No LndHub user found for account <%= @user.ln_account %>. +
No LndHub user found for account <%= @user.lndhub_username %>. <% end %> <% end %> diff --git a/config/application.rb b/config/application.rb index a59dd30..023e0e8 100644 --- a/config/application.rb +++ b/config/application.rb @@ -54,5 +54,8 @@ module Akkounts # The default includes webp, which requires webp support everywhere config.active_storage.web_image_content_types = %w[image/png image/jpeg image/gif] + + config.active_record.encryption.primary_key = ENV["ENCRYPTION_PRIMARY_KEY"] + config.active_record.encryption.key_derivation_salt = ENV["ENCRYPTION_KEY_DERIVATION_SALT"] end end diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc index 49e6d9e..cfcc638 100644 --- a/config/credentials.yml.enc +++ b/config/credentials.yml.enc @@ -1 +1 @@ -zaTF2ZJaU/M9CYmXEJoDmS1oniSV/1YT0UnM1jysEhMknn3bYOzRBZM3eGJ5Mr6bJYz6cv5hSDL5pT0/6hqgpV04dc/fVDplWO4eEpD1kBFM3LjIPCe9REbRlRUwODpoV/y6wWOFme8nFMS9uOSFkL6RtMuQli0os5Rp+2Jal2lJwAujFjFwuuj+1iRzqc3pzeIIy0clPmR9ANxXS+rPL3jmxty6QzVMr9Q658roVD38yRg0CNgs09eZ/FvqeqXlQkwDfg2/zX9tg5ocGwvHzmicZJ/yU6kl6liqNAJvEDrolm0gSzemY8NfhCySd5wjEvpP+uvKxbd5M3rhagC8S9MmpmxewuOKbDFEyTSRO6Kp2yakdcLSn12ZPB+X0nlMRno+UEzh0EvcX2mxRXppIKrsRUGVeYmj4GMI0vyLW1eCuyPLueN7sOnSjhtM84URNWkSnb0LTxlYxOJGbnwzn85QVpFdXtDktbaXvMWcVdH9XdMDbaBs1G7BIA6Z8i+mxLVVEbQWQM6VBrUhpkpWfphLmN5b16LYbGTzdKnR0iPcsNr8Tsl8vYfeWH8S0ujD105lS39v37YimN6E5l4X2CrqG+DNBtKfbqC0E3lhZMqDRWetxzaxE47oe4g=--0EKrvwe2YTfsbssz--SbmUH0sMiy5uUhpxFImgMA== \ No newline at end of file +WggqpaaABNxKXAassUpqN2L5mOeA5WME8DjSg8FZqWgjFD6Dmod/Z0ipJyvSbfLC0WbbbuEzcyutcaXTmIVUBcDyaeZq/qmk3SYT+5QJgTKLY3fskxZvxKoClvQ=--WDmAiOfUn+BLP0Db--7Rw8p+ZSgp6nuGW2X3PK2A== \ No newline at end of file diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 7930b83..cbe8112 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -45,7 +45,7 @@ Devise.setup do |config| # Configure the e-mail address which will be shown in Devise::Mailer, # note that it will be overwritten if you use your own mailer class # with default "from" parameter. - config.mailer_sender = 'accounts@kosmos.org' + config.mailer_sender = ENV["SMTP_FROM_ADDRESS"] || 'accounts@localhost' # Configure the class responsible to send e-mails. # config.mailer = 'Devise::Mailer' diff --git a/config/ldap.yml b/config/ldap.yml index 2a412b5..b957a35 100644 --- a/config/ldap.yml +++ b/config/ldap.yml @@ -28,11 +28,11 @@ authorizations: &AUTHORIZATIONS development: host: <%= ENV["LDAP_HOST"] || "localhost" %> port: <%= ENV["LDAP_PORT"] || "389" %> - attribute: cn - base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %> - admin_user: "cn=Directory Manager" - admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %> ssl: <%= ENV["LDAP_USE_TLS"] || "false" %> + attribute: <%= ENV["LDAP_UID_ATTR"] || "cn" %> + base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %> + admin_user: <%= ENV["LDAP_ADMIN_USER"] || "cn=Directory Manager" %> + admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %> # <<: *AUTHORIZATIONS test: @@ -46,11 +46,11 @@ test: # <<: *AUTHORIZATIONS production: - host: ldap.kosmos.local - port: 389 - attribute: cn - base: ou=kosmos.org,cn=users,dc=kosmos,dc=org - admin_user: <%= Rails.application.credentials.ldap[:username] rescue nil %> - admin_password: <%= Rails.application.credentials.ldap[:password] rescue nil %> - # ssl: false + host: <%= ENV["LDAP_HOST"] || "localhost" %> + port: <%= ENV["LDAP_PORT"] || "389" %> + ssl: <%= ENV["LDAP_USE_TLS"] || "false" %> + attribute: <%= ENV["LDAP_UID_ATTR"] || "cn" %> + base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %> + admin_user: <%= ENV["LDAP_ADMIN_USER"] || "cn=Directory Manager" %> + admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %> # <<: *AUTHORIZATIONS diff --git a/db/migrate/20250506125412_add_lndhub_password_to_users.rb b/db/migrate/20250506125412_add_lndhub_password_to_users.rb new file mode 100644 index 0000000..ac15c49 --- /dev/null +++ b/db/migrate/20250506125412_add_lndhub_password_to_users.rb @@ -0,0 +1,6 @@ +class AddLndhubPasswordToUsers < ActiveRecord::Migration[8.0] + def change + add_column :users, :lndhub_username, :string + add_column :users, :lndhub_password, :text + end +end diff --git a/db/migrate/20250506125947_migrate_lockbox_data.rb b/db/migrate/20250506125947_migrate_lockbox_data.rb new file mode 100644 index 0000000..4358b7e --- /dev/null +++ b/db/migrate/20250506125947_migrate_lockbox_data.rb @@ -0,0 +1,11 @@ +class MigrateLockboxData < ActiveRecord::Migration[8.0] + def up + User.find_each do |user| + ln_account = user.ln_account + ln_password = user.ln_password + user.lndhub_username = ln_account + user.lndhub_password = ln_password + user.save! + end + end +end diff --git a/db/queue_schema.rb b/db/queue_schema.rb index 85194b6..4b2cdcd 100644 --- a/db/queue_schema.rb +++ b/db/queue_schema.rb @@ -1,4 +1,16 @@ -ActiveRecord::Schema[7.1].define(version: 1) do +# This file is auto-generated from the current state of the database. Instead +# of editing this file, please use the migrations feature of Active Record to +# incrementally modify your database, and then regenerate this schema definition. +# +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to +# be faster and is potentially less error prone than running all of your +# migrations from scratch. Old migrations may fail to apply correctly if those +# migrations use external dependencies or application code. +# +# It's strongly recommended that you check this file into your version control system. + +ActiveRecord::Schema[8.0].define(version: 1) do create_table "solid_queue_blocked_executions", force: :cascade do |t| t.bigint "job_id", null: false t.string "queue_name", null: false @@ -6,24 +18,24 @@ ActiveRecord::Schema[7.1].define(version: 1) do t.string "concurrency_key", null: false t.datetime "expires_at", null: false t.datetime "created_at", null: false - t.index [ "concurrency_key", "priority", "job_id" ], name: "index_solid_queue_blocked_executions_for_release" - t.index [ "expires_at", "concurrency_key" ], name: "index_solid_queue_blocked_executions_for_maintenance" - t.index [ "job_id" ], name: "index_solid_queue_blocked_executions_on_job_id", unique: true + t.index ["concurrency_key", "priority", "job_id"], name: "index_solid_queue_blocked_executions_for_release" + t.index ["expires_at", "concurrency_key"], name: "index_solid_queue_blocked_executions_for_maintenance" + t.index ["job_id"], name: "index_solid_queue_blocked_executions_on_job_id", unique: true end create_table "solid_queue_claimed_executions", force: :cascade do |t| t.bigint "job_id", null: false t.bigint "process_id" t.datetime "created_at", null: false - t.index [ "job_id" ], name: "index_solid_queue_claimed_executions_on_job_id", unique: true - t.index [ "process_id", "job_id" ], name: "index_solid_queue_claimed_executions_on_process_id_and_job_id" + t.index ["job_id"], name: "index_solid_queue_claimed_executions_on_job_id", unique: true + t.index ["process_id", "job_id"], name: "index_solid_queue_claimed_executions_on_process_id_and_job_id" end create_table "solid_queue_failed_executions", force: :cascade do |t| t.bigint "job_id", null: false t.text "error" t.datetime "created_at", null: false - t.index [ "job_id" ], name: "index_solid_queue_failed_executions_on_job_id", unique: true + t.index ["job_id"], name: "index_solid_queue_failed_executions_on_job_id", unique: true end create_table "solid_queue_jobs", force: :cascade do |t| @@ -37,17 +49,17 @@ ActiveRecord::Schema[7.1].define(version: 1) do t.string "concurrency_key" t.datetime "created_at", null: false t.datetime "updated_at", null: false - t.index [ "active_job_id" ], name: "index_solid_queue_jobs_on_active_job_id" - t.index [ "class_name" ], name: "index_solid_queue_jobs_on_class_name" - t.index [ "finished_at" ], name: "index_solid_queue_jobs_on_finished_at" - t.index [ "queue_name", "finished_at" ], name: "index_solid_queue_jobs_for_filtering" - t.index [ "scheduled_at", "finished_at" ], name: "index_solid_queue_jobs_for_alerting" + t.index ["active_job_id"], name: "index_solid_queue_jobs_on_active_job_id" + t.index ["class_name"], name: "index_solid_queue_jobs_on_class_name" + t.index ["finished_at"], name: "index_solid_queue_jobs_on_finished_at" + t.index ["queue_name", "finished_at"], name: "index_solid_queue_jobs_for_filtering" + t.index ["scheduled_at", "finished_at"], name: "index_solid_queue_jobs_for_alerting" end create_table "solid_queue_pauses", force: :cascade do |t| t.string "queue_name", null: false t.datetime "created_at", null: false - t.index [ "queue_name" ], name: "index_solid_queue_pauses_on_queue_name", unique: true + t.index ["queue_name"], name: "index_solid_queue_pauses_on_queue_name", unique: true end create_table "solid_queue_processes", force: :cascade do |t| @@ -59,9 +71,9 @@ ActiveRecord::Schema[7.1].define(version: 1) do t.text "metadata" t.datetime "created_at", null: false t.string "name", null: false - t.index [ "last_heartbeat_at" ], name: "index_solid_queue_processes_on_last_heartbeat_at" - t.index [ "name", "supervisor_id" ], name: "index_solid_queue_processes_on_name_and_supervisor_id", unique: true - t.index [ "supervisor_id" ], name: "index_solid_queue_processes_on_supervisor_id" + t.index ["last_heartbeat_at"], name: "index_solid_queue_processes_on_last_heartbeat_at" + t.index ["name", "supervisor_id"], name: "index_solid_queue_processes_on_name_and_supervisor_id", unique: true + t.index ["supervisor_id"], name: "index_solid_queue_processes_on_supervisor_id" end create_table "solid_queue_ready_executions", force: :cascade do |t| @@ -69,9 +81,9 @@ ActiveRecord::Schema[7.1].define(version: 1) do t.string "queue_name", null: false t.integer "priority", default: 0, null: false t.datetime "created_at", null: false - t.index [ "job_id" ], name: "index_solid_queue_ready_executions_on_job_id", unique: true - t.index [ "priority", "job_id" ], name: "index_solid_queue_poll_all" - t.index [ "queue_name", "priority", "job_id" ], name: "index_solid_queue_poll_by_queue" + t.index ["job_id"], name: "index_solid_queue_ready_executions_on_job_id", unique: true + t.index ["priority", "job_id"], name: "index_solid_queue_poll_all" + t.index ["queue_name", "priority", "job_id"], name: "index_solid_queue_poll_by_queue" end create_table "solid_queue_recurring_executions", force: :cascade do |t| @@ -79,8 +91,8 @@ ActiveRecord::Schema[7.1].define(version: 1) do t.string "task_key", null: false t.datetime "run_at", null: false t.datetime "created_at", null: false - t.index [ "job_id" ], name: "index_solid_queue_recurring_executions_on_job_id", unique: true - t.index [ "task_key", "run_at" ], name: "index_solid_queue_recurring_executions_on_task_key_and_run_at", unique: true + t.index ["job_id"], name: "index_solid_queue_recurring_executions_on_job_id", unique: true + t.index ["task_key", "run_at"], name: "index_solid_queue_recurring_executions_on_task_key_and_run_at", unique: true end create_table "solid_queue_recurring_tasks", force: :cascade do |t| @@ -95,8 +107,8 @@ ActiveRecord::Schema[7.1].define(version: 1) do t.text "description" t.datetime "created_at", null: false t.datetime "updated_at", null: false - t.index [ "key" ], name: "index_solid_queue_recurring_tasks_on_key", unique: true - t.index [ "static" ], name: "index_solid_queue_recurring_tasks_on_static" + t.index ["key"], name: "index_solid_queue_recurring_tasks_on_key", unique: true + t.index ["static"], name: "index_solid_queue_recurring_tasks_on_static" end create_table "solid_queue_scheduled_executions", force: :cascade do |t| @@ -105,8 +117,8 @@ ActiveRecord::Schema[7.1].define(version: 1) do t.integer "priority", default: 0, null: false t.datetime "scheduled_at", null: false t.datetime "created_at", null: false - t.index [ "job_id" ], name: "index_solid_queue_scheduled_executions_on_job_id", unique: true - t.index [ "scheduled_at", "priority", "job_id" ], name: "index_solid_queue_dispatch_all" + t.index ["job_id"], name: "index_solid_queue_scheduled_executions_on_job_id", unique: true + t.index ["scheduled_at", "priority", "job_id"], name: "index_solid_queue_dispatch_all" end create_table "solid_queue_semaphores", force: :cascade do |t| @@ -115,9 +127,9 @@ ActiveRecord::Schema[7.1].define(version: 1) do t.datetime "expires_at", null: false t.datetime "created_at", null: false t.datetime "updated_at", null: false - t.index [ "expires_at" ], name: "index_solid_queue_semaphores_on_expires_at" - t.index [ "key", "value" ], name: "index_solid_queue_semaphores_on_key_and_value" - t.index [ "key" ], name: "index_solid_queue_semaphores_on_key", unique: true + t.index ["expires_at"], name: "index_solid_queue_semaphores_on_expires_at" + t.index ["key", "value"], name: "index_solid_queue_semaphores_on_key_and_value" + t.index ["key"], name: "index_solid_queue_semaphores_on_key", unique: true end add_foreign_key "solid_queue_blocked_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade diff --git a/db/schema.rb b/db/schema.rb index 33dc9e4..d431ab8 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[8.0].define(version: 2025_04_28_123317) do +ActiveRecord::Schema[8.0].define(version: 2025_05_06_125947) do