ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ekzyis:a495c421ce96e8eeb68c1a90ef8f2141cd5b2ce5
Branches Tags
ekzyis:master
ekzyis:wallet-interface
ekzyis:webln-refactor
ekzyis:489-account-switching
..
compare: ekzyis:3608d133d7fa01d6be034bca34d662dbc94717ed
Branches Tags
ekzyis:master
ekzyis:wallet-interface
ekzyis:webln-refactor
ekzyis:489-account-switching

No commits in common. "a495c421ce96e8eeb68c1a90ef8f2141cd5b2ce5" and "3608d133d7fa01d6be034bca34d662dbc94717ed" have entirely different histories.
a495c421ce ... 3608d133d7

13 changed files with 188 additions and 253 deletions
Show Stats Expand all files Collapse all files

1
README.md
View File

@ -230,7 +230,6 @@ _Due to Rule 3, make sure that you mark your PR as a draft when you create it an
| tag | multiplier |
| ----------------- | ---------- |
| `priority:low` | 0.5 |
| `priority:medium` | 1.5 |
| `priority:high` | 2 |
| `priority:urgent` | 3 |

2
api/paidAction/index.js
View File

@ -158,8 +158,6 @@ export async function retryPaidAction (actionType, args, context) {
const { models, me } = context
const { invoiceId } = args
console.log('retryPaidAction', actionType, args)
const action = paidActions[actionType]
if (!action) {
throw new Error(`retryPaidAction - invalid action type ${actionType}`)

6
api/resolvers/item.js
View File

@ -202,10 +202,7 @@ export const nsfwClause = showNsfw => showNsfw ? '' : HIDE_NSFW_CLAUSE
const subClause = (sub, num, table, me, showNsfw) => {
// Intentionally show nsfw posts (i.e. no nsfw clause) when viewing a specific nsfw sub
if (sub) {
const tables = [...new Set(['Item', table])].map(t => `"${t}".`)
return `(${tables.map(t => `${t}"subName" = $${num}::CITEXT`).join(' OR ')})`
}
if (sub) { return `${table ? `"${table}".` : ''}"subName" = $${num}::CITEXT` }
if (!me) { return HIDE_NSFW_CLAUSE }
@ -349,6 +346,7 @@ export default {
${whereClause(
`"${table}"."userId" = $3`,
activeOrMine(me),
await filterClause(me, models, type),
nsfwClause(showNsfw),
typeClause(type),
whenClause(when || 'forever', table))}

2
components/nostr-auth.js
View File

@ -8,7 +8,7 @@ import { useRouter } from 'next/router'
import AccordianItem from './accordian-item'
import BackIcon from '@/svgs/arrow-left-line.svg'
import styles from './lightning-auth.module.css'
import { callWithTimeout } from '@/lib/time'
import { callWithTimeout } from '@/lib/nostr'
function ExtensionError ({ message, details }) {
return (

3
components/use-crossposter.js
View File

@ -1,8 +1,7 @@
import { useCallback } from 'react'
import { useToast } from './toast'
import { Button } from 'react-bootstrap'
import { DEFAULT_CROSSPOSTING_RELAYS, crosspost } from '@/lib/nostr'
import { callWithTimeout } from '@/lib/time'
import { DEFAULT_CROSSPOSTING_RELAYS, crosspost, callWithTimeout } from '@/lib/nostr'
import { gql, useMutation, useQuery, useLazyQuery } from '@apollo/client'
import { SETTINGS } from '@/fragments/users'
import { ITEM_FULL_FIELDS, POLL_FIELDS } from '@/fragments/items'

