WIP

Reviewed-on: #189
Reviewed-by: galfert <garret.alfert@gmail.com>

.env.test

@@ -12,6 +12,8 @@ DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 
 EJABBERD_API_URL='http://xmpp.example.com/api'
 
+MASTODON_PUBLIC_URL='http://example.social'
+
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'

app/controllers/lnurlpay_controller.rb

@@ -6,8 +6,9 @@ class LnurlpayController < ApplicationController
   MAX_SATS = 1_000_000
   MAX_COMMENT_CHARS = 100
 
+  # GET /.well-known/lnurlp/:username
   def index
-    render json: {
+    res = {
       status: "OK",
       callback: "https://#{Setting.accounts_domain}/lnurlpay/#{@user.cn}/invoice",
       tag: "payRequest",
@@ -16,8 +17,16 @@ class LnurlpayController < ApplicationController
       metadata: metadata(@user.address),
       commentAllowed: MAX_COMMENT_CHARS
     }
+
+    if Setting.nostr_enabled? && Setting.nostr_private_key.present?
+      res[:allows_nostr] = true
+      res[:nostrPubkey] = Setting.nostr_public_key
+    end
+
+    render json: res
   end
 
+  # GET /.well-known/keysend/:username
   def keysend
     http_status :not_found and return unless Setting.lndhub_keysend_enabled?
 
@@ -32,8 +41,9 @@ class LnurlpayController < ApplicationController
     }
   end
 
+  # GET /lnurlpay/:username/invoice
   def invoice
-    amount = params[:amount].to_i / 1000 # msats
+    amount = params[:amount].to_i / 1000 # msats to sats
     comment = params[:comment] || ""
     address = @user.address
 
@@ -42,53 +52,97 @@ class LnurlpayController < ApplicationController
       return
     end
 
-    if !valid_comment?(comment)
-      render json: { status: "ERROR", reason: "Comment too long" }
-      return
+    if params[:nostr].present?
+      handle_zap_request amount, params[:nostr], params[:lnurl]
+    else
+      handle_pay_request address, amount, comment
+    end
+  end
+
+  private
+
+    def check_service_available
+      http_status :not_found unless Setting.lndhub_enabled?
     end
 
-    memo = "To #{address}"
-    memo = "#{memo}: \"#{comment}\"" if comment.present?
+    def find_user
+      @user = User.where(cn: params[:username], ou: Setting.primary_domain).first
+      http_status :not_found if @user.nil?
+    end
 
-    payment_request = @user.ln_create_invoice({
-      amount: amount, # we create invoices in sats
-      memo: memo,
-      description_hash: Digest::SHA2.hexdigest(metadata(address)),
-    })
+    def metadata(address)
+      "[[\"text/identifier\", \"#{address}\"], [\"text/plain\", \"Send sats, receive thanks.\"]]"
+    end
 
-    render json: {
-      status: "OK",
-      successAction: {
-        tag: "message",
-        message: "Sats received. Thank you!"
-      },
-      routes: [],
-      pr: payment_request
-    }
-  end
+    def zap_metadata(event)
+      "[[\"application/json\", #{event.to_json}]]"
+    end
 
-  private
+    def valid_amount?(amount_in_sats)
+      amount_in_sats <= MAX_SATS && amount_in_sats >= MIN_SATS
+    end
 
-  def find_user
-    @user = User.where(cn: params[:username], ou: Setting.primary_domain).first
-    http_status :not_found if @user.nil?
-  end
+    def valid_comment?(comment)
+      comment.length <= MAX_COMMENT_CHARS
+    end
 
-  def metadata(address)
-    "[[\"text/identifier\", \"#{address}\"], [\"text/plain\", \"Send sats, receive thanks.\"]]"
-  end
+    def handle_pay_request(address, amount, comment)
+      if !valid_comment?(comment)
+        render json: { status: "ERROR", reason: "Comment too long" }
+        return
+      end
 
-  def valid_amount?(amount_in_sats)
-    amount_in_sats <= MAX_SATS && amount_in_sats >= MIN_SATS
-  end
+      memo = "To #{address}"
+      memo = "#{memo}: \"#{comment}\"" if comment.present?
 
-  def valid_comment?(comment)
-    comment.length <= MAX_COMMENT_CHARS
-  end
+      payment_request = @user.ln_create_invoice({
+        amount: amount, # sats
+        memo: memo,
+        description_hash: Digest::SHA2.hexdigest(metadata(address)),
+      })
 
-  private
+      render json: {
+        status: "OK",
+        successAction: {
+          tag: "message",
+          message: "Sats received. Thank you!"
+        },
+        routes: [],
+        pr: payment_request
+      }
+    end
 
