Add strfry doc draft

Reviewed-on: #202
Reviewed-by: Greg <greg@noreply.kosmos.org>

.env.example

@@ -29,8 +29,10 @@
 
 #
 # Service Integrations
+# (sorted alphabetically by service name)
 #
 
+# BTCPAY_PUBLIC_URL='https://btcpay.example.com'
 # BTCPAY_API_URL='http://localhost:23001/api/v1'
 # BTCPAY_STORE_ID=''
 # BTCPAY_AUTH_TOKEN=''
@@ -57,8 +59,13 @@
 # LNDHUB_PG_PASSWORD=''
 
 # MASTODON_PUBLIC_URL='https://kosmos.social'
+# MASTODON_ADDRESS_DOMAIN='https://kosmos.org'
 
 # MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
 
+# NOSTR_PRIVATE_KEY='123456abcdef...'
+# NOSTR_PUBLIC_KEY='123456abcdef...'
+# NOSTR_RELAY_URL='wss://nostr.kosmos.org'
+
 # RS_STORAGE_URL='https://storage.kosmos.org'
 # RS_REDIS_URL='redis://localhost:6379/2'

.env.test

@@ -1,7 +1,9 @@
 PRIMARY_DOMAIN=kosmos.org
+AKKOUNTS_DOMAIN=accounts.kosmos.org
 
 REDIS_URL='redis://localhost:6379/0'
 
+BTCPAY_PUBLIC_URL='https://btcpay.example.com'
 BTCPAY_API_URL='http://btcpay.example.com/api/v1'
 BTCPAY_STORE_ID='123456'
 
@@ -10,10 +12,15 @@ DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 
 EJABBERD_API_URL='http://xmpp.example.com/api'
 
+MASTODON_PUBLIC_URL='http://example.social'
+
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
 
+NOSTR_PRIVATE_KEY='7c3ef7e448505f0615137af38569d01807d3b05b5005d5ecf8aaafcd40323cea'
+NOSTR_PUBLIC_KEY='bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf'
+
 RS_STORAGE_URL='https://storage.kosmos.org'
 RS_REDIS_URL='redis://localhost:6379/1'
 

Gemfile

@@ -61,8 +61,8 @@ gem "sentry-rails"
 # Services
 gem 'discourse_api'
 gem "lnurl"
-gem 'manifique'
-gem 'nostr'
+gem 'manifique', '~> 1.1.0'
+gem 'nostr', '~> 0.6.0'
 
 group :development, :test do
   # Use sqlite3 as the database for Active Record

Gemfile.lock

@@ -155,7 +155,7 @@ GEM
       ruby2_keywords
     e2mmap (0.1.0)
     ecdsa (1.2.0)
-    ecdsa_ext (0.5.0)
+    ecdsa_ext (0.5.1)
       ecdsa (~> 1.2.0)
     erubi (1.12.0)
     et-orbi (1.2.7)
@@ -245,7 +245,7 @@ GEM
       net-imap
       net-pop
       net-smtp
-    manifique (1.0.1)
+    manifique (1.1.0)
       faraday (~> 2.9.0)
       faraday-follow_redirects (= 0.3.0)
       nokogiri (~> 1.16.0)
@@ -278,9 +278,9 @@ GEM
       racc (~> 1.4)
     nokogiri (1.16.0-x86_64-linux)
       racc (~> 1.4)
-    nostr (0.5.0)
+    nostr (0.6.0)
       bech32 (~> 1.4)
-      bip-schnorr (~> 0.6)
+      bip-schnorr (~> 0.7)
       ecdsa (~> 1.2)
       event_emitter (~> 0.2)
       faye-websocket (~> 0.11)
@@ -515,9 +515,9 @@ DEPENDENCIES
   listen (~> 3.2)
   lnurl
   lockbox
-  manifique
+  manifique (~> 1.1.0)
   net-ldap
-  nostr
+  nostr (~> 0.6.0)
   pagy (~> 6.0, >= 6.0.2)
   pg (~> 1.5)
   puma (~> 4.1)

app/assets/stylesheets/components/buttons.css

@@ -32,11 +32,21 @@
            focus:ring-blue-400 focus:ring-opacity-75;
   }
 
+  .btn-emerald {
+    @apply bg-emerald-500 hover:bg-emerald-600 text-white
+           focus:ring-emerald-400 focus:ring-opacity-75;
+  }
+
   .btn-red {
     @apply bg-red-600 hover:bg-red-700 text-white
            focus:ring-red-500 focus:ring-opacity-75;
   }
 
+  .btn-outline-purple {
+    @apply border-2 border-purple-500 hover:bg-purple-100
+           focus:ring-purple-400 focus:ring-opacity-75;
+  }
+
   .btn:disabled {
     @apply bg-gray-100 hover:bg-gray-200 text-gray-400
            focus:ring-gray-300 focus:ring-opacity-75;

app/assets/stylesheets/components/dashboard_services.css

@@ -1,5 +1,5 @@
 @layer components {
   .services > div > a {
-    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 0, rgba(255,255,255,0.88) 100%);
+    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 20%, rgba(255,255,255,0.88) 100%);
   }
 }

app/components/form_elements/fieldset_resettable_setting_component.html.erb

@@ -6,6 +6,7 @@
     ) do %>
   <%= method("#{@type}_field").call :setting, @key,
     value: Setting.public_send(@key),
+    placeholder: @placeholder,
     data: {
       :'default-value' => Setting.get_field(@key)[:default]
     },

app/components/form_elements/fieldset_resettable_setting_component.rb

@@ -2,7 +2,7 @@
 
 module FormElements
   class FieldsetResettableSettingComponent < ViewComponent::Base
-    def initialize(tag: "li", key:, type: :text, title:, description: nil)
+    def initialize(tag: "li", key:, type: :text, title:, description: nil, placeholder: nil)
       @tag         = tag
       @positioning = :vertical
       @title       = title
@@ -10,6 +10,7 @@ module FormElements
       @key         = key.to_sym
       @type        = type
       @resettable  = is_resettable?(@key)
+      @placeholder = placeholder
     end
 
     def is_resettable?(key)

app/components/form_elements/fieldset_toggle_component.html.erb

@@ -6,7 +6,7 @@
   <div class="flex flex-col">
     <label class="font-bold mb-1"><%= @title %></label>
     <% if @description.present? %>
-    <p class="text-gray-500"><%= @descripton %></p>
+    <p class="text-gray-500"><%= @description %></p>
     <% end %>
   </div>
   <div class="relative ml-4 inline-flex flex-shrink-0">

app/components/form_elements/fieldset_toggle_component.rb

@@ -12,7 +12,7 @@ module FormElements
       @enabled = enabled
       @input_enabled = input_enabled
       @title = title
-      @descripton = description
+      @description = description
       @button_text = @enabled ? "Switch off" : "Switch on"
     end
   end

app/components/main_with_tabnav_component.html.erb

@@ -1,5 +1,5 @@
 <main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
-  <div class="bg-white rounded-lg shadow">
+  <div class="md:min-h-[50vh] bg-white rounded-lg shadow">
     <div class="px-6 sm:px-12 pt-2 sm:pt-4">
       <%= render partial: @tabnav_partial %>
     </div>

app/components/modal_component.html.erb

@@ -12,7 +12,7 @@
 
     <!-- Modal Container -->
     <div data-modal-target="container"
-         class="max-h-screen w-auto max-w-lg relative
+         class="relative m-4 max-h-screen w-auto max-w-full
                 hidden animate-scale-in fixed inset-0 overflow-y-auto flex items-center justify-center">
       <!-- Modal Card -->
       <div class="m-1 bg-white rounded shadow">

app/components/notification_component.rb

@@ -34,6 +34,8 @@ class NotificationComponent < ViewComponent::Base
       'alert-octagon'
     when 'alert'
       'alert-octagon'
+    when 'warning'
+      'alert-octagon'
     else
       'info'
     end

app/controllers/admin/donations_controller.rb

@@ -3,18 +3,16 @@ class Admin::DonationsController < Admin::BaseController
   before_action :set_current_section, only: [:index, :show, :new, :edit]
 
   # GET /donations
-  # GET /donations.json
   def index
-    @pagy, @donations = pagy(Donation.all.order('created_at desc'))
+    @pagy, @donations = pagy(Donation.completed.order('paid_at desc'))
 
     @stats = {
-      overall_sats: @donations.all.sum("amount_sats"),
-      donor_count: Donation.distinct.count(:user_id)
+      overall_sats: @donations.sum("amount_sats"),
+      donor_count: Donation.completed.count(:user_id)
     }
   end
 
   # GET /donations/1
-  # GET /donations/1.json
   def show
   end
 
@@ -28,55 +26,42 @@ class Admin::DonationsController < Admin::BaseController
   end
 
   # POST /donations
-  # POST /donations.json
   def create
     @donation = Donation.new(donation_params)
 
-    respond_to do |format|
+    if @donation.paid_at == nil
+      @donation.errors.add(:paid_at, message: "is required")
+      render :new, status: :unprocessable_entity and return
+    end
+
     if @donation.save
-        format.html do
       redirect_to admin_donation_url(@donation), flash: {
         success: 'Donation was successfully created.'
       }
-        end
-        format.json { render :show, status: :created, location: @donation }
     else
-        format.html { render :new, status: :unprocessable_entity }
-        format.json { render json: @donation.errors, status: :unprocessable_entity }
-      end
+      render :new, status: :unprocessable_entity
     end
   end
 
-  # PATCH/PUT /donations/1
-  # PATCH/PUT /donations/1.json
+  # PUT /donations/1
   def update
-    respond_to do |format|
     if @donation.update(donation_params)
-        format.html do
       redirect_to admin_donation_url(@donation), flash: {
         success: 'Donation was successfully updated.'
       }
-        end
-        format.json { render :show, status: :ok, location: @donation }
     else
-        format.html { render :edit, status: :unprocessable_entity }
-        format.json { render json: @donation.errors, status: :unprocessable_entity }
-      end
+      render :edit, status: :unprocessable_entity
     end
   end
 
   # DELETE /donations/1
-  # DELETE /donations/1.json
   def destroy
     @donation.destroy
-    respond_to do |format|
-      format.html do redirect_to admin_donations_url, flash: {
+
+    redirect_to admin_donations_url, flash: {
       success: 'Donation was successfully destroyed.'
     }
   end
-      format.json { head :no_content }
-    end
-  end
 
   private
     # Use callbacks to share common setup or constraints between actions.
@@ -86,7 +71,10 @@ class Admin::DonationsController < Admin::BaseController
 
     # Only allow a list of trusted parameters through.
     def donation_params
-      params.require(:donation).permit(:user_id, :amount_sats, :amount_eur, :amount_usd, :public_name, :paid_at)
+      params.require(:donation).permit(
+        :user_id, :donation_method,
+        :amount_sats, :fiat_amount, :fiat_currency,
+        :public_name, :paid_at)
     end
 
     def set_current_section

app/controllers/application_controller.rb

@@ -41,4 +41,31 @@ class ApplicationController < ActionController::Base
   def after_sign_in_path_for(user)
     session[:user_return_to] || root_path
   end
+
+  def lndhub_authenticate(options={})
+    if session[:ln_auth_token].present? && !options[:force_reauth]
+      @ln_auth_token = session[:ln_auth_token]
+    else
+      lndhub = Lndhub.new
+      auth_token = lndhub.authenticate(current_user)
+      session[:ln_auth_token] = auth_token
+      @ln_auth_token = auth_token
+    end
+  rescue => e
+    Sentry.capture_exception(e) if Setting.sentry_enabled?
+  end
+
+  def lndhub_fetch_balance
+    @balance = LndhubManager::FetchUserBalance.call(auth_token: @ln_auth_token)
+  rescue AuthError
+    lndhub_authenticate(force_reauth: true)
+    raise if @fetch_balance_retried
+    @fetch_balance_retried = true
+    lndhub_fetch_balance
+  end
+
+  def nostr_event_from_params
+    params.permit!
+    params[:signed_event].to_h.symbolize_keys
+  end
 end

app/controllers/contributions/donations_controller.rb

@@ -1,10 +1,129 @@
 class Contributions::DonationsController < ApplicationController
-  before_action :authenticate_user!
+  include BtcpayHelper
 
