0.7.0

Reviewed-on: #135
Reviewed-by: slvrbckt <slvrbckt@noreply.kosmos.org>
Reviewed-by: bumi <bumi@noreply.kosmos.org>

.drone.yml

@@ -42,10 +42,6 @@ steps:
       branch:
         - master
 
-services:
-  - name: redis
-    image: redis
-
 volumes:
   - name: cache
     host:

Gemfile

@@ -57,6 +57,7 @@ gem "sentry-rails"
 
 # Services
 gem 'discourse_api'
+gem "lnurl"
 gem 'nostr', git: 'https://gitea.kosmos.org/kosmos/nostr-gem.git', branch: 'feature/ruby_2.7_compat'
 
 group :development, :test do

Gemfile.lock

@@ -206,6 +206,8 @@ GEM
     listen (3.8.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
+    lnurl (1.0.1)
+      bech32 (~> 1.1)
     lockbox (1.2.0)
     loofah (2.21.3)
       crass (~> 1.0.2)
@@ -232,8 +234,6 @@ GEM
     net-smtp (0.3.3)
       net-protocol
     nio4r (2.5.9)
-    nokogiri (1.15.2-arm64-darwin)
-      racc (~> 1.4)
     nokogiri (1.15.2-x86_64-linux)
       racc (~> 1.4)
     orm_adapter (0.5.0)
@@ -373,7 +373,6 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    sqlite3 (1.6.3-arm64-darwin)
     sqlite3 (1.6.3-x86_64-linux)
     stimulus-rails (1.2.1)
       railties (>= 6.0.0)
@@ -411,7 +410,6 @@ GEM
     zeitwerk (2.6.8)
 
 PLATFORMS
-  arm64-darwin-22
   x86_64-linux
 
 DEPENDENCIES
@@ -434,6 +432,7 @@ DEPENDENCIES
   letter_opener
   letter_opener_web
   listen (~> 3.2)
+  lnurl
   lockbox
   net-ldap
   nostr!

app/controllers/rs/oauth_controller.rb

@@ -1,130 +0,0 @@
-class Rs::OauthController < ApplicationController
-  before_action :require_user_signed_in
-
-  def new
-    username, org  = params[:useraddress].split("@")
-    @user          = User.where(cn: username.downcase, ou: org).first
-    @scopes        = parse_scopes params[:scope]
-    @redirect_uri  = params[:redirect_uri]
-    @client_id     = params[:client_id]
-    @state         = params[:state]
-    @root_access_requested = (@scopes & [":r",":rw"]).any?
-
-    @denial_url = url_with_state("#{@redirect_uri}#error=access_denied", @state)
-
-    @expire_at_dates = [["Never", nil],
-                        ["In 1 month", 1.month.from_now],
-                        ["In 1 day", 1.day.from_now]]
-
-    http_status :bad_request and return unless @redirect_uri.present?
-
-    unless current_user == @user
-      sign_out :user
-
-      redirect_to new_rs_oauth_url(@user.address,
-                                   scope: params[:scope],
-                                   redirect_uri: params[:redirect_uri],
-                                   client_id: params[:client_id],
-                                   state: params[:state])
-      return
-    end
-
-    unless @client_id.present?
-      redirect_to url_with_state("#{@redirect_uri}#error=invalid_request", @state) and return
-    end
-
-    if @scopes.empty?
-      redirect_to url_with_state("#{@redirect_uri}#error=invalid_scope", @state) and return
-    end
-
-    unless hostname_of(@client_id) == hostname_of(@redirect_uri)
-      redirect_to url_with_state("#{@redirect_uri}#error=invalid_client", @state) and return
-    end
-
-    @client_id.gsub!(/http(s)?:\/\//, "")
-
-    # TODO
-    # if auth = current_user.remote_storage_authorizations.valid.where(permissions: @scopes, client_id: @client_id).first
-    #   redirect_to url_with_state("#{@redirect_uri}#access_token=#{auth.token}", @state), allow_other_host: true
-    # end
-  end
-
-  def create
-    unless current_user.id.to_s == params[:user_id]
-      Rails.logger.info("NO MATCH: #{params[:user_id]}, #{current_user.id}")
-      http_status :forbidden and return
-    end
-
-    permissions  = parse_scopes params[:scope]
-    redirect_uri = params[:redirect_uri].presence
-    client_id    = params[:client_id].presence
-    state        = params[:state].presence
-    expire_at    = params[:expire_at].presence
-
-    http_status :bad_request and return unless redirect_uri.present?
-
-    if permissions.empty?
-      redirect_to url_with_state("#{redirect_uri}#error=invalid_scope", state), allow_other_host: true and return
-    end
-
-    unless client_id.present?
-      redirect_to url_with_state("#{redirect_uri}#error=invalid_request", state), allow_other_host: true and return
-    end
-
-    unless hostname_of(client_id) == hostname_of(redirect_uri)
-      redirect_to url_with_state("#{redirect_uri}#error=invalid_client", state), allow_other_host: true and return
-    end
-
-    client_id.gsub!(/http(s)?:\/\//, "")
-
-    auth = current_user.remote_storage_authorizations.create!(
-      permissions: permissions,
-      client_id: client_id,
-      redirect_uri: redirect_uri,
-      app_name: client_id, #TODO use user-defined name
-      expire_at: expire_at
-    )
-
-    redirect_to url_with_state("#{redirect_uri}#access_token=#{auth.token}", state), allow_other_host: true
-  end
-
-  # GET /rs/oauth/token/:id/launch_app
-  def launch_app
-    auth = current_user.remote_storage_authorizations.find(params[:id])
-
-    redirect_to app_auth_url(auth)
-  end
-
-  private
-
-  def app_auth_url(auth)
-    url = "#{auth.url}#remotestorage=#{current_user.address}"
-    url += "&access_token=#{auth.token}"
-    url
-  end
-
-  def hostname_of(uri)
-    uri.gsub(/http(s)?:\/\//, "").split(":")[0].split("/")[0]
-  end
-
-  def parse_scopes(scope_string)
-    return [] if scope_string.blank?
-
-    scopes = scope_string.
-      gsub(/\[|\]/, "").
-      gsub(/\,/, " ").
-      gsub(/\/:/, ":").
-      split(/\s/).map(&:strip).
-      reject(&:empty?)
-
-    scopes = [":r"] if scopes.include?("*:r")
-    scopes = [":rw"] if scopes.include?("*:rw")
-
-    scopes
-  end
-
-  def url_with_state(url, state)
-    state ? "#{url}&state=#{CGI.escape(state)}" : url
-  end
-
-end

