Merge pull request 'Update nostr gem, switch to Ruby for bech32 encoding' (#155) from chore/bech32_handling into master

Reviewed-on: #155

.drone.yml

@@ -12,14 +12,16 @@ steps:
     settings:
       restore: true
       mount:
-      - ./vendor
+      - ./vendor/cache
     when:
       branch:
         - master
   - name: rspec
-    image: guildeducation/rails:2.7.2-14.20.0
+    image: gitea.kosmos.org/kosmos/akkounts-ci:0.1.0
     environment:
       RAILS_ENV: test
+      REDIS_URL: redis://redis:6379/0
+      RS_REDIS_URL: redis://redis:6379/1
     commands:
       - bundle config unset deployment
       - bundle config set cache_all 'true'
@@ -37,11 +39,15 @@ steps:
     settings:
       rebuild: true
       mount:
-      - ./vendor
+      - ./vendor/cache
     when:
       branch:
         - master
 
+services:
+  - name: redis
+    image: redis
+
 volumes:
   - name: cache
     host:

.env.example

@@ -1,3 +1,4 @@
+PRIMARY_DOMAIN=kosmos.org
 AKKOUNTS_DOMAIN=accounts.example.com
 
 SMTP_SERVER=smtp.example.com
@@ -9,27 +10,40 @@ SMTP_DOMAIN=example.com
 SMTP_AUTH_METHOD=plain
 SMTP_ENABLE_STARTTLS=auto
 
-REDIS_URL='redis://localhost:6379/1'
+# S3_ENABLED=true
+# S3_ENDPOINT=https://s3.kosmos.org
+# S3_REGION=garage
+# S3_BUCKET=akkounts-production
+# S3_ALIAS_HOST=accounts.s3.kosmos.org
+# S3_ACCESS_KEY=123456abcdefg
+# S3_SECRET_KEY=123456789123456789123456789
 
 LDAP_HOST=localhost
 LDAP_PORT=389
 LDAP_ADMIN_PASSWORD=passthebutter
 LDAP_SUFFIX='dc=kosmos,dc=org'
 
+REDIS_URL='redis://localhost:6379/1'
+
 WEBHOOKS_ALLOWED_IPS='10.1.1.163'
 
 DISCOURSE_PUBLIC_URL='https://community.kosmos.org'
 DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 
+DRONECI_PUBLIC_URL='https://drone.kosmos.org'
+
 GITEA_PUBLIC_URL='https://gitea.kosmos.org'
 MASTODON_PUBLIC_URL='https://kosmos.social'
 MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
 RS_STORAGE_URL='https://storage.kosmos.org'
+RS_REDIS_URL='redis://localhost:6379/2'
 
 EJABBERD_ADMIN_URL='https://xmpp.kosmos.org/admin'
 EJABBERD_API_URL='https://xmpp.kosmos.org/api'
 
 BTCPAY_API_URL='http://localhost:23001/api/v1'
+BTCPAY_STORE_ID=''
+BTCPAY_AUTH_TOKEN=''
 
 LNDHUB_API_URL='http://localhost:3023'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'

.env.test

@@ -1,14 +1,20 @@
+PRIMARY_DOMAIN=kosmos.org
+
+REDIS_URL='redis://localhost:6379/0'
+
+BTCPAY_API_URL='http://btcpay.example.com/api/v1'
+BTCPAY_STORE_ID='123456'
+
 DISCOURSE_PUBLIC_URL='http://discourse.example.com'
 DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 
 EJABBERD_API_URL='http://xmpp.example.com/api'
 
-BTCPAY_API_URL='http://btcpay.example.com/api/v1'
-
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
 
 RS_STORAGE_URL='https://storage.kosmos.org'
+RS_REDIS_URL='redis://localhost:6379/1'
 
 WEBHOOKS_ALLOWED_IPS='10.1.1.23'

.gitea/release-drafter.yml

@@ -7,6 +7,7 @@ version-resolver:
   minor:
     labels:
       - 'release/minor'
+      - 'feature'
   patch:
     labels:
       - 'release/patch'

.gitignore

@@ -23,6 +23,7 @@
 !/tmp/pids/
 !/tmp/pids/.keep
 
+/storage
 
 /public/assets
 .byebug_history
@@ -39,6 +40,7 @@ yarn-debug.log*
 
 # Ignore local dotenv config file
 .env
+.env.development
 
 # Ignore redis dumps from sidekiq
 dump.rdb

Dockerfile

@@ -4,14 +4,14 @@ FROM ruby:2.7.6
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
-      ldap-utils tini
+      ldap-utils tini libvips
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
 RUN apt-get update && apt-get install -y nodejs
 
 WORKDIR /akkounts
-COPY Gemfile /akkounts/Gemfile
-COPY Gemfile.lock /akkounts/Gemfile.lock
-COPY package.json /akkounts/package.json
+
+COPY ["Gemfile", "Gemfile.lock", "package.json", "./"]
+
 RUN bundle install
 RUN gem install foreman
 RUN npm install -g yarn

Gemfile

@@ -37,6 +37,7 @@ gem 'devise_ldap_authenticatable'
 gem 'net-ldap'
 
 # Utilities
+gem "image_processing", "~> 1.12.2"
 gem "rqrcode", "~> 2.0"
 gem 'rails-settings-cached', '~> 2.8.3'
 gem 'pagy', '~> 6.0', '>= 6.0.2'
@@ -46,22 +47,28 @@ gem 'flipper-ui'
 
 # HTTP requests
 gem 'faraday'
+gem 'down'
+gem 'aws-sdk-s3', require: false
 
 # Background/scheduled jobs
 gem 'sidekiq', '< 7'
 gem 'sidekiq-scheduler'
 
-# Service integrations
-gem 'discourse_api'
-
 # Monitoring
 gem "sentry-ruby"
 gem "sentry-rails"
 
+# Services
+gem 'discourse_api'
+gem "lnurl"
+gem 'manifique', git: 'https://gitea.kosmos.org/5apps/manifique.git', branch: 'master'
+gem 'nostr', git: 'https://gitea.kosmos.org/kosmos/nostr-gem.git', ref: 'd59f31a'
+
 group :development, :test do
   # Use sqlite3 as the database for Active Record
   gem 'sqlite3', '~> 1.4'
   gem 'rspec-rails'
+  gem 'rails-controller-testing'
   gem "byebug", "~> 11.1"
 end
 

