* Migrate vault entries to new schema (#2092)
* Migrate existing vault entries to new schema
* Read+write new vault schema
* Drop VaultEntry table
* Refactor vaultPrismaFragments
* Remove wrong comment
* Remove TODO
* Fix possible race condition on update of vault key
* Remove lib/object.js
* Wallet schema v2 (#2146)
* Add wallet-v2 TODOs
* Update checkWallet
* Wallet list
* Delete almost all wallet v1 code
and add some code for wallet protocol forms
* Define protocol display name in JSON
* Show form per protocol
* Increase max-height of image in form
* Add JSdoc for protocols, form validation
* Use wallet cards again
My wallet list was quite ugly and I couldn't look at it anymore.
* Refactor hooks in wallet provider
* Fix PasswordInput not used
* Read encrypted wallets
* Decrypt wallets
* useWalletQuery now returns decrypted wallets
* Refactor useIndexedDB because its only purpose will be to store the key, so no need for pagination code etc.
* There is still a bug: if the wallet is not decrypted on first render, the form will not see the decrypted value. See TODO.
* Rename protocolJson to protocol
it no longer uses a JSON file
* Fix form not updated with decrypted API key
* Fix wallet template forms
* Fix optional shown as hint
* Rename to mapUserWalletResolveTypes
* Save LNbits send and recv
TODO:
* implement resolvers for other protocols
* fix double update required for trigger?
* add missing validation on server
* add missing network tests
* don't import from wallets/client on server
* Move definitions to lib/wallets.json and lib/protocols
* Fix ProtocolWallet.updated_at not updated by trigger
* Move wallet fragments into wallets/client/fragments/
* move invoice fragments to fragments/invoice.js
* remove some unused fragments that I don't think I also will not use
* move fragments that will be generated in own file
* Move wallet resolvers into wallets/server/resolvers
* Fix missing authorization check on wallet update
* Run all shared code in generic wallet update function
* Fix 'encrypt' flag not set for blink send currency
* Add mutations for all protocols
* Fix macaroon validation
* Fix CLN socket value not set
* Add server-side schema validation
* Fix JSDoc typedef for protocols
* Don't put JSDoc into separate file
* Create test invoices on save
* Also move type resolvers into wallets/server/resolvers
* Fix unconfigured protocols of UserWallet not found
* Fix Blink API key in wallet seed
* Test send payment on save (except LNC)
This does not include LNC because LNC cannot be saved yet
* Check if window.webln is defined on save
* Create new wallets from templates
* Separate protocols in wallets/lib into individual files
* Use justify-content-start for protocol tabs
and larger margin at the top
* Add LNC to client protocols
* Only return wallets from useWallets
* Query decrypted wallets
* Payments with new wallets
* More wallet logos
* Fix TypeError in useIndexedDB
* Add protocol attach docs
* Fix undefined useWalletRecvPrompt import
* Remove outdated TODOs
* First successful zap to new wallets
* Fix walletLogger imports
* Fix sequences
* the sequences for InvoiceForward and DirectPayment were still starting at 1
* when using setval() with two arguments, nextval() will return the second argument+1 (see https://www.postgresql.org/docs/current/functions-sequence.html)
* Rename ProtocolWallet columns
* Remove more outdated TODOs
* Update wallet indicator
* Fix page reset on route change
* Refactor __typename checks into functions
* Refactor protocol selection into own hook
* Add button to detach protocol
* Refetch wallet on save and detach
* Refetch wallets on change
* Always show all templates
* Refactor WalletLink component
* Also put wallet into forms context
* Remove outdated TODOs
* Use useMemo in wallets hooks
* Passphrase modals
* prompt for password if decryption failed
* add button to reveal passphrase on wallet page
TODO:
* remove button if passphrase was revealed or imported
* encrypt wallets with new key on passphrase reveal
* Fix protocol missing as callback dependency
* Encrypt wallets with new key on passphrase export
* Update 'unlock wallets' text
* Rename wallet mutation hooks
* Remove 'removeWallet' mutation
Wallets are automatically deleted when all protocols are deleted
* Passphrase reset
* Use 110px as minimum width for bip39 words
longest bip39 words are 8 characters and they fit into 103px so I rounded up to 110px.