app/controllers/services/lightning_controller.rb

@@ -1,4 +1,5 @@
 require "rqrcode"
+require "lnurl"
 
 class Services::LightningController < ApplicationController
   before_action :authenticate_user!
@@ -8,9 +9,56 @@ class Services::LightningController < ApplicationController
 
   def index
     @wallet_url = "lndhub://#{current_user.ln_account}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
+    initialize_lndhub_qr_code
+  end
 
-    qrcode = RQRCode::QRCode.new(@wallet_url)
-    @svg = qrcode.as_svg(
+  def transactions
+    @transactions = fetch_transactions
+  end
+
+  def qr_lnurlp
+    lnurlp_url = "https://kosmos.org/.well-known/lnurlp/#{current_user.cn}"
+    lnurlp_bech32 = Lnurl.new(lnurlp_url).to_bech32
+    qr_code = RQRCode::QRCode.new("lightning:" + lnurlp_bech32)
+
+    respond_to do |format|
+      format.svg do
+        qr_svg = qr_code.as_svg(
+          color: "000",
+          shape_rendering: "crispEdges",
+          module_size: 6,
+          standalone: true,
+          use_path: true,
+          svg_attributes: {
+            class: 'inline-block'
+          }
+        )
+        send_data(
+          qr_svg,
+          filename: "bitcoin-lightning-#{current_user.address}.svg",
+          type: "image/svg+xml"
+        )
+      end
+      format.png do
+        qr_png = qr_code.as_png(
+          fill: "white",
+          color: "black",
+          size: 1024,
+        )
+        send_data(
+          qr_png,
+          filename: "bitcoin-lightning-#{current_user.address}.png",
+          type: "image/png"
+        )
+      end
+    end
+  end
+
+  private
+
+  def initialize_lndhub_qr_code
+    qr_code = RQRCode::QRCode.new(@wallet_url)
+    @lndhub_qr_svg = qr_code.as_svg(
       color: "000",
       shape_rendering: "crispEdges",
       module_size: 6,
@@ -22,12 +70,6 @@ class Services::LightningController < ApplicationController
     )
   end
 