202
lib/nostr.js
View File

@ -1,7 +1,5 @@
import { bech32 } from 'bech32'
import { nip19 } from 'nostr-tools'
import WebSocket from 'isomorphic-ws'
import { callWithTimeout, withTimeout } from '@/lib/time'
export const NOSTR_PUBKEY_HEX = /^[0-9a-fA-F]{64}$/
export const NOSTR_PUBKEY_BECH32 = /^npub1[02-9ac-hj-np-z]+$/
@ -17,149 +15,6 @@ export const DEFAULT_CROSSPOSTING_RELAYS = [
'wss://relay.mutinywallet.com/'
]
export class Relay {
constructor (relayUrl) {
const ws = new WebSocket(relayUrl)
ws.onmessage = function (msg) {
const [type, notice] = JSON.parse(msg.data)
if (type === 'NOTICE') {
console.log('relay notice:', notice)
}
}
ws.onerror = function (err) {
console.error('websocket error: ' + err)
this.error = err
}
this.ws = ws
}
static async connect (url, { timeout } = {}) {
const relay = new Relay(url)
await relay.waitUntilConnected({ timeout })
return relay
}
get connected () {
return this.ws.readyState === WebSocket.OPEN
}
get closed () {
return this.ws.readyState === WebSocket.CLOSING || this.ws.readyState === WebSocket.CLOSED
}
async waitUntilConnected ({ timeout } = {}) {
let interval
const checkPromise = new Promise((resolve, reject) => {
interval = setInterval(() => {
if (this.connected) {
resolve()
}
if (this.closed) {
reject(new Error(`failed to connect to ${this.url}: ` + this.error))
}
}, 100)
})
try {
return await withTimeout(checkPromise, timeout)
} finally {
clearInterval(interval)
}
}
close () {
const state = this.ws.readyState
if (state !== WebSocket.CLOSING && state !== WebSocket.CLOSED) {
this.ws.close()
}
}
async publish (event, { timeout } = {}) {
const ws = this.ws
let listener
const ackPromise = new Promise((resolve, reject) => {
ws.send(JSON.stringify(['EVENT', event]))
listener = function onmessage (msg) {
const [type, eventId, accepted, reason] = JSON.parse(msg.data)
if (type !== 'OK' || eventId !== event.id) return
if (accepted) {
resolve(eventId)
} else {
reject(new Error(reason || `event rejected: ${eventId}`))
}
}
ws.addEventListener('message', listener)
})
try {
return await withTimeout(ackPromise, timeout)
} finally {
ws.removeEventListener('message', listener)
}
}
async fetch (filter, { timeout } = {}) {
const ws = this.ws
let listener
const ackPromise = new Promise((resolve, reject) => {
const id = crypto.randomUUID()
ws.send(JSON.stringify(['REQ', id, ...filter]))
const events = []
let eose = false
listener = function onmessage (msg) {
const [type, eventId, event] = JSON.parse(msg.data)
if (eventId !== id) return
if (type === 'EVENT') {
events.push(event)
if (eose) {
// EOSE was already received:
// return first event after EOSE
resolve(events)
}
return
}
if (type === 'CLOSED') {
return resolve(events)
}
if (type === 'EOSE') {
eose = true
if (events.length > 0) {
// we already received events before EOSE:
// return all events before EOSE
ws.send(JSON.stringify(['CLOSE', id]))
return resolve(events)
}
}
}
ws.addEventListener('message', listener)
})
try {
return await withTimeout(ackPromise, timeout)
} finally {
ws.removeEventListener('message', listener)
}
}
}
export function hexToBech32 (hex, prefix = 'npub') {
return bech32.encode(prefix, bech32.toWords(Buffer.from(hex, 'hex')))
}
@ -181,10 +36,51 @@ export function nostrZapDetails (zap) {
return { npub, content, note }
}
async function publishNostrEvent (signedEvent, relayUrl) {
async function publishNostrEvent (signedEvent, relay) {
return new Promise((resolve, reject) => {
const timeout = 3000
const relay = await Relay.connect(relayUrl, { timeout })
await relay.publish(signedEvent, { timeout })
const wsRelay = new window.WebSocket(relay)
let timer
let isMessageSentSuccessfully = false
function timedout () {
clearTimeout(timer)
wsRelay.close()
reject(new Error(`relay timeout for ${relay}`))
}
timer = setTimeout(timedout, timeout)
wsRelay.onopen = function () {
clearTimeout(timer)
timer = setTimeout(timedout, timeout)
wsRelay.send(JSON.stringify(['EVENT', signedEvent]))
}
wsRelay.onmessage = function (msg) {
const m = JSON.parse(msg.data)
if (m[0] === 'OK') {
isMessageSentSuccessfully = true
clearTimeout(timer)
wsRelay.close()
console.log('Successfully sent event to', relay)
resolve()
}
}
wsRelay.onerror = function (error) {
clearTimeout(timer)
console.log(error)
reject(new Error(`relay error: Failed to send to ${relay}`))
}
wsRelay.onclose = function () {
clearTimeout(timer)
if (!isMessageSentSuccessfully) {
reject(new Error(`relay error: Failed to send to ${relay}`))
}
}
})
}
export async function crosspost (event, relays = DEFAULT_CROSSPOSTING_RELAYS) {
@ -222,3 +118,13 @@ export async function crosspost (event, relays = DEFAULT_CROSSPOSTING_RELAYS) {
return { error }
}
}
export function callWithTimeout (targetFunction, timeoutMs) {
return new Promise((resolve, reject) => {
Promise.race([
targetFunction(),
new Promise((resolve, reject) => setTimeout(() => reject(new Error('timeouted after ' + timeoutMs + ' ms waiting for extension')), timeoutMs))
]).then(resolve)
.catch(reject)
})
}

