Commit Graph

2848 Commits

Author SHA1 Message Date
ekzyis 1444ff476e
Validate pubkey, relay URL and secret of NWC URL (#810)
* Validate pubkey, relay URL and secret of NWC URL

* Fix NWC secret regexp

* Use sequential validation in Yup schema

* Add note about possible mismatch between hostnames and pubkeys

* Remove unused param
2024-02-14 15:09:13 -06:00
keyan bbbd5060d0 add numbering to top stacker and territories 2024-02-14 15:06:42 -06:00
mzivil f59ee5df17
Add ranked territories to 'top' page (#828)
* add subViewGroup function to create view to read sub stats from

* add topSubs resolver to graphql query

* add TOP_SUBS query fragment

* add SUB_SORTS for top territory sorting

* add custom cache policy for topSubs

* add territories to top header select

* add top territories page

* add db views for sub stats

* configure sub_stats views to refresh by worker

* filter rows with empty subName

* update msats_spent calculation to include all ItemAct in sub

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-02-14 14:27:00 -06:00
Alex Lewin b3498fe277
Add Opt-in to Display Linked Accounts in Profile (#826)
* Add display linked accounts to settings

* Apply suggestions from code review

Co-authored-by: ekzyis <ek@stacker.news>

* small styling enhancements

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-02-14 13:33:31 -06:00
keyan 5c3c7fb185 allow more restricted macroons fix #827 2024-02-14 12:58:25 -06:00
ekzyis 0c3be0cd08
Fix saloon comments hidden in profile (#831) 2024-02-14 11:58:29 -06:00
keyan e57671ba9b dont imply required websocket fix #830 2024-02-14 11:55:08 -06:00
ekzyis 2587483bbe
Merge pull request #830 from stackernews/fix-settings-relay-required
Fix settings save requires relay set
2024-02-14 18:33:48 +01:00
ekzyis 5eeaf671f8 Fix settings save requires relay set 2024-02-14 18:27:35 +01:00
keyan 2b851edb02 remove debug comment 2024-02-14 09:17:21 -06:00
keyan 2ce2580e8e fix posts not showing up in bookmarks 2024-02-14 09:12:00 -06:00
ekzyis 30bc3b612a
Fix comment (unsafe-eval isn't used in prod) (#825) 2024-02-14 08:45:00 -06:00
keyan 04991b4ddf try url object with next/link to fix #822 2024-02-13 19:44:03 -06:00
ekzyis 2bbcbfbb26
Force SSR to include CSP nonces on page reload (#818) 2024-02-13 16:40:26 -06:00
keyan a6aebd7004 fix comment bookmarks 2024-02-13 16:22:36 -06:00
ekzyis bff9342272
Allow blob: scheme (#817) 2024-02-13 16:11:34 -06:00
ekzyis d6465162bd
Fix missing setInitialized (#815)
Payment methods were not marked as initialized if the local storage item did not exist on page load.
2024-02-13 14:30:54 -06:00
Keyan ec4e1b5da7
LND autowithdraw (#806)
* wip

* wip

* improved validatation, test connection before save, code reuse

* worker send to lnd

* autowithdraw priority
2024-02-13 13:17:56 -06:00
ekzyis fc18a917e3
Add Content Security Policy headers (#805)
* Basic CSP with unsafe-inline, unsafe-eval

* Allow 'self' for img-src and connect-src

Apparently, there is a bug for Chrome on iOS if connect-src does not allow 'self'.

See known issues at https://caniuse.com/contentsecuritypolicy

* Use nonces for strict CSP

* More CSP comments

* Add frame-ancestors directive

* Add more useful headers

* Add HSTS header

* Allow youtube and twitter embeds

For some reason, www.youtube.com is enough. It also works for youtube.com and youtube-nocookie.com.

For twitter embeds from twitter.com or x.com, platform.twitter.com is enough.

* Allow CDN and media domain in CSP

* Only allow unsafe-eval in dev build

* Ignore _next/webpack-hmr in middleware
2024-02-13 13:10:06 -06:00
ekzyis a4e84e7a2e
Fix local prod builds assuming CDN (#814)
* Fix local prod builds assuming CDN

Prod builds assumed that we're running in an AWS environment and use a CDN. This commit changes that.