create_table "active_storage_attachments", force: :cascade do |t| t.string "name", null: false t.string "record_type", null: false @@ -133,6 +133,8 @@ ActiveRecord::Schema[8.0].define(version: 2025_04_28_123317) do t.string "remember_token" t.text "preferences" t.string "pgp_fpr" + t.string "lndhub_username" + t.text "lndhub_password" t.index ["email"], name: "index_users_on_email", unique: true t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true end diff --git a/docker-compose.yml b/docker-compose.yml index f93cd3c..61cd458 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -40,19 +40,22 @@ services: SOLID_QUEUE_IN_PUMA: true LAUNCHY_DRY_RUN: true BROWSER: /dev/null + ENCRYPTION_PRIMARY_KEY: YhNLBgCFMAzw5dV3gISxnGrhNDMQwRdn + ENCRYPTION_KEY_DERIVATION_SALT: h28g16MRZ1sghF2jTCos1DiLZXUswinR PRIMARY_DOMAIN: kosmos.org + AKKOUNTS_DOMAIN: accounts.kosmos.org LDAP_HOST: ldap LDAP_PORT: 3389 LDAP_ADMIN_PASSWORD: passthebutter - LDAP_USE_TLS: "false" REDIS_URL: redis://redis:6379/0 - ACTIVE_STORAGE_PATH: "/akkounts/tmp/attachments" + ACTIVE_STORAGE_PATH: /akkounts/tmp/attachments RS_REDIS_URL: redis://redis:6379/1 - RS_STORAGE_URL: "http://localhost:4567" + RS_STORAGE_URL: http://localhost:4567 + RS_AKKOUNTS_DOMAIN: localhost S3_ENABLED: false NOSTR_PUBLIC_KEY: bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf NOSTR_PRIVATE_KEY: 7c3ef7e448505f0615137af38569d01807d3b05b5005d5ecf8aaafcd40323cea - NOSTR_RELAY_URL: "ws://strfry:7777" + NOSTR_RELAY_URL: ws://strfry:7777 depends_on: - ldap - redis diff --git a/spec/factories/users.rb b/spec/factories/users.rb index a2188e9..062c4d9 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -6,6 +6,6 @@ FactoryBot.define do email { "jimmy@example.com" } password { "dis-muh-password" } confirmed_at { DateTime.now } - ln_account { "123456" } + lndhub_username { "123456" } end end diff --git a/spec/jobs/create_lndhub_account_job_spec.rb b/spec/jobs/create_lndhub_account_job_spec.rb index 6a4d00a..c2d4526 100644 --- a/spec/jobs/create_lndhub_account_job_spec.rb +++ b/spec/jobs/create_lndhub_account_job_spec.rb @@ -19,14 +19,14 @@ RSpec.describe CreateLndhubAccountJob, type: :job do .with { |req| req.body == '{}' } user.reload - expect(user.ln_account).to eq("abc123") - expect(user.ln_password).to eq("def456") + expect(user.lndhub_username).to eq("abc123") + expect(user.lndhub_password).to eq("def456") end context "with existing credentials stored" do before do - user.ln_account = "foo" - user.ln_password = "bar" + user.lndhub_username = "foo" + user.lndhub_password = "bar" user.save! end @@ -36,8 +36,8 @@ RSpec.describe CreateLndhubAccountJob, type: :job do expect(WebMock).to_not have_requested(:post, "http://localhost:3023/create") user.reload - expect(user.ln_account).to eq("foo") - expect(user.ln_password).to eq("bar") + expect(user.lndhub_username).to eq("foo") + expect(user.lndhub_password).to eq("bar") end end diff --git a/spec/models/zap_spec.rb b/spec/models/zap_spec.rb index 25fe0ef..2349a37 100644 --- a/spec/models/zap_spec.rb +++ b/spec/models/zap_spec.rb @@ -2,7 +2,7 @@ require 'rails_helper' RSpec.describe Zap, type: :model do describe "#request_event" do - let(:user) { create :user, cn: 'satoshi', ou: 'kosmos.org', ln_account: 'abcdefg123456' } + let(:user) { create :user, cn: 