Commit Graph

401 Commits

Author SHA1 Message Date
keyan 2fa34eccb6 make anon user's invoices expire in 5 minutes 2023-08-10 17:36:49 -05:00
keyan 26762efcea add generic date pivot helper 2023-08-10 17:36:49 -05:00
ekzyis 35760e1655 Fix anon users can't zap other anon users 2023-08-10 22:57:45 +02:00
Keyan cbfd6998a6
Merge branch 'master' into 266-zaps-without-account 2023-08-10 12:40:30 -05:00
ekzyis bb2212d51e Add invoice HMAC
This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.

Only the user which created the invoice knows the HMAC and thus can use the invoice hash.
2023-08-10 07:10:07 +02:00
keyan e913ab71ad more even rewards 2023-08-09 22:27:03 -05:00
ekzyis 318088179a Rename to useInvoiceable 2023-08-10 03:34:38 +02:00
ekzyis 118f591d04 Merge branch 'master' into 266-zaps-without-account 2023-08-10 03:34:38 +02:00
SatsAllDay 6e05cd38f9
Singular/Plural "Sats" labels (#380)
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-08 16:04:06 -05:00
ekzyis 67a0de3ea5
Notifications with nostr info (#368)
* Show zap message and pubkey in notifications

+ show zap request event in invoice view

* enhance ui

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-08 13:19:31 -05:00
Keyan 76b4156ccb
Merge branch 'master' into 266-zaps-without-account 2023-08-08 09:42:21 -05:00
ekzyis 4094adfa4f
Remove markdown from body in push notifications (#374)
Co-authored-by: ekzyis <ek@stacker.news>
2023-08-07 20:03:50 -05:00
ekzyis 49867f5dd5
Make web push & imgproxy setup optional for local dev (#373)
* Make web push setup optional for local dev

* Make imgproxy setup optional for local dev

---------

Co-authored-by: ekzyis <ek@stacker.news>
2023-08-07 19:53:21 -05:00
ekzyis 7369bd819d
Add nostr login (#367)
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-07 19:50:01 -05:00
Keyan 3d0bb4b32c
Merge branch 'master' into 266-zaps-without-account 2023-08-07 15:10:20 -05:00
keyan ffb856ae88 fix oauth signup 2023-08-07 15:05:55 -05:00
keyan e4aaaac20f don't use cache for SSR 2023-08-05 14:46:29 -05:00
keyan f7bf77ebd4 fix BigInt Int mix in satistics 2023-07-31 12:47:41 -05:00
keyan c909efb7b7 update wallet code to prisma 5, handle prisma 5 errors on serialization 2023-07-31 08:31:40 -05:00
ekzyis fd8510d59f Use payment hash instead of invoice id as proof of payment
Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.

Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.
2023-07-30 23:45:07 +02:00
ekzyis 74893b09dd Add anon comments and posts (link, discussion, poll) 2023-07-30 23:45:07 +02:00
ekzyis 5415c6b0f6 Add anon zaps 2023-07-30 23:45:07 +02:00
keyan 9745b82d63 fix viewing stacker's bookmarks 2023-07-29 18:27:32 -05:00
keyan 5232b59625 upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
keyan 7542dd6cc4 upgrade to prisma 4 2023-07-26 19:18:42 -05:00
keyan 672853a7ea upgrade to prisma 3 2023-07-26 11:01:31 -05:00
keyan 8ab018af88 fix nested comment sorting 2023-07-25 19:45:35 -05:00
keyan ab2046ab0b fix issues with new linting 2023-07-25 09:14:45 -05:00
keyan e87610c45b update packages and reduce bundle size 2023-07-24 17:50:12 -05:00
keyan 54d69489b9 Revert "Revert "try to store slashtags in cwd""
This reverts commit bbedec853f.
2023-07-23 10:09:00 -05:00
keyan 437faca197 Revert "Revert "prevent slashtags from accessing disk""
This reverts commit 391773be5e.
2023-07-23 10:08:56 -05:00
keyan 59f7b6ff26 Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""
This reverts commit 18910fa2ed.
2023-07-23 10:08:43 -05:00
keyan 18910fa2ed Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"
This reverts commit d0314ab73c.
2023-07-23 09:16:12 -05:00
keyan 391773be5e Revert "prevent slashtags from accessing disk"
This reverts commit 3c6c2a72b2.
2023-07-23 09:16:02 -05:00
keyan bbedec853f Revert "try to store slashtags in cwd"
This reverts commit 589d1ec190.
2023-07-23 09:15:40 -05:00
keyan 589d1ec190 try to store slashtags in cwd 2023-07-21 20:14:37 -05:00
keyan 3c6c2a72b2 prevent slashtags from accessing disk 2023-07-21 20:05:04 -05:00
keyan d0314ab73c shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades 2023-07-21 17:33:11 -05:00
ekzyis 8536660580
Fix maxStreak for users with running best streak (#356)
Co-authored-by: ekzyis <ek@stacker.news>
2023-07-14 10:49:16 -05:00
keyan 3c711b6083 enhance image detection and proxy 2023-07-13 15:18:04 -05:00
ekzyis 0d3328e509
Show longest cowboy streak in profile (#353)
* Show longest cowboy streak in profile