-  def check_service_available
-    http_status :not_found unless Setting.lndhub_enabled?
-  end
+    def nostr_event_from_payload(nostr_param)
+      event_obj = JSON.parse(nostr_param).transform_keys(&:to_sym)
+      Nostr::Event.new(**event_obj)
+    rescue => e
+      return nil
+    end
+
+    def valid_zap_request?(amount, event, lnurl)
+      NostrManager::VerifyZapRequest.call(
+        amount: amount, event: event, lnurl: lnurl
+      )
+    end
+
+    def handle_zap_request(amount, nostr_param, lnurl_param)
+      event = nostr_event_from_payload(nostr_param)
+
+      unless event.present? && valid_zap_request?(amount*1000, event, lnurl_param)
+        render json: { status: "ERROR", reason: "Invalid zap request" }
+        return
+      end
+
+      # TODO
+      # raise zap_metadata(event).inspect
+
+      payment_request = @user.ln_create_invoice({
+        amount: amount, # sats
+        # TODO should be npub instead of address?
+        memo: "Zapped #{@user.address} on Nostr", # TODO include event ID if given
+        description_hash: Digest::SHA2.hexdigest(zap_metadata(event)),
+      })
+
+      render json: { status: "OK", pr: payment_request }
+    end
 end

app/controllers/services/chat_controller.rb

@@ -3,7 +3,7 @@ class Services::ChatController < Services::BaseController
   before_action :require_service_available
 
   def show
-    @service_enabled = current_user.services_enabled.include?(:xmpp)
+    @service_enabled = current_user.service_enabled?(:xmpp)
   end
 
   private

app/controllers/services/mastodon_controller.rb

@@ -3,7 +3,7 @@ class Services::MastodonController < Services::BaseController
   before_action :require_service_available
 
   def show
-    @service_enabled = current_user.services_enabled.include?(:mastodon)
+    @service_enabled = current_user.service_enabled?(:mastodon)
   end
 
   private

app/controllers/services/remotestorage_controller.rb

@@ -5,7 +5,7 @@ class Services::RemotestorageController < Services::BaseController
 
   # Dashboard
   def show
-    # unless current_user.services_enabled.include?(:remotestorage)
+    # unless current_user.service_enabled?(:remotestorage)
     #   redirect_to service_remotestorage_info_path
     # end
     @rs_auths = current_user.remote_storage_authorizations

app/controllers/webfinger_controller.rb

@@ -7,14 +7,15 @@ class WebfingerController < ApplicationController
     resource = params[:resource]
 
     if resource && @useraddress = resource.match(/acct:(.+)/)&.[](1)
-      @username, @org = @useraddress.split("@")
+      @username, @domain = @useraddress.split("@")
 
       unless Rails.env.development?
         # Allow different domains (e.g. localhost:3000) in development only
-        head 404 and return unless @org == Setting.primary_domain
+        head 404 and return unless @domain == Setting.primary_domain
       end
 
-      unless User.where(cn: @username.downcase, ou: Setting.primary_domain).any?
+      unless @user = User.where(ou: Setting.primary_domain)
+                         .find_by(cn: @username.downcase)
         head 404 and return
       end
 
@@ -28,12 +29,50 @@ class WebfingerController < ApplicationController
   private
 
   def webfinger
-    links = [];
+    jrd = {
+      subject: "acct:#{@user.address}",
+      aliases: [],
+      links: []
+    }
 
-    # TODO check if storage service is enabled for user, not just globally
-    links << remotestorage_link if Setting.remotestorage_enabled
+    if Setting.mastodon_enabled && @user.service_enabled?(:mastodon)
+      # https://docs.joinmastodon.org/spec/webfinger/
+      jrd[:aliases] += mastodon_aliases
+      jrd[:links] += mastodon_links
+    end
 
-    { "links" => links }
+    if Setting.remotestorage_enabled && @user.service_enabled?(:remotestorage)
+      # https://datatracker.ietf.org/doc/draft-dejong-remotestorage/
+      jrd[:links] << remotestorage_link
+    end
+
+    jrd
+  end
+
+  def mastodon_aliases
+    [
+      "#{Setting.mastodon_public_url}/@#{@user.cn}",
+      "#{Setting.mastodon_public_url}/users/#{@user.cn}"
+    ]
+  end
+
+  def mastodon_links
+    [
+      {
+        rel: "http://webfinger.net/rel/profile-page",
+        type: "text/html",
+        href: "#{Setting.mastodon_public_url}/@#{@user.cn}"
+      },
+      {
+        rel: "self",
+        type: "application/activity+json",
+        href: "#{Setting.mastodon_public_url}/users/#{@user.cn}"
+      },
+      {
+        rel: "http://ostatus.org/schema/1.0/subscribe",
+        template: "#{Setting.mastodon_public_url}/authorize_interaction?uri={uri}"
+      }
+    ]
   end
 
   def remotestorage_link
@@ -41,9 +80,9 @@ class WebfingerController < ApplicationController
     storage_url = "#{Setting.rs_storage_url}/#{@username}"
 