* Also disable passphrase export on save
* Wallet settings
* Fix wallet receive prompt
* Remove unused parameters from postgres function
* Rename UserWallet to Wallet, ProtocolWallet to WalletProtocol
* Use danger variant for button to show passphrase
* Fix inconsistent imports and exports
* Remove outdated TODOs
* wallet logs
* Remove outdated comment
* Make sure wallets are used in priority order
* Separate wallets from templates in reducer
* Fix missing useCallback dependencies
* Refactor with useWalletLogger hook
* Move enabled to WalletProtocol
* Add checkbox to enable/disable protocol
* Fix migration with prod db dump
* Parse Coinos relay URLs
* Skip network tests if only enabled changed
* Allow IndexedDB calls without session
* Add code to migrate old CryptoKey
* first try to use existing CryptoKey before generating a new one
* bump IDB version to delete old object stores and create new ones
* return IDB callbacks with useMemo
* don't delete old IDB right away, wait until next release
* Fix ghost import error
*Sometimes*, I get import errors because it tries to resolve @/wallets/server to wallets/server.js instead of wallets/server/index.js.
For the files in wallets/server, it kind of makes sense because it's a circular import.
But I don't know why the files in worker/ have this problem.
Interestingly, it only seems to happen with walletLogger imports, so I guess its related to its import chain.
Anyway, this commit should make sure this never happens again ...
* Skip wallets queries if not logged in
* Split CUSTOM wallet into NWC and LN_ADDR
* Migrate local wallets
* Link to /wallets/:id/receive if send not supported
* Hide separator if there are no configured wallets
* Save LNC
* Add one-liner to attach LNC
* Update wallet priorities via DnD
* Wallet logs are part of protocol resolvers
* Fix logging to deleted protocol
* Fix trying to fetch logs for template
* also change type to Int so GraphQL layer can catch trying to fetch string IDs as is the case for templates
* Fix embedded flag for wallets logs not set
* Remove TODO
* Decrease max-height for embedded wallet logs on big screens
* Fix missing refetch on wallet priority update
* Set priorities of all wallets in one tx
* Fix nested state update
* Add DragIcon
* DnD mobile support and refactor
* Add CancelButton to wallet settings
* Remount form if path changes
This fixes the following warning in the console:
"""
Warning: A component is changing an uncontrolled input to be controlled. This is likely caused by the value changing from undefined to a defined value, which should not happen. Decide between using a controlled or uncontrolled input element for the lifetime of the component.
"""
* Support string and object for wallet.image JSON
* Append domain to lightning address inputs
* Remove outdated TODOs
* Add template IDs to wallet JSON
* Fix missing callback dependency
* Implement lightning address save in receive prompt
* Update TODOs
* Fix missing check for enabled
* Pay QR codes with WebLN as anon
* Add logo for NWC
* Fix trying to save logs for template
* Add template logs
* Fix inconsistent margin
* Always throw on missing key
* Remove misleading comment
Wallets are returned even if decryption fails so we can show the unlock page if a wallet is stored as encrypted in the context.
Maybe I should rethink this.
* Check for existing wallets on local wallet migration
* Fix local wallet migration causing duplicates
* Fix protocol reattached on detach due to migration
* Fix form not centered
* Fix ZEUS lightning address domain
* Add placeholder, help, hints etc. to wallet form inputs
* Fix wallet badges not updated
* Remove unused declared variables
* Rename to ATTACH_PAGE
* Fix 500 error if no amount was given to LNURLp endpoint
* Tag log messages with wallet name
* Only skip network tests if we're disabling the wallet
* Rename var to networkTests
* Continue to store key hash in IndexedDB
* Rethink wallet state management
If decryption failed, the function to decrypt the wallets didn't throw but simply returned wallets that were still encrypted.
