* first pass of disallowing certain APIs with API keys
Disallow the following APIs:
* item.act (zap)
* create withdrawal
* unlink auth method
* link unverified email
* disallow creating lnauths via API key to stop the flow of linking via lnauth
* undo the limitation on donating to rewards
* revert the assertion on createAuth
* assert no api key on createWithdrawal and sendToLNAddr
* incorporate PR feedback by adding API Key negative assertion to more mutations:
* `createInvite`
* `createAuth`
* `upsertWalletLND` by way of `upsertWallet`
* `upsertWalletLNAddr` by way of `upsertWallet`
* Add top cowboys, stackers, and spenders to newsletter
* Rearrange to match the issue title
* fix top spenders `by` variable
* Update user resolver for top users `spending` `by` value
* wrap in try catch to not have errors break the script execution
return the array as defined whenever an error occurs
* Handle archived territories in territory form
* Use dedicated mutation
* Add sanity check for eternal territories
* Fix fields and cost ignored
* Remove no longer needed manual validation in upsertSub
* Remove founder check
* Always check if sub is archived
Using { abortEarly: false } now since previously, if no description was not given, we wouldn't detect if the sub was archived since validation would abort on empty descriptions.
Only on submission all fields would get validated but since we ignore archived errors during submission, the user would never see that the sub is archived before submission
+ the wrong mutation would run if archived is not already true before submission.
Hence, we need to validate all fields always.
There is currently still a bug where the validation does not immediately run but maybe this can be fixed by simply using validateImmediately on the Formik component.
* Fix archived warning not shown after first render
* Only create transfers if owner actually changes
* Reuse helper functions in lib/territory.js
* Rename var to editing
* Use onChange instead of validation override
* Run same validation on server for unarchiving
* Fix 'territory archived' shown during edits
* Use && instead of ternary operator for conditional query
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* Generate API key in settings
* Check x-api-key for GraphQL API requests
* Don't fallback to cookie if x-api-key header was provided
* Select all session fields
* Fix error if API key not found
* Fix style in settings via form-label className
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* Ignore if sub belongs to user during existence check
* Remove code no longer needed
* Fix territory edit
Territory edits were broken because validation failed for existing territories and if you edit an territory, it obviously already exists.
This commit fixes this by ignoring the territory that we're currently editing.
* Fix existence check using stale cache
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* Don't hide self in top even if hidden
* Also don't hide self in top cowboys
* only use anon icon for anon stuff
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
* Allow founders to transfer territories
* Log territory transfers in new AuditLog table
* Add territory transfer notifications
* Use polymorphic AuditEvent table
* Add setting for territory transfer notifications
* Add push notification
* Rename label from user to stacker
* More space between cancel and confirm button
* Remove AuditEvent table
The audit table is not necessary for territory transfers and only adds complexity and unrelated discussion to this PR.
Thinking about a future-proof schema for territory transfers and how/what to audit at the same time made my head spin.
Some thoughts I had:
1. Maybe using polymorphism for an audit log / audit events is not a good idea
Using polymorphism as is currently used in the code base (user wallets) means that every generic event must map to exactly one specialized event.
Is this a good requirement/assumption? It already didn't work well for naive auditing of territory transfers since we want events to be indexable by user (no array column) so every event needs to point to a single user but a territory transfer involves multiple users.
This made me wonder: Do we even need a table? Maybe the audit log for a user can be implemented using a view? This would also mean no data denormalization.
2. What to audit and how and why?
Most actions are already tracked in some way by necessity: zaps, items, mutes, payments, ...
In that case: what is the benefit of tracking these things individually in a separate table?
Denormalize simply for convenience or performance? Why no view (see previous point)? Use case needs to be more clearly defined before speccing out a schema.
* Fix territory transfer notification id conflict
* Use include instead of two separate queries
* Drop territory transfer setting
* Remove trigger usage
* Prevent transfers to yourself
* show placeholder for hidden stackers in top
* top rewardability views
* make territory revenue idependent job
* monthly rewards and leaderboard on rewards pages
* fix earn reschedule
* add query for rewards leaderboard
* reduce likelihood of rewards racing with views
* fix earn and refine values views
* Territory notifications
* Migrate old setting to new table
* Auto subscribe founders to their territories on creation
* Fix (un)subscribe not shown to founder
* Rename to toggleSubSubscription
* Fix inconsistency between toggleSubSubscription and toggleMuteSub
* Add dedicated button in header for following territories
* Don't drop noteTerritoryPosts column
* Fix db dip in Sub.meSubscription resolver
* Move territory subscribe to new territory context menu
* Decrease space between share icon and mute button
* Fix eslint
* add nterritories field to User
* add userSubs query
* show territories tab on user profiles
hide the tab if user has 0 territories, except when the
viewer navigated directly to the user's territories page
* add USER_WITH_SUBS query for user territories page
* add user territories page
* add poll expires at column to Item table
* update upsertPoll mutation for pollExpiresAt param
* use pollExpiresAt to show time left for poll
* correctly pluralize days for timeLeft
* correctly update pollExpiresAt when item is updated to remove poll expiration
* add DateTimePicker and DateTimeInput components to select datetimes
* update pollExpiresAt to be nullable and more than 1 day in the future
* hide time left text if poll has no expiration
* initialize pollExpiresAt with current value or default of 25 hours in the future
we add a one hour time buffer so that the user doesn't get a validation error
for pollExpiresAt if they post their poll within an hour from creation. there's
still a chance they'll hit the validation error but they should see the error
message toast
* add DateTimeInput into the options part of the poll form
add right padding to make room for the "clear" button.
allow field to be cleared (i.e. null pollExpiresAt) to allow
non-ending polls.
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* auto canceling bolt11s from lnd when auto dropped from DB
* auto canceling bolt11s from lnd when auto dropped from DB
* removed semicolon for lint
* changed cancleHodlInvoic to deletePayment function
* updated code to account for failed LND deletes
* linter fixes
* updated to only remove hashes and bolt11's from model when successfully deleted from LND
* updated to revert unsuccessful deletes from LND and add those values back into the db
* linter fix and renaming for clarity
* updated WITH query
* added if statement to account for invoices not returning from db
* fixed linter
* reverted docker-compose.yml
* made it dry
* made it dry
* added a comment because the query might be confusing
* made query moar dry
* Query formatting
* Fix query returns number of rows instead of rows
* updated to
* fixed linter
* removed lnbits dir
* removed gitignore and docker-compose.yml from pr
* added deleting from LND in wallet resolver
* linter + added missing import
* fixed merge conflict
* refine invoice deletion
---------
Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
* add subViewGroup function to create view to read sub stats from
* add topSubs resolver to graphql query
* add TOP_SUBS query fragment
* add SUB_SORTS for top territory sorting
* add custom cache policy for topSubs
* add territories to top header select
* add top territories page
* add db views for sub stats
* configure sub_stats views to refresh by worker
* filter rows with empty subName
* update msats_spent calculation to include all ItemAct in sub
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>