Gemfile.lock

@@ -1,81 +1,126 @@
+GIT
+  remote: https://gitea.kosmos.org/5apps/manifique.git
+  revision: 8d79113438ee7c3e4288f840a135622519cffd5c
+  branch: master
+  specs:
+    manifique (0.1.0)
+      faraday (~> 2.7.11)
+      faraday-follow_redirects (= 0.3.0)
+      nokogiri (~> 1.15.4)
+
+GIT
+  remote: https://gitea.kosmos.org/kosmos/nostr-gem.git
+  revision: d59f31a3c63c7642fe2d3eb50b785da54fdabfab
+  ref: d59f31a
+  specs:
+    nostr (0.5.0)
+      bech32 (~> 1.4)
+      bip-schnorr (~> 0.6)
+      ecdsa (~> 1.2)
+      event_emitter (~> 0.2)
+      faye-websocket (~> 0.11)
+      json (~> 2.6)
+
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
+    actioncable (7.0.8)
+      actionpack (= 7.0.8)
+      activesupport (= 7.0.8)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.4)
-      actionpack (= 7.0.4)
-      activejob (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
+    actionmailbox (7.0.8)
+      actionpack (= 7.0.8)
+      activejob (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.4)
-      actionpack (= 7.0.4)
-      actionview (= 7.0.4)
-      activejob (= 7.0.4)
-      activesupport (= 7.0.4)
+    actionmailer (7.0.8)
+      actionpack (= 7.0.8)
+      actionview (= 7.0.8)
+      activejob (= 7.0.8)
+      activesupport (= 7.0.8)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.4)
-      actionview (= 7.0.4)
-      activesupport (= 7.0.4)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.0.8)
+      actionview (= 7.0.8)
+      activesupport (= 7.0.8)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.4)
-      actionpack (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
+    actiontext (7.0.8)
+      actionpack (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.4)
-      activesupport (= 7.0.4)
+    actionview (7.0.8)
+      activesupport (= 7.0.8)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.4)
-      activesupport (= 7.0.4)
+    activejob (7.0.8)
+      activesupport (= 7.0.8)
       globalid (>= 0.3.6)
-    activemodel (7.0.4)
-      activesupport (= 7.0.4)
-    activerecord (7.0.4)
-      activemodel (= 7.0.4)
-      activesupport (= 7.0.4)
-    activestorage (7.0.4)
-      actionpack (= 7.0.4)
-      activejob (= 7.0.4)
-      activerecord (= 7.0.4)
-      activesupport (= 7.0.4)
+    activemodel (7.0.8)
+      activesupport (= 7.0.8)
+    activerecord (7.0.8)
+      activemodel (= 7.0.8)
+      activesupport (= 7.0.8)
+    activestorage (7.0.8)
+      actionpack (= 7.0.8)
+      activejob (= 7.0.8)
+      activerecord (= 7.0.8)
+      activesupport (= 7.0.8)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.4)
+    activesupport (7.0.8)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    addressable (2.8.1)
+    addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
+    aws-eventstream (1.2.0)
+    aws-partitions (1.839.0)
+    aws-sdk-core (3.185.1)
+      aws-eventstream (~> 1, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.651.0)
+      aws-sigv4 (~> 1.5)
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-kms (1.72.0)
+      aws-sdk-core (~> 3, >= 3.184.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-s3 (1.136.0)
+      aws-sdk-core (~> 3, >= 3.181.0)
+      aws-sdk-kms (~> 1)
+      aws-sigv4 (~> 1.6)
+    aws-sigv4 (1.6.0)
+      aws-eventstream (~> 1, >= 1.0.2)
     backport (1.2.0)
-    bcrypt (3.1.18)
+    base64 (0.1.1)
+    bcrypt (3.1.19)
+    bech32 (1.4.2)
+      thor (>= 1.1.0)
     benchmark (0.2.1)
     bindex (0.8.1)
+    bip-schnorr (0.7.0)
+      ecdsa_ext (~> 0.5.0)
+    brow (0.4.1)
     builder (3.2.4)
     byebug (11.1.3)
-    capybara (3.38.0)
+    capybara (3.39.2)
       addressable
       matrix
       mini_mime (>= 0.1.3)
@@ -85,20 +130,21 @@ GEM
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     chunky_png (1.4.0)
-    concurrent-ruby (1.1.10)
-    connection_pool (2.3.0)
+    concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
     crack (0.4.5)
       rexml
     crass (1.0.6)
-    cssbundling-rails (1.1.1)
+    cssbundling-rails (1.3.3)
       railties (>= 6.0.0)
-    database_cleaner (2.0.1)
-      database_cleaner-active_record (~> 2.0.0)
-    database_cleaner-active_record (2.0.1)
+    database_cleaner (2.0.2)
+      database_cleaner-active_record (>= 2, < 3)
+    database_cleaner-active_record (2.1.0)
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    devise (4.9.0)
+    date (3.3.3)
+    devise (4.9.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -108,7 +154,7 @@ GEM
       devise (>= 3.4.1)
       net-ldap (>= 0.16.0)
     diff-lcs (1.5.0)
-    discourse_api (2.0.0)
+    discourse_api (2.0.1)
       faraday (~> 2.7)
       faraday-follow_redirects
       faraday-multipart
@@ -117,18 +163,26 @@ GEM
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
       railties (>= 3.2)
+    down (5.4.1)
+      addressable (~> 2.8)
     e2mmap (0.1.0)
-    erubi (1.11.0)
+    ecdsa (1.2.0)
+    ecdsa_ext (0.5.0)
+      ecdsa (~> 1.2.0)
+    erubi (1.12.0)
     et-orbi (1.2.7)
       tzinfo
+    event_emitter (0.2.6)
+    eventmachine (1.2.7)
     factory_bot (6.2.1)
       activesupport (>= 5.0.0)
     factory_bot_rails (6.2.0)
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    faker (3.0.0)
+    faker (3.2.1)
       i18n (>= 1.8.11, < 2)
-    faraday (2.7.1)
+    faraday (2.7.11)
+      base64
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-follow_redirects (0.3.0)
@@ -136,40 +190,49 @@ GEM
     faraday-multipart (1.0.4)
       multipart-post (~> 2)
     faraday-net_http (3.0.2)
-    ffi (1.15.5)
-    flipper (0.28.0)
+    faye-websocket (0.11.3)
+      eventmachine (>= 0.12.0)
+      websocket-driver (>= 0.5.1)
+    ffi (1.16.3)
+    flipper (1.0.0)
+      brow (~> 0.4.1)
       concurrent-ruby (< 2)
-    flipper-active_record (0.28.0)
+    flipper-active_record (1.0.0)
       activerecord (>= 4.2, < 8)
-      flipper (~> 0.28.0)
-    flipper-ui (0.28.0)
+      flipper (~> 1.0.0)
+    flipper-ui (1.0.0)
       erubi (>= 1.0.0, < 2.0.0)
-      flipper (~> 0.28.0)
-      rack (>= 1.4, < 3)
+      flipper (~> 1.0.0)
+      rack (>= 1.4, < 4)
       rack-protection (>= 1.5.3, <= 4.0.0)
       sanitize (< 7)
-    fugit (1.7.2)
+    fugit (1.8.1)
       et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
-    globalid (1.0.0)
-      activesupport (>= 5.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
     hashdiff (1.0.1)
-    i18n (1.12.0)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    importmap-rails (1.1.5)
+    image_processing (1.12.2)
+      mini_magick (>= 4.9.5, < 5)
+      ruby-vips (>= 2.0.17, < 3)
+    importmap-rails (1.2.1)
       actionpack (>= 6.0.0)
       railties (>= 6.0.0)
-    jaro_winkler (1.5.4)
+    jaro_winkler (1.5.6)
     jbuilder (2.11.5)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
+    jmespath (1.6.2)
     json (2.6.3)
     kramdown (2.4.0)
       rexml
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
-    launchy (2.5.0)
-      addressable (~> 2.7)
+    language_server-protocol (3.17.0.3)
+    launchy (2.5.2)
+      addressable (~> 2.8)
     letter_opener (1.8.1)
       launchy (>= 2.2, < 3)
     letter_opener_web (2.0.0)
@@ -177,78 +240,94 @@ GEM
       letter_opener (~> 1.7)
       railties (>= 5.2)
       rexml
-    listen (3.7.1)
+    listen (3.8.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    lockbox (1.1.0)
-    loofah (2.19.0)
+    lnurl (1.1.0)
+      bech32 (~> 1.1)
+    lockbox (1.3.0)
+    loofah (2.21.4)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
+      nokogiri (>= 1.12.0)
+    mail (2.8.1)
       mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
     marcel (1.0.2)
     matrix (0.4.2)
     method_source (1.0.0)
-    mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
-    minitest (5.16.3)
+    mini_magick (4.12.0)
+    mini_mime (1.1.5)
+    mini_portile2 (2.8.5)
+    minitest (5.20.0)
     multipart-post (2.3.0)
-    net-imap (0.3.1)
+    net-imap (0.3.7)
+      date
       net-protocol
-    net-ldap (0.17.1)
+    net-ldap (0.18.0)
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.1.3)
+    net-protocol (0.2.1)
       timeout
-    net-smtp (0.3.3)
+    net-smtp (0.4.0)
       net-protocol
-    nio4r (2.5.8)
-    nokogiri (1.13.9)
-      mini_portile2 (~> 2.8.0)
+    nio4r (2.5.9)
+    nokogiri (1.15.4)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.13.9-x86_64-linux)
+    nokogiri (1.15.4-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.15.4-x86_64-linux)
       racc (~> 1.4)
     orm_adapter (0.5.0)
-    pagy (6.0.2)
-    parallel (1.22.1)
-    parser (3.2.1.1)
+    pagy (6.1.0)
+    parallel (1.23.0)
+    parser (3.2.2.4)
       ast (~> 2.4.1)
+      racc
     pg (1.2.3)
-    public_suffix (5.0.0)
+    public_suffix (5.0.3)
     puma (4.3.12)
       nio4r (~> 2.0)
     raabro (1.4.0)
-    racc (1.6.0)
-    rack (2.2.4)
-    rack-protection (3.0.6)
-      rack
-    rack-test (2.0.2)
+    racc (1.7.1)
+    rack (2.2.8)
+    rack-protection (3.1.0)
+      rack (~> 2.2, >= 2.2.4)
+    rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.4)
-      actioncable (= 7.0.4)
-      actionmailbox (= 7.0.4)
-      actionmailer (= 7.0.4)
-      actionpack (= 7.0.4)
-      actiontext (= 7.0.4)
-      actionview (= 7.0.4)
-      activejob (= 7.0.4)
-      activemodel (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
+    rails (7.0.8)
+      actioncable (= 7.0.8)
+      actionmailbox (= 7.0.8)
+      actionmailer (= 7.0.8)
+      actionpack (= 7.0.8)
+      actiontext (= 7.0.8)
+      actionview (= 7.0.8)
+      activejob (= 7.0.8)
+      activemodel (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       bundler (>= 1.15.0)
-      railties (= 7.0.4)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+      railties (= 7.0.8)
+    rails-controller-testing (1.0.5)
+      actionpack (>= 5.0.1.rc1)
+      actionview (>= 5.0.1.rc1)
+      activesupport (>= 5.0.1.rc1)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
     rails-settings-cached (2.8.3)
       activerecord (>= 5.0.0)
       railties (>= 5.0.0)
-    railties (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
+    railties (7.0.8)
+      actionpack (= 7.0.8)
+      activesupport (= 7.0.8)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -258,138 +337,141 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    redis (5.0.5)
-      redis-client (>= 0.9.0)
-    redis-client (0.11.2)
-      connection_pool
-    regexp_parser (2.6.1)
-    responders (3.1.0)
+    rbs (2.8.4)
+    redis (4.8.1)
+    regexp_parser (2.8.2)
+    responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
     reverse_markdown (2.1.1)
       nokogiri
-    rexml (3.2.5)
-    rqrcode (2.1.2)
+    rexml (3.2.6)
+    rqrcode (2.2.0)
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)
     rqrcode_core (1.2.0)
-    rspec-core (3.12.0)
+    rspec-core (3.12.2)
       rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.0)
+    rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.0)
+    rspec-mocks (3.12.6)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-rails (6.0.1)
+    rspec-rails (6.0.3)
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       railties (>= 6.1)
-      rspec-core (~> 3.11)
-      rspec-expectations (~> 3.11)
-      rspec-mocks (~> 3.11)
-      rspec-support (~> 3.11)
-    rspec-support (3.12.0)
-    rubocop (1.48.1)
+      rspec-core (~> 3.12)
+      rspec-expectations (~> 3.12)
+      rspec-mocks (~> 3.12)
+      rspec-support (~> 3.12)
+    rspec-support (3.12.1)
+    rubocop (1.57.1)
+      base64 (~> 0.1.1)
       json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.0.0)
+      parser (>= 3.2.2.4)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.26.0, < 2.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.28.0)
+    rubocop-ast (1.29.0)
       parser (>= 3.2.1.0)
     ruby-progressbar (1.13.0)
+    ruby-vips (2.2.0)
+      ffi (~> 1.12)
     ruby2_keywords (0.0.5)
-    rufus-scheduler (3.8.2)
+    rufus-scheduler (3.9.1)
       fugit (~> 1.1, >= 1.1.6)
-    sanitize (6.0.1)
+    sanitize (6.1.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    sentry-rails (5.8.0)
+    sentry-rails (5.12.0)
       railties (>= 5.0)
-      sentry-ruby (~> 5.8.0)
-    sentry-ruby (5.8.0)
+      sentry-ruby (~> 5.12.0)
+    sentry-ruby (5.12.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-    sidekiq (6.5.5)
-      connection_pool (>= 2.2.2)
+    sidekiq (6.5.12)
+      connection_pool (>= 2.2.5, < 3)
       rack (~> 2.0)
-      redis (>= 4.5.0)
-    sidekiq-scheduler (4.0.3)
-      redis (>= 4.2.0)
+      redis (>= 4.5.0, < 5)
+    sidekiq-scheduler (5.0.3)
       rufus-scheduler (~> 3.2)
-      sidekiq (>= 4, < 7)
+      sidekiq (>= 6, < 8)
       tilt (>= 1.4.0)
-    solargraph (0.48.0)
+    solargraph (0.49.0)
       backport (~> 1.2)
       benchmark
-      bundler (>= 1.17.2)
+      bundler (~> 2.0)
       diff-lcs (~> 1.4)
       e2mmap
       jaro_winkler (~> 1.5)
       kramdown (~> 2.3)
       kramdown-parser-gfm (~> 1.1)
       parser (~> 3.0)
-      reverse_markdown (>= 1.0.5, < 3)
-      rubocop (>= 0.52)
+      rbs (~> 2.0)
+      reverse_markdown (~> 2.0)
+      rubocop (~> 1.38)
       thor (~> 1.0)
       tilt (~> 2.0)
       yard (~> 0.9, >= 0.9.24)
-    sprockets (4.1.1)
+    sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
+      rack (>= 2.2.4, < 4)
     sprockets-rails (3.4.2)
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    sqlite3 (1.5.4)
+    sqlite3 (1.6.7)
       mini_portile2 (~> 2.8.0)
-    sqlite3 (1.5.4-x86_64-linux)
-    stimulus-rails (1.2.1)
+    sqlite3 (1.6.7-arm64-darwin)
+    sqlite3 (1.6.7-x86_64-linux)
+    stimulus-rails (1.3.0)
       railties (>= 6.0.0)
-    thor (1.2.1)
-    tilt (2.0.11)
-    timeout (0.3.0)
-    turbo-rails (1.3.2)
+    thor (1.3.0)
+    tilt (2.3.0)
+    timeout (0.4.0)
+    turbo-rails (1.5.0)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)
       railties (>= 6.0.0)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.4.2)
-    view_component (2.78.0)
-      activesupport (>= 5.0.0, < 8.0)
+    unicode-display_width (2.5.0)
+    view_component (3.6.0)
+      activesupport (>= 5.2.0, < 8.0)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
     warden (1.2.9)
       rack (>= 2.0.9)
-    web-console (4.2.0)
+    web-console (4.2.1)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webmock (3.18.1)
+    webmock (3.19.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.7.0)
-    websocket-driver (0.7.5)
+    websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    yard (0.9.28)
-      webrick (~> 1.7.0)
-    zeitwerk (2.6.6)
+    yard (0.9.34)
+    zeitwerk (2.6.12)
 
 PLATFORMS
+  arm64-darwin-22
   ruby
   x86_64-linux
 
 DEPENDENCIES
+  aws-sdk-s3
   byebug (~> 11.1)
   capybara
   cssbundling-rails
@@ -398,23 +480,29 @@ DEPENDENCIES
   devise_ldap_authenticatable
   discourse_api
   dotenv-rails
+  down
   factory_bot_rails
   faker
   faraday
   flipper
   flipper-active_record
   flipper-ui
+  image_processing (~> 1.12.2)
   importmap-rails
   jbuilder (~> 2.7)
   letter_opener
   letter_opener_web
   listen (~> 3.2)
+  lnurl
   lockbox
+  manifique!
   net-ldap
+  nostr!
   pagy (~> 6.0, >= 6.0.2)
   pg (~> 1.2.3)
   puma (~> 4.1)
   rails (~> 7.0.2)
+  rails-controller-testing
   rails-settings-cached (~> 2.8.3)
   rqrcode (~> 2.0)
   rspec-rails

README.md

@@ -14,7 +14,6 @@ so:
 
 1. Make sure [Docker Compose is installed][1] and Docker is running (included in
    Docker Desktop)
-2. Uncomment the `redis`, `web`, and `sidekiq` sections in `docker-compose.yml`
 3. Run `docker compose up` and wait until 389ds announces its successful start
    in the log output
 4. `docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"`
@@ -53,12 +52,14 @@ Running all specs:
 
 ### Docker (Compose)
 
-There is a working Docker Compose config file, which allows you to spin up both
+There is a working Docker Compose config file, which define a number of services including
 an app server for Rails as well as a local 389ds (LDAP) server.
 
-By default, `docker-compose up` will only start the LDAP server, listening on
-port 389 on your machine. Uncomment other services in `docker-compose.yml` if
-you want to use them.
+For Rails developers, you probably just want to start the LDAP server: `docker-compose up ldap`, 
+listening on port 389 on your machine. 
+
+You can pick and choose your services adding them by name (listed in `docker-compose.yml`) at 
+the end of the docker compose command. eg. `docker compose up ldap redis`
 
 #### LDAP server
 
@@ -78,6 +79,27 @@ The setup task will first delete any existing entries in the directory tree
 Note that all 389ds data is stored in `tmp/389ds`. So if you want to start over
 with a fresh installation, delete both that directory as well as the container.
 
+#### Minio / RS
+
+If you want to run remoteStorage accounts locally, you will have to create the
+respective bucket first:
+
+* `docker compose up web redis minio liquor-cabinet`
+* Head to http://localhost:9001 and log in with user `minioadmin`, password
+  `minioadmin`
+* Create a new bucket called `remotestorage` (or whatever you
+  change the `S3_BUCKET` config to)
+* Create a new key with ID "dev-key" and secret "123456789" (or whatever you
+  change `S3_ACCESS_KEY` and `S3_SECRET_KEY` to). Leave the policy field empty,
+  as it will automatically allow access to the bucket you created.
+
+### Adding npm modules to use with Stimulus controllers
+
+The following command downloads the specified npm module to `vendor/javascript`
+and adds an entry for it to `config/importmap.rb`.
+
+    bin/importmap pin bech32 --download
+
 ### Solargraph
 
 [Solargraph](https://solargraph.org/) is a Ruby language server, which you may
@@ -98,6 +120,8 @@ command:
 
 * [Tailwind CSS](https://tailwindcss.com/)
 * [Sass](https://sass-lang.com/documentation)
+* [Stimulus](https://stimulus.hotwired.dev/handbook/)
+* [Tailwind Stimulus Components](https://github.com/excid3/tailwindcss-stimulus-components)
 
 ### Testing
 

app/assets/config/manifest.js

@@ -1,3 +1,4 @@
 //= link_tree ../images
 //= link_tree ../../javascript .js
 //= link_tree ../builds
+//= link_tree ../../../vendor/javascript .js

app/assets/stylesheets/application.tailwind.css

@@ -2,6 +2,7 @@
 @import "tailwindcss/components";
 @import "tailwindcss/utilities";
 
+@import "components/animations";
 @import "components/base";
 @import "components/buttons";
 @import "components/dashboard_services";

app/assets/stylesheets/components/animations.css

@@ -0,0 +1,16 @@
+@keyframes scaleIn {
+  from {
+    transform: scale(0.5);
+    opacity: 0;
+  }
+  to {
+    transform: scale(1);
+    opacity: 1;
+  }
+}
+
+.animate-scale-in {
+  animation-name: scaleIn;
+  animation-duration: 0.15s;
+  animation-timing-function: cubic-bezier(0.2, 0, 0.13, 1);
+}

app/assets/stylesheets/components/base.css

@@ -24,6 +24,10 @@
     @apply text-xl mb-6;
   }
 
+  h4 {
+    @apply font-bold mb-4 leading-6;
+  }
+
   main section {
     @apply pt-8 sm:pt-12;
   }

app/assets/stylesheets/components/buttons.css

@@ -15,7 +15,11 @@
   }
 
   .btn-icon {
-    @apply px-3;
+    @apply py-2 px-3;
+  }
+
+  .btn-outline {
+    @apply py-2 border-2 border-gray-100 hover:bg-gray-100;
   }
 
