Merge branch 'master' into feature/lightning_donation_qr_codes

app/controllers/admin/users_controller.rb

@@ -4,7 +4,7 @@ class Admin::UsersController < Admin::BaseController
 
   def index
     ldap   = LdapService.new
-    @ou    = params[:ou] || "kosmos.org"
+    @ou    = params[:ou] || Setting.primary_domain
     @orgs  = ldap.fetch_organizations
     @pagy, @users = pagy(User.where(ou: @ou).order(cn: :asc))
 

app/controllers/settings_controller.rb

@@ -1,3 +1,5 @@
+require 'securerandom'
+
 class SettingsController < ApplicationController
   before_action :authenticate_user!
   before_action :set_main_nav_section
@@ -9,6 +11,9 @@ class SettingsController < ApplicationController
   end
 
   def show
+    if @settings_section == "experiments"
+      session[:shared_secret] ||= SecureRandom.base64(12)
+    end
   end
 
   def update
@@ -53,6 +58,45 @@ class SettingsController < ApplicationController
     redirect_to check_your_email_path, notice: msg
   end
 
+  def set_nostr_pubkey
+    signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
+    is_valid_id  = NostrManager::ValidateId.call(signed_event)
+    is_valid_sig = NostrManager::VerifySignature.call(signed_event)
+    is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
+
+    unless is_valid_id && is_valid_sig && is_correct_content
+      flash[:alert] = "Public key could not be verified"
+      http_status :unprocessable_entity and return
+    end
+
+    pubkey_taken = User.all_except(current_user).where(
+      ou: current_user.ou, nostr_pubkey: signed_event[:pubkey]
+    ).any?
+
+    if pubkey_taken
+      flash[:alert] = "Public key already in use for a different account"
+      http_status :unprocessable_entity and return
+    end
+
+    current_user.update! nostr_pubkey: signed_event[:pubkey]
+    session[:shared_secret] = nil
+
+    flash[:success] = "Public key verification successful"
+    http_status :ok
+  rescue
+    flash[:alert] = "Public key could not be verified"
+    http_status :unprocessable_entity and return
+  end
+
+  # DELETE /settings/nostr_pubkey
+  def remove_nostr_pubkey
+    current_user.update! nostr_pubkey: nil
+
+    redirect_to setting_path(:experiments), flash: {
+      success: 'Public key removed from account'
+    }
+  end
+
   private
 
     def set_main_nav_section
@@ -61,7 +105,7 @@ class SettingsController < ApplicationController
 
     def set_settings_section
       @settings_section = params[:section]
-      allowed_sections = [:profile, :account, :lightning, :xmpp]
+      allowed_sections = [:profile, :account, :lightning, :xmpp, :experiments]
 
       unless allowed_sections.include?(@settings_section.to_sym)
         redirect_to setting_path(:profile)
@@ -82,4 +126,10 @@ class SettingsController < ApplicationController
     def email_params
       params.require(:user).permit(:email, :current_password)
     end
+
+    def nostr_event_params
+      params.permit(signed_event: [
+        :id, :pubkey, :created_at, :kind, :tags, :content, :sig
+      ])
+    end
 end

app/controllers/signup_controller.rb

@@ -88,7 +88,7 @@ class SignupController < ApplicationController
     if session[:new_user].present?
       @user = User.new(session[:new_user])
     else
-      @user = User.new(ou: "kosmos.org")
+      @user = User.new(ou: Setting.primary_domain)
     end
   end
 
@@ -98,7 +98,7 @@ class SignupController < ApplicationController
 
     CreateAccount.call(
       username: @user.cn,
-      domain: "kosmos.org",
+      domain: Setting.primary_domain,
       email: @user.email,
       password: @user.password,
       invitation: @invitation

app/controllers/webhooks_controller.rb

@@ -30,7 +30,7 @@ class WebhooksController < ApplicationController
   def notify_xmpp(address, amt_sats, memo)
     payload = {
       type: "normal",
-      from: "kosmos.org", # TODO domain config
+      from: Setting.primary_domain,
       to: address,
       subject: "Sats received!",
       body: "#{helpers.number_with_delimiter amt_sats} sats received in your Lightning wallet:\n> #{memo}"

app/controllers/well_known_controller.rb

@@ -0,0 +1,16 @@
+class WellKnownController < ApplicationController
+  def nostr
+    http_status :unprocessable_entity and return if params[:name].blank?
+    domain = request.headers["X-Forwarded-Host"].presence || Setting.primary_domain
+    @user = User.where(cn: params[:name], ou: domain).first
+    http_status :not_found and return if @user.nil? || @user.nostr_pubkey.blank?
+
+    respond_to do |format|
+      format.json do
+        render json: {
+          names: { "#{@user.cn}": @user.nostr_pubkey }
+        }.to_json
+      end
+    end
+  end
+end