This was bad because it meant we could not rely on the wallets in the state being decrypted, even though this was the original idea behind the query hooks: hide the details of encryption and decryption inside them.
Because of this, we had to check if the wallets were still encrypted before we ran the wallet migration since we want to check if a protocol already exists.
This commit fixes this by making encryption and decryption always throw (and catching the errors), as well as returning a ready state from hooks. A hook might not be ready because it still needs to load something (in the case of the crypto hooks, it's loading the key from IndexedDB). Callers check that ready state before they call the function returned by the hook.
So now, the wallet migration hook can itself simply check if the hook to encrypt wallets is ready and if the wallets are no longer loading to let callers know if it itself is ready.
Since we also relied on wallets stored as encrypted in the context to show the unlock page, this was also changed by comparing the local and remote key hash.
* Add empty line
* Save new key hash during wallet reset
* Only receive protocol upserts require networkTests param
* Compare key hashes on server on each save
* Delete old code
* Fix card shows attach instead of configure
* Fix empty wallets created during migration
The old schema can contain '' instead of NULL in the columns of wallets for receiving.
* Update reset passphrase text
* Wrap passphrase reset in try/catch
* Fix migrate called multiple times
* Update key hash on migration if not set
* Fetch local wallets in migrate
* Fix missing await on setKey
* Let first device set key hash
* Fix indicator not shown if wallets locked
* Check if IndexedDB is available
* Fix inconsistent WebLN error message
* Disable WebLN if not available
* Remove outdated TODO
* Cursor-based pagination for wallet logs
* Fix log message x-overflow
* Add context to wallet logs
* Wrap errors are warnings in logs
* Rename wallet v2 migrations
* Update wallet status during logging
* Fix wallet logs loading state
The loading state would go from false -> true -> false because it's false when the lazy query wasn't called yet.
* Add wallet search
* Add Alby Go wallet
* Revert "Add Alby Go wallet"
This reverts commit 926c70638f1673756480c848237e52d5889dc037.
* Fix wallet logs sent by client don't update protocol status
* Fix mutation name
* put drag icon on opposite corner
* Add wallets/README.md
* Fix inconsistent case in wallets/README.md
* Fix autoprefixer warning about mixed support
This warning was in the app logs:
app | Warning
app |
app | (31:3) autoprefixer: end value has mixed support, consider using flex-end instead
app |
app | Import trace for requested module:
app | ./styles/wallet.module.css
app | ./wallets/client/hooks/prompt.js
app | ./wallets/client/hooks/index.js
app | ./wallets/client/context/hooks.js
app | ./wallets/client/context/provider.js
app | ./wallets/client/context/index.js
* fix effect of wallet indicators on logo
* Fix deleting wallet template logs
* Use name as primary key of WalletTemplate
* Fix wallet_clear_vault trigger not mentioned in README
* Fix wallet receive prompt
Also remove no longer needed templateId from wallets.json and helper functions
* Use findUnique since name is now primary key
* Merge Alby wallets into one
* Remove unused name parameter from WalletsForm component
* Fix number check to decide if wallet or template
* Update wallet encryption on click, not as effect
* add cashu.me and lightning address logos
* add images
* Use recommended typeof to check if IDB available
* Also check if IDB available on delete
* Use constraint triggers
* Add indices on columns used for joins
* Fix inconsistent CLEAR OR REPLACE TRIGGER
* Attach wallet_check_support trigger to WalletProtocol table
* Update wallets/README.md
* Remove debugging code
* Refactor reducer: replace page with status
* Show 'wallets unavailable' if device does not support IndexedDB
* Remove duplicate ELSIF condition
* Fix hasSendWallet
The useSendWallets hook was not checking if the returned send wallets are enabled.