-  # GET /donations
-  # GET /donations.json
+  before_action :authenticate_user!
+  before_action :set_donation_methods, only: [:index, :create]
+  before_action :require_donation_method_enabled, only: [:create]
+  before_action :validate_donation_params, only: [:create]
+  before_action :set_donation, only: [:confirm_btcpay]
+
+  # GET /contributions/donations
   def index
-    @donations = current_user.donations.completed
     @current_section = :contributions
+    @donations_completed = current_user.donations.completed.order('paid_at desc')
+    @donations_pending = current_user.donations.processing.order('created_at desc')
+
+    if Setting.lndhub_enabled?
+      begin
+        lndhub_authenticate
+        lndhub_fetch_balance
+      rescue
+        @balance = 0
+      end
+    end
+  end
+
+  # POST /contributions/donations
+  def create
+    if params[:currency] == "sats"
+      fiat_amount = nil
+      fiat_currency = nil
+      amount_sats = params[:amount]
+    else
+      fiat_amount = params[:amount].to_i
+      fiat_currency = params[:currency]
+      amount_sats = nil
+    end
+
+    @donation = current_user.donations.create!(
+      donation_method: params[:donation_method],
+      payment_method: nil,
+      paid_at: nil,
+      amount_sats: amount_sats,
+      fiat_amount: (fiat_amount.nil? ? nil : fiat_amount * 100), # store in cents
+      fiat_currency: fiat_currency,
+      public_name: params[:public_name]
+    )
+
+    case params[:donation_method]
+    when "btcpay"
+      res = BtcpayManager::CreateInvoice.call(
+        amount: fiat_amount || (amount_sats.to_f / 100000000),
+        currency: fiat_currency || "BTC",
+        redirect_url: confirm_btcpay_contributions_donation_url(@donation)
+      )
+
+      @donation.update! btcpay_invoice_id: res["id"]
+
+      redirect_to btcpay_checkout_url(res["id"]), allow_other_host: true
+    else
+      redirect_to contributions_donations_url, flash: {
+        error: "Donation method currently not available"
+      }
+    end
+  end
+
+  def confirm_btcpay
+    redirect_to contributions_donations_url and return if @donation.completed?
+
+    invoice = BtcpayManager::FetchInvoice.call(invoice_id: @donation.btcpay_invoice_id)
+
+    if @donation.amount_sats.present?
+      # TODO make default fiat currency configurable and/or determine from user's
+      # i18n browser settings
+      @donation.fiat_currency = "EUR"
+      exchange_rate = BtcpayManager::FetchExchangeRate.call(fiat_currency: @donation.fiat_currency)
+      @donation.fiat_amount = (((@donation.amount_sats.to_f / 100000000) * exchange_rate) * 100).to_i
+    else
+      amt_str = invoice["paymentMethods"].first["amount"]
+      @donation.amount_sats = amt_str.tr(".","").sub(/0*$/, "").to_i
+    end
+
+    case invoice["status"]
+    when "Settled"
+      @donation.paid_at = DateTime.now
+      @donation.payment_status = "settled"
+      @donation.save!
+      flash_message = { success: "Thank you!" }
+    when "Processing"
+      unless @donation.processing?
+        @donation.payment_status = "processing"
+        @donation.save!
+        flash_message = { success: "Thank you! We will send you an email when the payment is confirmed." }
+        BtcpayCheckDonationJob.set(wait: 20.seconds).perform_later(@donation)
+      end
+    when "Expired"
+      flash_message = { warning: "The payment request for this donation has expired" }
+    else
+      flash_message = { warning: "Could not determine status of payment" }
+    end
+
+    redirect_to contributions_donations_url, flash: flash_message
+  end
+
+  private
+
+    def set_donation
+      @donation = current_user.donations.find_by(id: params[:id])
+      http_status :not_found unless @donation.present?
+    end
+
+    def set_donation_methods
+      @donation_methods = []
+      @donation_methods.push :btcpay if Setting.btcpay_enabled?
+      @donation_methods.push :lndhub if Setting.lndhub_enabled?
+      @donation_methods.push :opencollective if Setting.opencollective_enabled?
+    end
+
+    def require_donation_method_enabled
+      http_status :forbidden unless @donation_methods.include?(
+        params[:donation_method].to_sym
+      )
+    end
+
+    def validate_donation_params
+      if !%w[EUR USD sats].include?(params[:currency]) || (params[:amount].to_i <= 0)
+        http_status :unprocessable_entity
+      end
     end
 end

app/controllers/lnurlpay_controller.rb

@@ -1,13 +1,15 @@
 class LnurlpayController < ApplicationController
   before_action :check_service_available
   before_action :find_user
+  before_action :set_cors_access_control_headers, only: [:invoice]
 
   MIN_SATS = 10
   MAX_SATS = 1_000_000
   MAX_COMMENT_CHARS = 100
 
+  # GET /.well-known/lnurlp/:username
   def index
-    render json: {
+    res = {
       status: "OK",
       callback: "https://#{Setting.accounts_domain}/lnurlpay/#{@user.cn}/invoice",
       tag: "payRequest",
@@ -16,8 +18,16 @@ class LnurlpayController < ApplicationController
       metadata: metadata(@user.address),
       commentAllowed: MAX_COMMENT_CHARS
     }
+
+    if Setting.nostr_enabled?
+      res[:allowsNostr] = true
+      res[:nostrPubkey] = Setting.nostr_public_key
     end
 
+    render json: res
+  end
+
+  # GET /.well-known/keysend/:username
   def keysend
     http_status :not_found and return unless Setting.lndhub_keysend_enabled?
 
@@ -32,8 +42,9 @@ class LnurlpayController < ApplicationController
     }
   end
 
+  # GET /lnurlpay/:username/invoice
   def invoice
-    amount = params[:amount].to_i / 1000 # msats
+    amount = params[:amount].to_i / 1000 # msats to sats
     comment = params[:comment] || ""
     address = @user.address
 
@@ -42,40 +53,32 @@ class LnurlpayController < ApplicationController
       return
     end
 
-    if !valid_comment?(comment)
-      render json: { status: "ERROR", reason: "Comment too long" }
-      return
+    if params[:nostr].present? && Setting.nostr_enabled?
+      handle_zap_request amount, params[:nostr], params[:lnurl]
+    else
+      handle_pay_request address, amount, comment
     end
-
-    memo = "To #{address}"
-    memo = "#{memo}: \"#{comment}\"" if comment.present?
-
-    payment_request = @user.ln_create_invoice({
-      amount: amount, # we create invoices in sats
-      memo: memo,
-      description_hash: Digest::SHA2.hexdigest(metadata(address)),
-    })
-
-    render json: {
-      status: "OK",
-      successAction: {
-        tag: "message",
-        message: "Sats received. Thank you!"
-      },
-      routes: [],
-      pr: payment_request
-    }
   end
 
   private
 
+    def set_cors_access_control_headers
+      headers['Access-Control-Allow-Origin'] = "*"
+      headers['Access-Control-Allow-Headers'] = "*"
+      headers['Access-Control-Allow-Methods'] = "GET"
+    end
+
+    def check_service_available
+      http_status :not_found unless Setting.lndhub_enabled?
+    end
+
     def find_user
       @user = User.where(cn: params[:username], ou: Setting.primary_domain).first
       http_status :not_found if @user.nil?
     end
 
     def metadata(address)
-    "[[\"text/identifier\", \"#{address}\"], [\"text/plain\", \"Send sats, receive thanks.\"]]"
+      "[[\"text/identifier\",\"#{address}\"],[\"text/plain\",\"Sats for #{address}\"]]"
     end
 
     def valid_amount?(amount_in_sats)
@@ -86,9 +89,73 @@ class LnurlpayController < ApplicationController
       comment.length <= MAX_COMMENT_CHARS
     end
 
-  private
+    def handle_pay_request(address, amount, comment)
+      if !valid_comment?(comment)
+        render json: { status: "ERROR", reason: "Comment too long" }
+        return
+      end
 
-  def check_service_available
-    http_status :not_found unless Setting.lndhub_enabled?
+      desc = "To #{address}"
+      desc = "#{desc}: \"#{comment}\"" if comment.present?
+
+      invoice = LndhubManager::CreateUserInvoice.call(
+        user: @user, payload: {
+          amount: amount, # sats
+          description: desc,
+          description_hash: Digest::SHA256.hexdigest(metadata(address)),
+        }
+      )
+
+      render json: {
+        status: "OK",
+        successAction: {
+          tag: "message",
+          message: "Sats received. Thank you!"
+        },
+        routes: [],
+        pr: invoice["payment_request"]
+      }
+    end
+
+    def nostr_event_from_payload(nostr_param)
+      event_obj = JSON.parse(nostr_param).transform_keys(&:to_sym)
+      Nostr::Event.new(**event_obj)
+    rescue => e
+      return nil
+    end
+
+    def valid_zap_request?(amount, event, lnurl)
+      NostrManager::VerifyZapRequest.call(
+        amount: amount, event: event, lnurl: lnurl
+      )
+    end
+
+    def handle_zap_request(amount, nostr_param, lnurl_param)
+      event = nostr_event_from_payload(nostr_param)
+
+      unless event.present? && valid_zap_request?(amount*1000, event, lnurl_param)
+        render json: { status: "ERROR", reason: "Invalid zap request" }
+        return
+      end
+
+      # TODO might want to use the existing invoice and zap record if there are
+      # multiple calls with the same zap request
+
+      desc = "Zap for #{@user.address}"
+      desc = "#{desc}: \"#{event.content}\"" if event.content.present?
+
+      invoice = LndhubManager::CreateUserInvoice.call(
+        user: @user, payload: {
+          amount: amount, # sats
+          description: desc,
+          description_hash: Digest::SHA256.hexdigest(event.to_json),
+        }
+      )
+
+      @user.zaps.create! request: event,
+                         payment_request: invoice["payment_request"],
+                         amount: amount
+
+      render json: { status: "OK", pr: invoice["payment_request"] }
     end
 end

app/controllers/services/chat_controller.rb

@@ -3,7 +3,7 @@ class Services::ChatController < Services::BaseController
   before_action :require_service_available
 
   def show
-    @service_enabled = current_user.services_enabled.include?(:xmpp)
+    @service_enabled = current_user.service_enabled?(:xmpp)
   end
 
   private

app/controllers/services/lightning_controller.rb

@@ -2,10 +2,11 @@ require "rqrcode"
 require "lnurl"
 
 class Services::LightningController < ApplicationController
-  before_action :authenticate_user!
-  before_action :authenticate_with_lndhub
   before_action :set_current_section
-  before_action :fetch_balance
+  before_action :require_service_available
+  before_action :authenticate_user!
+  before_action :lndhub_authenticate
+  before_action :lndhub_fetch_balance
 
   def index
     @wallet_setup_url = "lndhub://#{current_user.ln_account}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
@@ -55,32 +56,12 @@ class Services::LightningController < ApplicationController
 
   private
 
-  def authenticate_with_lndhub(options={})
-    if session[:ln_auth_token].present? && !options[:force_reauth]
-      @ln_auth_token = session[:ln_auth_token]
-    else
-      lndhub = Lndhub.new
-      auth_token = lndhub.authenticate(current_user)
-      session[:ln_auth_token] = auth_token
-      @ln_auth_token = auth_token
-    end
-  rescue => e
-    Sentry.capture_exception(e) if Setting.sentry_enabled?
-  end
-
   def set_current_section
     @current_section = :services
   end
 
-  def fetch_balance
-    lndhub = Lndhub.new
-    data = lndhub.balance @ln_auth_token
-    @balance = data["BTC"]["AvailableBalance"] rescue nil
-  rescue AuthError
-    authenticate_with_lndhub(force_reauth: true)
-    raise if @fetch_balance_retried
-    @fetch_balance_retried = true
-    fetch_balance
+  def require_service_available
+    http_status :not_found unless Setting.lndhub_enabled?
   end
 
   def fetch_transactions

app/controllers/services/mastodon_controller.rb

@@ -3,7 +3,7 @@ class Services::MastodonController < Services::BaseController
   before_action :require_service_available
 
   def show
-    @service_enabled = current_user.services_enabled.include?(:mastodon)
+    @service_enabled = current_user.service_enabled?(:mastodon)
   end
 
   private

app/controllers/services/remotestorage_controller.rb

@@ -5,11 +5,10 @@ class Services::RemotestorageController < Services::BaseController
 
   # Dashboard
   def show
-    # unless current_user.services_enabled.include?(:remotestorage)
+    # unless current_user.service_enabled?(:remotestorage)
     #   redirect_to service_remotestorage_info_path
     # end
-    @rs_auths = current_user.remote_storage_authorizations
-    # TODO sort by app name
+    # @rs_apps_connected = current_user.remote_storage_authorizations.any?
   end
 
   private

app/controllers/services/rs_auths_controller.rb

@@ -3,13 +3,18 @@ class Services::RsAuthsController < Services::BaseController
   before_action :require_feature_enabled
   before_action :require_service_available
   # before_action :require_service_enabled
-  before_action :find_rs_auth
+  before_action :find_rs_auth, only: [:destroy, :launch_app]
+
+  def index
+    @rs_auths = current_user.remote_storage_authorizations
+    # TODO sort by app name?
+  end
 
   def destroy
     @auth.destroy!
 
     respond_to do |format|
-      format.html do redirect_to services_storage_url, flash: {
+      format.html do redirect_to apps_services_storage_url, flash: {
         success: 'App authorization revoked'
       }
       end

app/controllers/settings_controller.rb

@@ -12,7 +12,11 @@ class SettingsController < ApplicationController
   end
 
   def show
-    if @settings_section == "nostr"
+    case @settings_section
+    when "lightning"
+      @notifications_enabled = @user.preferences[:lightning_notify_sats_received] != "disabled" ||
+                               @user.preferences[:lightning_notify_zap_received] != "disabled"
+    when "nostr"
       session[:shared_secret] ||= SecureRandom.base64(12)
     end
   end
@@ -87,25 +91,27 @@ class SettingsController < ApplicationController
   end
 
   def set_nostr_pubkey
-    signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
+    signed_event = Nostr::Event.new(**nostr_event_from_params)
 
-    is_valid_id  = NostrManager::ValidateId.call(event: signed_event)
-    is_valid_sig = NostrManager::VerifySignature.call(event: signed_event)
-    is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
+    is_valid_sig  = signed_event.verify_signature
+    is_valid_auth = NostrManager::VerifyAuth.call(
+      event: signed_event,
+      challenge: session[:shared_secret]
+    )
 
-    unless is_valid_id && is_valid_sig && is_correct_content
+    unless is_valid_sig && is_valid_auth
       flash[:alert] = "Public key could not be verified"
       http_status :unprocessable_entity and return
     end
 
-    user_with_pubkey = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event[:pubkey])
+    user_with_pubkey = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event.pubkey)
 
     if user_with_pubkey.present? && (user_with_pubkey != current_user)
       flash[:alert] = "Public key already in use for a different account"
       http_status :unprocessable_entity and return
     end
 
-    LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: signed_event[:pubkey])
+    LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: signed_event.pubkey)
     session[:shared_secret] = nil
 
     flash[:success] = "Public key verification successful"
@@ -145,11 +151,9 @@ class SettingsController < ApplicationController
     end
 
     def user_params
-      params.require(:user).permit(:display_name, :avatar, preferences: [
-        :lightning_notify_sats_received,
-        :remotestorage_notify_auth_created,
-        :xmpp_exchange_contacts_with_invitees
-      ])
+      params.require(:user).permit(
+        :display_name, :avatar, preferences: UserPreferences.pref_keys
+      )
     end
 
     def email_params
@@ -160,12 +164,6 @@ class SettingsController < ApplicationController
       params.require(:user).permit(:current_password)
     end
 
