0.10.0

With X-Forwarded-Host set on the proxied request, Rails uses that host
for URLs. But we need it to be the accounts domain.

app/controllers/admin/settings/registrations_controller.rb

@@ -9,4 +9,12 @@ class Admin::Settings::RegistrationsController < Admin::SettingsController
       success: "Settings saved"
     }
   end
+
+  private
+
+    def setting_params
+      params.require(:setting).permit([
+        :reserved_usernames, default_services: []
+      ])
+    end
 end

app/controllers/admin/settings_controller.rb

@@ -9,11 +9,12 @@ class Admin::SettingsController < Admin::BaseController
     changed_keys = []
 
     setting_params.keys.each do |key|
-      next if setting_params[key].nil? ||
-              (Setting.send(key).to_s == setting_params[key].strip)
+      next if clean_param(key).nil? ||
+        (Setting.send(key).to_s == clean_param(key))
+
       changed_keys.push(key)
       setting = Setting.new(var: key)
-      setting.value = setting_params[key].strip
+      setting.value = clean_param(key)
       unless setting.valid?
         @errors.merge!(setting.errors)
       end
@@ -24,7 +25,7 @@ class Admin::SettingsController < Admin::BaseController
     end
 
     changed_keys.each do |key|
-      Setting.send("#{key}=", setting_params[key].strip)
+      Setting.send("#{key}=", clean_param(key))
     end
   end
 
@@ -37,4 +38,12 @@ class Admin::SettingsController < Admin::BaseController
     def setting_params
       params.require(:setting).permit(Setting.editable_keys.map(&:to_sym))
     end
+
+    def clean_param(key)
+      if Setting.get_field(key)[:type] == :string
+        setting_params[key].strip
+      else
+        setting_params[key]
+      end
+    end
 end

app/controllers/lnurlpay_controller.rb

@@ -1,7 +1,7 @@
 class LnurlpayController < ApplicationController
   before_action :check_service_available
   before_action :find_user
-  before_action :set_cors_access_control_headers, only: [:invoice]
+  before_action :set_cors_access_control_headers
 
   MIN_SATS = 10
   MAX_SATS = 1_000_000

app/controllers/services/chat_controller.rb

@@ -3,7 +3,7 @@ class Services::ChatController < Services::BaseController
   before_action :require_service_available
 
   def show
-    @service_enabled = current_user.service_enabled?(:xmpp)
+    @service_enabled = current_user.service_enabled?(:ejabberd)
   end
 
   private

app/controllers/webfinger_controller.rb

@@ -1,8 +1,6 @@
-class WebfingerController < ApplicationController
+class WebfingerController < WellKnownController
   before_action :allow_cross_origin_requests, only: [:show]
 
-  layout false
-
   def show
     resource = params[:resource]
 
@@ -76,7 +74,7 @@ class WebfingerController < ApplicationController
   end
 
   def remotestorage_link
-    auth_url = new_rs_oauth_url(@username)
+    auth_url = new_rs_oauth_url(@username, host: Setting.accounts_domain)
     storage_url = "#{Setting.rs_storage_url}/#{@username}"
 
     {
@@ -91,10 +89,4 @@ class WebfingerController < ApplicationController
       }
     }
   end
-
-  def allow_cross_origin_requests
-    return unless Rails.env.development?
-    headers['Access-Control-Allow-Origin'] = "*"
-    headers['Access-Control-Allow-Methods'] = "GET"
-  end
 end

app/controllers/well_known_controller.rb

@@ -1,5 +1,8 @@
 class WellKnownController < ApplicationController
   before_action :require_nostr_enabled, only: [ :nostr ]
+  before_action :allow_cross_origin_requests, only: [ :nostr ]
+
+  layout false
 
   def nostr
     http_status :unprocessable_entity and return if params[:name].blank?
@@ -7,8 +10,14 @@ class WellKnownController < ApplicationController
     relay_url = Setting.nostr_relay_url.presence
 
