Commit Graph

95 Commits

Author SHA1 Message Date
SatsAllDay 3acaee377b
LUD-18 Service Support (#518)
* first pass of LUD-18 support

* Various LUD-18 updates

* don't cache the well-known response, since it includes randomly generated single use values

* validate k1 from well-known response to pay URL

* only keep k1's for 10 minutes if they go unused

* fix validation logic to make auth object optional

* Various LUD18 updates

* move k1 cache to database

* store payer data in invoice db table

* show payer data in invoices on satistics page

* show comments and payer data on invoice page

* Show lud18 data in invoice notification

* PayerData component for easier display of info in invoice, notification, wallet history

* `payerData` -> `invoicePayerData` in fact schema

* Merge prisma migrations

* lint fixes

* worker job to clear out unused lnurlp requests after 30 minutes

* More linting

* Move migration to older

* WIP review

* enhance lud-18

* refine notification ui

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-10-03 14:35:53 -05:00
keyan 0dad69111e add a tag to zap receipts 2023-09-28 15:52:59 -05:00
SatsAllDay d60a589bc0
Implementing LUD-12 comments on payRequest in LNURLP Lightning Address flow (sending and receiving) (#498)
* Prototype implementing LUD-12 comments on payRequest in LNURLP Lightning Address flow

* Support sending comment when withdrawing to ln addr (LUD-12)

* Prevent `initialError` from being toasted informs multiple times

* delete the old create_invoice function

* improve lightning addr withdrawal styling

* allow lnaddr comment to show up in notifications

* enhance satistics

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-09-23 20:14:49 -05:00
ekzyis 3a7c3f7af2
Add setting to send diagnostics back to SN (#463)
* Add diagnostics settings & endpoint

Stackers can now help us to identify and fix bugs by enabling diagnostics.

This will send anonymized data to us.

For now, this is only used to send events around push notifications.

* Send diagnostics to slack

* Detect OS

* Diagnostics data is only pseudonymous, not anonymous

It's only pseudonymous since with additional knowledge (which stacker uses which fancy name), we could trace the events back to individual stackers.

Data is only anonymous if this is not possible - it must be irreversible.

* Check if window.navigator is defined

* Use Slack SDK

* Catch errors of slack requests

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
2023-09-18 18:00:16 -05:00
keyan 5de7573362 update daily permalink 2023-09-12 20:21:16 -05:00
ekzyis e2548e718d
Remove orientation from manifest (#483)
This overrides OS auto-rotate settings on Android. This means that the PWA does auto-rotate even if the OS setting to auto-rotate is not enabled.

This property is experimental and only supported by Chromium-based browsers anyway.

Also, you can still manually rotate if you want.

Co-authored-by: ekzyis <ek@stacker.news>
2023-09-11 14:58:41 -05:00
ekzyis 07e065d4be
Fix negative maxWithdrawable (#438)
Co-authored-by: ekzyis <ek@stacker.news>
2023-08-23 15:32:42 -05:00
keyan df6575d701 remove slashtags completely 2023-08-17 13:40:21 -05:00
keyan ddb69b5d9b remove slashtags temporarily 2023-08-16 19:49:00 -05:00
SatsAllDay e6ee7f73c4
Make the web manifest dynamic to incorporate preferred color scheme (#398)
Remove the static manifest file and serve it via an API route instead.

Change the background color of the PWA depending on the client hint provided data
2023-08-15 12:58:27 -05:00
ekzyis b9461b7eb3
Allow zapping, posting and commenting without funds or an account (#336)
* Add anon zaps

* Add anon comments and posts (link, discussion, poll)

* Use payment hash instead of invoice id as proof of payment

Our invoice IDs can be enumerated.
So there is a - even though very rare - chance that an attacker could find a paid invoice which is not used yet and use it for himself.
Random payment hashes prevent this.

Also, since we delete invoices after use, using database IDs as proof of payments are not suitable.
If a user tells us an invoice ID after we deleted it, we can no longer tell if the invoice was paid or not since the LN node only knows about payment hashes but nothing about the database IDs.

* Allow pay per invoice for stackers

The modal which pops up if the stacker does not have enough sats now has two options: "fund wallet" and "pay invoice"

* Fix onSuccess called twice

For some reason, when calling `showModal`, `useMemo` in modal.js and the code for the modal component (here: <Invoice>) is called twice.

This leads to the `onSuccess` callback being called twice and one failing since the first one deletes the invoice.

* Keep invoice modal open if focus is lost

* Skip anon user during trust calculation

* Add error handling

* Skip 'invoice not found' errors

* Remove duplicate insufficient funds handling

* Fix insufficient funds error detection

* Fix invoice amount for comments

* Allow pay per invoice for bounty and job posts

* Also strike on payment after short press

* Fix unexpected token 'export'

* Fix eslint

* Remove unused id param

* Fix comment copy-paste error

* Rename to useInvoiceable

* Fix unexpected token 'export'

* Fix onConfirmation called at every render

* Add invoice HMAC

This prevents entities which know the invoice hash (like all LN nodes on the payment path) from using the invoice hash on SN.

Only the user which created the invoice knows the HMAC and thus can use the invoice hash.

* make anon posting less hidden, add anon info button explainer

* Fix anon users can't zap other anon users

* Always show repeat and contacts on action error

* Keep track of modal stack

* give anon an icon

* add generic date pivot helper

* make anon user's invoices expire in 5 minutes

* fix forgotten find and replace

* use datePivot more places

* add sat amounts to invoices

* reduce anon invoice expiration to 3 minutes

* don't abbreviate

* Fix [object Object] as error message

Any errors thrown here are already objects of shape { message: string }

* Fix empty invoice creation attempts

I stumbled across this while checking if anons can edit their items.