   .btn-gray {
@@ -32,4 +36,9 @@
     @apply bg-red-600 hover:bg-red-700 text-white
            focus:ring-red-500 focus:ring-opacity-75;
   }
+
+  .btn:disabled {
+    @apply bg-gray-100 hover:bg-gray-200 text-gray-400
+           focus:ring-gray-300 focus:ring-opacity-75;
+  }
 }

app/assets/stylesheets/components/forms.css

@@ -15,6 +15,10 @@
     @apply border-b-red-600;
   }
 
+  .field_with_errors {
+    @apply inline-block;
+  }
+
   .error-msg {
     @apply text-red-700;
   }

app/components/app_info_component.html.erb

@@ -0,0 +1,15 @@
+<div class="flex">
+  <div class="<%= @icon_container_class %>">
+    <%= image_tag(@icon_path, class: 'h-full w-full') %>
+  </div>
+  <div class="flex-1 px-4">
+    <h4 class="sm:pt-2 mb-2 text-lg font-bold"><%= @name %></h4>
+    <p class="leading-snug"><%= @description %></p>
+    <p class="leading-snug flex flex-wrap gap-3">
+      <% @links.each do |link| %>
+        <a href="<%= link[1] %>" target="_blank"
+           class="flex-0 btn-sm btn-gray"><%= link[0] %></a>
+      <% end %>
+    </p>
+  </div>
+</div>

app/components/app_info_component.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class AppInfoComponent < ViewComponent::Base
+  def initialize(name:, description:, icon_path: , icon_fill_box: false, links: [])
+    @name = name
+    @description = description
+    @icon_path = icon_path
+    @icon_container_class = icon_container_class(icon_fill_box)
+    @links = links
+  end
+
+  def icon_container_class(icon_fill_box)
+    str = "flex-0 h-16 w-16 sm:h-28 sm:w-28 bg-white rounded-3xl overflow-hidden"
+    unless icon_fill_box
+      str += " p-2 border border-gray-200"
+    end
+    str
+  end
+end

app/components/dropdown_component.html.erb

@@ -0,0 +1,26 @@
+<div data-controller="dropdown" data-action="click->dropdown#toggle click@window->dropdown#hide">
+  <div class="relative inline-block">
+    <div role="button" tabindex="0" data-dropdown-target="button"
+         class="inline-block select-none">
+      <span class="appearance-none flex items-center inline-block">
+        <span class="p-2 bg-gray-50 hover:bg-gray-100 rounded-full">
+          <%= render partial: "icons/kebab-menu", locals: {
+                     custom_class: "inline text-gray-500 h-6 w-6"
+          } %>
+        </span>
+      </span>
+    </div>
+    <div data-dropdown-target="menu"
+         data-transition-enter="transition ease-out duration-200"
+         data-transition-enter-from="opacity-0 translate-y-1"
+         data-transition-enter-to="opacity-100 translate-y-0"
+         data-transition-leave="transition ease-in duration-150"
+         data-transition-leave-from="opacity-100 translate-y-0"
+         data-transition-leave-to="opacity-0 translate-y-1"
+         class="hidden absolute top-4 right-0 z-10 mt-5 flex w-screen max-w-max">
+      <div class="bg-white shadow-lg rounded border overflow-hidden w-auto">
+        <%= content %>
+      </div>
+    </div>
+  </div>
+</div>

app/components/dropdown_component.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class DropdownComponent < ViewComponent::Base
+
+end

app/components/dropdown_link_component.html.erb

@@ -0,0 +1,6 @@
+<%= link_to @href, class: @class, data: {
+      'dropdown-target': "menuItem",
+      'action': "keydown.up->dropdown#previousItem:prevent keydown.down->dropdown#nextItem:prevent"
+    } do %>
+  <%= content %>
+<% end %>

app/components/dropdown_link_component.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class DropdownLinkComponent < ViewComponent::Base
+  def initialize(href:, separator: false, add_class: nil)
+    @href = href
+    @class = class_str(separator, add_class)
+  end
+
+  private
+
+  def class_str(separator, add_class)
+    str = "no-underline block px-5 py-3 text-sm text-gray-900 bg-white
+           hover:bg-gray-100 focus:bg-gray-100 whitespace-no-wrap"
+    str = "#{str} border-t" if separator
+    str = "#{str} #{add_class}" if add_class
+    str
+  end
+end

app/components/form_elements/fieldset_component.html.erb

@@ -1,4 +1,6 @@
-<%= tag.public_send(@tag, class: "mb-6 last:mb-0") do %>
+<%= tag.public_send(@tag, class: "mb-6 last:mb-0", data: {
+      :'field-name' => @field_name
+    }) do %>
   <% if @positioning == :vertical %>
   <label class="block">
     <p class="font-bold <%= @descripton.present? ? "mb-1" : "mb-2" %>">
@@ -9,7 +11,21 @@
       <%= @descripton %>
     </p>
     <% end %>
-    <%= content %>
+
+    <%= tag.p class: "flex gap-x-1", data: {
+                controller: @resettable ? "settings--resettable-field" : nil,
+              } do %>
+      <%= content %>
+      <% if @resettable %>
+        <button type="button"
+                class="relative grow-0 shrink-0 btn-md btn-outline text-red-700"
+                title="Reset to default value"
+                data-settings--resettable-field-target="resetButton"
+                data-action="settings--resettable-field#resetField">
+          Reset
+        </button>
+      <% end %>
+    <% end %>
   </label>
   <% elsif @positioning == :horizontal %>
   <label class="block flex items-center justify-between">

app/components/form_elements/fieldset_component.rb

@@ -2,11 +2,15 @@
 
 module FormElements
   class FieldsetComponent < ViewComponent::Base
-    def initialize(tag: "li", positioning: :vertical, title:, description: nil)
+    def initialize(tag: "li", positioning: :vertical,
+                   title:, description: nil,
+                   field_name: nil, resettable: false)
       @tag         = tag
       @positioning = positioning
       @title       = title
       @descripton  = description
+      @field_name  = field_name
+      @resettable  = resettable
     end
   end
 end

app/components/form_elements/fieldset_resettable_setting_component.html.erb

@@ -0,0 +1,13 @@
+<%= render FormElements::FieldsetComponent.new(
+      title: @title,
+      description: @description,
+      field_name: "setting_#{@key.to_s}",
+      resettable: @resettable
+    ) do %>
+  <%= method("#{@type}_field").call :setting, @key,
+    value: Setting.public_send(@key),
+    data: {
+      :'default-value' => Setting.get_field(@key)[:default]
+    },
+    class: "w-full" %>
+<% end %>

app/components/form_elements/fieldset_resettable_setting_component.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module FormElements
+  class FieldsetResettableSettingComponent < ViewComponent::Base
+    def initialize(tag: "li", key:, type: :text, title:, description: nil)
+      @tag         = tag
+      @positioning = :vertical
+      @title       = title
+      @description  = description
+      @key         = key.to_sym
+      @type        = type
+      @resettable  = is_resettable?(@key)
+    end
+
+    def is_resettable?(key)
+      default_value = Setting.get_field(key)[:default]
+      default_value.present? && (default_value != Setting.send(key))
+    end
+  end
+end

app/components/modal_component.html.erb

@@ -0,0 +1,28 @@
+<div tabindex="-1" class="relative z-10">
+  <!-- Modal Background -->
+  <div class="hidden fixed inset-0 bg-black bg-opacity-80 overflow-y-auto flex items-center justify-center"
+        data-modal-target="background"
+        data-action="click->modal#closeBackground"
+        data-transition-enter="transition-all ease-in-out duration-100"
+        data-transition-enter-from="bg-opacity-0"
+        data-transition-enter-to="bg-opacity-80"
+        data-transition-leave="transition-all ease-in-out duration-100"
+        data-transition-leave-from="bg-opacity-80"
+        data-transition-leave-to="bg-opacity-0">
+
+    <!-- Modal Container -->
+    <div data-modal-target="container"
+         class="max-h-screen w-auto max-w-lg relative
+                hidden animate-scale-in fixed inset-0 overflow-y-auto flex items-center justify-center">
+      <!-- Modal Card -->
+      <div class="m-1 bg-white rounded shadow">
+        <div class="p-8">
+          <%= content %>
+          <div class="flex justify-end items-center flex-wrap mt-6">
+            <button class="btn-md btn-blue" data-action="click->modal#close:prevent">Close</button>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>

app/components/modal_component.rb

@@ -0,0 +1,2 @@
+class ModalComponent < ViewComponent::Base
+end

app/components/qr_code_modal_component.html.erb

@@ -0,0 +1,6 @@
+<%= render ModalComponent.new do %>
+  <% if @descripton.present? %>
+    <p class="mb-6"><%= @description %></p>
+  <% end %>
+  <p><%= raw @qr_code_svg %></p>
+<% end %>

app/components/qr_code_modal_component.rb

@@ -0,0 +1,24 @@
+require "rqrcode"
+
+class QrCodeModalComponent < ViewComponent::Base
+  def initialize(qr_content:, description: nil)
+    @description = description
+    @qr_code_svg = qr_code_svg(qr_content)
+  end
+
+  private
+
+  def qr_code_svg(content)
+    qr_code = RQRCode::QRCode.new(content)
+    qr_code.as_svg(
+      color: "000",
+      shape_rendering: "crispEdges",
+      module_size: 6,
+      standalone: true,
+      use_path: true,
+      svg_attributes: {
+        class: 'inline-block'
+      }
+    )
+  end
+end

app/components/rs_auth_component.html.erb

@@ -0,0 +1,26 @@
+<div class="flex items-center gap-4">
+  <div class="h-16 w-16 flex-none">
+    <%= image_tag s3_image_url(@web_app.icon), class: "h-full w-full" %>
+  </div>
+  <div class="flex-grow">
+    <h4 class="mb-1 text-lg font-bold">
+      <%= @web_app.name %>
+    </h4>
+    <p class="text-sm text-gray-500">
+      <%= @auth.client_id %>
+    </p>
+  </div>
+  <%= render DropdownComponent.new do %>
+    <%= render DropdownLinkComponent.new(
+          href: launch_app_services_storage_rs_auth_url(@auth)
+        ) do %>
+      Launch app
+    <% end %>
+    <%= render DropdownLinkComponent.new(
+          href: revoke_services_storage_rs_auth_url(@auth),
+          separator: true, add_class: "text-red-700"
+        ) do %>
+      Revoke access
+    <% end %>
+  <% end %>
+</div>

app/components/rs_auth_component.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class RsAuthComponent < ViewComponent::Base
+  def initialize(auth:)
+    @auth = auth
+    @web_app = auth.web_app
+  end
+end

app/components/sidenav_link_component.html.erb

@@ -1,4 +1,8 @@
 <%= link_to @path, class: @link_class, title: (@disabled ? "Coming soon" : nil) do %>
+  <% if @icon.present? %>
   <%= render partial: "icons/#{@icon}", locals: { custom_class: @icon_class } %>
+  <% elsif @text_icon.present? %>
+  <span class="mr-3"><%= @text_icon %></span>
+  <% end %>
   <span class="truncate"><%= @name %></span>
 <% end %>

app/components/sidenav_link_component.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
 class SidenavLinkComponent < ViewComponent::Base
-  def initialize(name:, level: 1, path:, icon:, active: false, disabled: false)
+  def initialize(name:, level: 1, path:, icon: nil, text_icon: nil,
+                 active: false, disabled: false)
     @name = name
     @level = level
     @path = path
     @icon = icon
+    @text_icon = text_icon
     @active = active
     @disabled = disabled
     @link_class = class_names_link(path)

app/controllers/admin/app_catalog/web_apps_controller.rb

@@ -0,0 +1,9 @@
+class Admin::AppCatalog::WebAppsController < Admin::AppCatalogController
+  def index
+    @pagy, @web_apps = pagy(AppCatalog::WebApp.order('created_at desc'))
+
+    @stats = {
+      known_apps: AppCatalog::WebApp.count
+    }
+  end
+end

app/controllers/admin/app_catalog_controller.rb

@@ -0,0 +1,9 @@
+class Admin::AppCatalogController < Admin::BaseController
+  before_action :set_current_section
+
+  private
+
+    def set_current_section
+      @current_section = :app_catalog
+    end
+end

app/controllers/admin/settings/services_controller.rb

@@ -3,7 +3,7 @@ class Admin::Settings::ServicesController < Admin::SettingsController
     @service = params[:s]
 
     if @service.blank?
-      redirect_to admin_settings_services_path(params: { s: "discourse" })
+      redirect_to admin_settings_services_path(params: { s: "btcpay" })
     end
   end
 

app/controllers/admin/users_controller.rb

@@ -4,7 +4,7 @@ class Admin::UsersController < Admin::BaseController
 
   def index
     ldap   = LdapService.new
-    @ou    = params[:ou] || "kosmos.org"
+    @ou    = params[:ou] || Setting.primary_domain
     @orgs  = ldap.fetch_organizations
     @pagy, @users = pagy(User.where(ou: @ou).order(cn: :asc))
 