Since the components that used that hook only need to know if there is a send wallet, I replaced the useSendWallets hook with a useHasSendWallet hook.
* Add Cash App wallet
* fix changes loglevel enum
* Fix key init race condition in strict mode if no key exists yet
* Formatting
* Fix key init race condition via transactions in readwrite mode
* Replace Promise.withResolvers with regular promises
* replace generic spinner with our usual
---------
Co-authored-by: k00b <k00b@stacker.news>
* Remove service worker logger
* Use async/await for togglePushSubscription
* Remove commented out logger calls in service worker
* Remove message channel between service worker and app
The listener for messages from the service worker was removed in a previous commit.
* Remove unused OS detection for service worker
* multi_auth cookies check + reset
* multi_auth cookies refresh
* Expire cookies after 30 days
This is the actual default for next-auth.session-token.
* Collapse issues by default
* Only refresh session cookie manually as anon
* fix mangled merge
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: k00b <k00b@stacker.news>
* Prevent account creation if we're not signin up
* remove cookie once logged in, 24 hours expiry, comment
* adjust error messages
* check signin instead of signup
* appendHeader to avoid overwrites, fix typo, use NodeNextRequest to handle cookies
* expire cookie if signup
* fix: cannot login with email on PWA
* adjust other email templates
* restore manual url on new user email
* no padding on button section
* cleanup
* generate 6-digit bechh32 token
* token needs to be fed as lower case; validator case insensitive
* delete token if user has failed 3 times
* proposal: context-independent error page
* include expiration time on email page message
* add expiration time to emails
* independent checkPWA function
* restore token deletion if successful auth
* final cleanup: remove unused function
* compact useVerificationToken
* email.js: magic code for non-PWA users
* adjust email templates
* MultiInput component; magic code via MultiInput
* hotfix: revert length testing; larger width for inputs
* manual bech32 token generation; no upperCase
* reverting to string concatenation
* layout tweaks, fix error placement
* pastable inputs
* small nit fixes
* less ambiguous error path
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: k00b <k00b@stacker.news>
* Always switch to user we just logged in as
If we're logged in and switch to anon and then use login to get into our previous account instead of using 'switch accounts', we only updated the JWT but we didn't switch to the user.
* Fix getToken unaware of multi-auth middleware
If we use login with new credentials while switched to anon (multi_auth.user-id === 'anonymous'), we updated the pubkey because getToken wasn't aware of the switch and thus believed we're logged in as a user.
This is fixed by applying the middleware before calling getToken.
* Fix missing page reload after account switch on logout
* Fix missing key
* Explain why we set multi_auth cookies on login/signup
* Fix 500 if multi_auth cookie missing
* cache or remove unecessary calls to lnd
* avoid redundant grpc calls in state machine
* store preimage whenever available
* enhancements post self-code review
* small refinements
* fixes
* fix lnurl-verify
* prevent wallet logger throwing on idb close
* fix promise in race while waiting for payment
* WIP: Account switching
* Fix empty USER query
ANON_USER_ID was undefined and thus the query for @anon had no variables.
* Apply multiAuthMiddleware in /api/graphql
* Fix 'you must be logged in' query error on switch to anon
* Add smart 'switch account' button
"smart" means that it only shows if there are accounts to which one can switch
* Fix multiAuth not set in backend
* Comment fixes, minor changes
* Use fw-bold instead of 'selected'
* Close dropdown and offcanvas
Inside a dropdown, we can rely on autoClose but need to wrap the buttons with <Dropdown.Item> for that to work.
For the offcanvas, we need to pass down handleClose.
* Use button to add account
* Some pages require hard reload on account switch
* Reinit settings form on account switch
* Also don't refetch WalletHistory
* Formatting
* Use width: fit-content for standalone SignUpButton
* Remove unused className
* Use fw-bold and text-underline on selected
* Fix inconsistent padding of login buttons
* Fix duplicate redirect from /settings on anon switch
* Never throw during refetch
* Throw errors which extend GraphQLError
* Only use meAnonSats if logged out
* Use reactive variable for meAnonSats
The previous commit broke the UI update after anon zaps because we actually updated item.meSats in the cache and not item.meAnonSats.