I monkey patched the code to make it possible (so they can see the 'edit' button) and tried to edit an item but I got this error:

  Variable "$amount" of required type "Int!" was not provided.

I fixed this even though this function should never be called without an amount anyway. It will return a sane error in that case now.

* anon func mods, e.g. inv limits

* anon tips should be denormalized

* remove redundant meTotalSats

* correct overlay zap text for anon

* exclude anon from trust graph before algo runs

* remove balance limit on anon

* give anon a bio and remove cowboy hat/top stackers;

* make anon hat appear on profile

* concat hash and hmac and call it a token

* Fix localStorage cleared because error were swallowed

* fix qr layout shift

* restyle fund error modal

* Catch invoice errors in fund error modal

* invoice check backoff

* anon info typo

* make invoice expiration times have saner defaults

* add comma to anon info

* use builtin copy input label

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-11 18:50:57 -05:00
ekzyis 7369bd819d
Add nostr login (#367)
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-08-07 19:50:01 -05:00
keyan ffb856ae88 fix oauth signup 2023-08-07 15:05:55 -05:00
keyan c7e2623461 increase apollo slowlog threshold 2023-07-31 16:02:50 -05:00
keyan c909efb7b7 update wallet code to prisma 5, handle prisma 5 errors on serialization 2023-07-31 08:31:40 -05:00
keyan d04dc691df provide jwt migration 2023-07-30 14:03:24 -05:00
keyan 5232b59625 upgrade to next-auth 4 (bonus: improve error pages) 2023-07-29 14:38:20 -05:00
keyan 7542dd6cc4 upgrade to prisma 4 2023-07-26 19:18:42 -05:00
keyan 672853a7ea upgrade to prisma 3 2023-07-26 11:01:31 -05:00
keyan ab2046ab0b fix issues with new linting 2023-07-25 09:14:45 -05:00
keyan dae9c64e96 more package updates 2023-07-24 19:50:55 -05:00
keyan 59f7b6ff26 Revert "Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades""
This reverts commit 18910fa2ed.
2023-07-23 10:08:43 -05:00
keyan 18910fa2ed Revert "shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades"
This reverts commit d0314ab73c.
2023-07-23 09:16:12 -05:00
keyan d0314ab73c shield your eyes; massive, squashed refactor; nextjs/react/react-dom/apollo upgrades 2023-07-21 17:33:11 -05:00
keyan 93afd4ea9a fix credentials login/signup/link bug 2023-07-10 19:20:38 -05:00
keyan e8aa0a4dae users? => stackers? 2023-07-09 12:53:50 -05:00
keyan 59ee15b551 new user email copy 2023-06-19 17:42:47 -05:00
keyan cc6dc8c68b add daily discussion thread permalink 2023-06-19 14:40:24 -05:00
ekzyis e97509eea7
Use PWA with display: standalone (#292)
* Use next-pwa

* Use standalone + back button

* Use Notification API

* Use custom service worker

* Use url_handlers

* Add offline page

* Use smaller icon in notification

* Only prompt for notifications if logged in

* small enhancements to standalone pwa

* remove unused back arrow

---------

Co-authored-by: ekzyis <ek@stacker.news>
Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
2023-05-31 17:28:33 -05:00
mvpratt 48b08d2aff limit oauth scope to minimum possible: public github info for user 2023-04-26 13:02:42 -05:00
keyan a3e928dc42 correct lnurlp nostr pubkey stuff 2023-02-24 10:41:47 -06:00
keyan 30cde2ea38 fix nip57? 2023-02-15 11:20:43 -06:00
keyan 9f2c8d64bc use decodeURIComponent instead 2023-02-14 19:04:05 -06:00
keyan 93d4581360 complete nip 57 support 2023-02-14 16:58:12 -06:00
keyan ef5346000b support NIP-57 2023-02-14 12:52:15 -06:00
keyan 29c59d93ea open timestamps 2023-01-22 14:17:50 -06:00
keyan 9644a9f867 slashtags auth 2023-01-18 12:49:20 -06:00
keyan ae5c6c457f global modal + small fixes/enhancements 2023-01-10 17:13:37 -06:00
keyan 2d012ba7fe allow nip05 for users 2023-01-06 18:53:29 -06:00
keyan 41226245c5 referrals 2022-12-19 16:27:52 -06:00
keyan ebbd1175b1 don't mix int types 2022-11-26 18:23:49 -06:00
keyan 525cab2573 upgrade deps 2022-11-06 11:28:58 -06:00
keyan 172d6c3c2f optionally hide invoice descriptions 2022-08-30 16:50:47 -05:00
keyan 0ad886ffc0 constrain invoice quantity and amount 2022-08-30 15:33:39 -05:00
keyan 1df49e03d9 account linking 2022-06-08 16:26:44 -05:00
keyan c061f4a6f0 limit pending invoices 2022-05-31 17:17:48 -05:00
keyan 47392f0d7c expire lnurl withdrawals after an hour 2022-05-19 11:50:02 -05:00
keyan 6a8fba14eb check invoice description hash against lnurl pay metadata 2022-05-19 09:22:25 -05:00
keyan 9c8396670a adhere to lnurlp spec better 2022-05-19 08:18:28 -05:00
keyan aa4ac2ecc9 add ln addr + lnurl pay qr code to profile pages 2022-05-06 14:34:35 -05:00