@@ -20,6 +20,8 @@ class Admin::UsersController < Admin::BaseController
     end
 
     @services_enabled = @user.services_enabled
+
+    @avatar = LdapManager::FetchAvatar.call(cn: @user.cn, ou: @user.ou)
   end
 
   private

app/controllers/api/btcpay_controller.rb

@@ -0,0 +1,36 @@
+class Api::BtcpayController < Api::BaseController
+  before_action :require_feature_enabled
+  before_action :set_cors_access_control_headers
+
+  def onchain_btc_balance
+    balance = BtcpayManager::FetchOnchainWalletBalance.call
+    render json: balance
+  rescue => error
+    Rails.logger.warn "Failed to fetch BTC wallet balance: #{error.message}"
+    render json: { error: 'Failed to fetch wallet balance' },
+           status: 500
+  end
+
+  def lightning_btc_balance
+    balance = BtcpayManager::FetchLightningWalletBalance.call
+    render json: balance
+  rescue => error
+    Rails.logger.warn "Failed to fetch BTC lightning balance: #{error.message}"
+    render json: { error: 'Failed to fetch wallet balance' },
+           status: 500
+  end
+
+  private
+
+    def require_feature_enabled
+      unless Setting.btcpay_publish_wallet_balances
+        http_status :not_found and return
+      end
+    end
+
+    def set_cors_access_control_headers
+      headers['Access-Control-Allow-Origin'] = "*"
+      headers['Access-Control-Allow-Headers'] = "*"
+      headers['Access-Control-Allow-Methods'] = "GET"
+    end
+end

app/controllers/api/kredits_controller.rb

@@ -1,13 +0,0 @@
-class Api::KreditsController < Api::BaseController
-
-  def onchain_btc_balance
-    btcpay = BtcPay.new
-    balance = btcpay.onchain_wallet_balance
-    render json: balance
-  rescue => error
-    Rails.logger.warn "Failed to fetch kredits BTC wallet balance: #{error.message}"
-    render json: { error: 'Failed to fetch wallet balance' },
-           status: 500
-  end
-
-end

app/controllers/application_controller.rb

@@ -37,4 +37,8 @@ class ApplicationController < ActionController::Base
       format.any  { head status }
     end
   end
+
+  def after_sign_in_path_for(user)
+    session[:user_return_to] || root_path
+  end
 end

app/controllers/rs/oauth_controller.rb

@@ -0,0 +1,131 @@
+class Rs::OauthController < ApplicationController
+  before_action :require_signed_in_with_username, only: :new
+  before_action :authenticate_user!, only: :create
+
+  def new
+    @user          = User.where(cn: params[:username].downcase, ou: Setting.primary_domain).first
+    @scopes        = parse_scopes params[:scope]
+    @redirect_uri  = params[:redirect_uri]
+    @client_id     = params[:client_id]
+    @state         = params[:state]
+    @root_access_requested = (@scopes & [":r",":rw"]).any?
+
+    @denial_url = url_with_state("#{@redirect_uri}#error=access_denied", @state)
+
+    @expire_at_dates = [["Never", nil],
+                        ["In 1 month", 1.month.from_now],
+                        ["In 1 day", 1.day.from_now]]
+
+    http_status :bad_request and return unless @redirect_uri.present?
+
+    unless current_user == @user
+      sign_out :user
+
+      redirect_to new_rs_oauth_url(@user.cn,
+                                   scope: params[:scope],
+                                   redirect_uri: params[:redirect_uri],
+                                   client_id: params[:client_id],
+                                   state: params[:state])
+      return
+    end
+
+    unless @client_id.present?
+      redirect_to(url_with_state("#{@redirect_uri}#error=invalid_request", @state),
+                  allow_other_host: true) and return
+    end
+
+    if @scopes.empty?
+      redirect_to(url_with_state("#{@redirect_uri}#error=invalid_scope", @state),
+                  allow_other_host: true) and return
+    end
+
+    unless hostname_of(@client_id) == hostname_of(@redirect_uri)
+      redirect_to(url_with_state("#{@redirect_uri}#error=invalid_client", @state),
+                  allow_other_host: true) and return
+    end
+
+    @client_id.gsub!(/http(s)?:\/\//, "")
+
+    if auth = current_user.remote_storage_authorizations.valid.where(permissions: @scopes, client_id: @client_id).first
+      redirect_to(url_with_state("#{@redirect_uri}#access_token=#{auth.token}", @state),
+                  allow_other_host: true) and return
+    end
+  end
+
+  def create
+    unless current_user.id.to_s == params[:user_id]
+      Rails.logger.info("NO MATCH: #{params[:user_id]}, #{current_user.id}")
+      http_status :forbidden and return
+    end
+
+    permissions  = parse_scopes params[:scope]
+    redirect_uri = params[:redirect_uri].presence
+    client_id    = params[:client_id].presence
+    state        = params[:state].presence
+    expire_at    = params[:expire_at].presence
+
+    http_status :bad_request and return unless redirect_uri.present?
+
+    if permissions.empty?
+      redirect_to(url_with_state("#{redirect_uri}#error=invalid_scope", state),
+                  allow_other_host: true) and return
+    end
+
+    unless client_id.present?
+      redirect_to(url_with_state("#{redirect_uri}#error=invalid_request", state),
+                  allow_other_host: true) and return
+    end
+
+    unless hostname_of(client_id) == hostname_of(redirect_uri)
+      redirect_to(url_with_state("#{redirect_uri}#error=invalid_client", state),
+                  allow_other_host: true) and return
+    end
+
+    client_id.gsub!(/http(s)?:\/\//, "")
+
+    auth = current_user.remote_storage_authorizations.create!(
+      permissions: permissions,
+      client_id: client_id,
+      redirect_uri: redirect_uri,
+      app_name: client_id,
+      expire_at: expire_at
+    )
+
+    redirect_to url_with_state("#{redirect_uri}#access_token=#{auth.token}", state),
+                allow_other_host: true
+  end
+
+  private
+
+  def require_signed_in_with_username
+    unless user_signed_in?
+      session[:user_return_to] = request.url
+      redirect_to new_user_session_path(cn: params[:username], ou: Setting.primary_domain)
+    end
+  end
+
+  def hostname_of(uri)
+    uri.gsub(/http(s)?:\/\//, "").split(":")[0].split("/")[0]
+  end
+
+  def parse_scopes(scope_string)
+    return [] if scope_string.blank?
+
+    scopes = scope_string.
+      gsub(/\[|\]/, "").
+      gsub(/\,/, " ").
+      gsub(/\/:/, ":").
+      split(/\s/).map(&:strip).
+      reject(&:empty?)
+
+    scopes = [":r"] if scopes.include?("*:r")
+    scopes = [":rw"] if scopes.include?("*:rw")
+
+    scopes
+  end
+
+  def url_with_state(url, state)
+    state ? "#{url}&state=#{CGI.escape(state)}" : url
+  end
+
+end

app/controllers/services/base_controller.rb

@@ -0,0 +1,9 @@
+class Services::BaseController < ApplicationController
+  before_action :set_current_section
+
+  private
+
+    def set_current_section
+      @current_section = :services
+    end
+end

app/controllers/services/chat_controller.rb

@@ -0,0 +1,14 @@
+class Services::ChatController < Services::BaseController
+  before_action :authenticate_user!
+  before_action :require_service_available
+
+  def show
+    @service_enabled = current_user.services_enabled.include?(:xmpp)
+  end
+
+  private
+
+    def require_service_available
+      http_status :not_found unless Setting.ejabberd_enabled?
+    end
+end

app/controllers/services/lightning_controller.rb

@@ -1,4 +1,5 @@
 require "rqrcode"
+require "lnurl"
 
 class Services::LightningController < ApplicationController
   before_action :authenticate_user!
@@ -7,25 +8,51 @@ class Services::LightningController < ApplicationController
   before_action :fetch_balance
 
   def index
-    @wallet_url = "lndhub://#{current_user.ln_account}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
-
-    qrcode = RQRCode::QRCode.new(@wallet_url)
-    @svg = qrcode.as_svg(
-      color: "000",
-      shape_rendering: "crispEdges",
-      module_size: 6,
-      standalone: true,
-      use_path: true,
-      svg_attributes: {
-        class: 'inline-block'
-      }
-    )
+    @wallet_setup_url = "lndhub://#{current_user.ln_account}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
   end
 
   def transactions
     @transactions = fetch_transactions
   end
 
+  def qr_lnurlp
+    lnurlp_url = "https://kosmos.org/.well-known/lnurlp/#{current_user.cn}"
+    lnurlp_bech32 = Lnurl.new(lnurlp_url).to_bech32
+    qr_code = RQRCode::QRCode.new("lightning:" + lnurlp_bech32)
+
+    respond_to do |format|
+      format.svg do
+        qr_svg = qr_code.as_svg(
+          color: "000",
+          shape_rendering: "crispEdges",
+          module_size: 6,
+          standalone: true,
+          use_path: true,
+          svg_attributes: {
+            class: 'inline-block'
+          }
+        )
+        send_data(
+          qr_svg,
+          filename: "bitcoin-lightning-#{current_user.address}.svg",
+          type: "image/svg+xml"
+        )
+      end
+      format.png do
+        qr_png = qr_code.as_png(
+          fill: "white",
+          color: "black",
+          size: 1024,
+        )
+        send_data(
+          qr_png,
+          filename: "bitcoin-lightning-#{current_user.address}.png",
+          type: "image/png"
+        )
+      end
+    end
+  end
+
   private
 
   def authenticate_with_lndhub(options={})

app/controllers/services/mastodon_controller.rb

@@ -0,0 +1,14 @@
+class Services::MastodonController < Services::BaseController
+  before_action :authenticate_user!
+  before_action :require_service_available
+
+  def show
+    @service_enabled = current_user.services_enabled.include?(:mastodon)
+  end
+
+  private
+
+    def require_service_available
+      http_status :not_found unless Setting.mastodon_enabled?
+    end
+end

app/controllers/services/remotestorage_controller.rb

@@ -1,13 +1,15 @@
-class Services::RemotestorageController < ApplicationController
-  before_action :require_user_signed_in
-  before_action :require_service_enabled
+class Services::RemotestorageController < Services::BaseController
+  before_action :authenticate_user!
   before_action :require_feature_enabled
-  before_action :set_current_section
+  before_action :require_service_available
 
-  def dashboard
+  # Dashboard
+  def show
     # unless current_user.services_enabled.include?(:remotestorage)
     #   redirect_to service_remotestorage_info_path
     # end
+    @rs_auths = current_user.remote_storage_authorizations
+    # TODO sort by app name
   end
 
   private
@@ -18,13 +20,7 @@ class Services::RemotestorageController < ApplicationController
       end
     end
 
-    def require_service_enabled
-      unless Setting.remotestorage_enabled?
-        http_status :not_found
-      end
-    end
-
-    def set_current_section
-      @current_section = :services
+    def require_service_available
+      http_status :not_found unless Setting.remotestorage_enabled?
     end
 end

app/controllers/services/rs_auths_controller.rb

@@ -0,0 +1,42 @@
+class Services::RsAuthsController < Services::BaseController
+  before_action :authenticate_user!
+  before_action :require_feature_enabled
+  before_action :require_service_available
+  # before_action :require_service_enabled
+  before_action :find_rs_auth
+
+  def destroy
+    @auth.destroy!
+
+    respond_to do |format|
+      format.html do redirect_to services_storage_url, flash: {
+        success: 'App authorization revoked'
+      }
+      end
+      format.json { head :no_content }
+    end
+  end
+
+  def launch_app
+    launch_url = "#{@auth.launch_url}#remotestorage=#{current_user.address}&access_token=#{@auth.token}"
+
+    redirect_to launch_url, allow_other_host: true
+  end
+
+  private
+
+    def require_feature_enabled
+      unless Flipper.enabled?(:remotestorage, current_user)
+        http_status :forbidden
+      end
+    end
+
+    def require_service_available
+      http_status :not_found unless Setting.remotestorage_enabled?
+    end
+
+    def find_rs_auth
+      @auth = current_user.remote_storage_authorizations.find(params[:id])
+      http_status :not_found unless @auth.present?
+    end
+end

app/controllers/settings_controller.rb

@@ -1,3 +1,5 @@
+require 'securerandom'
+
 class SettingsController < ApplicationController
   before_action :authenticate_user!
   before_action :set_main_nav_section
@@ -9,15 +11,23 @@ class SettingsController < ApplicationController
   end
 
   def show
+    if @settings_section == "experiments"
+      session[:shared_secret] ||= SecureRandom.base64(12)
+    end
   end
 
   def update
     @user.preferences.merge!(user_params[:preferences] || {})
     @user.display_name = user_params[:display_name]
+    @user.avatar_new = user_params[:avatar]
 
     if @user.save
       if @user.display_name && (@user.display_name != @user.ldap_entry[:display_name])
-        LdapManager::UpdateDisplayName.call(@user.dn, user_params[:display_name])
+        LdapManager::UpdateDisplayName.call(@user.dn, @user.display_name)
+      end
+
+      if @user.avatar_new.present?
+        LdapManager::UpdateAvatar.call(@user.dn, @user.avatar_new)
       end
 
       redirect_to setting_path(@settings_section), flash: {
@@ -53,6 +63,45 @@ class SettingsController < ApplicationController
     redirect_to check_your_email_path, notice: msg
   end
 