Updating item.meAnonSats was not possible because it's a local field. For that, one needs to use reactive variables.
We do this now and thus also don't need the useEffect hack in item-info.js anymore.
* Switch to new user
* Fix missing cleanup during logout
If we logged in but never switched to any other account, the 'multi_auth.user-id' cookie was not set.
This meant that during logout, the other 'multi_auth.*' cookies were not deleted.
This broke the account switch modal.
This is fixed by setting the 'multi_auth.user-id' cookie on login.
Additionally, we now cleanup if cookie pointer OR session is set (instead of only if both are set).
* Fix comments in middleware
* Remove unnecessary effect dependencies
setState is stable and thus only noise in effect dependencies
* Show but disable unavailable auth methods
* make signup button consistent with others
* Always reload page on switch
* refine account switch styling
* logout barrier
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: k00b <k00b@stacker.news>
* wip: Use uniform interface for wallets
* Fix import error
* Update wallet logging + other stuff
* add canPay and canSend to wallet definition
* rename 'default payment method' to 'enabled' and add enable + disable method
* Set canPay, canReceive in useWallet
* Enable wallet if just configured
* Don't pass logger to sendPayment
* Add logging to attach & detach
* Add schema to wallet def
* Add NWC wallet
* Fix unused isDefault saved in config
* Fix enableWallet
* wrong storage key was used
* broke if wallets with no configs existed
* Run validation during save
* Use INFO level for 'wallet disabled' message
* Pass config with spread operator
* Support help, optional, hint in wallet fields
* wip: Add LNC
* Fix 20s page load for /settings/wallets.json?nodata=true
For some reason, if nodata is passed (which is the case if going back), the page takes 20s to load.
* Fix extremely slow page load for LNC import
I noticed that the combination of
```
import { Form, PasswordInput, SubmitButton } from '@/components/form'
```
in components/wallet/lnc.js and the dynamic import via `await import` in components/wallet/index.js caused extremely slow page loads.
* Use normal imports
* Revert "Fix 20s page load for /settings/wallets.json?nodata=true"
This reverts commit deb476b3a966569fefcfdf4082d6b64f90fbd0a2.
Not using the dynamic import for LNC fixed the slow page load with ?nodata=true.
* Remove follow and show recent logs first
* Fix position of log start marker
* Add FIXMEs for LNC
I can't get LNC to connect. It just hangs forever on lnc.connect(). See FIXMEs.
* Remove logger.error since already handled in useWallet
* Don't require destructuring to pass props to input
* wip: Add LND autowithdrawals
* receiving wallets need to export 'server' object field
* don't print macaroon error stack
* fix missing wallet logs order update
* mark autowithdrawl settings as required
* fix server wallet logs deletion
* remove canPay and canReceive since it was confusing where it is available
TODO
* also use numeric priority for sending wallets to be consistent with how status for receiving wallets is determined
* define createInvoice function in wallet definition
* consistent wallet logs: sending wallets use 'wallet attached'+'wallet enabled/disabled' whereas receiving wallets use 'wallet created/updated'
* see FIXMEs
* Fix TypeError
* Fix sendPayment called with empty config
* removed useEffect such that config is available on first render
* fix hydration error using dynamic import without SSR
* Fix confusing UX around enabled
* Remove FIXMEs
Rebase on master seemed to have fixed these, weird
* Use same error format in toast and wallet log
* Fix usage of conditional hooks in useConfig
* Fix isConfigured
* Fix delete wallet logs on server
* Fix wallet logs refetch
onError does not exist on client.mutate
* Fix TypeError in isConfigured if no enabled wallet found
* Only include local/server config if required
* Fix another hydration error
* Fix server config not updated after save or detach
* Also use 'enabled' for server wallets
* Fix wallet logs not updated after server delete
* Consistent logs between local and server wallets
* 'wallet attached' on create
* 'wallet updated' on config updates
* 'wallet enabled' and 'wallet disabled' if checkbox changed
* 'wallet detached' on delete
* Also enable server wallets on create
* Disable checkbox if not configured yet
* Move all validation schema into lib/validate
* Implement drag & drop w/o persistence
* Use dynamic import for WalletCard
This fixes a lot of issues with hydration
* Save order as priority
* Fix autowithdrawSettings not applied
Form requires config in flat format but mutation requires autowithdraw settings in a separate 'settings' field.