     {
-      "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
-      "href" => storage_url,
-      "properties" => {
+      rel: "http://tools.ietf.org/id/draft-dejong-remotestorage",
+      href: storage_url,
+      properties: {
         "http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
         "http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
         "http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter

app/jobs/xmpp_exchange_contacts_job.rb

@@ -2,8 +2,8 @@ class XmppExchangeContactsJob < ApplicationJob
   queue_as :default
 
   def perform(inviter, invitee)
-    return unless inviter.services_enabled.include?("xmpp") &&
-                  invitee.services_enabled.include?("xmpp") &&
+    return unless inviter.service_enabled?(:xmpp) &&
+                  invitee.service_enabled?(:xmpp) &&
                   inviter.preferences[:xmpp_exchange_contacts_with_invitees]
 
     ejabberd = EjabberdApiClient.new

app/models/setting.rb

@@ -162,6 +162,12 @@ class Setting < RailsSettings::Base
 
   field :nostr_enabled, type: :boolean, default: false
 
+  field :nostr_private_key, type: :string,
+    default: ENV["NOSTR_PRIVATE_KEY"].presence
+
+  field :nostr_public_key, type: :string,
+    default: ENV["NOSTR_PUBLIC_KEY"].presence
+
   #
   # OpenCollective
   #

app/models/user.rb

@@ -180,6 +180,10 @@ class User < ApplicationRecord
     ldap_entry[:services_enabled] || []
   end
 
+  def service_enabled?(name)
+    services_enabled.map(&:to_sym).include?(name.to_sym)
+  end
+
   def enable_service(service)
     current_services = services_enabled
     new_services = Array(service).map(&:to_s)

app/services/nostr_manager/publish_event.rb

@@ -0,0 +1,48 @@
+module NostrManager
+  class PublishEvent < NostrManagerService
+    def initialize(event: nil, relay: nil)
+      # @relay = relay
+      @relay = Nostr::Relay.new(url: 'ws://nostr-relay:7777', name: 'strfry')
+      keypair = Nostr::KeyPair.new(
+        private_key: Nostr::PrivateKey.new(Setting.nostr_private_key),
+        public_key: Nostr::PublicKey.new(Setting.nostr_public_key)
+      )
+      @user = Nostr::User.new(keypair: keypair)
+      @event = @user.create_event(
+        kind: Nostr::EventKind::TEXT_NOTE,
+        content: "The time is #{Time.now.strftime('%H:%M:%S')}"
+      )
+      @client = Nostr::Client.new
+    end
+
+    def call
+      client, relay, event = @client, @relay, @event
+
+      client.on :connect do
+        puts "Connected to #{relay.url}"
+        puts "Publishing #{event.id}..."
+        client.publish event
+      end
+
+      client.on :error do |e|
+        puts "Error: #{e}"
+        puts "Closing thread..."
+        Thread.exit
+      end
+
+      client.on :message do |m|
+        puts "Message: #{m}"
+        msg = JSON.parse(m) rescue []
+        if msg[0] == "OK" && msg[1] == event.id
+          puts "Event published. Closing thread..."
+        else
+          puts "Unexpected message from relay. Closing thread..."
+        end
+        Thread.exit
+      end
+
+      puts "Connecting to #{relay.url}..."
+      client.connect relay
+    end
+  end
+end

app/services/nostr_manager/verify_auth.rb

@@ -7,8 +7,9 @@ module NostrManager
     end
 
     def call
-      site_given      = @event.tags.find{|t| t[0] == "site"}[1]
-      challenge_given = @event.tags.find{|t| t[0] == "challenge"}[1]
+      tags            = parse_tags(@event.tags)
+      site_given      = tags[:site].first
+      challenge_given = tags[:challenge].first
 
       site_given == @site_expected &&
       challenge_given == @challenge_expected

app/services/nostr_manager/verify_zap_request.rb

@@ -0,0 +1,51 @@
+module NostrManager
+  class VerifyZapRequest < NostrManagerService
+    def initialize(amount:, event:, lnurl: nil)
+      @amount, @event, @lnurl = amount, event, lnurl
+    end
+
+    # https://github.com/nostr-protocol/nips/blob/27fef638e2460139cc9078427a0aec0ce4470517/57.md#appendix-d-lnurl-server-zap-request-validation
+    def call
+      tags = parse_tags(@event.tags)
+
+      @event.verify_signature &&
+      @event.kind == 9734 &&
+      tags.present? &&
+      valid_p_tag?(tags[:p]) &&
+      valid_e_tag?(tags[:e]) &&
+      valid_a_tag?(tags[:a]) &&
+      valid_amount_tag?(tags[:amount]) &&
+      valid_lnurl_tag?(tags[:lnurl])
+    end
+
+    def valid_p_tag?(tag)
+      return false unless tag.present? && tag.length == 1
+      key = Nostr::PublicKey.new(tag.first) rescue nil
+      key.present?
+    end
+
+    def valid_e_tag?(tag)
+      return true unless tag.present?
+      # TODO validate format of event ID properly
+      tag.length == 1 && tag.first.is_a?(String)
+    end
+
+    def valid_a_tag?(tag)
+      return true unless tag.present?
+      # TODO validate format of event coordinate properly
+      tag.length == 1 && tag.first.is_a?(String)
+    end
+
+    def valid_amount_tag?(tag)
+      return true unless tag.present?
+      amount = tag.first
+      amount.is_a?(String) && amount.to_i == @amount
+    end
+
+    def valid_lnurl_tag?(tag)
+      return true unless tag.present?
+      # TODO validate lnurl matching recipient's lnurlp
+      tag.first.is_a?(String)
+    end
+  end
+end