Now, if the AWS way to fetch the commit failed _and_ the normal git command fails and only if, we assume we're running the prod build locally and don't configure the CDN.

* Fix path to app_version_manifest.json

Was autoformatted by linter. Probably before I added eslint-next-disable-line above.
2024-02-13 09:53:34 -06:00
ekzyis 894a73d713
Show item page in internal links (#807)
* Include item page in link text

* Fix invalid URLs parsed
2024-02-12 13:34:33 -06:00
ekzyis 8238d4d5be
Enforce HTTPS for LNbits (#809)
* Enforce HTTPS for LNbits

* Use URL constructor
2024-02-11 17:39:06 -06:00
mzivil 6355d7eabc
Add nsfw setting to territories (#788)
* add nsfw column to sub

* add nsfw boolean to territorySchema

* save nsfw value in upsertSub mutation

* return nsfw value from Sub query for correct value in edit territory form

* add nsfw checkbox to territory form

* add nsfw badge to territory header

* add nsfwMode to user

* show nsfw badge next to item territory

* exclude nsfw sub from items query

* show nsfw mode checkbox on settings page

* fix nsfw badge formatting

* separate user from current, signed in user

* update relationClause to join with sub table

* refactor to simplify hide nsfw sql

* filter nsfw items when viewing user items

* hide nsfw posts for logged out users

* filter nsfw subs based on user preference

* show nsfw sub name if logged out user is viewing the page

* show current sub at the top of the list instead of bottom

* always join item with sub to check nsfw

* check for sub presence before showing nsfw badge on item

* skip manually adding sub to select if sub is null

* fix relationClause to join with root item

* move moderation and nsfw into accordion

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2024-02-09 20:35:32 -06:00
ekzyis b3d485e8c4
Refactor default payment method setting (#803)
* Refactor setting of default providers

* fixed warning about component update while rendering another component
* individual providers no longer need to know if they are the default or not
* default setting is now handled by WebLNContext -- the same context that returns the provider. this makes a lot more sense and is a lot easier to read
* default payment checkbox is now also disabled if there is only one enabled provider or if it is the default provider

* Fix order lost on page reload

On page reload, the providers were synced in the order they were loaded.

This means that the default payment provider setting was lost.

Fixed this by syncing order to local storage and on page reload, only syncing providers when they were initialized (else the order would have been lost again).
2024-02-09 09:42:26 -06:00
ekzyis ec3e8f0079
Remove deprecated comment (#801) 2024-02-09 09:39:59 -06:00
ekzyis b6dd4c1dba
Update image fees to 50 MB free per day (#798)
Almost every stacker was below 50 MB per day (except one stacker at one day).

Since storage is cheap, we can allow 50 MB per day for free; especially since UX around image fees suck.
2024-02-08 19:06:20 -06:00
ekzyis 310011f05d
Expose WebLN interface via React Context (#749)
* Add LNbits card

* Save LNbits Provider in WebLN context

* Check LNbits connection on save

* refactor: put LNbitsProvider into own file

* Pay invoices using WebLN provider from context

* Remove deprecated FIXME

* Try WebLN provider first

* Fix unhandled promise rejection

* Fix this in sendPayment

* Be optimistic regarding WebLN zaps

This wraps the WebLN payment promise with Apollo cache updates.

We will be optimistics and assume that the payment will succeed and update the cache accordingly.

When we notice that the payment failed, we undo this update.

* Bold strike on WebLN zap

If lightning strike animation is disabled, toaster will be used.

* Rename undo variable to amount

* Fix zap undo

* Add NWC card

* Attempt to check NWC connection using info event

* Fix NaN on zap

Third argument of update is reserved for context

* Fix TypeError in catch of QR code

* Add basic NWC payments

* Wrap LNbits getInfo with try/catch

* EOSE is enough to check NWC connection

* refactor: Wrap WebLN providers into own context

I should have done this earlier

* Show red indicator on error

* Fix useEffect return value

* Fix wrong usage of pubkey

The event pubkey is derived from the secret. Doesn't make sense to manually set it. It's also the wrong pubkey: we're not the wallet service.