     if params[:name] == "_"
-      # pubkey for the primary domain without a username (e.g. kosmos.org)
-      res = { names: { "_": Setting.nostr_public_key } }
+      if domain == Setting.primary_domain
+        # pubkey for the primary domain without a username (e.g. kosmos.org)
+        res = { names: { "_": Setting.nostr_public_key_primary_domain.presence || Setting.nostr_public_key } }
+      else
+        # pubkey for the akkounts domain without a username (e.g. accounts.kosmos.org)
+        res = { names: { "_": Setting.nostr_public_key } }
+      end
+
       res[:relays] = { "_" => [ relay_url ] } if relay_url
     else
       @user = User.where(cn: params[:name], ou: domain).first
@@ -30,4 +39,9 @@ class WellKnownController < ApplicationController
     def require_nostr_enabled
       http_status :not_found unless Setting.nostr_enabled?
     end
+
+    def allow_cross_origin_requests
+      headers['Access-Control-Allow-Origin'] = "*"
+      headers['Access-Control-Allow-Methods'] = "GET"
+    end
 end

app/helpers/dashboard_helper.rb

@@ -1,2 +0,0 @@
-module DashboardHelper
-end

app/helpers/donations_helper.rb

@@ -1,2 +0,0 @@
-module DonationsHelper
-end

app/helpers/invitations_helper.rb

@@ -1,2 +0,0 @@
-module InvitationsHelper
-end

app/helpers/lnurlpay_helper.rb

@@ -1,2 +0,0 @@
-module LnurlpayHelper
-end

app/helpers/services_helper.rb

@@ -0,0 +1,12 @@
+module ServicesHelper
+
+  def service_human_name(key, category = :external)
+    SERVICES[category][key][:name] || key.to_s
+  end
+
+  def service_display_name(key, category = :external)
+    SERVICES[category][key][:display_name] ||
+    service_human_name(key, category)
+  end
+
+end

app/helpers/settings_helper.rb

@@ -1,2 +0,0 @@
-module SettingsHelper
-end

app/helpers/signup_helper.rb

@@ -1,2 +0,0 @@
-module SignupHelper
-end

app/helpers/users_helper.rb

@@ -1,2 +0,0 @@
-module UsersHelper
-end

app/helpers/wallet_helper.rb

@@ -1,2 +0,0 @@
-module WalletHelper
-end

app/helpers/welcome_helper.rb

@@ -1,2 +0,0 @@
-module WelcomeHelper
-end

app/jobs/xmpp_exchange_contacts_job.rb

@@ -2,8 +2,8 @@ class XmppExchangeContactsJob < ApplicationJob
   queue_as :default
 
   def perform(inviter, invitee)
-    return unless inviter.service_enabled?(:xmpp) &&
-                  invitee.service_enabled?(:xmpp) &&
+    return unless inviter.service_enabled?(:ejabberd) &&
+                  invitee.service_enabled?(:ejabberd) &&
                   inviter.preferences[:xmpp_exchange_contacts_with_invitees]
 
     ejabberd = EjabberdApiClient.new

app/models/concerns/settings/nostr_settings.rb

@@ -12,6 +12,9 @@ module Settings
       field :nostr_public_key, type: :string,
         default: ENV["NOSTR_PUBLIC_KEY"].presence
 
+      field :nostr_public_key_primary_domain, type: :string,
+        default: ENV["NOSTR_PUBLIC_KEY_PRIMARY_DOMAIN"].presence
+
       field :nostr_relay_url, type: :string,
         default: ENV["NOSTR_RELAY_URL"].presence
 

app/models/setting.rb

@@ -21,8 +21,11 @@ class Setting < RailsSettings::Base
   include Settings::RemoteStorageSettings
   include Settings::XmppSettings
 
-  def self.default_services
-    # TODO Make configurable from respective service settings page
-    %w[ discourse gitea mastodon mediawiki remotestorage xmpp ]
+  def self.available_services
+    known_services = SERVICES[:external].keys
+    known_services.select {|s| Setting.send "#{s}_enabled?" }
   end
+
+  field :default_services, type: :array,
+    default: self.available_services
 end

app/models/user.rb

@@ -180,14 +180,14 @@ class User < ApplicationRecord
   def enable_service(service)
     current_services = services_enabled
     new_services = Array(service).map(&:to_s)
-    services = (current_services + new_services).uniq
+    services = (current_services + new_services).uniq.sort
     ldap.replace_attribute(dn, :serviceEnabled, services)
   end
 
   def disable_service(service)
     current_services = services_enabled
     disabled_services = Array(service).map(&:to_s)
-    services = (current_services - disabled_services).uniq
+    services = (current_services - disabled_services).uniq.sort
     ldap.replace_attribute(dn, :serviceEnabled, services)
   end
 

app/views/admin/settings/registrations/show.html.erb

@@ -9,18 +9,36 @@
         <%= render partial: "admin/settings/errors", locals: { errors: @errors } %>
       <% end %>
 