+  def set_nostr_pubkey
+    signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
+    is_valid_id  = NostrManager::ValidateId.call(signed_event)
+    is_valid_sig = NostrManager::VerifySignature.call(signed_event)
+    is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
+
+    unless is_valid_id && is_valid_sig && is_correct_content
+      flash[:alert] = "Public key could not be verified"
+      http_status :unprocessable_entity and return
+    end
+
+    pubkey_taken = User.all_except(current_user).where(
+      ou: current_user.ou, nostr_pubkey: signed_event[:pubkey]
+    ).any?
+
+    if pubkey_taken
+      flash[:alert] = "Public key already in use for a different account"
+      http_status :unprocessable_entity and return
+    end
+
+    current_user.update! nostr_pubkey: signed_event[:pubkey]
+    session[:shared_secret] = nil
+
+    flash[:success] = "Public key verification successful"
+    http_status :ok
+  rescue
+    flash[:alert] = "Public key could not be verified"
+    http_status :unprocessable_entity and return
+  end
+
+  # DELETE /settings/nostr_pubkey
+  def remove_nostr_pubkey
+    current_user.update! nostr_pubkey: nil
+
+    redirect_to setting_path(:experiments), flash: {
+      success: 'Public key removed from account'
+    }
+  end
+
   private
 
     def set_main_nav_section
@@ -61,7 +110,9 @@ class SettingsController < ApplicationController
 
     def set_settings_section
       @settings_section = params[:section]
-      allowed_sections = [:profile, :account, :lightning, :xmpp]
+      allowed_sections = [
+        :profile, :account, :lightning, :remotestorage, :xmpp, :experiments
+      ]
 
       unless allowed_sections.include?(@settings_section.to_sym)
         redirect_to setting_path(:profile)
@@ -73,8 +124,9 @@ class SettingsController < ApplicationController
     end
 
     def user_params
-      params.require(:user).permit(:display_name, preferences: [
+      params.require(:user).permit(:display_name, :avatar, preferences: [
         :lightning_notify_sats_received,
+        :remotestorage_notify_auth_created,
         :xmpp_exchange_contacts_with_invitees
       ])
     end
@@ -82,4 +134,10 @@ class SettingsController < ApplicationController
     def email_params
       params.require(:user).permit(:email, :current_password)
     end
+
+    def nostr_event_params
+      params.permit(signed_event: [
+        :id, :pubkey, :created_at, :kind, :tags, :content, :sig
+      ])
+    end
 end

app/controllers/signup_controller.rb

@@ -88,7 +88,7 @@ class SignupController < ApplicationController
     if session[:new_user].present?
       @user = User.new(session[:new_user])
     else
-      @user = User.new(ou: "kosmos.org")
+      @user = User.new(ou: Setting.primary_domain)
     end
   end
 
@@ -98,7 +98,7 @@ class SignupController < ApplicationController
 
     CreateAccount.call(
       username: @user.cn,
-      domain: "kosmos.org",
+      domain: Setting.primary_domain,
       email: @user.email,
       password: @user.password,
       invitation: @invitation

app/controllers/webfinger_controller.rb

@@ -6,15 +6,19 @@ class WebfingerController < ApplicationController
   def show
     resource = params[:resource]
 
-    if resource && resource.match(/acct:\w+/)
-      useraddress = resource.split(":").last
-      username, org = useraddress.split("@")
-      username.downcase!
-      unless User.where(cn: username, ou: org).any?
+    if resource && @useraddress = resource.match(/acct:(.+)/)&.[](1)
+      @username, @org = @useraddress.split("@")
+
+      unless Rails.env.development?
+        # Allow different domains (e.g. localhost:3000) in development only
+        head 404 and return unless @org == Setting.primary_domain
+      end
+
+      unless User.where(cn: @username.downcase, ou: Setting.primary_domain).any?
         head 404 and return
       end
 
-      render json: webfinger(useraddress).to_json,
+      render json: webfinger.to_json,
              content_type: "application/jrd+json"
     else
       head 422 and return
@@ -23,19 +27,18 @@ class WebfingerController < ApplicationController
 
   private
 
-  def webfinger(useraddress)
+  def webfinger
     links = [];
 
-    links << remotestorage_link(useraddress) if Setting.remotestorage_enabled
+    # TODO check if storage service is enabled for user, not just globally
+    links << remotestorage_link if Setting.remotestorage_enabled
 
     { "links" => links }
   end
 
-  def remotestorage_link(useraddress)
-    # TODO use when OAuth routes are available
-    # auth_url = new_rs_oauth_url(useraddress)
-    auth_url = "https://example.com/rs/oauth"
-    storage_url = "#{Setting.rs_storage_url}/#{useraddress}"
+  def remotestorage_link
+    auth_url = new_rs_oauth_url(@username)
+    storage_url = "#{Setting.rs_storage_url}/#{@username}"
 
     {
       "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",

app/controllers/webhooks_controller.rb

@@ -30,7 +30,7 @@ class WebhooksController < ApplicationController
   def notify_xmpp(address, amt_sats, memo)
     payload = {
       type: "normal",
-      from: "kosmos.org", # TODO domain config
+      from: Setting.xmpp_notifications_from_address,
       to: address,
       subject: "Sats received!",
       body: "#{helpers.number_with_delimiter amt_sats} sats received in your Lightning wallet:\n> #{memo}"

app/controllers/well_known_controller.rb

@@ -0,0 +1,16 @@
+class WellKnownController < ApplicationController
+  def nostr
+    http_status :unprocessable_entity and return if params[:name].blank?
+    domain = request.headers["X-Forwarded-Host"].presence || Setting.primary_domain
+    @user = User.where(cn: params[:name], ou: domain).first
+    http_status :not_found and return if @user.nil? || @user.nostr_pubkey.blank?
+
+    respond_to do |format|
+      format.json do
+        render json: {
+          names: { "#{@user.cn}": @user.nostr_pubkey }
+        }.to_json
+      end
+    end
+  end
+end

app/helpers/oauth_helper.rb

@@ -0,0 +1,11 @@
+module OauthHelper
+
+  def scope_name(scope)
+    scope.gsub(/(\:.+)/, '')
+  end
+
+  def scope_permissions(scope)
+    scope.match(/\:r$/) ? "r" : "rw"
+  end
+
+end

app/javascript/controllers/application.js

@@ -1,7 +1,12 @@
 import { Application } from "@hotwired/stimulus"
+import { Dropdown, Modal, Tabs } from "tailwindcss-stimulus-components"
 
 const application = Application.start()
 
+application.register('dropdown', Dropdown)
+application.register('modal', Modal)
+application.register('tabs', Tabs)
+
 // Configure Stimulus development experience
 application.debug = false
 window.Stimulus   = application

app/javascript/controllers/settings/nostr_pubkey_controller.js

@@ -0,0 +1,47 @@
+import { Controller } from "@hotwired/stimulus"
+
+// Connects to data-controller="settings--nostr-pubkey"
+export default class extends Controller {
+  static targets = [ "noExtension", "setPubkey", "pubkeyBech32Input" ]
+  static values  = { userAddress: String, pubkeyHex: String, sharedSecret: String }
+
+  connect () {
+    if (window.nostr) {
+      if (this.hasSetPubkeyTarget) {
+        this.setPubkeyTarget.disabled = false
+      }
+    } else {
+      this.noExtensionTarget.classList.remove("hidden")
+    }
+  }
+
+  async setPubkey () {
+    this.setPubkeyTarget.disabled = true
+
+    try {
+      const signedEvent = await window.nostr.signEvent({
+        created_at: Math.floor(Date.now() / 1000),
+        kind: 1,
+        tags: [],
+        content: `Connect my public key to ${this.userAddressValue} (confirmation ${this.sharedSecretValue})`
+      })
+
+      const res = await fetch("/settings/set_nostr_pubkey", {
+        method: "POST", credentials: "include", headers: {
+          "Accept": "application/json", 'Content-Type': 'application/json',
+          "X-CSRF-Token": this.csrfToken
+        }, body: JSON.stringify({ signed_event: signedEvent })
+      });
+
+      window.location.reload()
+    } catch (error) {
+      console.warn('Unable to verify pubkey:', error.message)
+      this.setPubkeyTarget.disabled = false
+    }
+  }
+
+  get csrfToken () {
+    const element = document.head.querySelector('meta[name="csrf-token"]')
+    return element.getAttribute("content")
+  }
+}

app/javascript/controllers/settings/resettable_field_controller.js

@@ -0,0 +1,10 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = [ "resetButton" ]
+
+  resetField () {
+    const inputEl = this.element.querySelector('input')
+    inputEl.value = inputEl.dataset.defaultValue
+  }
+}

app/jobs/remote_storage_expire_authorization_job.rb

@@ -0,0 +1,10 @@
+class RemoteStorageExpireAuthorizationJob < ApplicationJob
+  queue_as :remotestorage
+
+  def perform(rs_auth_id)
+    rs_auth = RemoteStorageAuthorization.find rs_auth_id
+    return unless rs_auth.expire_at.nil? || rs_auth.expire_at <= DateTime.now
+
+    rs_auth.destroy!
+  end
+end

app/mailers/notification_mailer.rb

@@ -5,4 +5,16 @@ class NotificationMailer < ApplicationMailer
     @subject = "Sats received"
     mail to: @user.email, subject: @subject
   end
+
+  def remotestorage_auth_created
+    @user = params[:user]
+    @auth = params[:auth]
+    @permissions = @auth.permissions.map do |p|
+      access = p.split(":")[1] == 'r' ? 'read' : 'read/write'
+      directory = p.split(':')[0] == '' ? 'all folders and files' : p.split(':')[0]
+      "#{access} #{directory}"
+    end
+    @subject = "New app connected to your storage"
+    mail to: @user.email, subject: @subject
+  end
 end

app/models/app_catalog.rb

@@ -0,0 +1,5 @@
+module AppCatalog
+  def self.table_name_prefix
+    "app_catalog_"
+  end
+end

app/models/app_catalog/web_app.rb

@@ -0,0 +1,16 @@
+class AppCatalog::WebApp < ApplicationRecord
+  store :metadata, coder: JSON
+
+  has_many :remote_storage_authorizations
+
+  has_one_attached :icon
+  has_one_attached :apple_touch_icon
+
+  validates :url, presence: true, uniqueness: true
+  validates :url, format: { with: URI.regexp },
+                  if: Proc.new { |a| a.url.present? }
+
+  def update_metadata
+    AppCatalogManager::UpdateMetadata.call(self)
+  end
+end

app/models/remote_storage_authorization.rb

@@ -0,0 +1,114 @@
+class RemoteStorageAuthorization < ApplicationRecord
+  belongs_to :user
+  belongs_to :web_app, class_name: "AppCatalog::WebApp", optional: true
+
+  serialize :permissions
+
+  validates_presence_of :permissions
+  validates_presence_of :client_id
+
+  scope :valid, -> { where(expire_at: nil).or(where(expire_at: (DateTime.now)..)) }
+  scope :expired, -> { where(expire_at: ..(DateTime.now)) }
+
+  after_initialize do |a|
+    a.permissions = [] if a.permissions == nil
+  end
+
+  before_create  :generate_token
+  before_create  :store_token_in_redis
+  before_create  :find_or_create_web_app
+  after_create   :schedule_token_expiry
+  after_create   :notify_user
+  before_destroy :delete_token_from_redis
+  after_destroy  :remove_token_expiry_job
+
+  def url
+    uri = URI.parse self.redirect_uri
+    "#{uri.scheme}://#{client_id}"
+  end
+
+  def launch_url
+    return url unless web_app && web_app.metadata[:start_url].present?
+
+    start_url = web_app.metadata[:start_url]
+
+    if start_url.match("^https?:\/\/")
+      return start_url.start_with?(url) ? start_url : url
+    else
+      path = start_url.gsub(/^\.\.\//, "").gsub(/^\.\//, "").gsub(/^\//, "")
+      "#{url}/#{path}"
+    end
+  end
+
+  def delete_token_from_redis
+    key = "authorizations:#{user.cn}:#{token}"
+    redis.srem? key, redis.smembers(key)
+  rescue => e
+    Rails.logger.error e
+    Sentry.capture_exception(e) if Setting.sentry_enabled?
+  end
+
+  private
+
+    def redis
+      @redis ||= Redis.new(url: Setting.rs_redis_url)
+    end
+
+    def generate_token(length=16)
+      self.token = SecureRandom.hex(length) if self.token.blank?
+    end
+
+    def store_token_in_redis
+      redis.sadd "authorizations:#{user.cn}:#{token}", permissions
+    end
+
+    def schedule_token_expiry
+      return unless expire_at.present?
+      RemoteStorageExpireAuthorizationJob.set(wait_until: expire_at)
+                                         .perform_later(id)
+    end
+
+    def remove_token_expiry_job
+      queue = Sidekiq::Queue.new(RemoteStorageExpireAuthorizationJob.queue_name)
+      queue.each do |job|
+        next unless job.display_class == "RemoteStorageExpireAuthorizationJob"
+        job.delete if job.display_args == [id]
+      end
+    end
+
+    def find_or_create_web_app
+      if looks_like_hosted_origin?
+        web_app = AppCatalog::WebApp.find_or_create_by!(url: self.url)
+        web_app.update_metadata unless web_app.name.present?
+        self.web_app = web_app
+        self.app_name = web_app.name.presence || client_id
+      else
+        self.app_name = client_id
+      end
+    end
+
+    def looks_like_hosted_origin?
+      uri = URI.parse self.redirect_uri
+      !!(uri.host =~ /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)/)
+    rescue URI::InvalidURIError
+      false
+    end
+
+    def notify_user
+      notify = user.preferences[:remotestorage_notify_auth_created]
+
+      case notify
+      when "xmpp"
+        router = Router.new
+        payload = {
+          type: "normal", to: user.address,
+          from: Setting.xmpp_notifications_from_address,
+          body: "You have just granted '#{self.client_id}' access to your Kosmos Storage. Visit your Storage dashboard to check on your connected apps and revoke permissions anytime: #{router.services_storage_url}"
+        }
+        XmppSendMessageJob.perform_later(payload)
+      when "email"
+        NotificationMailer.with(user: user, auth: self)
+                          .remotestorage_auth_created.deliver_later
+      end
+    end
+end

app/models/setting.rb

@@ -2,6 +2,9 @@
 class Setting < RailsSettings::Base
   cache_prefix { "v1" }
 
+  field :primary_domain, type: :string,
+    default: ENV["PRIMARY_DOMAIN"].presence
+
   field :accounts_domain, type: :string,
     default: ENV["AKKOUNTS_DOMAIN"].presence
 