app/services/nostr_manager_service.rb

@@ -1,4 +1,11 @@
 require "nostr"
 
 class NostrManagerService < ApplicationService
+  def parse_tags(tags)
+    out = {}
+    tags.each do |tag|
+      out[tag[0].to_sym] = tag[1, tag.length]
+    end
+    out
+  end
 end

app/views/admin/settings/services/_nostr.html.erb

@@ -7,4 +7,17 @@
     title: "Enable Nostr integration (experimental)",
     description: "Allow adding nostr pubkeys and resolve user addresses via NIP-05"
   ) %>
+<% if Setting.nostr_enabled? %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :nostr_private_key,
+        type: :password,
+        title: "Private key",
+        description: "The private key of the accounts service, used when publishing events (e.g. zap receipts)"
+      ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :nostr_public_key,
+        title: "Public key",
+        description: "The corresponding public key of the accounts service"
+      ) %>
+<% end %>
 </ul>

docker-compose.yml

@@ -107,6 +107,17 @@ services:
       - minio
       - redis
 
+  nostr-relay:
+    image: pluja/strfry:latest
+    volumes:
+      - ./docker/strfry/strfry.conf:/etc/strfry.conf
+      - strfry-data:/app/strfry-db
+    networks:
+      - external_network
+      - internal_network
+    ports:
+      - "4777:7777"
+
   # phpldapadmin:
   #   image: osixia/phpldapadmin:0.9.0
   #   ports:
@@ -128,3 +139,5 @@ volumes:
     driver: local
   redis-data:
     driver: local
+  strfry-data:
+    driver: local

docker/strfry/strfry.conf

@@ -0,0 +1,138 @@
+##
+## Default strfry config
+##
+
+# Directory that contains the strfry LMDB database (restart required)
+db = "./strfry-db/"
+
+dbParams {
+    # Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required)
+    maxreaders = 256
+
+    # Size of mmap() to use when loading LMDB (default is 10TB, does *not* correspond to disk-space used) (restart required)
+    mapsize = 10995116277760
+
+    # Disables read-ahead when accessing the LMDB mapping. Reduces IO activity when DB size is larger than RAM. (restart required)
+    noReadAhead = false
+}
+
+events {
+    # Maximum size of normalised JSON, in bytes
+    maxEventSize = 65536
+
+    # Events newer than this will be rejected
+    rejectEventsNewerThanSeconds = 900
+
+    # Events older than this will be rejected
+    rejectEventsOlderThanSeconds = 94608000
+
+    # Ephemeral events older than this will be rejected
+    rejectEphemeralEventsOlderThanSeconds = 60
+
+    # Ephemeral events will be deleted from the DB when older than this
+    ephemeralEventsLifetimeSeconds = 300
+
+    # Maximum number of tags allowed
+    maxNumTags = 2000
+
+    # Maximum size for tag values, in bytes
+    maxTagValSize = 1024
+}
+
+relay {
+    # Interface to listen on. Use 0.0.0.0 to listen on all interfaces (restart required)
+    bind = "0.0.0.0"
+
+    # Port to open for the nostr websocket protocol (restart required)
+    port = 7777
+
+    # Set OS-limit on maximum number of open files/sockets (if 0, don't attempt to set) (restart required)
+    nofiles = 200000
+
+    # HTTP header that contains the client's real IP, before reverse proxying (ie x-real-ip) (MUST be all lower-case)
+    realIpHeader = ""
+
+    info {
+        # NIP-11: Name of this server. Short/descriptive (< 30 characters)
+        name = "akkounts-nostr-relay"
+
+        # NIP-11: Detailed information about relay, free-form
+        description = "Local strfry instance for akkounts development"
+
+        # NIP-11: Administrative nostr pubkey, for contact purposes
+        pubkey = ""
+
+        # NIP-11: Alternative administrative contact (email, website, etc)
+        contact = ""
+    }
+
+    # Maximum accepted incoming websocket frame size (should be larger than max event) (restart required)
+    maxWebsocketPayloadSize = 131072
+
+    # Websocket-level PING message frequency (should be less than any reverse proxy idle timeouts) (restart required)
+    autoPingSeconds = 55
+
+    # If TCP keep-alive should be enabled (detect dropped connections to upstream reverse proxy)
+    enableTcpKeepalive = false
+
+    # How much uninterrupted CPU time a REQ query should get during its DB scan
+    queryTimesliceBudgetMicroseconds = 10000
+
+    # Maximum records that can be returned per filter
+    maxFilterLimit = 500
+
+    # Maximum number of subscriptions (concurrent REQs) a connection can have open at any time
+    maxSubsPerConnection = 20
+
+    writePolicy {
+        # If non-empty, path to an executable script that implements the writePolicy plugin logic
+        plugin = ""
+    }
+
+    compression {
+        # Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required)
+        enabled = true
+
+        # Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required)
+        slidingWindow = true
+    }
+
+    logging {
+        # Dump all incoming messages
+        dumpInAll = true
+
+        # Dump all incoming EVENT messages
+        dumpInEvents = false
+
+        # Dump all incoming REQ/CLOSE messages
+        dumpInReqs = false
+
+        # Log performance metrics for initial REQ database scans
+        dbScanPerf = true
+
+        # Log reason for invalid event rejection? Can be disabled to silence excessive logging
+        invalidEvents = true
+    }
+
+    numThreads {
+        # Ingester threads: route incoming requests, validate events/sigs (restart required)
+        ingester = 3
+
+        # reqWorker threads: Handle initial DB scan for events (restart required)
+        reqWorker = 3
+
+        # reqMonitor threads: Handle filtering of new events (restart required)
+        reqMonitor = 3
+
+        # negentropy threads: Handle negentropy protocol messages (restart required)
+        negentropy = 2
+    }
+
+    negentropy {
+        # Support negentropy protocol messages
+        enabled = true
+
+        # Maximum records that sync will process before returning an error
+        maxSyncEvents = 1000000
+    }
+}