* Use p tag in NWC request

* Add comment about required filter field

* Aesthetic changes to NWC sendPayment

* Add TODO about receipt verification

* Fix WebLN attempted again after error

* Fix undefined name

* Add code to mock NWC relay

* Revert "Bold strike on WebLN zap"

This reverts commit a9eb27daec0cd2ef30b56294b05e0056fb5b4184.

* Fix update undo

* Fix lightning strike before payment

* WIP: Wrap WebLN payments with toasts

* add toasts for pending, error, success
* while pending, invoice can be canceled
* there are still some race conditions between payiny the invoice / error on payment and invoice cancellation

* Fix invoice poll using stale value from cache

* Remove unnecessary if

* Make sure that pay_invoice is declared as supported

* Check if WebLN provider is enabled before calling sendPayment

* Fix bad retry

If WebLN payments failed due to insufficient balances, the promise resolved and thus the action was retried but failed immediately since the invoice (still) wasn't paid.

* Fix cache undo update

* Fix no cache update after QR payment

* refactor: Use fragments to undo cache updates

* Remove console.log

* Small changes to NWC relay mocking

* Return SendPaymentResponse

See https://www.webln.guide/building-lightning-apps/webln-reference/webln.sendpayment

* Also undo cache update on retry failure

* Disable NWC mocking

* Fix initialValue not set

But following warning is now shown in console:

"""
Warning: A component is changing a controlled input to be uncontrolled.
This is likely caused by the value changing from a defined to undefined, which should not happen.
Decide between using a controlled or uncontrolled input element for the lifetime of the component. More info: https://reactjs.org/link/controlled-components
"""

* Remove comment since only relevant for blastr (mutiny relay)

* Remove TODO

* Fix duplicate cache update

* Fix QR modal not closed after payment

* Ignore lnbits variable unused

* Use single relay connection for all NWC events

* Fix missing timer and subscription cleanup

* Remove TODO

Confirmed that nostr-tools verifies events and filters for us.

See https://github.com/nbd-wtf/nostr-tools/blob/master/abstract-relay.ts#L161

* Fix switch from controlled to uncontrolled input

* Show 'configure' on error

* Use budgetable instead of async

* Remove EOSE listener

Only nostr.mutinywallet.com didn't respond with info events due to implementation-specific reasons. This is no longer the case.

* Use invoice expiry for NWC timeout

I don't think there was a specific reason why I used 60 seconds initially.

* Validate LNbits config on save

* Validate NWC config on save

* Also show unattach if configuration is invalid

If unattach is only shown if configuration is valid, resetting the configuration is not possible while it's invalid. So we're stuck with a red wallet indicator.

* Fix detection of WebLN payment

It depended on a Apollo cache update function being available. But that is not the case for every WebLN payment.

* Fix formik bag lost

* Use payment instead of zap in toast

* autoscale capture svc by response time

* docs and changes for testing lnbits locally

* Rename configJSON to config

Naming of config object was inconsistent with saveConfig function which was annoying.

Also fixed other inconsistencies between LNbits and NWC provider.

* Allow setting of default payment provider

* Update TODO comment about provider priority

The list 'paymentMethods' is not used yet but is already implemented for future iterations.

* Add wallet security disclaimer

* Update labels

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2024-02-08 12:33:13 -06:00
keyan 6adb57c8ec autoscale capture svc by response time 2024-02-07 19:34:33 -06:00
Noah 02278c6073
Improved ux for domain only searches (#782)
* improves ux for url only searches