-      <label class="block">
-        <p class="font-bold mb-1">Reserved usernames</p>
-        <p class="text-gray-500">
-          These usernames cannot be registered as accounts:
-        </p>
-        <%= f.text_area :reserved_usernames,
-          value: Setting.reserved_usernames.join("\n"),
-          class: "h-44 mb-2" %>
-        <p class="text-sm text-gray-500">
-          One username per line
-        </p>
-      </label>
+      <ul role="list">
+        <%= render FormElements::FieldsetComponent.new(
+              title: "Reserved usernames",
+              description: "These usernames cannot be registered as accounts."
+            ) do %>
+          <%= f.text_area :reserved_usernames,
+            value: Setting.reserved_usernames.join("\n"),
+            class: "h-44 w-60" %>
+          <p class="text-sm text-gray-500">
+            One username per line
+          </p>
+        <% end %>
+        <li>
+          <p class="font-bold mb-1">Default services</p>
+          <p class="text-gray-500">
+            These services are enabled for new users by default after signup.
+          </p>
+          <div class="flex flex-wrap gap-x-6 gap-y-2">
+            <% Setting.available_services.each do |option| %>
+              <div class="md:inline-block">
+                <%= f.check_box :default_services,
+                  { multiple: true, checked: Setting.default_services.include?(option),
+                    class: "h-4 w-4 rounded border-gray-300 text-blue-600 focus:ring-blue-600 mr-0.5" },
+                  option, nil %>
+                <%= f.label "default_services_#{option.parameterize}", service_human_name(option) %>
+              </div>
+            <% end %>
+          </div>
+        </li>
+      </ul>
     </section>
 
     <section>

app/views/admin/settings/services/_nostr.html.erb

@@ -19,6 +19,11 @@
         title: "Public key",
         description: "The corresponding public key of the accounts service"
       ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :nostr_public_key_primary_domain,
+        title: "Public key for primary domain (NIP-05)",
+        description: "(optional) A different pubkey to announce for the _@#{Setting.primary_domain} Nostr address"
+      ) %>
   <%= render FormElements::FieldsetResettableSettingComponent.new(
         key: :nostr_relay_url,
         title: "Relay URL",

config/initializers/service_details.rb

@@ -0,0 +1,2 @@
+config_path = Rails.root.join('config', 'services.yml')
+SERVICES = YAML.load_file(config_path).deep_symbolize_keys.with_indifferent_access

config/services.yml

@@ -0,0 +1,30 @@
+internal:
+  btcpay:
+    name: BTCPay Server
+  postgres:
+    name: PostgreSQL
+  sentry:
+    name: Sentry
+external:
+  discourse:
+    name: Discourse
+  droneci:
+    name: Drone CI
+  ejabberd:
+    display_name: Chat
+  email:
+    name: E-Mail
+  gitea:
+    name: Gitea
+  lndhub:
+    name: LNDHub
+    display_name: Lightning Network
+  mastodon:
+    name: Mastodon
+  mediawiki:
+    name: MediaWiki
+  nostr:
+    name: Nostr
+  remotestorage:
+    name: remoteStorage
+    display_name: Storage

package.json

@@ -11,7 +11,7 @@
     "postcss-preset-env": "^7.8.3",
     "tailwindcss": "^3.2.4"
   },
-  "version": "0.9.0",
+  "version": "0.10.0",
   "scripts": {
     "build:css:tailwind": "tailwindcss --postcss -i ./app/assets/stylesheets/application.tailwind.css -o ./app/assets/builds/application.css",
     "build:css": "yarn run build:css:tailwind"

spec/helpers/services_helper_spec.rb

@@ -0,0 +1,25 @@
+require 'rails_helper'
+
+describe ServicesHelper do
+
+  describe "#service_human_name" do
+    it "returns the human name when it's configured" do
+      expect(service_human_name("mastodon")).to eq("Mastodon")
+    end
+
+    it "returns the key when there is no human name" do
+      expect(service_human_name("ejabberd")).to eq("ejabberd")
+    end
+  end
+
+  describe "#service_display_name" do
+    it "returns the display name when it's configured" do
+      expect(service_display_name("lndhub")).to eq("Lightning Network")
+    end
+
+    it "returns the human name when there is no display name" do
+      expect(service_display_name("mastodon")).to eq("Mastodon")
+    end
+  end
+
+end