spec/fixtures/nostr/zap_request_event.json

@@ -0,0 +1,22 @@
+{
+  "kind": 9734,
+  "created_at": 1712066899,
+  "content": "",
+  "tags": [
+    ["p", "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"],
+    ["amount", "21000"],
+    [
+      "relays",
+      "wss://relay.primal.net",
+      "wss://relay.snort.social",
+      "wss://nostr.wine",
+      "wss://relay.damus.io",
+      "wss://eden.nostr.land",
+      "wss://atlas.nostr.land",
+      "wss://nostr.bitcoiner.social",
+      "wss://relay.mostr.pub",
+      "wss://relay.mostr.pub/",
+      "wss://nostr-01.bolt.observer"
+    ]
+  ]
+}

spec/models/user_spec.rb

@@ -16,6 +16,10 @@ RSpec.describe User, type: :model do
     let(:user) { build :user, cn: "jimmy", ou: "kosmos.org" }
 
     context "Mastodon service not configured" do
+      before do
+        Setting.mastodon_enabled = false
+      end
+
       it "returns nil" do
         expect(user.mastodon_address).to be_nil
       end
@@ -80,6 +84,25 @@ RSpec.describe User, type: :model do
     end
   end
 
+  describe "#service_enabled?" do
+    before do
+      allow(user).to receive(:ldap_entry).and_return({
+        uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
+        services_enabled: ["gitea", "xmpp"]
+      })
+    end
+
+    it "returns true or false" do
+      expect(user.service_enabled?("gitea")).to be(true)
+      expect(user.service_enabled?("email")).to be(false)
+    end
+
+    it "returns false when service is not enabled" do
+      expect(user.service_enabled?(:gitea)).to be(true)
+      expect(user.service_enabled?(:email)).to be(false)
+    end
+  end
+
   describe "#enable_service" do
     before do
       allow(user).to receive(:ldap_entry).and_return({

spec/requests/lnurlpay_spec.rb

@@ -1,9 +1,8 @@
 require 'rails_helper'
 
 RSpec.describe "/lnurlpay", type: :request do
-
   context "Non-existent user" do
-    describe "GET /.well-known/lnurlpay/:username" do
+    describe "GET /.well-known/lnurlp/:username" do
       it "returns a 404" do
         get lightning_address_path(username: "csw")
         expect(response).to have_http_status(:not_found)
@@ -32,7 +31,7 @@ RSpec.describe "/lnurlpay", type: :request do
       login_as user, :scope => :user
     end
 
-    describe "GET /.well-known/lnurlpay/:username" do
+    describe "GET /.well-known/lnurlp/:username" do
       it "returns a formatted Lightning Address response" do
         get lightning_address_path(username: "satoshi")
 
@@ -67,29 +66,83 @@ RSpec.describe "/lnurlpay", type: :request do
         expect(res["pr"]).to eq("lnbc50u1p3lwgknpp52g78gqya5euvzjc53fc6hkmlm2rfjhcd305tcmc0g9gaestav48sdq4gdhkven9v5sx6mmwv4ujzcqzpgxqyz5vqsp5skkz4jlqr6tkvv2g9739ygrjupc4rkqd94mc7dfpj3pgx3f6w7qs9qyyssq7mf3fzcuxlmkr9nqatcch3u8uf4gjyawe052tejz8e9fqxu4pncqk3qklt8g6ylpshg09xyjquyrgtc72vcw5cp0dzcf406apyua7dgpnfn7an")
       end
 
-      context "amount too low" do
+      describe "amount too low" do
         it "returns an error" do
           get lnurlpay_invoice_path(username: "satoshi", params: {
             amount: 5000, comment: "Coffee time!"
           })
+
           expect(response).to have_http_status(:ok)
+
           res = JSON.parse(response.body)
           expect(res["status"]).to eq('ERROR')
           expect(res["reason"]).to eq('Invalid amount')
         end
       end
 