I have decided that config will be in flat form format. It will be transformed into mutation format during save.
* Save dedicated enabled flag for server wallets
* wallet table now contains boolean column 'enabled'
* 'priority' is now a number everywhere
* use consistent order between how autowithdrawals are attempted and server wallets cards
* Fix onCanceled missing
* Fix typo
* Fix noisy changes in lib/validate
I moved the schema for lnbits, nwc and lnc out of lib/validate only to put them back in there later.
This commit should make the changeset cleaner by removing noise.
* Split arguments into [value,] config, context
* Run lnbits url.replace in validate and sendPayment
* Remove unnecessary WALLETS_QUERY
* Generate wallet mutation from fields
* Generate wallet resolver from fields
* Fix import inconsistency between app and worker
* Use wallet.createInvoice for autowithdrawals
* Fix success autowithdrawal log
* Fix wallet security banner shown for server wallets
* Add autowithdrawal to lightning address
* Add optional wallet short name for logging
* Fix draggable
* Fix autowithdraw loop
* Add missing hints
* Add CLN autowithdrawal
* Detach wallets and delete logs on logout
* Remove Wallet in lib/constants
* Use inject function for resolvers and typeDefs
* Fix priority ignored when fetching enabled wallet
* Fix draggable false on first page load due to SSR
* Use touches instead of dnd on mobile
Browsers don't support drag events for touch devices.
To have a consistent implementation for desktop and mobile, we would need to use mousedown/touchstart, mouseup/touchend and mousemove/touchmove.
For now, this commit makes changing the order possible on touch devices with simple touches.
* Fix duplicate CLN error
* Fix autowithdraw priority order
* Fix error per invalid bip39 word
* Update LNC code
* remove LNC FIXMEs
Mhh, I guess the TURN server was down or something? It now magically works. Or maybe it only works once per mnemonic?
* also removed the lnc.lnd.lightning.getInfo() call since we don't ask and need permission for this RPC for payments.
* setting a password does not work though. It fails with 'The password provided is not valid' which is triggered at https://github.com/lightninglabs/lnc-web/blob/main/lib/util/credentialStore.ts#L81.
* Fix order if wallet with no priority exists
* Use common sort
* Add link to lnbits.com
* Add example wallet def
* Remove TODOs
TODO in components/wallet-logger.js was handled.
I don't see a need for the TODO in lib/wallet.js anymore. This function will only be called with the wallet of type LIGHTNING_ADDRESS anyway.
* Remove console.log
* Toast priority save errors
* Fix leaking relay connections
* Remove 'tor or clearnet' hint for LN addresses
* Remove React dependency from wallet definitions
* Generate resolver name from walletField
* Move wallets into top level directory wallet/
* Put wallets into own folder
* Fix generateMutation
* remove resolverName property from wallet defs
* move function into lib/wallet
* use function in generateMutation on client to fix wrongly generated mutation
* Separate client and server imports by files
* wallets now consist of an index.js, a client.js and a server.js file
* client.js is imported on the client and contains the client portion
* server.js is imported on the server and contains the server porition
* both reexport index.js so everything in index.js can be shared by client and server
* every wallet contains a client.js file since they are all imported on the client to show the cards
* client.js of every wallet is reexported as an array in wallets/client.js
* server.js of every wallet is reexported as an array in wallets/server.js
FIXME: for some reason, worker does not properly import the default export of wallets/server.js
* Fix worker import of wallets/server
* Fix wallet.server usage
* I removed wallet.server in a previous commit
* the client couldn't determine which wallet was stored on the server since all server specific fields were set in server.js
* walletType and walletField are now set in index.js
* walletType is now used to determine if a wallet is stored on the server
* also included some formatting changes
* Fix w.default usage
Since package.json with { "type": "module" } was added, this is no longer needed.