spec/jobs/create_ldap_user_job_spec.rb

@@ -44,7 +44,7 @@ RSpec.describe CreateLdapUserJob, type: :job do
 
   it "adds default services for pre-confirmed accounts" do
     allow(ldap_client_mock).to receive(:add) # spy on mock
-    allow(Setting).to receive(:default_services).and_return(["xmpp", "discourse"])
+    Setting.default_services = ["ejabberd", "discourse"]
 
     perform_enqueued_jobs { job_for_preconfirmed_account }
 
@@ -56,7 +56,7 @@ RSpec.describe CreateLdapUserJob, type: :job do
         sn: "halfinney",
         uid: "halfinney",
         mail: "halfinney@example.com",
-        serviceEnabled: ["xmpp", "discourse"],
+        serviceEnabled: ["ejabberd", "discourse"],
         userPassword: "remember-remember-the-5th-of-november"
       }
     )

spec/jobs/xmpp_exchange_contacts_job_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe XmppExchangeContactsJob, type: :job do
   before do
     stub_request(:post, "http://xmpp.example.com/api/add_rosteritem")
       .to_return(status: 200, body: "", headers: {})
-    allow_any_instance_of(User).to receive(:services_enabled).and_return(["xmpp"])
+    allow_any_instance_of(User).to receive(:services_enabled).and_return(["ejabberd"])
   end
 
   it "posts add_rosteritem commands to the ejabberd API" do

spec/models/setting_spec.rb

@@ -0,0 +1,25 @@
+require 'rails_helper'
+
+RSpec.describe Setting, type: :model do
+
+  describe ".available_services" do
+    before do
+      Setting.discourse_enabled = true
+      Setting.ejabberd_enabled = true
+      Setting.email_enabled = false
+      Setting.gitea_enabled = false
+      Setting.lndhub_enabled = true
+      Setting.mastodon_enabled = true
+      Setting.mediawiki_enabled = false
+      Setting.nostr_enabled = false
+      Setting.remotestorage_enabled = true
+    end
+
+    it "contains all enabled services" do
+      expect(Setting.available_services).to eq(%w[
+        discourse ejabberd lndhub mastodon remotestorage
+      ])
+    end
+  end
+
+end

spec/models/user_spec.rb

@@ -78,9 +78,9 @@ RSpec.describe User, type: :model do
     it "returns the entries from the LDAP service attribute" do
       expect(user).to receive(:ldap_entry).and_return({
         uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-        services_enabled: ["discourse", "email", "gitea", "wiki", "xmpp"]
+        services_enabled: ["discourse", "ejabberd", "email", "gitea", "wiki"]
       })
-      expect(user.services_enabled).to eq(["discourse", "email", "gitea", "wiki", "xmpp"])
+      expect(user.services_enabled).to eq(["discourse", "ejabberd", "email", "gitea", "wiki"])
     end
   end
 
@@ -88,7 +88,7 @@ RSpec.describe User, type: :model do
     before do
       allow(user).to receive(:ldap_entry).and_return({
         uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-        services_enabled: ["gitea", "xmpp"]
+        services_enabled: ["ejabberd", "gitea"]
       })
     end
 
@@ -121,9 +121,9 @@ RSpec.describe User, type: :model do
 
     it "adds multiple service to the LDAP entry" do
       expect_any_instance_of(LdapService).to receive(:replace_attribute)
-        .with(dn, :serviceEnabled, ["discourse", "gitea", "wiki", "xmpp"]).and_return(true)
+        .with(dn, :serviceEnabled, ["discourse", "ejabberd", "gitea", "wiki"]).and_return(true)
 
-      user.enable_service([:wiki, :xmpp])
+      user.enable_service([:ejabberd, :wiki])
     end
   end
 
@@ -131,7 +131,7 @@ RSpec.describe User, type: :model do
     before do
       allow(user).to receive(:ldap_entry).and_return({
         uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-        services_enabled: ["discourse", "gitea", "xmpp"]
+        services_enabled: ["discourse", "ejabberd", "gitea"]
       })
       allow(user).to receive(:dn).and_return(dn)
     end
@@ -140,14 +140,14 @@ RSpec.describe User, type: :model do
       expect_any_instance_of(LdapService).to receive(:replace_attribute)
         .with(dn, :serviceEnabled, ["discourse", "gitea"]).and_return(true)
 