-      context "comment too long" do
+      describe "comment too long" do
         it "returns an error" do
           get lnurlpay_invoice_path(username: "satoshi", params: {
             amount: 5000000, comment: "Coffee time is the best time, so here's some money for you to get some. May I suggest to sample some Pacamara beans from El Salvador?"
           })
+
           expect(response).to have_http_status(:ok)
+
           res = JSON.parse(response.body)
           expect(res["status"]).to eq('ERROR')
           expect(res["reason"]).to eq('Comment too long')
         end
       end
+
+      context "zap request" do
+        describe "with invalid request event" do
+          it "returns an error" do
+            get lnurlpay_invoice_path(username: "satoshi", params: {
+              amount: 2100000, nostr: { foo: "bar" }.to_json
+            })
+
+            res = JSON.parse(response.body)
+            expect(res["status"]).to eq('ERROR')
+            expect(res["reason"]).to eq('Invalid zap request')
+          end
+        end
+
+        describe "with valid request event" do
+          let(:event) {
+            {
+              id: "3cf02d7f0ccd9711c25098fc50b3a7ab880326e4e51cc8c7a7b59f147cff4fff",
+              pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+              created_at: 1712487443,
+              kind: 9734,
+              tags: [
+                ["relays", "wss://nostr.kosmos.org", "wss://relay.example.com"],
+                ["p", "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"]],
+              content: "",
+              sig: "e9e9bb2bac4267a107ab5c3368f504b4f11b8e3b5ae875a1d63c74d6934138d2521dc35815b6f534fc5d803cbf633736d871886368bb8f92c4ad3837a68a06f2"
+            }
+          }
+
+          it "returns an invoice" do
+            expect_any_instance_of(User).to receive(:ln_create_invoice)
+              .with(
+                amount: 2100,
+                memo: "Zapped satoshi@kosmos.org on Nostr",
+                description_hash: "540279cd9da15279c8299d6d9ff1ab2a79eb259ee218adf3de393e1abe723077"
+            )
+              .and_return("lnbc50u1p3lwgknpp52g78gqya5euvzjc53fc6hkmlm2rfjhcd305tcmc0g9gaestav48sdq4gdhkven9v5sx6mmwv4ujzcqzpgxqyz5vqsp5skkz4jlqr6tkvv2g9739ygrjupc4rkqd94mc7dfpj3pgx3f6w7qs9qyyssq7mf3fzcuxlmkr9nqatcch3u8uf4gjyawe052tejz8e9fqxu4pncqk3qklt8g6ylpshg09xyjquyrgtc72vcw5cp0dzcf406apyua7dgpnfn7an")
+
+            get lnurlpay_invoice_path(username: "satoshi", params: {
+              amount: 2100000, nostr: event.to_json
+            })
+
+            expect(response).to have_http_status(:ok)
+
+            res = JSON.parse(response.body)
+            expect(res["status"]).to eq('OK')
+            expect(res["pr"]).to match(/^lnbc/)
+          end
+        end
+      end
     end
 
     describe "GET /.well-known/keysend/:username/" do

spec/requests/webfinger_spec.rb

@@ -1,13 +1,87 @@
 require 'rails_helper'
 
 RSpec.describe "WebFinger", type: :request do
-  describe "remoteStorage link relation" do
-    context "user exists" do
-      before do
-        create :user, cn: 'tony', ou: 'kosmos.org'
+  describe "User does not exist" do
+    it "returns a 404 status" do
+      get "/.well-known/webfinger?resource=acct%3Ajane.doe%40kosmos.org"
+      expect(response).to have_http_status(:not_found)
+    end
+  end
+
+  context "User exists" do
+    let(:user) { create :user, cn: 'tony', ou: 'kosmos.org' }
+
+    before do
+      allow_any_instance_of(User).to receive(:ldap_entry).and_return({
+        uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
+        services_enabled: ["mastodon", "remotestorage"]
+      })
+    end
+
+    describe "Mastodon entries" do
+      context "Mastodon available" do
+        it "includes the Mastodon aliases and links for the user" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+
+          expect(res["aliases"]).to include("http://example.social/@tony")
+          expect(res["aliases"]).to include("http://example.social/users/tony")
+
+          profile_link = res["links"].find{|l| l["rel"] == "http://webfinger.net/rel/profile-page"}
+          self_link    = res["links"].find{|l| l["rel"] == "self"}
+          ostatus_link = res["links"].find{|l| l["rel"] == "http://ostatus.org/schema/1.0/subscribe"}
+          expect(profile_link["type"]).to eql("text/html")
+          expect(profile_link["href"]).to eql("http://example.social/@tony")
+          expect(self_link["type"]).to eql("application/activity+json")
+          expect(self_link["href"]).to eql("http://example.social/users/tony")
+          expect(ostatus_link["template"]).to eql("http://example.social/authorize_interaction?uri={uri}")
+        end
       end
 