* Fix image offset

* Initialize maxStreak for every user

* Use resolver instead of denormalization for maxStreak

---------

Co-authored-by: ekzyis <ek@stacker.news>
2023-07-12 19:10:29 -05:00
Jo Wo bf4b8714fe
Render images without markdown and use image proxy (#245)
* Parse image links during markdown rendering

* Use imgproxy to replace links

* Add healthcheck

See https://docs.imgproxy.net/healthcheck

* Enable WebP and animation support

* Only replace image URLs

* Replace all occurrences

* Fix creating posts with no text

* Embed image on link posts where link is image

---------

Co-authored-by: ekzyis <ek@stacker.news>
2023-07-12 19:10:01 -05:00
keyan 4e9138dfdc show more info on where zap rewards came from 2023-07-09 12:21:11 -05:00
ekzyis 5e4dedad28
Add nym in reply notification (#349)
Co-authored-by: ekzyis <ek@stacker.news>
2023-07-07 08:45:44 -05:00
ekzyis 46014d0de4
Fix query for items with less than 11 parents (#346)
Co-authored-by: ekzyis <ek@stacker.news>
2023-07-06 20:17:12 -05:00
keyan 0c51309520 enhance pwa presentation 2023-07-06 16:53:48 -05:00
ekzyis 37e70f9791
Scroll to items on push notification click (#345)
* Scroll from root item in reach on notification click

Instead of going directly to the item of the notification, we now scroll from the root item which is still in reach to the comment.

This should provide more context to the user in most cases.

* Also scroll from root item in reach in /notifications

---------

Co-authored-by: ekzyis <ek@stacker.news>
2023-07-06 10:00:38 -05:00
keyan a17b4d1f1a refine push notification ui and catch promises 2023-07-04 17:19:59 -05:00
ekzyis 388e00dd04
Service worker rework, Web Target Share API & Web Push API (#324)
* npm uninstall next-pwa

next-pwa was last updated in August 2022.
There is also an issue which mentions that next-pwa is abandoned (?): https://github.com/shadowwalker/next-pwa/issues/482

But the main reason for me uninstalling it is that it adds a lot of preconfigured stuff which is not necessary for us.
It even lead to a bug since pages were cached without our knowledge.

So I will go with a different PWA approach. This different approach should do the following:
- make it more transparent what the service worker is doing
- gives us more control to configure the service worker and thus making it easier

* Use workbox-webpack-plugin

Every other plugin (`next-offline`, `next-workbox-webpack-plugin`, `next-with-workbox`, ...) added unnecessary configuration which felt contrary to how PWAs should be built.
(PWAs should progressivly enhance the website in small steps, see https://web.dev/learn/pwa/getting-started/#focus-on-a-feature)

These default configurations even lead to worse UX since they made invalid assumptions about stacker.news:
We _do not_ want to cache our start url and we _do not_ want to cache anything unless explicitly told to.
Almost every page on SN should be fresh for the best UX.

To achieve this, by default, the service worker falls back to the network (as if the service worker wasn't there).

Therefore, this should be the simplest configuration with a valid precache and cache busting support.

In the future, we can try to use prefetching to improve performance of navigation requests.

* Add support for Web Share Target API

See https://developer.chrome.com/articles/web-share-target/

* Use Web Push API for push notifications

I followed this (very good!) guide: https://web.dev/notifications/

* Refactor code related to Web Push

* Send push notification to users on events

* Merge notifications

* Send notification to author of every parent recursively

* Remove unused userId param in savePushSubscription

As it should be, the user id is retrieved from the authenticated user in the backend.

* Resubscribe user if push subscription changed

* Update old subscription if oldEndpoint was given

* Allow users to unsubscribe

* Use LTREE operator instead of recursive query

* Always show checkbox for push notifications

* Justify checkbox to end

* Update title of first push notification

* Fix warning from uncontrolled to controlled

* Add comment about Notification.requestPermission

* Fix timestamp

* Catch error on push subscription toggle

* Wrap function bodies in try/catch

* Use Promise.allSettled

* Filter subscriptions by user notification settings

* Fix user notification filter

* Use skipWaiting

---------

Co-authored-by: ekzyis <ek@stacker.news>
2023-07-04 14:36:07 -05:00
keyan 747371a4e4 snl live banner 2023-06-20 09:57:06 -05:00