-    def nostr_event_params
-      params.permit(signed_event: [
-        :id, :pubkey, :created_at, :kind, :content, :sig, tags: []
-      ])
-    end
-
     def generate_email_password
       characters = [('a'..'z'), ('A'..'Z'), (0..9)].map(&:to_a).flatten
       SecureRandom.random_bytes(16).each_byte.map { |b| characters[b % characters.length] }.join

app/controllers/users/sessions_controller.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+class Users::SessionsController < Devise::SessionsController
+  # before_action :configure_sign_in_params, only: [:create]
+
+  # GET /resource/sign_in
+  def new
+    session[:shared_secret] = SecureRandom.base64(12)
+    super
+  end
+
+  # POST /resource/sign_in
+  # def create
+  #   super
+  # end
+
+  # DELETE /resource/sign_out
+  # def destroy
+  #   super
+  # end
+
+  # POST /users/nostr_login
+  def nostr_login
+    signed_event = Nostr::Event.new(**nostr_event_from_params)
+
+    is_valid_sig  = signed_event.verify_signature
+    is_valid_auth = NostrManager::VerifyAuth.call(
+      event: signed_event,
+      challenge: session[:shared_secret]
+    )
+
+    session[:shared_secret] = nil
+
+    unless is_valid_sig && is_valid_auth
+      flash[:alert] = "Login verification failed"
+      http_status :unauthorized and return
+    end
+
+    user = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event.pubkey)
+
+    if user.present?
+      set_flash_message!(:notice, :signed_in)
+      sign_in("user", user)
+      render json: { redirect_url: after_sign_in_path_for(user) }, status: :ok
+    else
+      flash[:alert] = "Failed to find your account. Nostr login may be disabled."
+      http_status :unauthorized
+    end
+  end
+
+  protected
+
+    def set_flash_message(key, kind, options = {})
+      # Hide flash message after redirecting from a signin route while logged in
+      super unless key == :alert && kind == "already_authenticated"
+    end
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_sign_in_params
+  #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
+  # end
+end

app/controllers/webfinger_controller.rb

@@ -7,14 +7,15 @@ class WebfingerController < ApplicationController
     resource = params[:resource]
 
     if resource && @useraddress = resource.match(/acct:(.+)/)&.[](1)
-      @username, @org = @useraddress.split("@")
+      @username, @domain = @useraddress.split("@")
 
       unless Rails.env.development?
         # Allow different domains (e.g. localhost:3000) in development only
-        head 404 and return unless @org == Setting.primary_domain
+        head 404 and return unless @domain == Setting.primary_domain
       end
 
-      unless User.where(cn: @username.downcase, ou: Setting.primary_domain).any?
+      unless @user = User.where(ou: Setting.primary_domain)
+                         .find_by(cn: @username.downcase)
         head 404 and return
       end
 
@@ -28,12 +29,50 @@ class WebfingerController < ApplicationController
   private
 
   def webfinger
-    links = [];
+    jrd = {
+      subject: "acct:#{@user.address}",
+      aliases: [],
+      links: []
+    }
 
-    # TODO check if storage service is enabled for user, not just globally
-    links << remotestorage_link if Setting.remotestorage_enabled
+    if Setting.mastodon_enabled && @user.service_enabled?(:mastodon)
+      # https://docs.joinmastodon.org/spec/webfinger/
+      jrd[:aliases] += mastodon_aliases
+      jrd[:links] += mastodon_links
+    end
 
-    { "links" => links }
+    if Setting.remotestorage_enabled && @user.service_enabled?(:remotestorage)
+      # https://datatracker.ietf.org/doc/draft-dejong-remotestorage/
+      jrd[:links] << remotestorage_link
+    end
+
+    jrd
+  end
+
+  def mastodon_aliases
+    [
+      "#{Setting.mastodon_public_url}/@#{@user.cn}",
+      "#{Setting.mastodon_public_url}/users/#{@user.cn}"
+    ]
+  end
+
+  def mastodon_links
+    [
+      {
+        rel: "http://webfinger.net/rel/profile-page",
+        type: "text/html",
+        href: "#{Setting.mastodon_public_url}/@#{@user.cn}"
+      },
+      {
+        rel: "self",
+        type: "application/activity+json",
+        href: "#{Setting.mastodon_public_url}/users/#{@user.cn}"
+      },
+      {
+        rel: "http://ostatus.org/schema/1.0/subscribe",
+        template: "#{Setting.mastodon_public_url}/authorize_interaction?uri={uri}"
+      }
+    ]
   end
 
   def remotestorage_link
@@ -41,9 +80,9 @@ class WebfingerController < ApplicationController
     storage_url = "#{Setting.rs_storage_url}/#{@username}"
 
     {
-      "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
-      "href" => storage_url,
-      "properties" => {
+      rel: "http://tools.ietf.org/id/draft-dejong-remotestorage",
+      href: storage_url,
+      properties: {
         "http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
         "http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
         "http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter

app/controllers/webhooks_controller.rb

@@ -2,45 +2,76 @@ class WebhooksController < ApplicationController
   skip_forgery_protection
 
   before_action :authorize_request
+  before_action :process_payload
 
   def lndhub
-    begin
-      payload = JSON.parse(request.body.read, symbolize_names: true)
-      head :no_content and return unless payload[:type] == "incoming"
-    rescue
-      head :unprocessable_entity and return
+    @user = User.find_by!(ln_account: @payload[:user_login])
+
+    if @zap = @user.zaps.find_by(payment_request: @payload[:payment_request])
+      settled_at = Time.parse(@payload[:settled_at])
+      zap_receipt = NostrManager::CreateZapReceipt.call(
+        zap: @zap,
+        paid_at: settled_at.to_i,
+        preimage: @payload[:preimage]
+      )
+      @zap.update! settled_at: settled_at, receipt: zap_receipt.to_h
+      NostrManager::PublishZapReceipt.call(zap: @zap)
     end
 
-    user = User.find_by!(ln_account: payload[:user_login])
-    notify = user.preferences[:lightning_notify_sats_received]
-    case notify
-    when "xmpp"
-      notify_xmpp(user.address, payload[:amount], payload[:memo])
-    when "email"
-      NotificationMailer.with(user: user, amount_sats: payload[:amount])
-                        .lightning_sats_received.deliver_later
-    end
+    send_notifications
 
     head :ok
   end
 
   private
 
-  # TODO refactor into mailer-like generic class/service
-  def notify_xmpp(address, amt_sats, memo)
-    payload = {
-      type: "normal",
-      from: Setting.xmpp_notifications_from_address,
-      to: address,
-      subject: "Sats received!",
-      body: "#{helpers.number_with_delimiter amt_sats} sats received in your Lightning wallet:\n> #{memo}"
-    }
-    XmppSendMessageJob.perform_later(payload)
-  end
-
   def authorize_request
     if !ENV['WEBHOOKS_ALLOWED_IPS'].split(',').include?(request.remote_ip)
       head :forbidden and return
     end
   end
+
+  def process_payload
+    @payload = JSON.parse(request.body.read, symbolize_names: true)
+    unless @payload[:type] == "incoming" &&
+           @payload[:state] == "settled"
+      head :no_content and return
+    end
+  rescue
+    head :unprocessable_entity and return
+  end
+
+  def send_notifications
+    return if @payload[:amount] < @user.preferences[:lightning_notify_min_sats]
+
+    if @user.preferences[:lightning_notify_only_with_message]
+      return if @payload[:memo].blank?
+    end
+
+    target = @zap.present? ? @user.preferences[:lightning_notify_zap_received] :
+                             @user.preferences[:lightning_notify_sats_received]
+
+    case target
+    when "xmpp"
+      notify_xmpp
+    when "email"
+      notify_email
+    end
+  end
+
+  # TODO refactor into mailer-like generic class/service
+  def notify_xmpp
+    XmppSendMessageJob.perform_later({
+      type: "normal",
+      from: Setting.xmpp_notifications_from_address,
+      to: @user.address,
+      subject: "Sats received!",
+      body: "#{helpers.number_with_delimiter @payload[:amount]} sats received in your Lightning wallet:\n> #{@payload[:memo]}"
+    })
+  end
+
+  def notify_email
+    NotificationMailer.with(user: @user, amount_sats: @payload[:amount])
+                      .lightning_sats_received.deliver_later
+  end
 end

app/controllers/well_known_controller.rb

@@ -1,16 +1,33 @@
 class WellKnownController < ApplicationController
+  before_action :require_nostr_enabled, only: [ :nostr ]
+
   def nostr
     http_status :unprocessable_entity and return if params[:name].blank?
     domain = request.headers["X-Forwarded-Host"].presence || Setting.primary_domain
+    relay_url = Setting.nostr_relay_url.presence
+
+    if params[:name] == "_"
+      # pubkey for the primary domain without a username (e.g. kosmos.org)
+      res = { names: { "_": Setting.nostr_public_key } }
+      res[:relays] = { "_" => [ relay_url ] } if relay_url
+    else
       @user = User.where(cn: params[:name], ou: domain).first
       http_status :not_found and return if @user.nil? || @user.nostr_pubkey.blank?
 
+      res = { names: { @user.cn => @user.nostr_pubkey } }
+      res[:relays] = { @user.nostr_pubkey => [ relay_url ] } if relay_url
+    end
+
     respond_to do |format|
       format.json do
-        render json: {
-          names: { "#{@user.cn}": @user.nostr_pubkey }
-        }.to_json
+        render json: res.to_json
       end
     end
   end
+
+  private
+
+    def require_nostr_enabled
+      http_status :not_found unless Setting.nostr_enabled?
+    end
 end

app/helpers/application_helper.rb

@@ -1,10 +1,6 @@
 module ApplicationHelper
   include Pagy::Frontend
 
-  def sats_to_btc(sats)
-    sats.to_f / 100000000
-  end
-
   def main_nav_class(current_section, link_to_section)
     if current_section == link_to_section
       "bg-gray-900/50 text-white px-3 py-2 rounded-md font-medium text-base md:text-sm block md:inline-block"

app/helpers/btcpay_helper.rb

@@ -0,0 +1,7 @@
+module BtcpayHelper
+
+  def btcpay_checkout_url(invoice_id)
+    "#{Setting.btcpay_public_url}/i/#{invoice_id}"
+  end
+
+end

app/javascript/controllers/nostr_login_controller.js

@@ -0,0 +1,53 @@
+import { Controller } from "@hotwired/stimulus"
+
+// Connects to data-controller="nostr-login"
+export default class extends Controller {
+  static targets = [ "loginForm", "loginButton" ]
+  static values  = { site: String, sharedSecret: String }
+
+  connect() {
+    if (window.nostr) {
+      this.loginButtonTarget.disabled = false
+      this.loginFormTarget.classList.remove("hidden")
+    }
+  }
+
+  async login () {
+    this.loginButtonTarget.disabled = true
+
+    try {
+      // Auth based on NIP-42
+      const signedEvent = await window.nostr.signEvent({
+        created_at: Math.floor(Date.now() / 1000),
+        kind: 22242,
+        tags: [
+          ["site", this.siteValue],
+          ["challenge", this.sharedSecretValue]
+        ],
+        content: ""
+      })
+
+      const res = await fetch("/users/nostr_login", {
+        method: "POST", credentials: "include", headers: {
+          "Accept": "application/json", 'Content-Type': 'application/json',
+          "X-CSRF-Token": this.csrfToken
+        }, body: JSON.stringify({ signed_event: signedEvent })
+      })
+
+      if (res.status === 200) {
+        res.json().then(r => { window.location.href = r.redirect_url })
+      } else {
+        window.location.reload()
+      }
+    } catch (error) {
+      console.warn('Unable to authenticate:', error.message)
+    } finally {
+      this.loginButtonTarget.disabled = false
+    }
+  }
+
+  get csrfToken () {
+    const element = document.head.querySelector('meta[name="csrf-token"]')
+    return element.getAttribute("content")
+  }
+}

app/javascript/controllers/settings/nostr_pubkey_controller.js

@@ -3,7 +3,12 @@ import { Controller } from "@hotwired/stimulus"
 // Connects to data-controller="settings--nostr-pubkey"
 export default class extends Controller {
   static targets = [ "noExtension", "setPubkey", "pubkeyBech32Input" ]
-  static values  = { userAddress: String, pubkeyHex: String, sharedSecret: String }
+  static values  = {
+    userAddress: String,
+    pubkeyHex: String,
+    site: String,
+    sharedSecret: String
+  }
 
   connect () {
     if (window.nostr) {
@@ -19,11 +24,15 @@ export default class extends Controller {
     this.setPubkeyTarget.disabled = true
 
     try {
+      // Auth based on NIP-42
       const signedEvent = await window.nostr.signEvent({
         created_at: Math.floor(Date.now() / 1000),
-        kind: 1,
-        tags: [],
-        content: `Connect my public key to ${this.userAddressValue} (confirmation ${this.sharedSecretValue})`
+        kind: 22242,
+        tags: [
+          ["site", this.siteValue],
+          ["challenge", this.sharedSecretValue]
+        ],
+        content: ""
       })
 
       const res = await fetch("/settings/set_nostr_pubkey", {

app/jobs/btcpay_check_donation_job.rb

@@ -0,0 +1,28 @@
+class BtcpayCheckDonationJob < ApplicationJob
+  queue_as :default
+
+  def perform(donation)
+    return if donation.completed?
+
+    invoice = BtcpayManager::FetchInvoice.call(
+      invoice_id: donation.btcpay_invoice_id
+    )
+
+    case invoice["status"]
+    when "Settled"
+      donation.paid_at = DateTime.now
+      donation.payment_status = "settled"
+      donation.save!
+
+      NotificationMailer.with(user: donation.user)
+                        .bitcoin_donation_confirmed
+                        .deliver_later
+    when "Processing"
+      re_enqueue_job(donation)
+    end
+  end
+
+  def re_enqueue_job(donation)
+    self.class.set(wait: 20.seconds).perform_later(donation)
+  end
+end

app/jobs/create_ldap_user_job.rb

@@ -1,7 +1,7 @@
 class CreateLdapUserJob < ApplicationJob
   queue_as :default
 
-  def perform(username, domain, email, hashed_pw)
+  def perform(username:, domain:, email:, hashed_pw:, confirmed: false)
     dn = "cn=#{username},ou=#{domain},cn=users,dc=kosmos,dc=org"
     attr = {
       objectclass: ["top", "account", "person", "extensibleObject"],
@@ -12,6 +12,10 @@ class CreateLdapUserJob < ApplicationJob
       userPassword: hashed_pw
     }
 
