on input to `getUserByEmail`

* consolidate console.error logs

* create generic open command

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-05-04 18:06:15 -05:00
keyan 1a25179a98 modal spacing fixes 2024-04-16 15:33:00 -05:00
SatsAllDay e6b825dafe
Mute Management Settings Page (#1034)
* first pass of a mute mgmt page, ported from subscription mgmt page pr

* adjust error message for mutes

* muted users -> muted stackers

* fix typo in component name
2024-04-08 09:13:56 -05:00
SatsAllDay 992fc54160
Subscription management page (#1000)
* first pass of a subscription management page under settings

* add tabs to settings ui

* NymActionDropdown

* update Apollo InMemoryCache to merge paginated list of my subscribed users

* various updates

* switch from UsersNullable to Users

* bake the nym action dropdwon into the user component

* add back fields to the user query

* `meSubscriptionPosts`, `meSubscriptionComments`, `meMute`

* Refetch my subscribed users when a user subscription is changed

* update user list to hide stats in the subscribed list users

* update my sub'd users fragment to remove unnecessary user fields

* memoize subscribe user context provider value to avoid re-renders

* use inner join instead of left join

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* throw error when unauthenticated

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2024-04-03 19:38:47 -05:00
ekzyis 15fb7f446b
Wallet Logs (#994)
* nwc wallet logs

* persist logs in IndexedDB

* Potential fix for empty error message

* load logs limited to 5m ago from IDB

* load logs from past via query param

* Add 5m, 1h, 6h links for earlier logs

* Show end of log

* Clamp to logStart

* Add log.module.css

* Remove TODO about persistence

* Use table for logs

* <table> fixes bad format with fixed width and message overflow into start of next row
* also using ---start of log--- instead of ---end of log--- now
* removed time string in header nav

* Rename .header to .logNav

* Simply load all logs and remove navigation

I realized the code for navigation was most likely premature optimization which even resulted in worse UX:
Using the buttons to load logs from 5m, 1h, 6h ago sometimes meant that nothing happened at all since there were no logs from 5m, 1h, 6h ago.
That's why I added a time string as "start of logs" so it's at least visible that it changed but that looked bad so I removed it.

But all of this was not necessary: I can simply load all logs at once and then the user can scroll around however they like.

I was worried that it would be bad for performance to load all logs at once since we might store a lot of logs but as mentioned, that's probably premature optimization.

WHEN a lot of logs are stored AND this becomes a problem (What problem even? Slow page load?), THEN we can think about this.

If page load ever becomes slow because of loading logs, we could probably simply not load the logs at page load but only when /wallet/logs is visited.

But for now, this works fine.

* Add follow checkbox

* Create WalletLogs component

* Embed wallet logs

* Remove test error

* Fix level padding

* Add LNbits logs

* Add logs for attaching LND and lnAddr

* Use err.message || err.toString?.() consistently

* Autowithdrawal logs

* Use details from LND error

* Don't log test invoice individually

* Also refetch logs on error

* Remove obsolete and annoying toasts

* Replace scrollIntoView with scroll

* Use constant embedded max-height

* Fix missing width: 100% for embedded logs

* Show full payment hash and preimage in logs

* Also parse details from LND errors on autowithdrawal failures

* Remove TODO

* Fix accidental removal of wss:// check

* Fix alignment of start marker and show empty if empty

* Fix sendPayment loop

* Split context in two
2024-04-03 17:27:21 -05:00
keyan 43ebb44866 consitent top padding settings, profiles, satistics 2024-03-28 17:09:57 -05:00
Keyan df7e944bf8
Merge pull request #980 from stackernews/hashed-api-keys
Hash API keys with SHA-256 before storing them
2024-03-27 13:02:57 -05:00
ekzyis 8f39a229c3 Fix overlay trigger hitbox 2024-03-26 22:33:18 +01:00
ekzyis 121205fa4b Add delete obstacle 2024-03-26 22:33:18 +01:00
ekzyis e68cbd8469 Remove unnecessary export of ApiKey component 2024-03-26 22:33:18 +01:00
ekzyis 17a0106fcc Hash API keys with SHA-256 and never show them again 2024-03-26 22:33:18 +01:00
ekzyis 52b2b788f8 Fix zap undo wrong default value shown 2024-03-26 17:57:20 +01:00
ekzyis 3388f818cf Add withdrawal notifications 2024-03-26 00:50:48 +01:00
ekzyis 81502f8645 Better zapUndos default 2024-03-25 20:34:28 +01:00
ekzyis fe3724aa7d Rename to ZapUndosField
This makes the component name more consistent with the setting.
2024-03-25 20:34:28 +01:00
ekzyis 46f044552a Remove unnecessary false 2024-03-25 20:34:28 +01:00
ekzyis c2aef34ba2 Add threshold for zap undos 2024-03-25 20:34:28 +01:00
ekzyis d237861ff5
Use module path aliases (#938)
* Use module path aliases