17
lib/time.js
View File

@ -127,20 +127,3 @@ function tzOffset (tz) {
const targetOffsetHours = (date.getTime() - targetDate.getTime()) / 1000 / 60 / 60
return targetOffsetHours
}
function timeoutPromise (timeout) {
return new Promise((resolve, reject) => {
// if no timeout is specified, never settle
if (!timeout) return
setTimeout(() => reject(new Error('timeout')), timeout)
})
}
export async function withTimeout (promise, timeout) {
return await Promise.race([promise, timeoutPromise(timeout)])
}
export async function callWithTimeout (fn, timeout) {
return await Promise.race([fn(), timeoutPromise(timeout)])
}

2
middleware.js
View File

@ -91,7 +91,7 @@ export function middleware (request) {
// Using nonces and strict-dynamic deploys a strict CSP.
// see https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html#strict-policy.
// Old browsers will ignore nonce and strict-dynamic and fallback to host-based matching and unsafe-inline
`script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'nonce-${nonce}' 'strict-dynamic' https:` + devScriptSrc,
`script-src 'self' 'unsafe-inline' 'nonce-${nonce}' 'strict-dynamic' https:` + devScriptSrc,
// unsafe-inline for styles is not ideal but okay if script-src is using nonces
"style-src 'self' a.stacker.news 'unsafe-inline'",
"manifest-src 'self'",

9
package-lock.json generated
View File

@ -41,7 +41,6 @@
"graphql-scalar": "^0.1.0",
"graphql-tag": "^2.12.6",
"graphql-type-json": "^0.3.2",
"isomorphic-ws": "^5.0.0",
"ln-service": "^57.1.3",
"macaroon": "^3.0.4",
"mathjs": "^11.11.2",
@ -10549,14 +10548,6 @@
"integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
"dev": true
},
"node_modules/isomorphic-ws": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/isomorphic-ws/-/isomorphic-ws-5.0.0.tgz",
"integrity": "sha512-muId7Zzn9ywDsyXgTIafTry2sV3nySZeUDe6YedVd1Hvuuep5AsIlqK+XefWpYTyJG5e503F2xIuT2lcU6rCSw==",
"peerDependencies": {
"ws": "*"
}
},
"node_modules/isstream": {
"version": "0.1.2",
"resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",