+    if confirmed
+      attr[:serviceEnabled] = Setting.default_services
+    end
+
     ldap_client.add(dn: dn, attributes: attr)
   end
 

app/jobs/nostr_publish_event_job.rb

@@ -0,0 +1,7 @@
+class NostrPublishEventJob < ApplicationJob
+  queue_as :nostr
+
+  def perform(event:, relay_url:)
+    NostrManager::PublishEvent.call(event: event, relay_url: relay_url)
+  end
+end

app/jobs/xmpp_exchange_contacts_job.rb

@@ -2,8 +2,8 @@ class XmppExchangeContactsJob < ApplicationJob
   queue_as :default
 
   def perform(inviter, invitee)
-    return unless inviter.services_enabled.include?("xmpp") &&
-                  invitee.services_enabled.include?("xmpp") &&
+    return unless inviter.service_enabled?(:xmpp) &&
+                  invitee.service_enabled?(:xmpp) &&
                   inviter.preferences[:xmpp_exchange_contacts_with_invitees]
 
     ejabberd = EjabberdApiClient.new

app/mailers/notification_mailer.rb

@@ -23,4 +23,11 @@ class NotificationMailer < ApplicationMailer
     @subject = "New invitations added to your account"
     mail to: @user.email, subject: @subject
   end
+
+  def bitcoin_donation_confirmed
+    @user = params[:user]
+    @donation = params[:donation]
+    @subject = "Donation confirmed"
+    mail to: @user.email, subject: @subject
+  end
 end

app/models/donation.rb

@@ -4,12 +4,25 @@ class Donation < ApplicationRecord
 
   # Validations
   validates_presence_of :user
-  validates_presence_of :amount_sats
-  validates_presence_of :paid_at
-
-  # Hooks
-  # TODO before_create :store_fiat_value
+  validates_presence_of :donation_method,
+    inclusion: { in: %w[ custom btcpay lndhub ] }
+  validates_presence_of :payment_status, allow_nil: true,
+    inclusion: { in: %w[ processing settled ] }
+  validates_presence_of :paid_at, allow_nil: true
+  validates_presence_of :amount_sats, allow_nil: true
+  validates_presence_of :fiat_amount, allow_nil: true
+  validates_presence_of :fiat_currency, allow_nil: true,
+    inclusion: { in: %w[ EUR USD ] }
 
   #Scopes
-  scope :completed, -> { where.not(paid_at: nil) }
+  scope :processing, -> { where(payment_status: "processing") }
+  scope :completed, -> { where(payment_status: "settled") }
+
+  def processing?
+    payment_status == "processing"
+  end
+
+  def completed?
+    payment_status == "settled"
+  end
 end

app/models/setting.rb

@@ -51,6 +51,9 @@ class Setting < RailsSettings::Base
   field :btcpay_enabled, type: :boolean,
     default: ENV["BTCPAY_API_URL"].present?
 
+  field :btcpay_public_url, type: :string,
+    default: ENV["BTCPAY_PUBLIC_URL"].presence
+
   field :btcpay_store_id, type: :string,
     default: ENV["BTCPAY_STORE_ID"].presence
 
@@ -157,7 +160,26 @@ class Setting < RailsSettings::Base
   # Nostr
   #
 
-  field :nostr_enabled, type: :boolean, default: true
+  field :nostr_enabled, type: :boolean,
+    default: ENV["NOSTR_PRIVATE_KEY"].present?
+
+  field :nostr_private_key, type: :string,
+    default: ENV["NOSTR_PRIVATE_KEY"].presence
+
+  field :nostr_public_key, type: :string,
+    default: ENV["NOSTR_PUBLIC_KEY"].presence
+
+  field :nostr_relay_url, type: :string,
+    default: ENV["NOSTR_RELAY_URL"].presence
+
+  field :nostr_zaps_relay_limit, type: :integer,
+    default: 12
+
+  #
+  # OpenCollective
+  #
+
+  field :opencollective_enabled, type: :boolean, default: true
 
   #
   # RemoteStorage
@@ -197,4 +219,9 @@ class Setting < RailsSettings::Base
   #
   # field :email_imap_port, type: :string,
   #   default: ENV["EMAIL_IMAP_PORT"].presence || 993
+
+  def self.default_services
+    # TODO Make configurable from respective service settings page
+    %w[ discourse gitea mastodon mediawiki xmpp ]
+  end
 end

app/models/user.rb

@@ -17,16 +17,15 @@ class User < ApplicationRecord
   has_one  :invitation, inverse_of: :invitee, foreign_key: 'invited_user_id'
   has_one  :inviter, through: :invitation, source: :user
   has_many :invitees, through: :invitations
-
   has_many :donations, dependent: :nullify
+  has_many :remote_storage_authorizations
+  has_many :zaps
 
   has_one  :lndhub_user, class_name: "LndhubUser", inverse_of: "user",
                          primary_key: "ln_account", foreign_key: "login"
 
   has_many :accounts, through: :lndhub_user
 
-  has_many :remote_storage_authorizations
-
   #
   # Validations
   #
@@ -93,9 +92,7 @@ class User < ApplicationRecord
       LdapManager::UpdateEmail.call(dn: self.dn, address: self.email)
     else
       # E-Mail from signup confirmed (i.e. account activation)
-
-      # TODO Make configurable, only activate globally enabled services
-      enable_service %w[ discourse gitea mediawiki xmpp ]
+      enable_default_services
 
       # TODO enable in development when we have easy setup of ejabberd etc.
       return if Rails.env.development? || !Setting.ejabberd_enabled?
@@ -133,7 +130,7 @@ class User < ApplicationRecord
 
   def mastodon_address
     return nil unless Setting.mastodon_enabled?
-    "#{self.cn}@#{Setting.mastodon_address_domain}"
+    "#{self.cn.gsub("-", "_")}@#{Setting.mastodon_address_domain}"
   end
 
   def valid_attribute?(attribute_name)
@@ -141,10 +138,8 @@ class User < ApplicationRecord
     self.errors[attribute_name].blank?
   end
 
-  def ln_create_invoice(payload)
-    lndhub = Lndhub.new
-    lndhub.authenticate self
-    lndhub.addinvoice payload
+  def enable_default_services
+    enable_service Setting.default_services
   end
 
   def dn
@@ -178,6 +173,10 @@ class User < ApplicationRecord
     ldap_entry[:services_enabled] || []
   end
 
+  def service_enabled?(name)
+    services_enabled.map(&:to_sym).include?(name.to_sym)
+  end
+
   def enable_service(service)
     current_services = services_enabled
     new_services = Array(service).map(&:to_s)

app/models/user_preferences.rb

@@ -26,4 +26,8 @@ class UserPreferences
     end
     hash.stringify_keys!.to_h
   end
+
+  def self.pref_keys
+    DEFAULT_PREFS.keys.map(&:to_sym)
+  end
 end

app/models/zap.rb

@@ -0,0 +1,20 @@
+class Zap < ApplicationRecord
+  belongs_to :user
+
+  scope :settled, -> { where.not(settled_at: nil) }
+  scope :unpaid, -> { where(settled_at: nil) }
+
+  def request_event
+    nostr_event_from_hash(request)
+  end
+
+  def receipt_event
+    nostr_event_from_hash(receipt)
+  end
+
+  private
+
+    def nostr_event_from_hash(hash)
+      Nostr::Event.new(**hash.symbolize_keys)
+    end
+end

app/services/btcpay_manager/create_invoice.rb

@@ -0,0 +1,21 @@
+module BtcpayManager
+  class CreateInvoice < BtcpayManagerService
+    def initialize(amount:, currency:, redirect_url:)
+      @amount = amount
+      @currency = currency
+      @redirect_url = redirect_url
+    end
+
+    def call
+      post "/invoices", {
+        amount: @amount.to_s,
+        currency: @currency,
+        checkout: {
+          redirectURL: @redirect_url,
+          redirectAutomatically: true,
+          requiresRefundEmail: false
+        }
+      }
+    end
+  end
+end

app/services/btcpay_manager/fetch_exchange_rate.rb

@@ -0,0 +1,14 @@
+module BtcpayManager
+  class FetchExchangeRate < BtcpayManagerService
+    def initialize(fiat_currency:)
+      @fiat_currency = fiat_currency
+    end
+
+    def call
+      pair_str = "BTC_#{@fiat_currency}"
+      res = get "rates", { currencyPair: pair_str }
+      pair = res.find{|p| p["currencyPair"] == pair_str }
+      rate = pair["rate"].to_f
+    end
+  end
+end

app/services/btcpay_manager/fetch_invoice.rb

@@ -0,0 +1,14 @@
+module BtcpayManager
+  class FetchInvoice < BtcpayManagerService
+    def initialize(invoice_id:)
+      @invoice_id = invoice_id
+    end
+
+    def call
+      invoice = get "/invoices/#{@invoice_id}"
+      payment_methods = get "/invoices/#{@invoice_id}/payment-methods"
+      invoice["paymentMethods"] = payment_methods
+      invoice
+    end
+  end
+end

app/services/btcpay_manager/fetch_lightning_wallet_balance.rb

@@ -1,7 +1,7 @@
 module BtcpayManager
   class FetchLightningWalletBalance < BtcpayManagerService
     def call
-      res = get "stores/#{store_id}/lightning/BTC/balance"
+      res = get "/lightning/BTC/balance"
 
       {
         confirmed_balance: res["offchain"]["local"].to_i / 1000 # msats to sats

app/services/btcpay_manager/fetch_onchain_wallet_balance.rb

@@ -1,7 +1,7 @@
 module BtcpayManager
   class FetchOnchainWalletBalance < BtcpayManagerService
     def call
-      res = get "stores/#{store_id}/payment-methods/onchain/BTC/wallet"
+      res = get "/payment-methods/onchain/BTC/wallet"
 
       {
         balance: (res["balance"].to_f * 100000000).to_i, # BTC to sats

app/services/btcpay_manager_service.rb

@@ -2,23 +2,35 @@
 # API Docs: https://docs.btcpayserver.org/API/Greenfield/v1/
 #
 class BtcpayManagerService < ApplicationService
-  attr_reader :base_url, :store_id, :auth_token
-
-  def initialize
-    @base_url   = Setting.btcpay_api_url
-    @store_id   = Setting.btcpay_store_id
-    @auth_token = Setting.btcpay_auth_token
-  end
-
   private
 
-    def get(endpoint)
-      res = Faraday.get("#{base_url}/#{endpoint}", {}, {
+    def base_url
+      @base_url ||= "#{Setting.btcpay_api_url}/stores/#{Setting.btcpay_store_id}"
+    end
+
+    def auth_token
+      @auth_token ||= Setting.btcpay_auth_token
+    end
+
+    def headers
+      {
         "Content-Type" => "application/json",
         "Accept" => "application/json",
         "Authorization" => "token #{auth_token}"
-      })
+      }
+    end
 
+    def endpoint_url(path)
+      "#{base_url}/#{path.gsub(/^\//, '')}"
+    end
+
+    def get(path, params = {})
+      res = Faraday.get endpoint_url(path), params, headers
+      JSON.parse(res.body)
+    end
+
+    def post(path, payload)
+      res = Faraday.post endpoint_url(path), payload.to_json, headers
       JSON.parse(res.body)
     end
 end

app/services/create_account.rb

@@ -35,11 +35,15 @@ class CreateAccount < ApplicationService
     @invitation.update! invited_user_id: user_id, used_at: DateTime.now
   end
 
-  # TODO move to confirmation
-  # (and/or add email_confirmed to entry and use in login filter)
   def add_ldap_document
     hashed_pw = Devise.ldap_auth_password_builder.call(@password)
-    CreateLdapUserJob.perform_later(@username, @domain, @email, hashed_pw)
+    CreateLdapUserJob.perform_later(
+      username: @username,
+      domain: @domain,
+      email: @email,
+      hashed_pw: hashed_pw,
+      confirmed: @confirmed
+    )
   end
 
   def create_lndhub_account(user)

app/services/ldap_service.rb

@@ -57,7 +57,7 @@ class LdapService < ApplicationService
     end
 
     attributes = %w[
-      dn cn uid mail displayName admin service
+      dn cn uid mail displayName admin serviceEnabled
       mailRoutingAddress mailpassword nostrKey
     ]
     filter = Net::LDAP::Filter.eq("uid", args[:uid] || "*")
@@ -101,7 +101,7 @@ class LdapService < ApplicationService
     dn = "ou=#{ou},cn=users,#{ldap_suffix}"
 
     aci = <<-EOS
-(target="ldap:///cn=*,ou=#{ou},cn=users,#{ldap_suffix}")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-#{ou.gsub(".", "-")}-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=#{ou},cn=applications,#{ldap_suffix}";)
+(target="ldap:///cn=*,ou=#{ou},cn=users,#{ldap_suffix}")(targetattr="cn || sn || uid || userPassword || mail || mailRoutingAddress || serviceEnabled || nostrKey || nsRole || objectClass") (version 3.0; acl "service-#{ou.gsub(".", "-")}-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=#{ou},cn=applications,#{ldap_suffix}";)
     EOS
 
     attrs = {

app/services/lndhub.rb

@@ -1,24 +1,20 @@
-class Lndhub
+class Lndhub < ApplicationService
   attr_accessor :auth_token
 
-  def initialize
-    @base_url = ENV["LNDHUB_API_URL"]
-  end
-
-  def post(endpoint, payload)
+  def post(path, payload)
     headers = { "Content-Type" => "application/json" }
     if auth_token
       headers.merge!({ "Authorization" => "Bearer #{auth_token}" })
     end
 
-    res = Faraday.post "#{@base_url}/#{endpoint}", payload.to_json, headers
+    res = Faraday.post endpoint_url(path), payload.to_json, headers
     log_error(res) if res.status != 200
 
     JSON.parse(res.body)
   end
 
-  def get(endpoint, auth_token)
-    res = Faraday.get("#{@base_url}/#{endpoint}", {}, {
+  def get(path, auth_token)
+    res = Faraday.get(endpoint_url(path), {}, {
       "Content-Type" => "application/json",
       "Accept" => "application/json",
       "Authorization" => "Bearer #{auth_token}"
@@ -42,7 +38,7 @@ class Lndhub
     self.auth_token
   end
 