-      user.disable_service(:xmpp)
+      user.disable_service(:ejabberd)
     end
 
     it "removes multiple services from the LDAP entry" do
       expect_any_instance_of(LdapService).to receive(:replace_attribute)
         .with(dn, :serviceEnabled, ["discourse"]).and_return(true)
 
-      user.disable_service([:xmpp, "gitea"])
+      user.disable_service([:ejabberd, "gitea"])
     end
   end
 
@@ -178,7 +178,7 @@ RSpec.describe User, type: :model do
     after { clear_enqueued_jobs }
 
     it "enables default services" do
-      expect(user).to receive(:enable_service).with(%w[ discourse gitea mastodon mediawiki remotestorage xmpp ])
+      expect(user).to receive(:enable_service).with(Setting.default_services)
       user.send :devise_after_confirmation
     end
 

spec/requests/webfinger_spec.rb

@@ -44,7 +44,7 @@ RSpec.describe "WebFinger", type: :request do
         before do
           allow_any_instance_of(User).to receive(:ldap_entry).and_return({
             uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-            services_enabled: ["xmpp"]
+            services_enabled: ["ejabberd"]
           })
         end
 
@@ -92,7 +92,13 @@ RSpec.describe "WebFinger", type: :request do
           expect(rs_link["href"]).to eql("#{Setting.rs_storage_url}/tony")
 
           oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"]
-          expect(oauth_url).to eql("http://www.example.com/rs/oauth/tony")
+          expect(oauth_url).to eql("http://accounts.kosmos.org/rs/oauth/tony")
+        end
+
+        it "returns CORS headers" do
+          get "/.well-known/nostr.json?name=bobdylan"
+          expect(response.headers['Access-Control-Allow-Origin']).to eq("*")
+          expect(response.headers['Access-Control-Allow-Methods']).to eq('GET')
         end
       end
 
@@ -100,7 +106,7 @@ RSpec.describe "WebFinger", type: :request do
         before do
           allow_any_instance_of(User).to receive(:ldap_entry).and_return({
             uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-            services_enabled: ["xmpp"]
+            services_enabled: ["ejabberd"]
           })
         end
 

spec/requests/well_known_spec.rb

@@ -46,6 +46,12 @@ RSpec.describe "Well-known URLs", type: :request do
         expect(res["names"]["bobdylan"]).to eq(user.nostr_pubkey)
       end
 
+      it "returns CORS headers" do
+        get "/.well-known/nostr.json?name=bobdylan"
+        expect(response.headers['Access-Control-Allow-Origin']).to eq("*")
+        expect(response.headers['Access-Control-Allow-Methods']).to eq('GET')
+      end
+
       context "without relay configured" do
         before do
           Setting.nostr_relay_url = ""
@@ -73,10 +79,36 @@ RSpec.describe "Well-known URLs", type: :request do
     end
 
     describe "placeholder username for domain's own pubkey" do
-      it "returns the configured nostr pubkey" do
-        get "/.well-known/nostr.json?name=_"
-        res = JSON.parse(response.body)
-        expect(res["names"]["_"]).to eq(Setting.nostr_public_key)
+      describe "for primary domain" do
+        context "no different pubkey configured for primary domain" do
+          it "returns the akkounts nostr pubkey" do
+            get "/.well-known/nostr.json?name=_"
+            res = JSON.parse(response.body)
+            expect(res["names"]["_"]).to eq("bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf")
+          end
+        end
+
+        context "different pubkey configured for primary domain" do
+          before do
+            Setting.nostr_public_key_primary_domain = "b3e8f62fbe41217ffc0aa1e178d297339932d8ba4f46d9c7df3b61575e78fecc"
+          end
+
+          it "returns the primary domain's nostr pubkey" do
+            get "/.well-known/nostr.json?name=_"
+            res = JSON.parse(response.body)
+            expect(res["names"]["_"]).to eq("b3e8f62fbe41217ffc0aa1e178d297339932d8ba4f46d9c7df3b61575e78fecc")
+          end
+        end
+      end
+
+      describe "for akkounts domain" do
+        it "returns the configured nostr pubkey" do
+          headers = { "X-Forwarded-Host" => "accounts.kosmos.org" }
+          get "/.well-known/nostr.json?name=_"
+
+          res = JSON.parse(response.body)
+          expect(res["names"]["_"]).to eq("bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf")
+        end
       end
 
       context "with relay configured" do