* Fix id access in walletPrioritySort
* Fix autowithdrawal error log
* Generate validation schema for LNbits
* Generate validation schema for NWC
* Rename to torAllowed
* Generate validation schema for LNC
* Generate validation schema for LND
* Generate validation schema for LnAddr
* Remove stringTypes
* Generate validation schema for CLN
* Make clear that message belongs to test
* validate.message was used in tandem with validate.test
* it might be confused as the message if the validation for validate.type failed
* now validate.test can be a function or an object of { test, message } shape which matches Yup.test
* Remove validate.schema as a trap door
* make lnc work
* Return null if no wallet was found
* Revert code around schema generation
* Transform autowithdrawSchemaMembers into an object
* Rename schema to yupSchema
* Fix missing required for LNbits adminKey
* Support formik form-level validation
* Fix missing addWalletLog import
* Fix missing space after =
* fix merge conflict resolution mistake
* remove non-custodial* badges
* create guides for attaching wallets in sndev
* Use built-in formik validation or Yup schema but not both
* Rename: validate -> testConnectClient, testConnect -> testConnectServer
* make lnaddr autowithdraw work in dev
* move ATTACH docs to ./wallets and add lnaddr doc
* Fix missing rename: yupSchema -> fieldValidation
* Remove unused context
* Add documentation how to add wallets
---------
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
* capture/store data for new referral scheme
* simplify signup/forever referral rules
* no self-referrals and other fixes
* better post/comment distinction and support /items/1/related
* first pass of hashing user emails
* use salt
* add a salt to .env.development (prod salt needs to be kept a secret)
* move `hashEmail` util to a new util module
* trigger a one-time job to migrate existing emails via the worker
so we can use the salt from an env var
* move newsletter signup
move newsletter signup to prisma adapter create user with email code path
so we can still auto-enroll email accounts without having to persist the email address
in plaintext
* remove `email` from api key session lookup query
* drop user email index before dropping column
* restore email column, just null values instead
* fix function name
* fix salt and hash raw sql statement
* update auth methods email type in typedefs from str to bool
* remove todo comment
* lowercase email before hashing during migration
* check for emailHash and email to accommodate migration window
update our lookups to check for a matching emailHash, and then a matching
email, in that order, to accommodate the case that a user tries to login
via email while the migration is running, and their account has not yet been migrated
also update sndev to have a command `./sndev email` to launch the mailhog inbox in your browser
also update `./sndev login` to hash the generated email address and insert it into the db record
* update sndev help
* update awards.csv
* update the hack in next-auth to re-use the email supplied on input to `getUserByEmail`
* consolidate console.error logs
* create generic open command
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
* Merge serializeInvoiceable with serialize
* Rename to verifyPayment
We already have a function named checkInvoice in the worker which can be confusing.
Also, we don't need to export this function.
* Use crypto.timingSafeEqual
* Fix missing unwrap for item creation and update
* Merge serializeInvoiceable with serialize
* Rename to verifyPayment
We already have a function named checkInvoice in the worker which can be confusing.
Also, we don't need to export this function.
* Use crypto.timingSafeEqual
* Generate API key in settings
* Check x-api-key for GraphQL API requests
* Don't fallback to cookie if x-api-key header was provided
* Select all session fields
* Fix error if API key not found
* Fix style in settings via form-label className
---------
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