* updates with sn nym

* add back original implementation when query has more than url: filter

* eliminates use of wildcards

* adds docs for testing search in a way that more closely resembles prod

* fixes lint issues

---------

Co-authored-by: utanapishtim <utnapishtim.utanapishtim@gmail.com>
2024-02-07 18:45:11 -06:00
Keyan 65cc1dbcc0
Merge pull request #785 from stackernews/773-fix-pins-prevent-post-show-up-in-feeds
Fix pinned items don't show up in home
2024-02-04 16:46:49 -06:00
ekzyis 46eeb729c3 Fix pinned items don't show up in home 2024-02-04 22:15:18 +01:00
Keyan 42e491b59d
Merge pull request #784 from mzivil/fix-territory-form-labels
Fix territory form label clicks not toggling correct input
2024-02-04 10:11:54 -06:00
keyan 1135fff77c refine capture svc 2024-02-03 20:14:54 -06:00
keyan 05d866883a make capture svc a little more robust 2024-02-03 17:49:34 -06:00
mzivil f2f39f4c22 fix clicks on billing types label not toggling correct radio
Currently, all the billing types radios are being assigned the
same "billingType" id, so clicking on any of the labels
always selects the monthly one. If you inspect the HTML, all the
billing type labels have 'for="billingType"' which is how the HTML
knows which input to select.

We have to keep the "name" attribute the same because that's how
the input values are linked to the billingType form field.

To fix, we explicitly assign the "id" prop for each radio so
that the <label>'s "for" attribute is tied to the correct
radio input.
2024-02-03 16:59:37 -05:00
mzivil 3328c1daa3 fix clicks on post types label not toggling correct checkbox
Currently, all the post types checkbox are being assigned the
same "postTypes" id, so clicking on any of the post type labels
always toggles the first one. If you inspect the HTML, all the
post type labels have 'for="postTypes"' which is how the HTML
knows which checkbox to toggle.

We have to keep the "name" attribute the same because that's how
the checkbox values are linked to the postTypes field.

To fix, we explicitly assign the id prop for each checkbox so
that the <label>'s "for" attribute is tied to the correct
checkbox input.
2024-02-03 16:59:37 -05:00
Keyan 4789a93778
Merge pull request #783 from stackernews/fixpins
allow pins to be zapped but not from pin position
2024-02-03 15:33:41 -06:00
keyan c23f1f82bc allow pins to be zapped but not from pin position 2024-02-03 15:27:36 -06:00
Keyan cb5c12b82d
Merge pull request #781 from mzivil/fix-hn-and-bitcointalk-dupes
Fix hacker news and bitcointalk dupes
2024-02-02 15:16:15 -06:00
mzivil 986ba582e5 fix lint errors 2024-02-02 16:06:33 -05:00
mzivil 7ff02ebe30 rename mutated hostname and pathname variables to avoid confusion 2024-02-02 15:57:34 -05:00
mzivil db7c4c3d76 rename uri to uriRegex to avoid confusion 2024-02-02 15:50:18 -05:00
mzivil 99e547e6ae fix all hacker news and bitcoin talk links showing up as dupes
It looks like a regression was introduced at some point, because
the `uri` that's compared against the `whitelist` is a regular
expression and not the url hostname + pathname as it was originally
written.

This brings back the original behavior of comparing the whitelist
against the hostname + pathname
2024-02-02 15:46:30 -05:00
mzivil 068f1e9eba use stripTrailingSlash for uriRegex in dupes 2024-02-02 15:45:49 -05:00
mzivil a039f29cdf add stripTrailingSlash utility function 2024-02-02 15:44:37 -05:00
Keyan bbfb008d5f
Merge pull request #780 from mzivil/fix-yewtube-dupes
Fix yewtube links showing up as dupes of each other
2024-02-02 13:48:54 -06:00
mzivil d861890d35 add sn nym to contributors 2024-02-02 14:19:23 -05:00
mzivil 4076727ed3 fix yewtu.be links showing up as dupes of each other 2024-02-02 12:43:24 -05:00
Keyan b2ba333905
Merge pull request #777 from stackernews/toast-tags
Add tags and onCancel to toasts
2024-02-01 11:10:10 -06:00
Keyan dbde163c74
Merge pull request #778 from stackernews/faster-expiry-after-payment
Finalize hodl invoices after payment within 60 seconds
2024-02-01 11:04:02 -06:00