@@ -9,7 +12,7 @@ class Setting < RailsSettings::Base
   # Internal services
   #
 
-  field :redis_url, type: :string, readonly: true,
+  field :redis_url, type: :string,
     default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
 
   #
@@ -26,38 +29,67 @@ class Setting < RailsSettings::Base
 
   field :xmpp_default_rooms, type: :array, default: []
   field :xmpp_autojoin_default_rooms, type: :boolean, default: false
+  field :xmpp_notifications_from_address, type: :string, default: primary_domain
 
   #
   # Sentry
   #
 
   field :sentry_enabled, type: :boolean, readonly: true,
-    default: (ENV["SENTRY_DSN"].present?.to_s || false)
+    default: ENV["SENTRY_DSN"].present?
+
+  #
+  # BTCPay Server
+  #
+
+  field :btcpay_api_url, type: :string,
+    default: ENV["BTCPAY_API_URL"].presence
+
+  field :btcpay_enabled, type: :boolean,
+    default: ENV["BTCPAY_API_URL"].present?
+
+  field :btcpay_store_id, type: :string,
+    default: ENV["BTCPAY_STORE_ID"].presence
+
+  field :btcpay_auth_token, type: :string,
+    default: ENV["BTCPAY_AUTH_TOKEN"].presence
+
+  field :btcpay_publish_wallet_balances, type: :boolean, default: true
 
   #
   # Discourse
   #
 
-  field :discourse_public_url, type: :string, readonly: true,
+  field :discourse_public_url, type: :string,
     default: ENV["DISCOURSE_PUBLIC_URL"].presence
 
   field :discourse_enabled, type: :boolean,
-    default: (ENV["DISCOURSE_PUBLIC_URL"].present?.to_s || false)
+    default: ENV["DISCOURSE_PUBLIC_URL"].present?
 
-  field :discourse_connect_secret, type: :string, readonly: true,
+  field :discourse_connect_secret, type: :string,
     default: ENV["DISCOURSE_CONNECT_SECRET"].presence
 
+  #
+  # Drone CI
+  #
+
+  field :droneci_public_url, type: :string,
+    default: ENV["DRONECI_PUBLIC_URL"].presence
+
+  field :droneci_enabled, type: :boolean,
+    default: ENV["DRONECI_PUBLIC_URL"].present?
+
   #
   # ejabberd
   #
 
   field :ejabberd_enabled, type: :boolean,
-    default: (ENV["EJABBERD_API_URL"].present?.to_s || false)
+    default: ENV["EJABBERD_API_URL"].present?
 
-  field :ejabberd_api_url, type: :string, readonly: true,
+  field :ejabberd_api_url, type: :string,
     default: ENV["EJABBERD_API_URL"].presence
 
-  field :ejabberd_admin_url, type: :string, readonly: true,
+  field :ejabberd_admin_url, type: :string,
     default: ENV["EJABBERD_ADMIN_URL"].presence
 
   field :ejabberd_buddy_roster, type: :string,
@@ -67,50 +99,56 @@ class Setting < RailsSettings::Base
   # Gitea
   #
 
-  field :gitea_public_url, type: :string, readonly: true,
+  field :gitea_public_url, type: :string,
     default: ENV["GITEA_PUBLIC_URL"].presence
 
   field :gitea_enabled, type: :boolean,
-    default: (ENV["GITEA_PUBLIC_URL"].present?.to_s || false)
+    default: ENV["GITEA_PUBLIC_URL"].present?
 
   #
   # Lightning Network
   #
 
-  field :lndhub_api_url, type: :string, readonly: true,
+  field :lndhub_api_url, type: :string,
     default: ENV["LNDHUB_API_URL"].presence
 
   field :lndhub_enabled, type: :boolean,
-    default: (ENV["LNDHUB_API_URL"].present?.to_s || false)
+    default: ENV["LNDHUB_API_URL"].present?
+
+  field :lndhub_admin_token, type: :string,
+    default: ENV["LNDHUB_ADMIN_TOKEN"].presence
 
   field :lndhub_admin_enabled, type: :boolean,
-    default: (ENV["LNDHUB_ADMIN_UI"] || false)
+    default: ENV["LNDHUB_ADMIN_UI"] || false
 
-  field :lndhub_public_key, type: :string, readonly: true,
+  field :lndhub_public_key, type: :string,
     default: (ENV["LNDHUB_PUBLIC_KEY"] || "")
 
   field :lndhub_keysend_enabled, type: :boolean,
-    default: -> { self.lndhub_public_key.present?.to_s || false }
+    default: -> { self.lndhub_public_key.present? }
 
   #
   # Mastodon
   #
 
-  field :mastodon_public_url, type: :string, readonly: true,
+  field :mastodon_public_url, type: :string,
     default: ENV["MASTODON_PUBLIC_URL"].presence
 
   field :mastodon_enabled, type: :boolean,
-    default: (ENV["MASTODON_PUBLIC_URL"].present?.to_s || false)
+    default: ENV["MASTODON_PUBLIC_URL"].present?
+
+  field :mastodon_address_domain, type: :string,
+    default: ENV["MASTODON_ADDRESS_DOMAIN"].presence || self.primary_domain
 
   #
   # MediaWiki
   #
 
-  field :mediawiki_public_url, type: :string, readonly: true,
+  field :mediawiki_public_url, type: :string,
     default: ENV["MEDIAWIKI_PUBLIC_URL"].presence
 
   field :mediawiki_enabled, type: :boolean,
-    default: (ENV["MEDIAWIKI_PUBLIC_URL"].present?.to_s || false)
+    default: ENV["MEDIAWIKI_PUBLIC_URL"].present?
 
   #
   # Nostr
@@ -123,8 +161,11 @@ class Setting < RailsSettings::Base
   #
 
   field :remotestorage_enabled, type: :boolean,
-    default: (ENV["RS_STORAGE_URL"].present?.to_s || false)
+    default: ENV["RS_STORAGE_URL"].present?
 
   field :rs_storage_url, type: :string,
     default: ENV["RS_STORAGE_URL"].presence
+
+  field :rs_redis_url, type: :string,
+    default: ENV["RS_REDIS_URL"] || "redis://localhost:6379/1"
 end

app/models/user.rb

@@ -1,11 +1,17 @@
+require 'nostr'
+
 class User < ApplicationRecord
   include EmailValidatable
 
   attr_accessor :display_name
+  attr_accessor :avatar_new
 
   serialize :preferences, UserPreferences
 
+  #
   # Relations
+  #
+
   has_many :invitations, dependent: :destroy
   has_one  :invitation, inverse_of: :invitee, foreign_key: 'invited_user_id'
   has_one  :inviter, through: :invitation, source: :user
@@ -18,7 +24,13 @@ class User < ApplicationRecord
 
   has_many :accounts, through: :lndhub_user
 
-  validates_uniqueness_of :cn
+  has_many :remote_storage_authorizations
+
+  #
+  # Validations
+  #
+
+  validates_uniqueness_of :cn, scope: :ou
   validates_length_of :cn, minimum: 3
   validates_format_of :cn, with: /\A([a-z0-9\-])*\z/,
                            if: Proc.new{ |u| u.cn.present? },
@@ -28,7 +40,8 @@ class User < ApplicationRecord
                            message: "is invalid. Usernames need to start with a letter."
   # FIXME This needs a server restart to apply values
   validates_format_of :cn, without: /\A(#{Setting.reserved_usernames.join('|')})\z/i,
-                           message: "has already been taken"
+                           message: "has already been taken",
+                           unless: Proc.new{ |u| u.persisted? }
 
   validates_uniqueness_of :email
   validates :email, email: true
@@ -36,8 +49,21 @@ class User < ApplicationRecord
   validates_length_of :display_name, minimum: 3, maximum: 35, allow_blank: true,
                                      if: -> { defined?(@display_name) }
 
-  scope :confirmed, -> { where.not(confirmed_at: nil) }
-  scope :pending,   -> { where(confirmed_at: nil) }
+  validates_uniqueness_of :nostr_pubkey, allow_blank: true
+
+  validate :acceptable_avatar
+
+  #
+  # Scopes
+  #
+
+  scope :confirmed,  -> { where.not(confirmed_at: nil) }
+  scope :pending,    -> { where(confirmed_at: nil) }
+  scope :all_except, -> (user) { where.not(id: user) }
+
+  #
+  # Encrypted database columns
+  #
 
   has_encrypted :ln_login, :ln_password
 
@@ -67,6 +93,7 @@ class User < ApplicationRecord
       # E-Mail update confirmed
       LdapManager::UpdateEmail.call(self.dn, self.email)
     else
+      # TODO Make configurable
       # E-Mail from signup confirmed (i.e. account activation)
       enable_service %w[ discourse gitea mediawiki xmpp ]
 
@@ -104,6 +131,11 @@ class User < ApplicationRecord
     "#{self.cn}@#{self.ou}"
   end
 
+  def mastodon_address
+    return nil unless Setting.mastodon_enabled?
+    "#{self.cn}@#{Setting.mastodon_address_domain}"
+  end
+
   def valid_attribute?(attribute_name)
     self.valid?
     self.errors[attribute_name].blank?
@@ -129,6 +161,10 @@ class User < ApplicationRecord
     @display_name ||= ldap_entry[:display_name]
   end
 
+  def avatar
+    @avatar_base64 ||= LdapManager::FetchAvatar.call(cn: cn, ou: ou)
+  end
+
   def services_enabled
     ldap_entry[:service] || []
   end
@@ -151,10 +187,28 @@ class User < ApplicationRecord
     ldap.delete_attribute(dn,:service)
   end
 
+  def nostr_pubkey_bech32
+    return nil unless nostr_pubkey.present?
+    Nostr::PublicKey.new(nostr_pubkey).to_bech32
+  end
+
   private
 
     def ldap
       return @ldap_service if defined?(@ldap_service)
       @ldap_service = LdapService.new
     end
+
+    def acceptable_avatar
+      return unless avatar_new.present?
+
+      if avatar_new.size > 1.megabyte
+        errors.add(:avatar, "file size is too large")
+      end
+
+      acceptable_types = ["image/jpeg", "image/png"]
+      unless acceptable_types.include?(avatar_new.content_type)
+        errors.add(:avatar, "must be a JPEG or PNG file")
+      end
+    end
 end

app/services/app_catalog_manager/update_metadata.rb

@@ -0,0 +1,52 @@
+require "manifique"
+require "down"
+
+module AppCatalogManager
+  class UpdateMetadata < AppCatalogManagerService
+    def initialize(app)
+      @app = app
+    end
+
+    def call
+      agent = Manifique::Agent.new(url: @app.url)
+      metadata = agent.fetch_metadata
+
+      @app.name = metadata.name
+
+      [:name, :short_name, :description, :theme_color, :background_color,
+       :display, :start_url, :scope, :share_target, :icons].each do |prop|
+        @app.metadata[prop] = metadata.send(prop) if prop
+      end
+
+      if icon = metadata.select_icon(sizes: "256x256") ||
+         icon = metadata.select_icon(sizes: "192x192")
+        attach_remote_image(:icon, icon)
+        # TODO elsif get whatever is available
+      end
+
+      if apple_touch_icon = metadata.select_icon(purpose: "apple-touch-icon")
+        attach_remote_image(:apple_touch_icon, apple_touch_icon)
+      end
+
+      @app.save!
+    rescue Manifique::Error => e
+      msg = "Fetching web app manifest failed for #{e.url}: #{e.type}"
+      Rails.logger.warn(msg)
+      Sentry.capture_message(msg) if Setting.sentry_enabled?
+      false
+    end
+
+    def attach_remote_image(attachment_name, icon)
+      if icon['src'].start_with?("http")
+        download_url = icon['src']
+      else
+        download_url = "#{@app.url}/#{icon["src"].gsub(/^\//,'')}"
+      end
+      filename = "#{attachment_name}.png"
+      key = "web_apps/#{@app.id}/icons/#{attachment_name}.png"
+
+      tempfile = Down.download(download_url)
+      @app.send(attachment_name).attach(key: key, io: tempfile, filename: filename)
+    end
+  end
+end

app/services/app_catalog_manager_service.rb

@@ -0,0 +1,2 @@
+class AppCatalogManagerService < ApplicationService
+end

app/services/btc_pay.rb

@@ -1,32 +0,0 @@
-#
-# API Docs: https://docs.btcpayserver.org/API/Greenfield/v1/
-#
-class BtcPay
-  def initialize
-    @base_url = ENV["BTCPAY_API_URL"]
-    @store_id = Rails.application.credentials.btcpay[:store_id]
-    @auth_token = Rails.application.credentials.btcpay[:auth_token]
-  end
-
-  def onchain_wallet_balance
-    res = get "stores/#{@store_id}/payment-methods/onchain/BTC/wallet"
-
-    {
-      balance: res["balance"].to_f,
-      unconfirmed_balance: res["unconfirmedBalance"].to_f,
-      confirmed_balance: res["confirmedBalance"].to_f
-    }
-  end
-
-  private
-
-  def get(endpoint)
-    res = Faraday.get("#{@base_url}/#{endpoint}", {}, {
-      "Content-Type" => "application/json",
-      "Accept" => "application/json",
-      "Authorization" => "token #{@auth_token}"
-    })
-
-    JSON.parse(res.body)
-  end
-end