-      context "remoteStorage enabled globally" do
+      context "Mastodon not enabled for user" do
+        before do
+          allow_any_instance_of(User).to receive(:ldap_entry).and_return({
+            uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
+            services_enabled: ["xmpp"]
+          })
+        end
+
+        it "does not include Mastodon aliases or links" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+          expect(res["aliases"]).not_to include("http://example.social/@tony")
+          expect(res["aliases"]).not_to include("http://example.social/users/tony")
+          expect(res["links"].find{|l| l["rel"] == "http://webfinger.net/rel/profile-page"}).to be(nil)
+          expect(res["links"].find{|l| l["rel"] == "self"}).to be(nil)
+          expect(res["links"].find{|l| l["rel"] == "http://ostatus.org/schema/1.0/subscribe"}).to be(nil)
+        end
+      end
+
+      context "Mastodon not available" do
+        before do
+          Setting.mastodon_enabled = false
+        end
+
+        it "does not include Mastodon aliases or links" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+          expect(res["aliases"]).not_to include("http://example.social/@tony")
+          expect(res["aliases"]).not_to include("http://example.social/users/tony")
+          expect(res["links"].find{|l| l["rel"] == "http://webfinger.net/rel/profile-page"}).to be(nil)
+          expect(res["links"].find{|l| l["rel"] == "self"}).to be(nil)
+          expect(res["links"].find{|l| l["rel"] == "http://ostatus.org/schema/1.0/subscribe"}).to be(nil)
+        end
+      end
+    end
+
+    describe "remoteStorage entries" do
+      context "remoteStorage available" do
         it "includes the remoteStorage link for the user" do
           get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
           expect(response).to have_http_status(:ok)
@@ -22,6 +96,25 @@ RSpec.describe "WebFinger", type: :request do
         end
       end
 
+      context "remoteStorage not enabled for user" do
+        before do
+          allow_any_instance_of(User).to receive(:ldap_entry).and_return({
+            uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
+            services_enabled: ["xmpp"]
+          })
+        end
+
+        it "does not include the remoteStorage link" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+          rs_link = res["links"].find {|l| l["rel"] == "http://tools.ietf.org/id/draft-dejong-remotestorage"}
+
+          expect(rs_link).to be_nil
+        end
+      end
+
       context "remoteStorage not available" do
         before do
           Setting.remotestorage_enabled = false
@@ -38,12 +131,5 @@ RSpec.describe "WebFinger", type: :request do
         end
       end
     end
-
-    context "user does not exist" do
-      it "does return a 404 status" do
-        get "/.well-known/webfinger?resource=acct%3Ajane.doe%40kosmos.org"
-        expect(response).to have_http_status(:not_found)
-      end
-    end
   end
 end