* fix broken refactor

* path mapping for svgs, style, and remaining places (bonus: lose babel dep)

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-03-19 19:37:31 -05:00
ekzyis 2ba4063645 Add setting for no referral links on copy 2024-03-17 16:23:03 +01:00
ekzyis 687012d1a0
API Keys (#915)
* Generate API key in settings

* Check x-api-key for GraphQL API requests

* Don't fallback to cookie if x-api-key header was provided

* Select all session fields

* Fix error if API key not found

* Fix style in settings via form-label className

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-03-14 15:32:34 -05:00
ekzyis 817234a7fa
More zap undo fixes (#872)
* Don't throw error if invoice attached

* Only show progress bar for undo toasts

* Update zap undo info in settings

* Skip zap undo toast flow for external payments
2024-02-24 11:38:40 -06:00
ekzyis fa4f09ddca
Territory notifications for everyone (#870)
* Territory notifications

* Migrate old setting to new table

* Auto subscribe founders to their territories on creation

* Fix (un)subscribe not shown to founder

* Rename to toggleSubSubscription

* Fix inconsistency between toggleSubSubscription and toggleMuteSub

* Add dedicated button in header for following territories

* Don't drop noteTerritoryPosts column

* Fix db dip in Sub.meSubscription resolver

* Move territory subscribe to new territory context menu

* Decrease space between share icon and mute button

* Fix eslint
2024-02-23 09:12:49 -06:00
Austin Kelsay 565e939245
Nostr crossposting all item types (#779)
* crosspost-item

* crosspost old items, update with nEventId

* Updating noteId encoding, cleaning up a little

* Fixing item-info condition, cleaning up

* Linting

* Add createdAt variable back

* Change instances of eventId to noteId

* Adding upsertNoteId mutation

* Cleaning up updateItem, using toasts to communivate success/failure in crosspost-item

* Linting

* Move crosspost to share button, make sure only OP can crosspost

* Lint

* Simplify conditions

* user might have no nostr extension installed

Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>

* change upsertNoteId to updateNoteID for resolver and mutations, change isOp to mine, remove unused noteId params

* Basic setup for crossposting poll / link items

* post rebase fixes and Bounty and job crossposts

* Job crossposting working

* adding back accidentally removed import

* Lint / rebase

* Outsource as much crossposting logic from discussion-form into use-crossposter as possible

* Fix incorrect property for user relays, fix itemId param in updateNoteId

* Fix toast messages / error cases in use-crossposter

* Update item forms to for updated use-crossposter hook

* CrosspostDropdownItem in share updated to accomodate use-crossposter update

* Encode paramaterized replacable event id's in naddress format with nostr-tools, bounty to follw nip-99 spec

* Increase timeout on relay connection / cleaning up

* No longer crossposting job

* Add blastr, fix crosspost button in item-info for polls/discussions, finish removing job crosspostr code

* Fix toaster error, create reusable crossposterror function to surface toaster

* Cleaning up / comments / linting

* Update copy

* Simplify CrosspostdropdownItem, keep replies from being crossposted

* Moved query for missing item fields when crossposting to use-crossposter hook

* Remove unneeded param in CrosspostDropdownItem, lint

* Small fixes post rebase

* Remove unused import

* fix nostr-tools version, fix package-lock.json

* Update components/item-info.js

Co-authored-by: ekzyis <ek@stacker.news>

* Remove unused param, determine poll item type from pollCost field, add mutiny strfry relay to defaults

* Update toaster implementations, use no-cache for item query, restructure crosspostItem to use await with try catch

* crosspost info modal that lives under adv-post-form now has dynamic crossposting info

* Move determineItemType into handleEventCreation, mover item/event handing outside of do ... while loop

* Lint

* Reconcile skip method with onCancel function in toaster

* Handle failedRelays being undefined

* determine item type from router.query.type if available otherwise use item fields

* Initiliaze failerRelays as undefined but handle error explicitly

* Lint

* Fix crosspost default value for link, poll, bounty forms

---------

Co-authored-by: ekzyis <27162016+ekzyis@users.noreply.github.com>
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-02-21 19:18:36 -06:00