-  def balance(user_token=nil)
+  def fetch_balance(user_token=nil)
     get "balance", user_token || auth_token
   end
 
@@ -72,4 +68,14 @@ class Lndhub
       Sentry.capture_message("Lndhub API request failed: #{res.body}")
     end
   end
+
+  private
+
+    def base_url
+      @base_url ||= Setting.lndhub_api_url
+    end
+
+    def endpoint_url(path)
+      "#{base_url}/#{path.gsub(/^\//, '')}"
+    end
 end

app/services/lndhub_manager/create_user_invoice.rb

@@ -0,0 +1,13 @@
+module LndhubManager
+  class CreateUserInvoice < LndhubV2
+    def initialize(user:, payload:)
+      @user = user
+      @payload = payload
+    end
+
+    def call
+      authenticate @user
+      create_invoice @payload
+    end
+  end
+end

app/services/lndhub_manager/fetch_user_balance.rb

@@ -0,0 +1,12 @@
+module LndhubManager
+  class FetchUserBalance < Lndhub
+    def initialize(auth_token:)
+      @auth_token = auth_token
+    end
+
+    def call
+      data = fetch_balance(auth_token)
+      data["BTC"]["AvailableBalance"] rescue nil
+    end
+  end
+end

app/services/lndhub_v2.rb

@@ -1,13 +1,13 @@
 class LndhubV2 < Lndhub
 
-  def post(endpoint, payload, options={})
+  def post(path, payload, options={})
     headers = { "Content-Type" => "application/json" }
     if auth_token
       headers.merge!({ "Authorization" => "Bearer #{auth_token}" })
     elsif options[:admin_token]
       headers.merge!({ "Authorization" => "Bearer #{options[:admin_token]}" })
     end
-    res = Faraday.post "#{@base_url}/#{endpoint}", payload.to_json, headers
+    res = Faraday.post endpoint_url(path), payload.to_json, headers
     log_error(res) if res.status != 200
 
     JSON.parse(res.body)

app/services/nostr_manager/create_zap_receipt.rb

@@ -0,0 +1,25 @@
+module NostrManager
+  class CreateZapReceipt < NostrManagerService
+    def initialize(zap:, paid_at:, preimage:)
+      @zap, @paid_at, @preimage = zap, paid_at, preimage
+    end
+
+    def call
+      request_tags = parse_tags(@zap.request_event.tags)
+
+      site_user.create_event(
+        kind: 9735,
+        created_at: @paid_at,
+        content: "",
+        tags: [
+          ["p", request_tags[:p].first],
+          ["e", request_tags[:e]&.first],
+          ["a", request_tags[:a]&.first],
+          ["bolt11", @zap.payment_request],
+          ["preimage", @preimage],
+          ["description", @zap.request_event.to_json]
+        ].reject { |t| t[1].nil? }
+      )
+    end
+  end
+end

app/services/nostr_manager/publish_event.rb

@@ -0,0 +1,50 @@
+module NostrManager
+  class PublishEvent < NostrManagerService
+    def initialize(event:, relay_url:)
+      relay_name = URI.parse(relay_url).host
+      @relay = Nostr::Relay.new(url: relay_url, name: relay_name)
+
+      if event.is_a?(Nostr::Event)
+        @event = event
+      else
+        @event = Nostr::Event.new(**event.symbolize_keys)
+      end
+
+      @client = Nostr::Client.new
+    end
+
+    def call
+      client, relay, event = @client, @relay, @event
+      log_prefix = "[nostr][#{relay.name}]"
+
+      thread = Thread.new do
+        client.on :connect do
+          puts "#{log_prefix} Publishing #{event.id}..."
+          client.publish event
+        end
+
+        client.on :error do |e|
+          puts "#{log_prefix} Error: #{e}"
+          puts "#{log_prefix} Closing thread..."
+          thread.exit
+        end
+
+        client.on :message do |m|
+          puts "#{log_prefix} Message: #{m}"
+          msg = JSON.parse(m) rescue []
+          if msg[0] == "OK" && msg[1] == event.id && msg[2]
+            puts "#{log_prefix} Event published. Closing thread..."
+          else
+            puts "#{log_prefix} Unexpected message from relay. Closing thread..."
+          end
+          thread.exit
+        end
+
+        puts "#{log_prefix} Connecting to #{relay.url}..."
+        client.connect relay
+      end
+
+      thread.join
+    end
+  end
+end

app/services/nostr_manager/publish_zap_receipt.rb

@@ -0,0 +1,24 @@
+module NostrManager
+  class PublishZapReceipt < NostrManagerService
+    def initialize(zap:, delayed: true)
+      @zap, @delayed = zap, delayed
+    end
+
+    def call
+      tags = parse_tags(@zap.request_event.tags)
+      relays = tags[:relays].take(Setting.nostr_zaps_relay_limit)
+
+      if Setting.nostr_relay_url.present?
+        relays << Setting.nostr_relay_url
+      end
+
+      relays.uniq.each do |relay_url|
+        if @delayed
+          NostrPublishEventJob.perform_later(event: @zap.receipt, relay_url: relay_url)
+        else
+          NostrManager::PublishEvent.call(event: @zap.receipt_event, relay_url: relay_url)
+        end
+      end
+    end
+  end
+end

app/services/nostr_manager/validate_id.rb

@@ -1,11 +0,0 @@
-module NostrManager
-  class ValidateId < NostrManagerService
-    def initialize(event:)
-      @event = Nostr::Event.new(**event)
-    end
-
-    def call
-      @event.id == Digest::SHA256.hexdigest(JSON.generate(@event.serialize))
-    end
-  end
-end

app/services/nostr_manager/verify_auth.rb

@@ -0,0 +1,18 @@
+module NostrManager
+  class VerifyAuth < NostrManagerService
+    def initialize(event:, challenge:)
+      @event = event
+      @challenge_expected = challenge
+      @site_expected = Setting.accounts_domain
+    end
+
+    def call
+      tags            = parse_tags(@event.tags)
+      site_given      = tags[:site].first
+      challenge_given = tags[:challenge].first
+
+      site_given == @site_expected &&
+      challenge_given == @challenge_expected
+    end
+  end
+end

app/services/nostr_manager/verify_signature.rb

@@ -1,17 +0,0 @@
-module NostrManager
-  class VerifySignature < NostrManagerService
-    def initialize(event:)
-      @event = Nostr::Event.new(**event)
-    end
-
-    def call
-      Schnorr.check_sig!(
-        [@event.id].pack('H*'),
-        [@event.pubkey].pack('H*'),
-        [@event.sig].pack('H*')
-      )
-    rescue Schnorr::InvalidSignatureError
-      false
-    end
-  end
-end

app/services/nostr_manager/verify_zap_request.rb

@@ -0,0 +1,51 @@
+module NostrManager
+  class VerifyZapRequest < NostrManagerService
+    def initialize(amount:, event:, lnurl: nil)
+      @amount, @event, @lnurl = amount, event, lnurl
+    end
+
+    # https://github.com/nostr-protocol/nips/blob/27fef638e2460139cc9078427a0aec0ce4470517/57.md#appendix-d-lnurl-server-zap-request-validation
+    def call
+      tags = parse_tags(@event.tags)
+
+      @event.verify_signature &&
+      @event.kind == 9734 &&
+      tags.present? &&
+      valid_p_tag?(tags[:p]) &&
+      valid_e_tag?(tags[:e]) &&
+      valid_a_tag?(tags[:a]) &&
+      valid_amount_tag?(tags[:amount]) &&
+      valid_lnurl_tag?(tags[:lnurl])
+    end
+
+    def valid_p_tag?(tag)
+      return false unless tag.present? && tag.length == 1
+      key = Nostr::PublicKey.new(tag.first) rescue nil
+      key.present?
+    end
+
+    def valid_e_tag?(tag)
+      return true unless tag.present?
+      # TODO validate format of event ID properly
+      tag.length == 1 && tag.first.is_a?(String)
+    end
+
+    def valid_a_tag?(tag)
+      return true unless tag.present?
+      # TODO validate format of event coordinate properly
+      tag.length == 1 && tag.first.is_a?(String)
+    end
+
+    def valid_amount_tag?(tag)
+      return true unless tag.present?
+      amount = tag.first
+      amount.is_a?(String) && amount.to_i == @amount
+    end
+
+    def valid_lnurl_tag?(tag)
+      return true unless tag.present?
+      # TODO validate lnurl matching recipient's lnurlp
+      tag.first.is_a?(String)
+    end
+  end
+end

app/services/nostr_manager_service.rb

@@ -1,4 +1,22 @@
 require "nostr"
 
 class NostrManagerService < ApplicationService
+  def parse_tags(tags)
+    out = {}
+    tags.each do |tag|
+      out[tag[0].to_sym] = tag[1, tag.length]
+    end
+    out
+  end
+
+  def site_keypair
+    Nostr::KeyPair.new(
+      private_key: Nostr::PrivateKey.new(Setting.nostr_private_key),
+      public_key: Nostr::PublicKey.new(Setting.nostr_public_key)
+    )
+  end
+
+  def site_user
+    Nostr::User.new(keypair: site_keypair)
+  end
 end

app/views/admin/donations/_donation.json.jbuilder

@@ -1,2 +0,0 @@
-json.extract! donation, :id, :user_id, :amount_sats, :amount_eur, :amount_usd, :public_name, :created_at, :updated_at
-json.url donation_url(donation, format: :json)

app/views/admin/donations/_form.html.erb

@@ -14,14 +14,24 @@
     <%= form.label :user_id %>
     <%= form.collection_select :user_id, User.where(ou: Setting.primary_domain).order(:cn), :id, :cn, {} %>
 
+    <%= form.label :donation_method, "Donation method" %>
+    <%= form.select :donation_method, options_for_select([
+          ["Custom (manual)", "custom"],
+          ["BTCPay", "btcpay"],
+          ["LndHub account", "lndhub"],
+          ["OpenCollective", "opencollective"]
+        ], selected: (donation.donation_method || "custom")) %>
+
     <%= form.label :amount_sats, "Amount BTC (sats)" %>
     <%= form.number_field :amount_sats %>
 
-    <%= form.label :amount_eur, "Amount EUR (cents)" %>
-    <%= form.number_field :amount_eur %>
+    <%= form.label :fiat_amount, "Fiat Amount (cents)" %>
+    <%= form.number_field :fiat_amount %>
 
-    <%= form.label :amount_usd, "Amount USD (cents)"%>
-    <%= form.number_field :amount_usd %>
+    <%= form.label :fiat_currency, "Fiat Currency" %>
+    <%= form.select :fiat_currency, options_for_select([
+          ["EUR", "EUR"], ["USD", "USD"], ["sats", "sats"]
+        ], selected: donation.fiat_currency) %>
 
     <%= form.label :public_name %>
     <%= form.text_field :public_name %>

app/views/admin/donations/index.html.erb

@@ -25,9 +25,8 @@
       <thead>
         <tr>
           <th>User</th>
-          <th class="text-right">Amount BTC</th>
-          <th class="text-right">in EUR</th>
-          <th class="text-right">in USD</th>
+          <th class="text-right">Sats</th>
+          <th class="text-right">Fiat Amount</th>
           <th class="pl-2">Public name</th>
           <th>Date</th>
           <th></th>
@@ -36,10 +35,9 @@
       <tbody>
         <% @donations.each do |donation| %>
           <tr>
-            <td><%= link_to donation.user.address, admin_user_path(donation.user.address), class: 'ks-text-link' %></td>
-            <td class="text-right"><%= sats_to_btc donation.amount_sats %></td>
-            <td class="text-right"><% if donation.amount_eur.present? %><%= number_to_currency donation.amount_eur / 100, unit: "" %><% end %></td>
-            <td class="text-right"><% if donation.amount_usd.present? %><%= number_to_currency donation.amount_usd / 100, unit: "" %><% end %></td>
+            <td><%= link_to donation.user.cn, admin_user_path(donation.user.cn), class: 'ks-text-link' %></td>
+            <td class="text-right"><% if donation.amount_sats.present? %><%= number_with_delimiter donation.amount_sats %><% end %></td>
+            <td class="text-right"><% if donation.fiat_amount.present? %><%= number_to_currency donation.fiat_amount.to_f / 100, unit: "" %> <%= donation.fiat_currency %><% end %></td>
             <td class="pl-2"><%= donation.public_name %></td>
             <td><%= donation.paid_at ? donation.paid_at.strftime("%Y-%m-%d (%H:%M UTC)") : "" %></td>
             <td class="text-right">

app/views/admin/donations/index.json.jbuilder

@@ -1 +0,0 @@
-json.array! @donations, partial: "donations/donation", as: :donation

app/views/admin/donations/show.html.erb

@@ -6,19 +6,19 @@
       <tbody>
         <tr>
           <th>User</th>
-          <td><%= link_to @donation.user.address, admin_user_path(@donation.user.address), class: 'ks-text-link' %></td>
+          <td><%= link_to @donation.user.cn, admin_user_path(@donation.user.cn), class: 'ks-text-link' %></td>
+        </tr>
+        <tr>
+          <th>Donation Method</th>
+          <td><%= @donation.donation_method %></td>
         </tr>
         <tr>
           <th>Amount sats</th>
           <td><%= @donation.amount_sats %></td>
         </tr>
         <tr>
-          <th>Amount EUR</th>
-          <td><%= @donation.amount_eur %></td>
-        </tr>
-        <tr>
-          <th>Amount USD</th>
-          <td><%= @donation.amount_usd %></td>
+          <th>Fiat amount</th>
+          <td><% if @donation.fiat_amount.present? %><%= number_to_currency @donation.fiat_amount.to_f / 100, unit: "" %> <%= @donation.fiat_currency %><% end %></td>
         </tr>
         <tr>
           <th>Public name</th>
@@ -26,7 +26,7 @@
         </tr>
         <tr>
           <th>Date</th>
-          <td><%= @donation.paid_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
+          <td><%= @donation.paid_at&.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
         </tr>
       </tbody>
     </table>