1
package.json
View File

@ -46,7 +46,6 @@
"graphql-scalar": "^0.1.0",
"graphql-tag": "^2.12.6",
"graphql-type-json": "^0.3.2",
"isomorphic-ws": "^5.0.0",
"ln-service": "^57.1.3",
"macaroon": "^3.0.4",
"mathjs": "^11.11.2",

106
wallets/nwc/client.js
View File

@ -1,6 +1,5 @@
import { parseNwcUrl } from '@/lib/url'
import { finalizeEvent, nip04 } from 'nostr-tools'
import { Relay } from '@/lib/nostr'
import { Relay, finalizeEvent, nip04 } from 'nostr-tools'
export * from 'wallets/nwc'
@ -8,67 +7,112 @@ export async function testConnectClient ({ nwcUrl }, { logger }) {
const { relayUrl, walletPubkey } = parseNwcUrl(nwcUrl)
logger.info(`requesting info event from ${relayUrl}`)
const relay = await Relay.connect(relayUrl)
const relay = await Relay
.connect(relayUrl)
.catch(() => {
// NOTE: passed error is undefined for some reason
const msg = `failed to connect to ${relayUrl}`
logger.error(msg)
throw new Error(msg)
})
logger.ok(`connected to ${relayUrl}`)
try {
const [info] = await relay.fetch([{
await new Promise((resolve, reject) => {
let found = false
const sub = relay.subscribe([
{
kinds: [13194],
authors: [walletPubkey]
}])
if (info) {
logger.ok(`received info event from ${relayUrl}`)
} else {
throw new Error('info event not found')
}
], {
onevent (event) {
found = true
logger.ok(`received info event from ${relayUrl}`)
resolve(event)
},
onclose (reason) {
if (!['closed by caller', 'relay connection closed by us'].includes(reason)) {
// only log if not closed by us (caller)
const msg = 'connection closed: ' + (reason || 'unknown reason')
logger.error(msg)
reject(new Error(msg))
}
},
oneose () {
if (!found) {
const msg = 'EOSE received without info event'
logger.error(msg)
reject(new Error(msg))
}
sub?.close()
}
})
})
} finally {
relay?.close()
logger.info(`closed connection to ${relayUrl}`)
// For some reason, this throws 'WebSocket is already in CLOSING or CLOSED state'
// even though relay connection is still open here
relay?.close()?.catch()
if (relay) logger.info(`closed connection to ${relayUrl}`)
}
}
export async function sendPayment (bolt11, { nwcUrl }, { logger }) {
const { relayUrl, walletPubkey, secret } = parseNwcUrl(nwcUrl)
const relay = await Relay.connect(relayUrl)
const relay = await Relay.connect(relayUrl).catch(() => {
// NOTE: passed error is undefined for some reason
throw new Error(`failed to connect to ${relayUrl}`)
})
logger.ok(`connected to ${relayUrl}`)
try {
const ret = await new Promise(function (resolve, reject) {
(async function () {
const payload = {
method: 'pay_invoice',
params: { invoice: bolt11 }
}
const encrypted = await nip04.encrypt(secret, walletPubkey, JSON.stringify(payload))
const content = await nip04.encrypt(secret, walletPubkey, JSON.stringify(payload))
const request = finalizeEvent({
kind: 23194,
created_at: Math.floor(Date.now() / 1000),
tags: [['p', walletPubkey]],
content: encrypted
content
}, secret)
await relay.publish(request)
const [response] = await relay.fetch([{
const filter = {
kinds: [23195],
authors: [walletPubkey],
'#e': [request.id]
}])
if (!response) {
throw new Error('no response')
}
const decrypted = await nip04.decrypt(secret, walletPubkey, response.content)
const content = JSON.parse(decrypted)
if (content.error) throw new Error(content.error.message)
if (content.result) return { preimage: content.result.preimage }
throw new Error('invalid response')
relay.subscribe([filter], {
async onevent (response) {
try {
const content = JSON.parse(await nip04.decrypt(secret, walletPubkey, response.content))
if (content.error) return reject(new Error(content.error.message))
if (content.result) return resolve({ preimage: content.result.preimage })
} catch (err) {
return reject(err)
}
},
onclose (reason) {
if (!['closed by caller', 'relay connection closed by us'].includes(reason)) {
// only log if not closed by us (caller)
const msg = 'connection closed: ' + (reason || 'unknown reason')
reject(new Error(msg))
}
}
})
})().catch(reject)
})
return ret
} finally {
relay?.close()
logger.info(`closed connection to ${relayUrl}`)
// For some reason, this throws 'WebSocket is already in CLOSING or CLOSED state'
// even though relay connection is still open here
relay?.close()?.catch()
if (relay) logger.info(`closed connection to ${relayUrl}`)
}
}