-  def transactions
-    @transactions = fetch_transactions
-  end
-
-  private
-
   def authenticate_with_lndhub(options={})
     if session[:ln_auth_token].present? && !options[:force_reauth]
       @ln_auth_token = session[:ln_auth_token]

app/helpers/oauth_helper.rb

@@ -1,11 +0,0 @@
-module OauthHelper
-
-  def scope_name(scope)
-    scope.gsub(/(\:.+)/, '')
-  end
-
-  def scope_permissions(scope)
-    scope.match(/\:r$/) ? "r" : "rw"
-  end
-
-end

app/jobs/expire_remote_storage_authorization_job.rb

@@ -1,10 +0,0 @@
-class ExpireRemoteStorageAuthorizationJob < ApplicationJob
-  queue_as :remote_storage
-
-  def perform(rs_auth_id)
-    rs_auth = RemoteStorageAuthorization.find rs_auth_id
-    return unless rs_auth.expire_at.nil? || rs_auth.expire_at <= DateTime.now
-
-    rs_auth.destroy!
-  end
-end

app/models/remote_storage_authorization.rb

@@ -1,63 +0,0 @@
-class RemoteStorageAuthorization < ApplicationRecord
-  belongs_to :user
-
-  serialize :permissions
-
-  validates_presence_of :permissions
-  validates_presence_of :client_id
-
-  scope :valid, -> { where(expire_at: nil).or(where(expire_at: (DateTime.now)..)) }
-  scope :expired, -> { where(expire_at: ..(DateTime.now)) }
-
-  after_initialize do |a|
-    a.permisisons = [] if a.permissions == nil
-  end
-
-  before_create  :generate_token
-  before_create  :store_token_in_redis
-  after_create   :schedule_token_expiry
-  before_destroy :delete_token_from_redis
-  after_destroy  :remove_token_expiry_job
-
-  def url
-    if self.redirect_uri
-      uri = URI.parse self.redirect_uri
-      "#{uri.scheme}://#{client_id}"
-    else
-      "http://#{client_id}"
-    end
-  end
-
-  def delete_token_from_redis
-    key = "rs:authorizations:#{user.address}:#{token}"
-    # You can't delete multiple members of a set with Redis 2
-    redis.smembers(key).each { |auth| redis.srem(key, auth) }
-  end
-
-  private
-
-  def redis
-    @redis ||= Redis.new(url: Setting.redis_url)
-  end
-
-  def generate_token(length=16)
-    self.token = SecureRandom.hex(length) if self.token.blank?
-  end
-
-  def store_token_in_redis
-    redis.sadd "rs:authorizations:#{user.address}:#{token}", permissions
-  end
-
-  def schedule_token_expiry
-    return unless expire_at.present?
-    ExpireRemoteStorageAuthorizationJob.set(wait_unil: expire_at).perform_later(id)
-  end
-
-  def remove_token_expiry_job
-    queue = Sidekiq::Queue.new(ExpireRemoteStorageAuthorizationJob.queue_name)
-    queue.each do |job|
-      next unless job.display_class == "ExpireRemoteStorageAuthorizationJob"
-      job.delete if job.display_args == [id]
-    end
-  end
-end

app/models/user.rb

@@ -18,8 +18,6 @@ class User < ApplicationRecord
 
   has_many :accounts, through: :lndhub_user
 
-  has_many :remote_storage_authorizations
-
   validates_uniqueness_of :cn, scope: :ou
   validates_length_of :cn, minimum: 3
   validates_format_of :cn, with: /\A([a-z0-9\-])*\z/,

app/views/icons/_alert-triangle.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-alert-triangle <%= custom_class %>"><path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"></path><line x1="12" y1="9" x2="12" y2="13"></line><line x1="12" y1="17" x2="12.01" y2="17"></line></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-alert-triangle"><path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"></path><line x1="12" y1="9" x2="12" y2="13"></line><line x1="12" y1="17" x2="12.01" y2="17"></line></svg>

app/views/icons/_asterisk.html.erb

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 512 512" fill="currentColor" stroke="currentColor" stroke-width="2" class="<%= custom_class %>"><path d="M475.31 364.144L288 256l187.31-108.144c5.74-3.314 7.706-10.653 4.392-16.392l-4-6.928c-3.314-5.74-10.653-7.706-16.392-4.392L272 228.287V12c0-6.627-5.373-12-12-12h-8c-6.627 0-12 5.373-12 12v216.287L52.69 120.144c-5.74-3.314-13.079-1.347-16.392 4.392l-4 6.928c-3.314 5.74-1.347 13.079 4.392 16.392L224 256 36.69 364.144c-5.74 3.314-7.706 10.653-4.392 16.392l4 6.928c3.314 5.74 10.653 7.706 16.392 4.392L240 283.713V500c0 6.627 5.373 12 12 12h8c6.627 0 12-5.373 12-12V283.713l187.31 108.143c5.74 3.314 13.079 1.347 16.392-4.392l4-6.928c3.314-5.74 1.347-13.079-4.392-16.392z"/></svg>