app/views/admin/donations/show.json.jbuilder

@@ -1 +0,0 @@
-json.partial! "donations/donation", donation: @donation

app/views/admin/invitations/index.html.erb

@@ -38,8 +38,8 @@
             <tr>
               <td class="overflow-ellipsis font-mono"><%= invitation.token %></td>
               <td><%= invitation.used_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
-              <td><%= link_to invitation.user.address, admin_user_path(invitation.user.address), class: "ks-text-link" %></td>
-              <td><%= link_to invitation.invitee.address, admin_user_path(invitation.invitee.address), class: "ks-text-link" %></td>
+              <td><%= link_to invitation.user.cn, admin_user_path(invitation.user.cn), class: "ks-text-link" %></td>
+              <td><%= link_to invitation.invitee.cn, admin_user_path(invitation.invitee.cn), class: "ks-text-link" %></td>
             </tr>
           <% end %>
         </tbody>

app/views/admin/lightning/index.html.erb

@@ -36,7 +36,7 @@
             </td>
             <td>
               <% if user = @users.find{ |u| u[2] == account.login } %>
-                <%= link_to "#{user[0]}@#{user[1]}", admin_user_path("#{user[0]}@#{user[1]}"), class: "ks-text-link" %>
+                <%= link_to user[0], admin_user_path(user[0]), class: "ks-text-link" %>
               <% end %>
             </td>
             <td><%= number_with_delimiter account.balance.to_i.to_s %></td>

app/views/admin/settings/services/_nostr.html.erb

@@ -7,4 +7,32 @@
     title: "Enable Nostr integration (experimental)",
     description: "Allow adding nostr pubkeys and resolve user addresses via NIP-05"
   ) %>
+<% if Setting.nostr_enabled? %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :nostr_private_key,
+        type: :password,
+        title: "Private key",
+        description: "The private key of the accounts service, used when publishing events (e.g. zap receipts)"
+      ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :nostr_public_key,
+        title: "Public key",
+        description: "The corresponding public key of the accounts service"
+      ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :nostr_relay_url,
+        title: "Relay URL",
+        description: "Websockets URL of a relay associated with #{Setting.primary_domain}"
+      ) %>
 </ul>
+</section>
+<section>
+<h3>Zaps</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :nostr_zaps_relay_limit,
+        title: "Relay limit",
+        description: "The maximum number of relays to publish zap receipts to"
+      ) %>
+</ul>
+<% end %>

app/views/admin/users/show.html.erb

@@ -36,7 +36,7 @@
             <th>Invited by</th>
             <td>
             <% if @user.inviter %>
-              <%= link_to @user.inviter.address, admin_user_path(@user.inviter.address), class: 'ks-text-link' %>
+              <%= link_to @user.inviter.cn, admin_user_path(@user.inviter.cn), class: 'ks-text-link' %>
             <% else %>&mdash;<% end %>
             </td>
           </tr>
@@ -78,7 +78,7 @@
             <% if @user.invitees.length > 0 %>
               <ul class="mb-0">
               <% @user.invitees.order(cn: :asc).each do |invitee| %>
-                <li class="leading-none mb-2 last:mb-0"><%= link_to invitee.address, admin_user_path(invitee.address), class: 'ks-text-link' %></li>
+                <li class="leading-none mb-2 last:mb-0"><%= link_to invitee.cn, admin_user_path(invitee.cn), class: 'ks-text-link' %></li>
               <% end %>
               </ul>
             <% else %>&mdash;<% end %>
@@ -124,6 +124,19 @@
           </td>
         </tr>
         <% end %>
+        <% if Setting.email_enabled %>
+        <tr>
+          <td>E-Mail</td>
+          <td>
+            <%= render FormElements::ToggleComponent.new(
+              enabled: Flipper.enabled?(:email, current_user),
+              input_enabled: false
+            ) %>
+          </td>
+          <td class="text-right">
+          </td>
+        </tr>
+        <% end %>
         <% if Setting.gitea_enabled %>
         <tr>
           <td>Gitea</td>
@@ -182,6 +195,33 @@
           </td>
         </tr>
         <% end %>
+        <% if Setting.nostr_enabled %>
+        <tr>
+          <td>Nostr</td>
+          <td>
+            <%= render FormElements::ToggleComponent.new(
+              enabled: @user.nostr_pubkey.present?,
+              input_enabled: false
+            ) %>
+          </td>
+          <td class="text-right">
+            <%= link_to "Open profile", "https://njump.me/#{@user.nostr_pubkey_bech32}", class: "btn-sm btn-gray" %>
+          </td>
+        </tr>
+        <% end %>
+        <% if Setting.remotestorage_enabled %>
+        <tr>
+          <td>remoteStorage</td>
+          <td>
+            <%= render FormElements::ToggleComponent.new(
+              enabled: Flipper.enabled?(:remotestorage, current_user) && @services_enabled.include?("remotestorage"),
+              input_enabled: false
+            ) %>
+          </td>
+          <td class="text-right">
+          </td>
+        </tr>
+        <% end %>
       </tbody>
     </table>
   </section>

app/views/contributions/donations/_bitcoin.html.erb

@@ -0,0 +1,36 @@
+<div class="rounded-lg p-6 bg-emerald-50 hover:bg-emerald-100 transition-colors">
+  <h3 class="mb-4 text-lg font-bold">Donate directly with Bitcoin</h3>
+  <p class="mb-6">
+    Open-source money for open-source services.
+  </p>
+  <div data-controller="modal" data-action="keydown.esc->modal#close">
+    <button class="btn-md btn-emerald w-full lg:w-1/2" data-action="click->modal#open">
+      Donate
+    </button>
+    <%= render ModalComponent.new(show_close_button: false) do %>
+      <div>
+        <h3>Your contribution</h3>
+
+        <%= form_with(url: contributions_donations_url, method: :post) do |f| %>
+          <%= f.hidden_field :donation_method, value: "btcpay" %>
+
+          <div class="mb-6 flex gap-2">
+            <%= f.number_field :amount, required: true %>
+            <%= f.select :currency, options_for_select([
+                  ["EUR", "EUR"], ["USD", "USD"], ["sats", "sats"]
+                ], selected: "EUR"), class: "flex-none" %>
+          </div>
+
+          <%= render FormElements::FieldsetComponent.new(tag: "div", title: "Public name") do %>
+            <%= f.text_field :public_name, class: "w-full", placeholder: "Anonymous"  %>
+          <% end %>
+
+          <p class="mt-12">
+            <%= f.submit 'Continue', data: { turbo: false },
+                  class: "btn-md btn-blue w-full" %>
+          </p>
+        <% end %>
+      </div>
+    <% end %>
+  </div>
+</div>

app/views/contributions/donations/_list.html.erb

@@ -0,0 +1,37 @@
+<ul class="list-none">
+  <% donations.each do |donation| %>
+    <li class="mb-8 grid gap-y-2 grid-cols-2 items-center">
+      <h3 class="mb-0">
+        <% if donation.completed? %>
+        <%= donation.paid_at.strftime("%B %d, %Y") %>
+        <% else %>
+        <%= donation.created_at.strftime("%B %d, %Y") %>
+        <% end %>
+      </h3>
+      <p class="row-span-2 font-mono text-right mb-0">
+        <span class="text-xl">
+          <%= number_with_delimiter donation.amount_sats %> sats
+        </span>
+        <br>
+        <span class="text-sm text-gray-500">
+          (~ <%= number_to_currency donation.fiat_amount.to_f / 100, unit: "" %> <%= donation.fiat_currency %>)
+        </span>
+      </p>
+      <p class="mb-0 text-gray-500">
+        <% if donation.processing? %>
+          Waiting for confirmations
+          <% if donation.donation_method == "btcpay" %>
+            <%= link_to "check status", btcpay_checkout_url(donation.btcpay_invoice_id),
+                  class: "ml-2 btn-sm btn-gray" %>
+          <% end %>
+        <% else %>
+          <% if donation.public_name.present? %>
+            As: <%= donation.public_name %>
+          <% else %>
+            Anonymous
+          <% end %>
+        <% end %>
+      </p>
+    </li>
+  <% end %>
+</ul>

app/views/contributions/donations/_opencollective.html.erb

@@ -0,0 +1,6 @@
+<div class="rounded-lg p-6 bg-zinc-100 hover:bg-zinc-200 transition-colors">
+  <h3 class="mb-4 text-lg font-bold text-gray-500">Donate via OpenCollective</h3>
+  <p class="text-gray-600 text-gray-500">
+    Coming soon.
+  </p>
+</div>

app/views/contributions/donations/index.html.erb

@@ -2,50 +2,39 @@
 
 <%= render MainWithTabnavComponent.new(tabnav_partial: "shared/tabnav_contributions") do %>
   <section>
-    <% if @donations.any? %>
     <p class="mb-12">
       Your financial contributions to the development and upkeep of Kosmos
       software and services.
     </p>
-      <ul class="list-none">
-        <% @donations.each do |donation| %>
-          <li class="mb-8 grid gap-y-2 gap-x-8 grid-cols-2 items-center">
-            <h3 class="mb-0">
-              <%= donation.paid_at.strftime("%B %d, %Y") %>
-            </h3>
-            <p class="row-span-2 font-mono text-right mb-0">
-              <span class="text-xl">
-                <%= number_with_delimiter donation.amount_sats %> sats
-              </span>
-              <br>
-              <span class="text-sm text-gray-500">
-                (~ <%= number_to_currency donation.amount_eur / 100, unit: "" %> EUR)
-              </span>
-            </p>
-            <p class="mb-0">
-              <% if donation.public_name.present? %>
-                Public name: <%= donation.public_name %>
-              <% else %>
-                Anonymous
-              <% end %>
-            </p>
-          </li>
-        <% end %>
-      </ul>
-    <% else %>
-      <div class="text-center">
-        <p class="mt-8 mb-12 inline-flex align-center items-center">
-          <%= image_tag("/img/illustrations/undraw_savings_re_eq4w.svg", class: 'h-48') %>
-        </p>
-        <h3>
-          No donations yet
-        </h3>
-        <p class="text-gray-500">
-          The donation process is not automated yet.<br>Please
-          <a href="https://wiki.kosmos.org/Main_Page#Community_.2F_Getting_in_touch_.2F_Getting_involved" class="ks-text-link" target="_blank">contact us</a>
-          if you'd like to contribute this way right now.
-        </p>
-      </div>
-    <% end %>
   </section>
+
+  <section class="donation-methods">
+    <div class="grid grid-cols-1 sm:grid-cols-2 gap-4 sm:gap-6">
+      <% if @donation_methods.include?(:btcpay) ||
+            @donation_methods.include?(:lndhub) %>
+        <%= render partial: "contributions/donations/bitcoin", locals: {
+          donation_methods: @donation_methods, lndhub_balance: @balance
+        } %>
+      <% end %>
+      <% if @donation_methods.include?(:opencollective) %>
+        <%= render partial: "contributions/donations/opencollective" %>
+      <% end %>
+    </div>
+  </section>
+
+  <% if @donations_pending.any? %>
+  <section class="donation-list">
+    <h2>Pending</h2>
+    <%= render partial: "contributions/donations/list",
+               locals: { donations: @donations_pending } %>
+  </section>
+  <% end %>
+
+  <% if @donations_completed.any? %>
+  <section class="donation-list">
+    <h2>Past contributions</h2>
+    <%= render partial: "contributions/donations/list",
+               locals: { donations: @donations_completed } %>
+  </section>
+  <% end %>
 <% end %>

app/views/contributions/projects/index.html.erb

@@ -16,8 +16,8 @@
     <p>
       There's something to do for everyone, especially non-programmers! For
       example, we need more help with graphics, UI/UX design, and
-      content/copywriting. We also need moderators for social media. And beta
-      testers for our software. The list doesn't end there.
+      content/copywriting. Also, testing any of our software and reporting
+      issues you encounter along the way is very valuable.
     </p>
     <p>
       A good way to get started is to join one of our
@@ -43,7 +43,7 @@
     </p>
     <p>
       We have run two 6-month trials so far, with the next trial period
-      starting sometime in Q1 2024. Watch your email for notifications about it!
+      starting sometime soon. Watch your email for notifications about it!
     </p>
   </section>
 <% end %>