app/services/btcpay_manager/fetch_lightning_wallet_balance.rb

@@ -0,0 +1,11 @@
+module BtcpayManager
+  class FetchLightningWalletBalance < BtcpayManagerService
+    def call
+      res = get "stores/#{store_id}/lightning/BTC/balance"
+
+      {
+        confirmed_balance: res["offchain"]["local"].to_i / 1000 # msats to sats
+      }
+    end
+  end
+end

app/services/btcpay_manager/fetch_onchain_wallet_balance.rb

@@ -0,0 +1,13 @@
+module BtcpayManager
+  class FetchOnchainWalletBalance < BtcpayManagerService
+    def call
+      res = get "stores/#{store_id}/payment-methods/onchain/BTC/wallet"
+
+      {
+        balance: (res["balance"].to_f * 100000000).to_i, # BTC to sats
+        unconfirmed_balance: (res["unconfirmedBalance"].to_f * 100000000).to_i,
+        confirmed_balance: (res["confirmedBalance"].to_f * 100000000).to_i
+      }
+    end
+  end
+end

app/services/btcpay_manager_service.rb

@@ -0,0 +1,24 @@
+#
+# API Docs: https://docs.btcpayserver.org/API/Greenfield/v1/
+#
+class BtcpayManagerService < ApplicationService
+  attr_reader :base_url, :store_id, :auth_token
+
+  def initialize
+    @base_url   = Setting.btcpay_api_url
+    @store_id   = Setting.btcpay_store_id
+    @auth_token = Setting.btcpay_auth_token
+  end
+
+  private
+
+    def get(endpoint)
+      res = Faraday.get("#{base_url}/#{endpoint}", {}, {
+        "Content-Type" => "application/json",
+        "Accept" => "application/json",
+        "Authorization" => "token #{auth_token}"
+      })
+
+      JSON.parse(res.body)
+    end
+end

app/services/create_account.rb

@@ -1,7 +1,7 @@
 class CreateAccount < ApplicationService
   def initialize(args)
     @username   = args[:username]
-    @domain     = args[:ou] || "kosmos.org"
+    @domain     = args[:ou] || Setting.primary_domain
     @email      = args[:email]
     @password   = args[:password]
     @invitation = args[:invitation]

app/services/ldap_manager/fetch_avatar.rb

@@ -0,0 +1,17 @@
+module LdapManager
+  class FetchAvatar < LdapManagerService
+    def initialize(cn:, ou: nil)
+      @cn = cn
+      @ou = ou
+    end
+
+    def call
+      treebase   = @ou ? "ou=#{@ou},cn=users,#{suffix}" : ldap_config["base"]
+      attributes = %w{ jpegPhoto }
+      filter     = Net::LDAP::Filter.eq("cn", @cn)
+
+      entry = ldap_client.search(base: treebase, filter: filter, attributes: attributes).first
+      entry.try(:jpegPhoto) ? entry.jpegPhoto.first : nil
+    end
+  end
+end

app/services/ldap_manager/update_avatar.rb

@@ -0,0 +1,27 @@
+require "image_processing/vips"
+
+module LdapManager
+  class UpdateAvatar < LdapManagerService
+    def initialize(dn, file)
+      @dn = dn
+      @img_data = process(file)
+    end
+
+    def call
+      replace_attribute @dn, :jpegPhoto, @img_data
+    end
+
+    private
+
+    def process(file)
+      processed = ImageProcessing::Vips
+        .resize_to_fill(512, 512)
+        .source(file)
+        .convert("jpeg")
+        .saver(strip: true)
+        .call
+
+      Base64.strict_encode64 processed.read
+    end
+  end
+end

app/services/ldap_manager_service.rb

@@ -1,2 +1,5 @@
 class LdapManagerService < LdapService
+  def suffix
+    @suffix ||= ENV["LDAP_SUFFIX"] || "dc=kosmos,dc=org"
+  end
 end

app/services/lndhub_v2.rb

@@ -14,7 +14,7 @@ class LndhubV2 < Lndhub
   end
 
   def create_account(payload={})
-    post "v2/users", payload, admin_token: Rails.application.credentials.lndhub[:admin_token]
+    post "v2/users", payload, admin_token: Setting.lndhub_admin_token
   end
 
   def create_invoice(payload)

app/services/nostr_manager/validate_id.rb

@@ -0,0 +1,11 @@
+module NostrManager
+  class ValidateId < NostrManagerService
+    def initialize(event)
+      @event = Nostr::Event.new(**event)
+    end
+
+    def call
+      @event.id == Digest::SHA256.hexdigest(JSON.generate(@event.serialize))
+    end
+  end
+end

app/services/nostr_manager/verify_signature.rb

@@ -0,0 +1,17 @@
+module NostrManager
+  class VerifySignature < NostrManagerService
+    def initialize(event)
+      @event = Nostr::Event.new(**event)
+    end
+
+    def call
+      Schnorr.check_sig!(
+        [@event.id].pack('H*'),
+        [@event.pubkey].pack('H*'),
+        [@event.sig].pack('H*')
+      )
+    rescue Schnorr::InvalidSignatureError
+      false
+    end
+  end
+end

app/services/nostr_manager_service.rb

@@ -0,0 +1,4 @@
+require "nostr"
+
+class NostrManagerService < ApplicationService
+end

app/services/router.rb

@@ -0,0 +1,7 @@
+class Router
+  include Rails.application.routes.url_helpers
+
+  def self.default_url_options
+    ActionMailer::Base.default_url_options
+  end
+end

app/views/admin/app_catalog/web_apps/index.html.erb

@@ -0,0 +1,56 @@
+<%= render HeaderComponent.new(title: "App Catalog") %>
+
+<%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/admin_sidenav_app_catalog') do %>
+  <section>
+    <%= render QuickstatsContainerComponent.new do %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Known Web Apps',
+          value: @stats[:known_apps],
+      ) %>
+      <%# <%= render QuickstatsItemComponent.new(
+      <%#     type: :number,
+      <%#     title: 'Accepted',
+      <%#     value: @stats[:accepted],
+      <%# ) %>
+      <%# <%= render QuickstatsItemComponent.new(
+      <%#     type: :number,
+      <%#     title: 'Users with referrals',
+      <%#     value: @stats[:users_with_referrals],
+      <%#     meta: "/ #{User.count}"
+      <%# ) %>
+    <% end %>
+  </section>
+  <% if @web_apps.any? %>
+    <section>
+      <h3>Web Apps</h3>
+      <table class="divided mb-8">
+        <thead>
+          <tr>
+            <th>Name</th>
+            <th>URL</th>
+            <th class="hidden md:table-cell">RS Auths</th>
+            <th class="hidden md:table-cell">Created at</th>
+          </tr>
+        </thead>
+        <tbody>
+          <% @web_apps.each do |web_app| %>
+            <tr>
+              <td><%= web_app.name %></td>
+              <td><%= link_to web_app.url, web_app.url,
+                              target: "_blank", rel: "nofollow noopener",
+                              class: "ks-text-link" %></td>
+              <td class="hidden md:table-cell"><%= web_app.remote_storage_authorizations.count %></td>
+              <td class="hidden md:table-cell">
+                <span title="<%= web_app.created_at %>" class="cursor-help">
+                  <%= time_ago_in_words web_app.created_at, include_seconds: false %> ago
+                </span>
+              </td>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+      <%== pagy_nav @pagy %>
+    </section>
+  <% end %>
+<% end %>

app/views/admin/donations/_form.html.erb

@@ -12,7 +12,7 @@
 
   <section class="sm:w-1/2 grid grid-cols-2 items-center gap-y-2">
     <%= form.label :user_id %>
-    <%= form.collection_select :user_id, User.where(ou: "kosmos.org").order(:cn), :id, :cn, {} %>
+    <%= form.collection_select :user_id, User.where(ou: Setting.primary_domain).order(:cn), :id, :cn, {} %>
 
     <%= form.label :amount_sats, "Amount BTC (sats)" %>
     <%= form.number_field :amount_sats %>

app/views/admin/settings/services/_btcpay.html.erb

@@ -0,0 +1,37 @@
+<h3>BTCPay Server</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :btcpay_enabled,
+    enabled: Setting.btcpay_enabled?,
+    title: "Enable BTCPay integration",
+    description: "BTCPay configuration present and features enabled"
+  ) %>
+<% if Setting.btcpay_enabled? %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :btcpay_api_url,
+        title: "API URL"
+      ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :btcpay_store_id,
+        title: "Store ID"
+      ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :btcpay_auth_token,
+        type: :password,
+        title: "Auth Token"
+      ) %>
+</ul>
+</section>
+<section>
+<h3>REST API</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :btcpay_publish_wallet_balances,
+    enabled: Setting.btcpay_publish_wallet_balances?,
+    title: "Publish wallet balances",
+    description: "Publish the store's on-chain and Lightning wallet balances"
+  ) %>
+<% end %>
+</ul>

app/views/admin/settings/services/_discourse.html.erb

@@ -8,16 +8,15 @@
     description: "Discourse configuration present and features enabled"
   ) %>
 <% if Setting.discourse_enabled? %>
-  <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
-    <%= f.text_field :discourse_public_url,
-      value: Setting.discourse_public_url,
-      class: "w-full", disabled: true %>
-  <% end %>
-  <%= render FormElements::FieldsetComponent.new(title: "Connect secret") do %>
-    <%= f.password_field :discourse_connect_secret,
-      value: Setting.discourse_connect_secret,
-      class: "w-full", disabled: true %>
-  <% end %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :discourse_public_url,
+        title: "Public URL"
+      ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :discourse_connect_secret,
+        type: :password,
+        title: "Connect secret"
+      ) %>
 <% end %>
 </ul>
 <% if Setting.discourse_enabled? %>
@@ -31,14 +30,14 @@
       <input type="text" class="grow" disabled="disabled"
              value="https://<%= Setting.accounts_domain %>/discourse/connect"
              data-clipboard-target="source" />
-      <button class="btn-md btn-icon btn-blue shrink-0"
+      <button class="btn-md btn-icon btn-outline shrink-0"
               data-clipboard-target="trigger" data-action="clipboard#copy"
               title="Copy to clipboard">
         <span class="content-initial">
-          <%= render partial: "icons/copy", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+          <%= render partial: "icons/copy", locals: { custom_class: "text-blue-600 h-4 w-4 inline" } %>
         </span>
         <span class="content-active hidden">
-          <%= render partial: "icons/check", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+          <%= render partial: "icons/check", locals: { custom_class: "text-blue-600 h-4 w-4 inline" } %>
         </span>
       </button>
     </li>

app/views/admin/settings/services/_droneci.html.erb

@@ -0,0 +1,16 @@
+<h3>Drone CI</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :droneci_enabled,
+    enabled: Setting.droneci_enabled?,
+    title: "Enable Drone CI integration",
+    description: "Drone CI configuration present and features enabled"
+  ) %>
+  <% if Setting.droneci_enabled? %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+          key: :droneci_public_url,
+          title: "Public URL"
+        ) %>
+  <% end %>
+</ul>

app/views/admin/settings/services/_ejabberd.html.erb

@@ -8,16 +8,14 @@
     description: "ejabberd configuration present and features enabled"
   ) %>
 <% if Setting.ejabberd_enabled? %>
-  <%= render FormElements::FieldsetComponent.new(title: "API URL") do %>
-    <%= f.text_field :ejabberd_api_url,
-      value: Setting.ejabberd_api_url,
-      class: "w-full", disabled: true %>
-  <% end %>
-  <%= render FormElements::FieldsetComponent.new(title: "Admin URL") do %>
-    <%= f.text_field :ejabberd_admin_url,
-      value: Setting.ejabberd_admin_url,
-      class: "w-full", disabled: true %>
-  <% end %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :ejabberd_api_url,
+        title: "API URL"
+      ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :ejabberd_admin_url,
+        title: "Admin URL"
+      ) %>
 </ul>
 <h3 class="mt-10">User default settings</h3>
 <ul role="list">
@@ -37,12 +35,24 @@
     title: "Auto-join default rooms",
     description: "Automatically join above default rooms in chat clients"
   ) %>
-  <%= render FormElements::FieldsetComponent.new(
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :ejabberd_buddy_roster,
         title: "Contact roster name",
         description: "Used when exchanging contacts after signup from invitation"
+      ) %>
+</ul>
+<h3 class="mt-10">Notifications</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetComponent.new(
+        title: "From address",
+        description: "Address (JID) of the account notifications are sent from",
+        resettable: Setting.get_field(:xmpp_notifications_from_address)[:default] != Setting.xmpp_notifications_from_address
       ) do %>
-    <%= f.text_field :ejabberd_buddy_roster,
-      value: Setting.ejabberd_buddy_roster,
+    <%= f.text_field :xmpp_notifications_from_address,
+      value: Setting.xmpp_notifications_from_address,
+      data: {
+        :'default-value' => Setting.get_field(:xmpp_notifications_from_address)[:default]
+      },
       class: "w-full" %>
   <% end %>
 <% end %>

app/views/admin/settings/services/_gitea.html.erb

@@ -8,10 +8,9 @@
     description: "Gitea configuration present and features enabled"
   ) %>
   <% if Setting.gitea_enabled? %>
-    <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
-      <%= f.text_field :gitea_public_url,
-        value: Setting.gitea_public_url,
-        class: "w-full", disabled: true %>
-    <% end %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+          key: :gitea_public_url,
+          title: "Public URL"
+        ) %>
   <% end %>
 </ul>