spec/services/nostr_manager/verify_zap_request_spec.rb

@@ -0,0 +1,206 @@
+require 'rails_helper'
+
+RSpec.describe NostrManager::VerifyZapRequest, type: :model do
+  describe "Signature invalid" do
+    let(:event) {
+      Nostr::Event.new(
+        id: "3cf02d7f0ccd9711c25098fc50b3a7ab880326e4e51cc8c7a7b59f147cff4fff",
+        pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+        created_at: 1712487443,
+        kind: 9734,
+        tags: [
+          ["relays", "wss://nostr.kosmos.org", "wss://relay.example.com"],
+          ["p", "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"]],
+        content: "",
+        sig: "1234562bac4267a107ab5c3368f504b4f11b8e3b5ae875a1d63c74d6934138d2521dc35815b6f534fc5d803cbf633736d871886368bb8f92c4ad3837a68a06f2"
+      )
+    }
+
+    subject {
+      NostrManager::VerifyZapRequest.call(amount: 100000, event: event, lnurl: nil)
+    }
+
+    it "returns false" do
+      expect(subject).to be(false)
+    end
+  end
+
+  describe "p tag missing" do
+    let(:event) {
+      Nostr::Event.new(
+        id: "eb53c5e728b625831e318c7ab09373502dd4a41ed11c17f80f32fd1c3fe1252b",
+        pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+        created_at: 1712580669,
+        kind: 9734,
+        tags: [["relays", "wss://nostr.kosmos.org","wss://relay.example.com"]],
+        content: "",
+        sig: "8e22dcb3e91d080c9549ea0808b018194cc352dde3056a4911796d6f0239de7e1955f287c7e6769909e59ab0ffa09e307178c32128dc451823fb00102ed7e80a"
+      )
+    }
+
+    subject {
+      NostrManager::VerifyZapRequest.call(amount: 100000, event: event, lnurl: nil)
+    }
+
+    it "returns false" do
+      expect(subject).to be(false)
+    end
+  end
+
+  describe "p tag not a valid pubkey" do
+    let(:event) {
+      Nostr::Event.new(
+        id: "f2c23f038cf4d0307147d40ddceb87e34ee94acf632f5a67217a55a0b41c5d95",
+        pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+        created_at: 1712581702,
+        kind: 9734,
+        tags: [
+          ["relays", "wss://nostr.kosmos.org","wss://relay.example.com"],
+          ["p","123456abcdef"]
+        ],
+        content: "",
+        sig: "b33e6b231273d38629f5efb86325ce3b4e02a7d84dfa1f37167ca2de8392cea654ae34000fc365ddfc6e21dc8ce2365fcb000ccb9064fbbcd54c7ea4a943955b"
+      )
+    }
+
+    subject {
+      NostrManager::VerifyZapRequest.call(amount: 100000, event: event, lnurl: nil)
+    }
+
+    it "returns false" do
+      expect(subject).to be(false)
+    end
+  end
+
+  describe "Minimum valid request" do
+    let(:event) {
+      Nostr::Event.new(
+        id: "3cf02d7f0ccd9711c25098fc50b3a7ab880326e4e51cc8c7a7b59f147cff4fff",
+        pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+        created_at: 1712487443,
+        kind: 9734,
+        tags: [
+          ["relays", "wss://nostr.kosmos.org", "wss://relay.example.com"],
+          ["p", "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"]],
+        content: "",
+        sig: "e9e9bb2bac4267a107ab5c3368f504b4f11b8e3b5ae875a1d63c74d6934138d2521dc35815b6f534fc5d803cbf633736d871886368bb8f92c4ad3837a68a06f2"
+      )
+    }
+
+    subject {
+      NostrManager::VerifyZapRequest.call(amount: 100000, event: event, lnurl: nil)
+    }
+
+    it "returns true" do
+      expect(subject).to be(true)
+    end
+  end
+
+  describe "Optional amount property" do
+    describe "does not match given amount" do
+      let(:event) {
+        Nostr::Event.new(
+          id: "be3d3ba15a257546f6fbba849d4717641fd4ea9f21ae6e9278a045f31d212c5e",
+          pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+          created_at: 1712579812,
+          kind: 9734,
+          tags: [
+            ["relays", "wss://nostr.kosmos.org","wss://relay.example.com"],
+            ["p", "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"],
+            ["amount", "21000"]
+          ],
+          content: "",
+          sig: "2ca9cfd0fdaf43dd8a50ab586e83da4bd9d592def8ed198536f5e3e7aad3537818687e42d98eb61d60e33dbd848c1eecf72b68fd98376bbabdab7e029e810869"
+        )
+      }
+
+      subject {
+        NostrManager::VerifyZapRequest.call(amount: 100000, event: event, lnurl: nil)
+      }
+
+      it "returns false" do
+        expect(subject).to be(false)
+      end
+    end
+
+    describe "matches given amount" do
+      let(:event) {
+        Nostr::Event.new(
+          id: "be3d3ba15a257546f6fbba849d4717641fd4ea9f21ae6e9278a045f31d212c5e",
+          pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+          created_at: 1712579812,
+          kind: 9734,
+          tags: [
+            ["relays", "wss://nostr.kosmos.org","wss://relay.example.com"],
+            ["p", "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"],
+            ["amount", "21000"]
+          ],
+          content: "",
+          sig: "2ca9cfd0fdaf43dd8a50ab586e83da4bd9d592def8ed198536f5e3e7aad3537818687e42d98eb61d60e33dbd848c1eecf72b68fd98376bbabdab7e029e810869"
+        )
+      }
+
+      subject {
+        NostrManager::VerifyZapRequest.call(amount: 21000, event: event, lnurl: nil)
+      }
+
+      it "returns true" do
+        expect(subject).to be(true)
+      end
+    end
+  end
+
+  describe "Optional amount property" do
+    describe "does not match given amount" do
+      let(:event) {
+        Nostr::Event.new(
+          id: "be3d3ba15a257546f6fbba849d4717641fd4ea9f21ae6e9278a045f31d212c5e",
+          pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+          created_at: 1712579812,
+          kind: 9734,
+          tags: [
+            ["relays", "wss://nostr.kosmos.org","wss://relay.example.com"],
+            ["p", "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"],
+            ["amount", "21000"]
+          ],
+          content: "",
+          sig: "2ca9cfd0fdaf43dd8a50ab586e83da4bd9d592def8ed198536f5e3e7aad3537818687e42d98eb61d60e33dbd848c1eecf72b68fd98376bbabdab7e029e810869"
+        )
+      }
+
+      subject {
+        NostrManager::VerifyZapRequest.call(amount: 100000, event: event, lnurl: nil)
+      }
+
+      it "returns false" do
+        expect(subject).to be(false)
+      end
+    end
+
+    describe "matches given amount" do
+      let(:event) {
+        Nostr::Event.new(
+          id: "be3d3ba15a257546f6fbba849d4717641fd4ea9f21ae6e9278a045f31d212c5e",
+          pubkey: "730b43e6f62c2ab22710b046e481802c8ac1108ed2cb9c21dff808d57ba24b6c",
+          created_at: 1712579812,
+          kind: 9734,
+          tags: [
+            ["relays", "wss://nostr.kosmos.org","wss://relay.example.com"],
+            ["p", "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3"],
+            ["amount", "21000"]
+          ],
+          content: "",
+          sig: "2ca9cfd0fdaf43dd8a50ab586e83da4bd9d592def8ed198536f5e3e7aad3537818687e42d98eb61d60e33dbd848c1eecf72b68fd98376bbabdab7e029e810869"
+        )
+      }
+
+      subject {
+        NostrManager::VerifyZapRequest.call(amount: 21000, event: event, lnurl: nil)
+      }
+
+      it "returns true" do
+        expect(subject).to be(true)
+      end
+    end
+  end
+end