app/views/icons/_folder.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-folder <%= custom_class %>"><path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-folder"><path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"></path></svg>

app/views/rs/oauth/new.html.erb

@@ -1,58 +0,0 @@
-<%= render HeaderCompactComponent.new(title: "Storage") %>
-
-<%= render MainCompactComponent.new do %>
-  <section>
-    <p class="mb-8">
-      The app on
-      <%= link_to @client_id, "https://#{@client_id}", class: "ks-text-link" %>
-      is asking for access to these folders:
-    </p>
-
-    <% if @root_access_requested %>
-    <p class="text-lg">
-      <span class="text-red-700">
-        <%= render partial: "icons/alert-triangle",
-              locals: { custom_class: "inline-block align-bottom mr-1.5" } %>
-        All files and directories
-      </span>
-      <% if (@scopes & [":r"]).any? %>
-        <span class="text-sm text-gray-500">(read only)</span>
-      <% end %>
-    </p>
-    <% else %>
-      <% @scopes.each do |scope| %>
-      <p class="text-gray-600">
-        <span class="text-lg">
-          <%= render partial: "icons/folder",
-            locals: { custom_class: "inline-block align-bottom mr-1.5" } %>
-          <%= scope_name(scope) %>
-        </span>
-        <% if scope_permissions(scope) == "r" %>
-          <span>(read only)</span>
-        <% end %>
-      </p>
-      <% end %>
-    <% end %>
-
-    <%= form_with(url: rs_oauth_path, method: :post, data: { turbo: false }) do |f| %>
-      <%= f.hidden_field :redirect_uri, value: @redirect_uri %>
-      <%= f.hidden_field :scope, value: @scopes.join(" ") %>
-      <%= f.hidden_field :user_id, value: @user.id %>
-      <%= f.hidden_field :client_id, value: @client_id %>
-      <%= f.hidden_field :state, value: @state %>
-      <p class="mt-8 mb-6">
-        <%= f.label :expire_at, "Permission expires:", class: "mr-1.5" %>
-        <%= f.select :expire_at, options_for_select(@expire_at_dates) %>
-      </p>
-      <p class="text-sm text-gray-500">
-        You can revoke access for this app at any time on your storage dashboard.
-      </p>
-      <p class="mt-8 flex flex-col sm:flex-row gap-3 sm:gap-2 sm:justify-items-stretch">
-        <%= f.submit "Allow",
-              class: "btn-md btn-blue w-full sm:order-last sm:grow",
-              data: { disable_with: "Saving..." } %>
-        <%= link_to "Deny", @denial_url, class: "btn-md btn-gray text-red-700 w-full sm:grow" %>
-      </div>
-    <% end %>
-  </section>
-<% end %>

app/views/services/lightning/index.html.erb

@@ -7,13 +7,25 @@
 
   <section>
     <h3>Lightning Address</h3>
-    <p>
+    <p class="mb-6">
       Your Kosmos user address is also a
       <a class="ks-text-link" href="https://lightningaddress.com/" target="_blank">Lightning Address</a>!
       The easiest way to receive sats is by just giving out your address:
     </p>
-    <p>
-      <strong><%= current_user.address %></strong>
+    <p data-controller="clipboard" class="flex gap-1 sm:w-2/5">
+      <input type="text" id="user_address" class="grow"
+             value=<%= current_user.address %> disabled="disabled"
+             data-clipboard-target="source" />
+      <button id="copy-user-address" class="btn-md btn-icon btn-blue shrink-0"
+              data-clipboard-target="trigger" data-action="clipboard#copy"
+              title="Copy to clipboard">
+        <span class="content-initial">
+          <%= render partial: "icons/copy", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+        </span>
+        <span class="content-active hidden">
+          <%= render partial: "icons/check", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+        </span>
+      </button>
     </p>
   </section>
 
@@ -39,7 +51,7 @@
       <button id="hide-setup-code" class="hidden btn-md btn-blue w-full sm:w-auto">Hide setup QR code</button>
     </p>
     <p id="setup-code" class="hidden my-10 w-full text-center">
-      <%= raw @svg %>
+      <%= raw @lndhub_qr_svg %>
     </p>
   </section>
 