'satoshi', ou: 'kosmos.org', lndhub_username: 'abcdefg123456' } let(:zap) { create :zap, user: user } it "returns the stored request as a Nostr::Event" do diff --git a/spec/requests/lnurlpay_spec.rb b/spec/requests/lnurlpay_spec.rb index 5e3b900..ff7c2a1 100644 --- a/spec/requests/lnurlpay_spec.rb +++ b/spec/requests/lnurlpay_spec.rb @@ -25,7 +25,7 @@ RSpec.describe "/lnurlpay", type: :request do end context "Valid user" do - let(:user) { create :user, cn: 'satoshi', ou: 'kosmos.org', ln_account: 'abcdefg123456' } + let(:user) { create :user, cn: 'satoshi', ou: 'kosmos.org', lndhub_username: 'abcdefg123456' } before do login_as user, :scope => :user diff --git a/spec/requests/webfinger_spec.rb b/spec/requests/webfinger_spec.rb index 69ef542..285c146 100644 --- a/spec/requests/webfinger_spec.rb +++ b/spec/requests/webfinger_spec.rb @@ -92,7 +92,7 @@ RSpec.describe "WebFinger", type: :request do expect(rs_link["href"]).to eql("#{Setting.rs_storage_url}/tony") oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"] - expect(oauth_url).to eql("http://accounts.kosmos.org/rs/oauth/tony") + expect(oauth_url).to eql("http://localhost/rs/oauth/tony") end it "returns CORS headers" do diff --git a/spec/requests/webhooks_spec.rb b/spec/requests/webhooks_spec.rb index 5a1d12f..9b51d18 100644 --- a/spec/requests/webhooks_spec.rb +++ b/spec/requests/webhooks_spec.rb @@ -50,7 +50,7 @@ RSpec.describe "Webhooks", type: :request do end describe "Valid payload for incoming payment" do - let(:user) { create :user, ln_account: "123456abcdef" } + let(:user) { create :user, lndhub_username: "123456abcdef" } let(:payload) { JSON.parse(File.read(File.expand_path("../fixtures/lndhub/incoming.json", File.dirname(__FILE__)))) } before { user.save! } #FIXME this should not be necessary @@ -132,7 +132,7 @@ RSpec.describe "Webhooks", type: :request do end describe "Valid payload for zap transaction" do - let(:user) { create :user, ln_account: "123456abcdef" } + let(:user) { create :user, lndhub_username: "123456abcdef" } let(:zap) { create :zap, user: user } let(:payload) { JSON.parse(File.read(File.expand_path("../fixtures/lndhub/incoming-zap.json", File.dirname(__FILE__)))) } let(:zap_receipt) { diff --git a/spec/services/nostr_manager/create_zap_receipt_spec.rb b/spec/services/nostr_manager/create_zap_receipt_spec.rb index 1c59730..ff9b00e 100644 --- a/spec/services/nostr_manager/create_zap_receipt_spec.rb +++ b/spec/services/nostr_manager/create_zap_receipt_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe NostrManager::CreateZapReceipt, type: :model do - let(:user) { create :user, ln_account: "123456abcdef" } + let(:user) { create :user, lndhub_username: "123456abcdef" } let(:zap) { create :zap, user: user } # before do diff --git a/spec/services/nostr_manager/publish_zap_receipt_spec.rb b/spec/services/nostr_manager/publish_zap_receipt_spec.rb index 02885bb..b52cfbe 100644 --- a/spec/services/nostr_manager/publish_zap_receipt_spec.rb +++ b/spec/services/nostr_manager/publish_zap_receipt_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe NostrManager::PublishZapReceipt, type: :model do - let(:user) { create :user, ln_account: "123456abcdef" } + let(:user) { create :user, lndhub_username: "123456abcdef" } let(:zap) { create :zap, user: user } before do