30
worker/nostr.js
View File

@ -1,6 +1,5 @@
import { getInvoice } from 'ln-service'
import { signId, calculateId, getPublicKey } from 'nostr'
import { Relay } from '@/lib/nostr'
import { Relay, signId, calculateId, getPublicKey } from 'nostr'
const nostrOptions = { startAfter: 5, retryLimit: 21, retryBackoff: true }
@ -51,12 +50,31 @@ export async function nip57 ({ data: { hash }, boss, lnd, models }) {
console.log('zap note', e, relays)
await Promise.allSettled(
relays.map(async r => {
relays.map(r => new Promise((resolve, reject) => {
const timeout = 1000
const relay = await Relay.connect(r, { timeout })
await relay.publish(e, { timeout })
const relay = Relay(r)
function timedout () {
relay.close()
console.log('failed to send to', r)
reject(new Error('relay timeout'))
}
let timer = setTimeout(timedout, timeout)
relay.on('open', () => {
clearTimeout(timer)
timer = setTimeout(timedout, timeout)
relay.send(['EVENT', e])
})
)
relay.on('ok', () => {
clearTimeout(timer)
relay.close()
console.log('sent zap to', r)
resolve()
})
})))
} catch (e) {
console.log(e)
}

22
worker/wallet.js
View File

@ -239,14 +239,9 @@ async function subscribeToWithdrawals (args) {
}
export async function checkWithdrawal ({ data: { hash }, boss, models, lnd }) {
// get the withdrawl if pending or it's an invoiceForward
const dbWdrwl = await models.withdrawl.findFirst({
where: {
hash,
OR: [
{ status: null },
{ invoiceForward: { some: { } } }
]
hash
},
include: {
wallet: true,
@ -258,9 +253,16 @@ export async function checkWithdrawal ({ data: { hash }, boss, models, lnd }) {
}
}
})
if (!dbWdrwl) {
// [WARNING] LND paid an invoice that wasn't created via the SN GraphQL API.
// >>> an adversary might be draining our funds right now <<<
console.error('unexpected outgoing payment detected:', hash)
// TODO: log this in Slack
return
}
// nothing to do if the withdrawl is already recorded and it isn't an invoiceForward
if (!dbWdrwl) return
// already recorded and no invoiceForward to handle
if (dbWdrwl.status && dbWdrwl.invoiceForward.length === 0) return
let wdrwl
let notSent = false
@ -393,9 +395,7 @@ export async function finalizeHodlInvoice ({ data: { hash }, models, lnd, boss,
// if this is an actionType we need to cancel conditionally
if (dbInv.actionType) {
await paidActionCanceling({ data: { invoiceId: dbInv.id }, models, lnd, boss })
await checkInvoice({ data: { hash }, models, lnd, ...args })
return
return await paidActionCanceling({ data: { invoiceId: dbInv.id }, models, lnd, boss })
}
await cancelHodlInvoice({ id: hash, lnd })