app/views/dashboard/index.html.erb

@@ -5,7 +5,7 @@
     <div class="services grid grid-cols-1 sm:grid-cols-2 gap-4 sm:gap-6">
       <% if Setting.ejabberd_enabled? %>
         <div class="border border-gray-300 rounded-md hover:border-gray-400
-                    bg-cover bg-[center_top_-50px] bg-no-repeat
+                    bg-[length:86%] bg-[center_top_-40px] bg-no-repeat
                     bg-[url(/img/logos/icon_xmpp.svg)]">
           <%= link_to services_chat_path,
                 class: "block h-full px-6 py-6 rounded-md" do %>
@@ -18,7 +18,7 @@
       <% end %>
       <% if Setting.mastodon_enabled? %>
         <div class="border border-gray-300 rounded-md hover:border-gray-400
-                    bg-[length:80%] bg-[right_top_-30px] bg-no-repeat
+                    bg-[length:88%] bg-[center_top_-40px] bg-no-repeat
                     bg-[url(/img/logos/icon_mastodon.svg)]">
           <%= link_to services_mastodon_path, class: "block h-full px-6 py-6 rounded-md" do %>
             <h3 class="mb-3.5">Mastodon</h3>
@@ -30,7 +30,9 @@
       <% end %>
       <% if Setting.email_enabled? &&
             Flipper.enabled?(:email, current_user) %>
-        <div class="border border-gray-300 rounded-md hover:border-gray-400">
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-[length:90%] bg-[center_top_-160px] bg-no-repeat
+                    bg-[url(/img/logos/icon_mail.svg)]">
           <%= link_to services_email_path, class: "block h-full px-6 py-6 rounded-md" do %>
             <h3 class="mb-3.5">E-Mail</h3>
             <p class="text-gray-600">
@@ -39,15 +41,16 @@
           <% end %>
         </div>
       <% end %>
-      <% if Setting.discourse_enabled? %>
+      <% if Setting.remotestorage_enabled? &&
+            Flipper.enabled?(:remotestorage, current_user) %>
         <div class="border border-gray-300 rounded-md hover:border-gray-400
-                    bg-[length:95%] bg-center bg-no-repeat
-                    bg-[url(/img/logos/icon_discourse.svg)]">
-          <%= link_to "#{Setting.discourse_public_url}/session/sso?return_path=/",
+                    bg-[length:80%] bg-[center_top_-156px] bg-no-repeat
+                    bg-[url(/img/logos/icon_remotestorage.svg)]">
+          <%= link_to services_storage_path,
                 class: "block h-full px-6 py-6 rounded-md" do %>
-            <h3 class="mb-3.5">Discourse</h3>
+            <h3 class="mb-3.5">Storage</h3>
             <p class="text-gray-600">
-              Kosmos community forums and user support/help site
+              Sync your data between apps and devices
             </p>
           <% end %>
         </div>
@@ -65,21 +68,22 @@
           <% end %>
         </div>
       <% end %>
-      <% if Setting.remotestorage_enabled? &&
-            Flipper.enabled?(:remotestorage, current_user) %>
-        <div class="border border-gray-300 rounded-md hover:border-gray-400">
-          <%= link_to services_storage_path,
+      <% if Setting.discourse_enabled? %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-[length:80%] bg-center bg-no-repeat
+                    bg-[url(/img/logos/icon_discourse.svg)]">
+          <%= link_to "#{Setting.discourse_public_url}/session/sso?return_path=/",
                 class: "block h-full px-6 py-6 rounded-md" do %>
-            <h3 class="mb-3.5">Storage</h3>
+            <h3 class="mb-3.5">Discourse</h3>
             <p class="text-gray-600">
-              Sync your data between apps and devices
+              Community forums and support/help site
             </p>
           <% end %>
         </div>
       <% end %>
       <% if Setting.gitea_enabled? %>
         <div class="border border-gray-300 rounded-md hover:border-gray-400
-                    bg-cover bg-center bg-no-repeat
+                    bg-[length:92%] bg-center bg-no-repeat
                     bg-[url(/img/logos/icon_gitea.png)]">
           <%= link_to Setting.gitea_public_url,
                 class: "block h-full px-6 py-6 rounded-md" do %>
@@ -92,7 +96,7 @@
       <% end %>
       <% if Setting.droneci_enabled? %>
         <div class="border border-gray-300 rounded-md hover:border-gray-400
-                    bg-cover bg-[center_top_-70px] bg-no-repeat
+                    bg-[length:86%] bg-[center_top_-60px] bg-no-repeat
                     bg-[url(/img/logos/icon_droneci.svg)]">
           <%= link_to Setting.droneci_public_url,
                 class: "block h-full px-6 py-6 rounded-md" do %>

app/views/devise/sessions/new.html.erb

@@ -55,4 +55,27 @@
       <%= f.submit "Log in", class: 'btn-md btn-blue w-full', tabindex: "4" %>
     </p>
   <% end %>
+
+  <div data-controller="nostr-login"
+       data-nostr-login-target="loginForm"
+       data-nostr-login-site-value="<%= Setting.accounts_domain %>"
+       data-nostr-login-shared-secret-value="<%= session[:shared_secret] %>"
+       class="hidden">
+    <div class="relative my-6">
+      <div class="absolute inset-0 flex items-center" aria-hidden="true">
+        <div class="w-full border-t border-gray-200"></div>
+      </div>
+      <div class="relative flex justify-center">
+        <span class="bg-white px-2 text-sm text-gray-500 italic">or</span>
+      </div>
+    </div>
+    <p>
+      <button disabled tabindex="5"
+              class="w-full btn-md btn-gray text-purple-600"
+              data-nostr-login-target="loginButton"
+              data-action="nostr-login#login">
+        Log in with Nostr
+      </button>
+    </p>
+  </div>
 <% end %>

app/views/notification_mailer/bitcoin_donation_confirmed.text.erb

@@ -0,0 +1,11 @@
+Hi <%= @user.display_name.presence || @user.cn %>,
+
+Your bitcoin donation has been confirmed successfully. <3
+
+Thank you so much for helping us with keeping the lights on, as well as with continually improving our services for you!
+
+You can find all of your past financial contributions on this page:
+
+<%= contributions_donations_url %>
+
+Have a nice day!

app/views/services/email/show.html.erb

@@ -100,6 +100,14 @@
             ["Website", "https://www.thunderbird.net"]
           ]
         ) %>
+        <%= render AppInfoComponent.new(
+          name: "Geary",
+          description: "Built around conversations, for the GNOME desktop",
+          icon_path: "/img/logos/icon_geary.png",
+          links: [
+            ["Website", "https://wiki.gnome.org/Apps/Geary"]
+          ]
+        ) %>
       </div>
       <div id="apps-windows" class="hidden grid grid-cols-1 gap-6"
            data-tabs-target="panel">

app/views/services/mastodon/show.html.erb

@@ -98,7 +98,17 @@
           description: "The official Web app",
           icon_path: "/img/logos/icon_mastodon-2.svg",
           links: [
-            ["Launch", "https://kosmos.social"]
+            ["Launch", "https://kosmos.social"],
+            ["GitHub", "https://github.com/mastodon/mastodon"]
+          ]
+        ) %>
+        <%= render AppInfoComponent.new(
+          name: "Phanpy",
+          description: " A slick, feature-rich Web app for mobile and desktop",
+          icon_path: "/img/logos/icon_phanpy.svg",
+          links: [
+            ["Launch", "https://phanpy.social"],
+            ["GitHub", "https://github.com/cheeaun/phanpy"]
           ]
         ) %>
         <%= render AppInfoComponent.new(
@@ -150,6 +160,15 @@
             ["Google Play", "https://play.google.com/store/apps/details?id=org.joinmastodon.android.sk"]
           ]
         ) %>
+        <%= render AppInfoComponent.new(
+          name: "Phanpy",
+          description: " A slick, feature-rich Web app for mobile and desktop",
+          icon_path: "/img/logos/icon_phanpy.svg",
+          links: [
+            ["Launch", "https://phanpy.social"],
+            ["GitHub", "https://github.com/cheeaun/phanpy"]
+          ]
+        ) %>
       </div>
       <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
         <%= render AppInfoComponent.new(
@@ -180,6 +199,15 @@
             ["App Store", "https://apps.apple.com/app/mammoth-for-mastodon/id1667573899"]
           ]
         ) %>
+        <%= render AppInfoComponent.new(
+          name: "Phanpy",
+          description: " A slick, feature-rich Web app for mobile and desktop",
+          icon_path: "/img/logos/icon_phanpy.svg",
+          links: [
+            ["Launch", "https://phanpy.social"],
+            ["GitHub", "https://github.com/cheeaun/phanpy"]
+          ]
+        ) %>
       </div>
       <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
         <%= render AppInfoComponent.new(

app/views/services/remotestorage/show.html.erb

@@ -2,15 +2,143 @@
 
 <%= render MainSimpleComponent.new do %>
   <section>
-    <h3 class="mb-10">Connected Apps</h3>
-    <% if @rs_auths.any? %>
-    <div class="w-full grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-y-10 gap-x-12">
-    <% @rs_auths.each do |auth| %>
-      <%= render RsAuthComponent.new(auth: auth) %>
-    <% end %>
+    <p class="mb-6">
+      Store and synchronize your app data across different devices.
+    </p>
+  </section>
+
+  <%= render partial: "shared/tabnav_remotestorage" %>
+
+  <section>
+    <h3>Your Storage Address</h3>
+    <p class="mb-6">
+      In order to connect an app to your storage account, give it your address:
+    </p>
+    <p data-controller="clipboard" class="flex gap-1 sm:w-2/5">
+      <input type="text" id="user_address" class="grow"
+             value=<%= current_user.address %> disabled="disabled"
+             data-clipboard-target="source" />
+      <button id="copy-user-address" class="btn-md btn-icon btn-outline shrink-0"
+              data-clipboard-target="trigger" data-action="clipboard#copy"
+              title="Copy to clipboard">
+        <span class="content-initial">
+          <%= render partial: "icons/copy", locals: { custom_class: "text-blue-600 h-4 w-4 inline" } %>
+        </span>
+        <span class="content-active hidden">
+          <%= render partial: "icons/check", locals: { custom_class: "text-blue-600 h-4 w-4 inline" } %>
+        </span>
+      </button>
+    </p>
+  </section>
+
+  <section>
+    <h3>Recommended Apps</h3>
+    <div data-controller="tabs"
+         data-tabs-active-tab-class="-mb-px border-gray-200 border-l border-t border-r rounded-t text-indigo-600 hover:text-indigo-600"
+         data-tabs-inactive-tab-class="text-gray-500 hover:text-gray-700"
+         class="mb-12">
+      <select data-action="tabs#change" data-tabs-target="select"
+              class="block w-full mb-8 sm:hidden">
+        <option>Productivity</option>
+        <option>Bookmarks</option>
+        <option>Reading</option>
+        <option>File sharing</option>
+        <option>Learning</option>
+      </select>
+      <ul class="hidden sm:flex list-reset mb-8 border-gray-200 border-b">
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            Productivity
+          </a>
+        </li>
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            Bookmarks
+          </a>
+        </li>
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            Reading
+          </a>
+        </li>
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            File sharing
+          </a>
+        </li>
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            Learning
+          </a>
+        </li>
+      </ul>
+
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Hyperdraft",
+          description: "Create text notes and (optionally) turn them into a website",
+          icon_path: "/img/app_icons/hyperdraft.png",
+          links: [
+            ["Website", "https://hyperdraft.rosano.ca"],
+          ]
+        ) %>
+        <%= render AppInfoComponent.new(
+          name: "Notes Together",
+          description: "A powerful note-taking app, with support for attaching images and other files",
+          icon_path: "/img/app_icons/notes-together.png",
+          links: [
+            ["Web App", "https://notestogether.hominidsoftware.com"],
+          ]
+        ) %>
+        <%= render AppInfoComponent.new(
+          name: "Papiers",
+          description: "A simple note-taking app",
+          icon_path: "/img/app_icons/papiers.png",
+          links: [
+            ["Web App", "https://papiers.gitlab.io"],
+          ]
+        ) %>
+      </div>
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Webmarks",
+          description: "Archive your bookmarks in your remote storage",
+          icon_path: "/img/app_icons/webmarks.png",
+          links: [
+            ["Web App", "https://webmarks.5apps.com"],
+          ]
+        ) %>
+      </div>
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Pétrolette",
+          description: "A news aggregator that syncs with your remote storage",
+          icon_path: "/img/app_icons/petrolette.png",
+          links: [
+            ["Web App", "https://petrolette.space"],
+          ]
+        ) %>
+      </div>
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Sharesome",
+          description: "Quickly and easily share files from your remote storage",
+          icon_path: "/img/app_icons/sharesome.png",
+          links: [
+            ["Web App", "https://sharesome.5apps.com"],
+          ]
+        ) %>
+      </div>
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Kommit",
+          description: "Create flashcards and learn them with spaced-repetition",
+          icon_path: "/img/app_icons/kommit.png",
+          links: [
+            ["Website", "https://kommit.rosano.ca"],
+          ]
+        ) %>
+      </div>
     </div>
-    <% else %>
-    <p>No apps connected yet.</p>
-    <% end %>
   </section>
 <% end %>

app/views/services/rs_auths/index.html.erb

@@ -0,0 +1,33 @@
+<%= render HeaderComponent.new(title: "Storage") %>
+
+<%= render MainSimpleComponent.new do %>
+  <section>
+    <p class="mb-6">
+      Store and synchronize your app data across different devices.
+    </p>
+  </section>
+
+  <%= render partial: "shared/tabnav_remotestorage" %>
+
+  <section>
+    <% if @rs_auths.any? %>
+      <div class="w-full grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-y-10 gap-x-12 mt-4">
+      <% @rs_auths.each do |auth| %>
+        <%= render RsAuthComponent.new(auth: auth) %>
+      <% end %>
+    </div>
+    <% else %>
+      <div class="text-center">
+        <p class="mt-4 mb-12 inline-flex align-center items-center">
+          <%= image_tag("/img/illustrations/undraw_friends_r511.svg", class: 'h-48') %>
+        </p>
+        <h3>
+          No apps connected
+        </h3>
+        <p class="text-gray-500">
+          When connected, your apps will show up here.
+        </p>
+      </div>
+    <% end %>
+  </section>
+<% end %>

app/views/settings/_lightning.html.erb

@@ -5,7 +5,7 @@
     <%= render FormElements::FieldsetComponent.new(
       positioning: :horizontal,
       title: "Sats received",
-      description: "Notify me when sats are sent to my Lightning Address"
+      description: "Notify me when sats are sent to my Lightning account"
     ) do %>
       <% f.fields_for :preferences do |p| %>
         <%= p.select :lightning_notify_sats_received, options_for_select([
@@ -15,6 +15,38 @@
         ], selected: @user.preferences[:lightning_notify_sats_received]) %>
       <% end %>
     <% end %>
+    <% if @user.nostr_pubkey.present? %>
+      <%= render FormElements::FieldsetComponent.new(
+        positioning: :horizontal,
+        title: "Zap received",
+        description: "Notify me when someone zaps me on Nostr"
+      ) do %>
+        <% f.fields_for :preferences do |p| %>
+          <%= p.select :lightning_notify_zap_received, options_for_select([
+            ["off", "disabled"],
+            ["Chat (Jabber)", "xmpp"],
+            ["E-Mail", "email"]
+          ], selected: @user.preferences[:lightning_notify_zap_received]) %>
+        <% end %>
+      <% end %>
+    <% end %>
+    <% if @notifications_enabled %>
+      <%= render FormElements::FieldsetToggleComponent.new(
+        field_name: "user[preferences][lightning_notify_only_with_message]",
+        enabled: @user.preferences[:lightning_notify_only_with_message],
+        title: "Ignore transactions without message",
+        description: "Only send notifications when there is a message attached to the payment"
+      ) %>
+      <%= render FormElements::FieldsetComponent.new(
+        title: "Minimum amount",
+        description: "Only send notifications when amount is higher than this"
+      ) do %>
+        <%= f.number_field :lightning_notify_min_sats,
+          name: "user[preferences][lightning_notify_min_sats]",
+          class: "w-full",
+          value: @user.preferences[:lightning_notify_min_sats].to_i %>
+      <% end %>
+    <% end %>
   </ul>
 </section>
 <section>

app/views/settings/_nostr.html.erb

@@ -3,6 +3,7 @@
   <h4 class="mb-0">Public Key</h4>
   <div data-controller="settings--nostr-pubkey"
        data-settings--nostr-pubkey-user-address-value="<%= current_user.address %>"
+       data-settings--nostr-pubkey-site-value="<%= Setting.accounts_domain %>"
        data-settings--nostr-pubkey-shared-secret-value="<%= session[:shared_secret] %>"
        data-settings--nostr-pubkey-pubkey-hex-value="<%= current_user.nostr_pubkey %>">
 

app/views/shared/_tabnav_remotestorage.html.erb

@@ -0,0 +1,14 @@
+<section>
+  <div class="border-b border-gray-200">
+    <nav class="-mb-px flex" aria-label="Tabs">
+      <%= render TabnavLinkComponent.new(
+        name: "Info", path: services_storage_path,
+        active: current_page?(services_storage_path)
+      ) %>
+      <%= render TabnavLinkComponent.new(
+        name: "Connected Apps", path: apps_services_storage_path,
+        active: current_page?(apps_services_storage_path)
+      ) %>
+    </nav>
+  </div>
+</section>

app/views/shared/status_unprocessable_entity.html.erb

@@ -0,0 +1,6 @@
+<%= render HeaderCompactComponent.new(title: "422") %>
+
+<%= render MainCompactComponent.new do %>
+  <h2>Unprocessable content</h2>
+  <p>The data provided was malformed. Please go back and try again.</p>
+<% end %>

config/default_preferences.yml

@@ -1,3 +1,6 @@
-lightning_notify_sats_received: disabled # or xmpp, email
-remotestorage_notify_auth_created: email # or xmpp, email
+lightning_notify_sats_received: email
+lightning_notify_zap_received: disabled
+lightning_notify_min_sats: 0
+lightning_notify_only_with_message: false
+remotestorage_notify_auth_created: email
 xmpp_exchange_contacts_with_invitees: true

config/routes.rb

@@ -1,7 +1,14 @@
 require 'sidekiq/web'
 