@@ -88,6 +100,24 @@
       </p>
     </div>
   </section>
+
+  <section class="mb-12">
+    <h3>QR Code for Donations/Tips</h3>
+    <p>
+      You can print out or publish a QR code for people to scan with their
+      wallet apps, so they can send you sats without a direct personal
+      interaction (for example at a concert, or on your website).
+    </p>
+    <p class="my-6 text-center md:text-left">
+      <%= link_to "Download SVG file",
+                  qr_lnurlp_services_lightning_index_path(format: "svg"),
+                  class: "btn-md btn-blue w-full sm:w-auto"%>
+      <span class="mx-2 my-2 md:my-0 block md:inline">or</span>
+      <%= link_to "Download PNG file",
+                  qr_lnurlp_services_lightning_index_path(format: "png"),
+                  class: "btn-md btn-blue w-full sm:w-auto"%>
+    </p>
+  </section>
 <% end %>
 
 <script type="text/javascript">

config/routes.rb

@@ -24,6 +24,7 @@ Rails.application.routes.draw do
     resources :lightning, only: [:index] do
       collection do
         get 'transactions'
+        get 'qr_lnurlp'
       end
     end
   end
@@ -65,13 +66,7 @@ Rails.application.routes.draw do
     end
   end
 
-  namespace :rs do
-    resource :oauth, only: [:new, :create], path_names: { new: ':useraddress' },
-      controller: 'oauth', constraints: { useraddress: /[^\/]+/}
-    get 'oauth/token/:id/launch_app' => 'oauth#launch_app', as: :launch_app
-  end
-
-  get '.well-known/webfinger', to: 'webfinger#show'
+  get ".well-known/webfinger", to: 'webfinger#show'
 
   namespace :discourse do
     get "connect", to: 'sso#connect'

db/migrate/20230312212030_create_remote_storage_authorizations.rb

@@ -1,17 +0,0 @@
-class CreateRemoteStorageAuthorizations < ActiveRecord::Migration[7.0]
-  def change
-    create_table :remote_storage_authorizations do |t|
-      t.references :user, null: false, foreign_key: true
-      t.string :token
-      t.text :permissions, array: true, default: [].to_yaml
-      t.string :client_id
-      t.string :redirect_uri
-      t.string :app_name
-      t.datetime :expire_at
-
-      t.timestamps
-    end
-
-    add_index :remote_storage_authorizations, :permissions, using: 'gin'
-  end
-end

db/schema.rb

@@ -87,10 +87,10 @@ ActiveRecord::Schema[7.0].define(version: 2023_05_23_120753) do
     t.text "ln_login_ciphertext"
     t.text "ln_password_ciphertext"
     t.string "ln_account"
+    t.string "nostr_pubkey"
     t.datetime "remember_created_at"
     t.string "remember_token"
     t.text "preferences"
-    t.string "nostr_pubkey"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end

package.json

@@ -11,7 +11,7 @@
     "postcss-preset-env": "^7.8.3",
     "tailwindcss": "^3.2.4"
   },
-  "version": "0.6.0",
+  "version": "0.7.0",
   "scripts": {
     "build:css:tailwind": "tailwindcss --postcss -i ./app/assets/stylesheets/application.tailwind.css -o ./app/assets/builds/application.css",
     "build:css": "yarn run build:css:tailwind"

spec/factories/remote_storage_authorizations.rb

@@ -1,9 +0,0 @@
-FactoryBot.define do
-  factory :remote_storage_authorization do
-    permissions { ["documents:rw"] }
-    client_id { "some-fancy-app" }
-    redirect_uri { "https://example.com/some-fancy-app" }
-    app_name { "Fancy App" }
-    expire_at { nil }
-  end
-end

spec/jobs/expire_remote_storage_authorization_job_spec.rb

@@ -1,36 +0,0 @@
-require 'rails_helper'
-
-RSpec.describe ExpireRemoteStorageAuthorizationJob, type: :job do
-  before do
-    @user = create :user, cn: "ronald", ou: "kosmos.org"
-    @rs_authorization = create :remote_storage_authorization, user: @user, expire_at: 1.day.ago
-  end
-
-  after do
-    clear_enqueued_jobs
-    clear_performed_jobs
-  end
-
-  subject(:job) {
-    described_class.perform_later(@rs_authorization.id)
-  }
-
-  let(:redis) {
-    @redis ||= Redis.new(url: Setting.redis_url)
-  }
-
-  it "removes the RS authorization from redis" do
-    redis_key = "rs:authorizations:#{@user.address}:#{@rs_authorization.token}"
-    expect(redis.keys(redis_key)).to_not be_empty
-
-    perform_enqueued_jobs { job }
-
-    expect(redis.keys(redis_key)).to be_empty
-  end
-
-  it "deletes the RS authorization object" do
-    expect {
-      perform_enqueued_jobs { job }
-    }.to change(RemoteStorageAuthorization, :count).by(-1)
-  end
-end