 Rails.application.routes.draw do
-  devise_for :users, controllers: { confirmations: 'users/confirmations' }
+  devise_for :users, controllers: {
+    confirmations: 'users/confirmations',
+    sessions: 'users/sessions'
+  }
+
+  devise_scope :user do
+    post 'users/nostr_login', to: 'users/sessions#nostr_login'
+  end
 
   get 'welcome', to: 'welcome#index'
   get 'check_your_email', to: 'welcome#check_your_email'
@@ -12,8 +19,12 @@ Rails.application.routes.draw do
 
   namespace :contributions do
     root to: 'donations#index'
+    resources :donations, only: ['index', 'create'] do
+      member do
+        get 'confirm_btcpay'
+      end
+    end
     get 'projects', to: 'projects#index'
-    resources :donations, only: ['index']
   end
 
   resources :invitations, only: ['index', 'show', 'create', 'destroy']
@@ -37,7 +48,8 @@ Rails.application.routes.draw do
     end
 
     resource :storage, controller: 'remotestorage', only: [:show] do
-      resources :rs_auths, only: [:destroy] do
+      get :apps, to: "rs_auths#index"
+      resources :rs_auths, only: [:index, :destroy] do
         member do
           get :revoke, to: 'rs_auths#destroy'
           get :launch_app

config/sidekiq.yml

@@ -2,3 +2,5 @@
 :queues:
   - default
   - mailers
+  - remotestorage
+  - nostr

db/migrate/20240214115058_change_donation_amounts_and_currency.rb

@@ -0,0 +1,9 @@
+class ChangeDonationAmountsAndCurrency < ActiveRecord::Migration[7.1]
+  def change
+    rename_column :donations, :amount_usd, :fiat_amount
+    add_column :donations, :fiat_currency, :string, default: "USD"
+    remove_column :donations, :amount_eur, :integer
+
+    Donation.update_all(fiat_currency: 'USD')
+  end
+end

db/migrate/20240214121049_add_new_donation_fields.rb

@@ -0,0 +1,7 @@
+class AddNewDonationFields < ActiveRecord::Migration[7.1]
+  def change
+    add_column :donations, :donation_method, :string
+    add_column :donations, :payment_method, :string, default: nil
+    add_column :donations, :btcpay_invoice_id, :string, default: nil
+  end
+end

db/migrate/20240216124640_add_payment_status_to_donations.rb

@@ -0,0 +1,8 @@
+class AddPaymentStatusToDonations < ActiveRecord::Migration[7.1]
+  def change
+    add_column :donations, :payment_status, :string, default: nil
+    add_index :donations, :payment_status
+
+    Donation.completed.update_all payment_status: "settled"
+  end
+end

db/migrate/20240422171653_create_zaps.rb

@@ -0,0 +1,13 @@
+class CreateZaps < ActiveRecord::Migration[7.1]
+  def change
+    create_table :zaps do |t|
+      t.references :user, null: false, foreign_key: true
+      t.json :request
+      t.json :receipt, default: nil
+      t.text :payment_request
+      t.bigint :amount
+
+      t.timestamps
+    end
+  end
+end

db/migrate/20240607123654_add_settled_at_to_zaps.rb

@@ -0,0 +1,9 @@
+class AddSettledAtToZaps < ActiveRecord::Migration[7.1]
+  def change
+    add_column :zaps, :settled_at, :datetime, default: nil
+
+    Zap.where.not(receipt: nil).each do |zap|
+      zap.update! settled_at: Time.at(zap.receipt_event.created_at).to_datetime
+    end
+  end
+end

db/schema.rb

@@ -10,12 +10,12 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_03_16_153558) do
+ActiveRecord::Schema[7.1].define(version: 2024_06_07_123654) do
   create_table "active_storage_attachments", force: :cascade do |t|
     t.string "name", null: false
     t.string "record_type", null: false
-    t.integer "record_id", null: false
-    t.integer "blob_id", null: false
+    t.bigint "record_id", null: false
+    t.bigint "blob_id", null: false
     t.datetime "created_at", null: false
     t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id"
     t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true
@@ -34,7 +34,7 @@ ActiveRecord::Schema[7.1].define(version: 2024_03_16_153558) do
   end
 
   create_table "active_storage_variant_records", force: :cascade do |t|
-    t.integer "blob_id", null: false
+    t.bigint "blob_id", null: false
     t.string "variation_digest", null: false
     t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true
   end
@@ -136,8 +136,21 @@ ActiveRecord::Schema[7.1].define(version: 2024_03_16_153558) do
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end
 
+  create_table "zaps", force: :cascade do |t|
+    t.integer "user_id", null: false
+    t.json "request"
+    t.json "receipt"
+    t.text "payment_request"
+    t.bigint "amount"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.datetime "settled_at"
+    t.index ["user_id"], name: "index_zaps_on_user_id"
+  end
+
   add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id"
   add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id"
   add_foreign_key "remote_storage_authorizations", "app_catalog_web_apps", column: "web_app_id"
   add_foreign_key "remote_storage_authorizations", "users"
+  add_foreign_key "zaps", "users"
 end

doc/integrations/strfry.md

@@ -0,0 +1,29 @@
+# strfry (nostr relay)
+
+## LDAP policy
+
+...
+
+## Useful scripts
+
+### Syncing events for all local nostr users from a remote relay
+
+You can sync all events of all local users with a pubkey stored in LDAP from a
+specified remote relay to the local relay with the `strfry-sync.ts` script:
+
+    deno run -A /opt/strfry-sync.ts wss://relay.example.com
+
+Doing the same with Docker Compose (great for seeding data to your local relay
+in development):
+
+    docker compose run strfry deno run -A /opt/strfry-sync.ts wss://relay.example.com
+
+## Docker image
+
+In order to use the LDAP policy with Docker, you will need
+[Deno](https://deno.com/) installed in your strfry container. We provide a
+custom Docker image for strfry with Deno included (which we use in
+development):
+
+* Registry: https://gitea.kosmos.org/kosmos/-/packages/container/strfry-deno/1.1.1
+* Source: https://github.com/raucao/strfry/blob/docker_deno/ubuntu.Dockerfile

docker-compose.yml

@@ -47,6 +47,9 @@ services:
       RS_REDIS_URL: redis://redis:6379/1
       RS_STORAGE_URL: "http://localhost:4567"
       S3_ENABLED: false
+      NOSTR_PUBLIC_KEY: bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf
+      NOSTR_PRIVATE_KEY: 7c3ef7e448505f0615137af38569d01807d3b05b5005d5ecf8aaafcd40323cea
+      NOSTR_RELAY_URL: "ws://strfry:7777"
     depends_on:
       - ldap
       - redis
@@ -107,6 +110,24 @@ services:
       - minio
       - redis
 
+  strfry:
+    image: gitea.kosmos.org/kosmos/strfry-deno:1.1.1
+    volumes:
+      - ./docker/strfry/strfry.conf:/etc/strfry.conf
+      - ./extras/strfry:/opt/strfry
+      - strfry-data:/var/lib/strfry
+    networks:
+      - external_network
+      - internal_network
+    ports:
+      - "4777:7777"
+    environment:
+      LDAP_URL: 'ldap://ldap:3389'
+      LDAP_BIND_DN: 'cn=Directory Manager'
+      LDAP_PASSWORD: passthebutter
+      LDAP_SEARCH_DN: 'ou=kosmos.org,cn=users,dc=kosmos,dc=org'
+      WHITELIST_PUBKEYS: 'bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf'
+
   # phpldapadmin:
   #   image: osixia/phpldapadmin:0.9.0
   #   ports:
@@ -128,3 +149,5 @@ volumes:
     driver: local
   redis-data:
     driver: local
+  strfry-data:
+    driver: local

docker/strfry/strfry.conf

@@ -0,0 +1,138 @@
+##
+## Default strfry config
+##
+
+# Directory that contains the strfry LMDB database (restart required)
+db = "/var/lib/strfry/"
+
+dbParams {
+    # Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required)
+    maxreaders = 256
+
+    # Size of mmap() to use when loading LMDB (default is 10TB, does *not* correspond to disk-space used) (restart required)
+    mapsize = 10995116277760
+
+    # Disables read-ahead when accessing the LMDB mapping. Reduces IO activity when DB size is larger than RAM. (restart required)
+    noReadAhead = false
+}
+
+events {
+    # Maximum size of normalised JSON, in bytes
+    maxEventSize = 65536
+
+    # Events newer than this will be rejected
+    rejectEventsNewerThanSeconds = 900
+
+    # Events older than this will be rejected
+    rejectEventsOlderThanSeconds = 94608000
+
+    # Ephemeral events older than this will be rejected
+    rejectEphemeralEventsOlderThanSeconds = 60
+
+    # Ephemeral events will be deleted from the DB when older than this
+    ephemeralEventsLifetimeSeconds = 300
+
+    # Maximum number of tags allowed
+    maxNumTags = 2000
+
+    # Maximum size for tag values, in bytes
+    maxTagValSize = 1024
+}
+
+relay {
+    # Interface to listen on. Use 0.0.0.0 to listen on all interfaces (restart required)
+    bind = "0.0.0.0"
+
+    # Port to open for the nostr websocket protocol (restart required)
+    port = 7777
+
+    # Set OS-limit on maximum number of open files/sockets (if 0, don't attempt to set) (restart required)
+    nofiles = 200000
+
+    # HTTP header that contains the client's real IP, before reverse proxying (ie x-real-ip) (MUST be all lower-case)
+    realIpHeader = ""
+
+    info {
+        # NIP-11: Name of this server. Short/descriptive (< 30 characters)
+        name = "Akkounts Nostr Relay"
+
+        # NIP-11: Detailed information about relay, free-form
+        description = "Local strfry instance for akkounts development"
+
+        # NIP-11: Administrative nostr pubkey, for contact purposes
+        pubkey = ""
+
+        # NIP-11: Alternative administrative contact (email, website, etc)
+        contact = ""
+    }
+
+    # Maximum accepted incoming websocket frame size (should be larger than max event) (restart required)
+    maxWebsocketPayloadSize = 131072
+
+    # Websocket-level PING message frequency (should be less than any reverse proxy idle timeouts) (restart required)
+    autoPingSeconds = 55
+
+    # If TCP keep-alive should be enabled (detect dropped connections to upstream reverse proxy)
+    enableTcpKeepalive = false
+
+    # How much uninterrupted CPU time a REQ query should get during its DB scan
+    queryTimesliceBudgetMicroseconds = 10000
+
+    # Maximum records that can be returned per filter
+    maxFilterLimit = 500
+
+    # Maximum number of subscriptions (concurrent REQs) a connection can have open at any time
+    maxSubsPerConnection = 20
+
+    writePolicy {
+        # If non-empty, path to an executable script that implements the writePolicy plugin logic
+        plugin = "/opt/strfry/strfry-policy.ts"
+    }
+
+    compression {
+        # Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required)
+        enabled = true
+
+        # Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required)
+        slidingWindow = true
+    }
+
+    logging {
+        # Dump all incoming messages
+        dumpInAll = true
+
+        # Dump all incoming EVENT messages
+        dumpInEvents = false
+
+        # Dump all incoming REQ/CLOSE messages
+        dumpInReqs = false
+
+        # Log performance metrics for initial REQ database scans
+        dbScanPerf = true
+
+        # Log reason for invalid event rejection? Can be disabled to silence excessive logging
+        invalidEvents = true
+    }
+
+    numThreads {
+        # Ingester threads: route incoming requests, validate events/sigs (restart required)
+        ingester = 3
+
+        # reqWorker threads: Handle initial DB scan for events (restart required)
+        reqWorker = 3
+
+        # reqMonitor threads: Handle filtering of new events (restart required)
+        reqMonitor = 3
+
+        # negentropy threads: Handle negentropy protocol messages (restart required)
+        negentropy = 2
+    }
+
+    negentropy {
+        # Support negentropy protocol messages
+        enabled = true
+
+        # Maximum records that sync will process before returning an error
+        maxSyncEvents = 1000000
+    }
+}

extras/strfry/deno.json

@@ -0,0 +1,5 @@
+{
+  "imports": {
+    "@nostr/tools": "jsr:@nostr/tools@^2.3.1"
+  }
+}