app/views/admin/settings/services/_lndhub.html.erb

@@ -8,31 +8,36 @@
     description: "LNDHub configuration present and wallet features enabled"
   ) %>
   <% if Setting.lndhub_enabled? %>
-    <%= render FormElements::FieldsetComponent.new(title: "API URL") do %>
-      <%= f.text_field :lndhub_api_url,
-        value: Setting.lndhub_api_url,
-        class: "w-full", disabled: true %>
-    <% end %>
-  <% end %>
-  <%= render FormElements::FieldsetToggleComponent.new(
-    form: f,
-    attribute: :lndhub_admin_enabled,
-    enabled: Setting.lndhub_admin_enabled?,
-    title: "Enable LNDHub admin panel",
-    description: "LNDHub database configuration present and admin panel enabled"
-  ) %>
-  <%= render FormElements::FieldsetToggleComponent.new(
-    form: f,
-    attribute: :lndhub_keysend_enabled,
-    enabled: Setting.lndhub_keysend_enabled?,
-    title: "Enable keysend payments",
-    description: "Allow users to receive invoice-less payments to their Lightning Address"
-  ) %>
-  <% if Setting.lndhub_keysend_enabled? %>
-    <%= render FormElements::FieldsetComponent.new(title: "Public key", description: "The public key of the Lightning node used by LNDHub") do %>
-      <%= f.text_field :lndhub_public_key,
-        value: Setting.lndhub_public_key,
-        class: "w-full", disabled: true %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+      key: :lndhub_api_url,
+      title: "API URL"
+    ) %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+      key: :lndhub_admin_token,
+      type: :password,
+      title: "Admin token",
+      description: "Auth token for creating new lndhub accounts"
+    ) %>
+    <%= render FormElements::FieldsetToggleComponent.new(
+      form: f,
+      attribute: :lndhub_admin_enabled,
+      enabled: Setting.lndhub_admin_enabled?,
+      title: "Enable LNDHub admin panel",
+      description: "LNDHub database configuration present and admin panel enabled"
+    ) %>
+    <%= render FormElements::FieldsetToggleComponent.new(
+      form: f,
+      attribute: :lndhub_keysend_enabled,
+      enabled: Setting.lndhub_keysend_enabled?,
+      title: "Enable keysend payments",
+      description: "Allow users to receive invoice-less payments to their Lightning Address"
+    ) %>
+    <% if Setting.lndhub_keysend_enabled? %>
+      <%= render FormElements::FieldsetResettableSettingComponent.new(
+            key: :lndhub_public_key,
+            title: "Public key",
+            description: "The public key of the Lightning node used by LNDHub"
+          ) %>
     <% end %>
   <% end %>
 </ul>

app/views/admin/settings/services/_mastodon.html.erb

@@ -8,10 +8,13 @@
     description: "Mastodon configuration present and features enabled"
   ) %>
   <% if Setting.mastodon_enabled? %>
-    <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
-      <%= f.text_field :mastodon_public_url,
-        value: Setting.mastodon_public_url,
-        class: "w-full", disabled: true %>
-    <% end %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+          key: :mastodon_public_url,
+          title: "Public URL"
+        ) %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+          key: :mastodon_address_domain,
+          title: "User address domain"
+        ) %>
   <% end %>
 </ul>

app/views/admin/settings/services/_mediawiki.html.erb

@@ -8,10 +8,9 @@
     description: "MediaWiki configuration present and features enabled"
   ) %>
   <% if Setting.mediawiki_enabled? %>
-    <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
-      <%= f.text_field :mediawiki_public_url,
-        value: Setting.mediawiki_public_url,
-        class: "w-full", disabled: true %>
-    <% end %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+          key: :mediawiki_public_url,
+          title: "Public URL"
+        ) %>
   <% end %>
 </ul>

app/views/admin/settings/services/_remotestorage.html.erb

@@ -1,4 +1,5 @@
 <h3>RemoteStorage</h3>
+<p class="text-red-600 mb-8">Feature currently in development.</p>
 <ul role="list">
   <%= render FormElements::FieldsetToggleComponent.new(
     form: f,
@@ -8,10 +9,13 @@
     description: "RemoteStorage configuration present and features enabled"
   ) %>
   <% if Setting.remotestorage_enabled? %>
-    <%= render FormElements::FieldsetComponent.new(title: "Storage URL") do %>
-      <%= f.text_field :rs_storage_url,
-        value: Setting.rs_storage_url,
-        class: "w-full", disabled: true %>
-    <% end %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+          key: :rs_storage_url,
+          title: "Storage Base URL"
+        ) %>
+    <%= render FormElements::FieldsetResettableSettingComponent.new(
+          key: :rs_redis_url,
+          title: "Redis URL"
+        ) %>
   <% end %>
 </ul>

app/views/admin/users/show.html.erb

@@ -63,6 +63,12 @@
     </section>
 
     <section class="sm:flex-1 sm:pt-0">
+      <% if @avatar.present? %>
+      <h3>LDAP<h3>
+      <p>
+        <img src="data:image/jpeg;base64,<%= @avatar %>" class="h-48 w-48" />
+      </p>
+      <% end %>
       <!-- <h3>Actions</h3> -->
     </section>
   </div>

app/views/dashboard/index.html.erb

@@ -7,73 +7,85 @@
       services:
     </p>
     <div class="services grid grid-cols-1 sm:grid-cols-2 gap-4 sm:gap-6">
-      <div class="border border-gray-300 rounded-md hover:border-gray-400
-                  bg-cover bg-[center_top_-50px] bg-no-repeat
-                  bg-[url(/img/logos/icon_xmpp.svg)]">
-        <%= link_to "https://wiki.kosmos.org/Services:Chat",
-              class: "block h-full px-6 py-6 rounded-md" do %>
-          <h3 class="mb-3.5">Chat</h3>
-          <p class="text-gray-600">
-            Federated chat rooms and instant messaging
-          </p>
-        <% end %>
-      </div>
-      <div class="border border-gray-300 rounded-md hover:border-gray-400
-                  bg-[length:95%] bg-center bg-no-repeat
-                  bg-[url(/img/logos/icon_discourse.svg)]">
-        <%= link_to "#{Setting.discourse_public_url}/session/sso?return_path=/",
-              class: "block h-full px-6 py-6 rounded-md" do %>
-          <h3 class="mb-3.5">Discourse</h3>
-          <p class="text-gray-600">
-            Kosmos community forums and user support/help site
-          </p>
-        <% end %>
-      </div>
-      <div class="border border-gray-300 rounded-md hover:border-gray-400
-                  bg-cover bg-[center_top_-20px] bg-no-repeat
-                  bg-[url(/img/logos/icon_mediawiki.svg)]">
-        <%= link_to "https://wiki.kosmos.org",
-              class: "block h-full px-6 py-6 rounded-md" do %>
-          <h3 class="mb-3.5">Wiki</h3>
-          <p class="text-gray-600">
-            Kosmos documentation and knowledge base
-          </p>
-        <% end %>
-      </div>
-      <div class="border border-gray-300 rounded-md hover:border-gray-400
-                  bg-cover bg-center sm:bg-[center_top_-140px] bg-no-repeat
-                  bg-[url(/img/logos/icon_lightning.svg)]">
-        <%= link_to services_lightning_index_path,
-              class: "block h-full px-6 py-6 rounded-md" do %>
-          <h3 class="mb-3.5">Lightning Network</h3>
-          <p class="text-gray-600">
-            Send and receive sats over the Bitcoin Lightning Network
-          </p>
-        <% end %>
-      </div>
-      <div class="border border-gray-300 rounded-md hover:border-gray-400
-                  bg-cover bg-center bg-no-repeat
-                  bg-[url(/img/logos/icon_gitea.png)]">
-        <%= link_to "https://gitea.kosmos.org",
-              class: "block h-full px-6 py-6 rounded-md" do %>
-          <h3 class="mb-3.5">Gitea</h3>
-          <p class="text-gray-600">
-            Code hosting and collaboration for software projects
-          </p>
-        <% end %>
-      </div>
-      <div class="border border-gray-300 rounded-md hover:border-gray-400
-                  bg-cover bg-[center_top_-70px] bg-no-repeat
-                  bg-[url(/img/logos/icon_droneci.svg)]">
-        <%= link_to "https://drone.kosmos.org",
-              class: "block h-full px-6 py-6 rounded-md" do %>
-          <h3 class="mb-3.5">Drone CI</h3>
-          <p class="text-gray-600">
-            Continuous integration for software projects on Gitea
-          </p>
-        <% end %>
-      </div>
-      <% if Setting.remotestorage_enabled? && Flipper.enabled?(:remotestorage, current_user) %>
+      <% if Setting.ejabberd_enabled? %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-cover bg-[center_top_-50px] bg-no-repeat
+                    bg-[url(/img/logos/icon_xmpp.svg)]">
+          <%= link_to services_chat_path,
+                class: "block h-full px-6 py-6 rounded-md" do %>
+            <h3 class="mb-3.5">Chat</h3>
+            <p class="text-gray-600">
+              Federated chat rooms and instant messaging
+            </p>
+          <% end %>
+        </div>
+      <% end %>
+      <% if Setting.mastodon_enabled? %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-[length:80%] bg-[right_top_-30px] bg-no-repeat
+                    bg-[url(/img/logos/icon_mastodon.svg)]">
+          <%= link_to services_mastodon_path, class: "block h-full px-6 py-6 rounded-md" do %>
+            <h3 class="mb-3.5">Mastodon</h3>
+            <p class="text-gray-600">
+              Your account on the Open Social Web
+            </p>
+          <% end %>
+        </div>
+      <% end %>
+      <% if Setting.discourse_enabled? %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-[length:95%] bg-center bg-no-repeat
+                    bg-[url(/img/logos/icon_discourse.svg)]">
+          <%= link_to "#{Setting.discourse_public_url}/session/sso?return_path=/",
+                class: "block h-full px-6 py-6 rounded-md" do %>
+            <h3 class="mb-3.5">Discourse</h3>
+            <p class="text-gray-600">
+              Kosmos community forums and user support/help site
+            </p>
+          <% end %>
+        </div>
+      <% end %>
+      <% if Setting.lndhub_enabled? %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-cover bg-center sm:bg-[center_top_-140px] bg-no-repeat
+                    bg-[url(/img/logos/icon_lightning.svg)]">
+          <%= link_to services_lightning_index_path,
+                class: "block h-full px-6 py-6 rounded-md" do %>
+            <h3 class="mb-3.5">Lightning Network</h3>
+            <p class="text-gray-600">
+              Send and receive sats over the Bitcoin Lightning Network
+            </p>
+          <% end %>
+        </div>
+      <% end %>
+      <% if Setting.gitea_enabled? %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-cover bg-center bg-no-repeat
+                    bg-[url(/img/logos/icon_gitea.png)]">
+          <%= link_to Setting.gitea_public_url,
+                class: "block h-full px-6 py-6 rounded-md" do %>
+            <h3 class="mb-3.5">Gitea</h3>
+            <p class="text-gray-600">
+              Code hosting and collaboration for software projects
+            </p>
+          <% end %>
+        </div>
+      <% end %>
+      <% if Setting.droneci_enabled? %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-cover bg-[center_top_-70px] bg-no-repeat
+                    bg-[url(/img/logos/icon_droneci.svg)]">
+          <%= link_to Setting.droneci_public_url,
+                class: "block h-full px-6 py-6 rounded-md" do %>
+            <h3 class="mb-3.5">Drone CI</h3>
+            <p class="text-gray-600">
+              Continuous integration for software projects on Gitea
+            </p>
+          <% end %>
+        </div>
+      <% end %>
+      <% if Setting.remotestorage_enabled? &&
+            Flipper.enabled?(:remotestorage, current_user) %>
         <div class="border border-gray-300 rounded-md hover:border-gray-400">
           <%= link_to services_storage_path,
                 class: "block h-full px-6 py-6 rounded-md" do %>
@@ -84,16 +96,19 @@
           <% end %>
         </div>
       <% end %>
-      <!-- <div class="border border&#45;gray&#45;300 rounded&#45;md hover:border&#45;gray&#45;400 -->
-      <!--             bg&#45;[length:80%] bg&#45;[right_top_&#45;30px] bg&#45;no&#45;repeat -->
-      <!--             bg&#45;[url(/img/logos/icon_mastodon.svg)]"> -->
-      <!--   <%= link_to "https://kosmos.social", class: "block h&#45;full px&#45;6 py&#45;6 rounded&#45;md" do %> -->
-      <!--     <h3 class="mb&#45;3.5">Mastodon</h3> -->
-      <!--     <p class="text&#45;gray&#45;400"> -->
-      <!--       Your account on the Open Social Web -->
-      <!--     </p> -->
-      <!--   <% end %> -->
-      <!-- </div> -->
+      <% if Setting.mediawiki_enabled? %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400
+                    bg-cover bg-[center_top_-20px] bg-no-repeat
+                    bg-[url(/img/logos/icon_mediawiki.svg)]">
+          <%= link_to Setting.mediawiki_public_url,
+                class: "block h-full px-6 py-6 rounded-md" do %>
+            <h3 class="mb-3.5">Wiki</h3>
+            <p class="text-gray-600">
+              Kosmos documentation and knowledge base
+            </p>
+          <% end %>
+        </div>
+      <% end %>
     </div>
   </section>
 <% end %>

app/views/devise/passwords/new.html.erb

@@ -10,7 +10,7 @@
       <p class="flex gap-2 items-center">
         <%= f.text_field :cn, autofocus: true, autocomplete: "username",
                               required: true, class: "relative grow"%>
-        <span class="relative shrink-0 text-gray-500">@ kosmos.org</span>
+        <span class="relative shrink-0 text-gray-500">@ <%= Setting.primary_domain %></span>
       </p>
     </div>
     <p>

app/views/devise/sessions/new.html.erb

@@ -12,15 +12,17 @@
     <div class="mb-6">
       <%= f.label :cn, 'User', class: 'block mb-2 font-bold' %>
       <p class="flex gap-2 items-center">
-        <%= f.text_field :cn, autofocus: true, autocomplete: "username",
+        <%= f.text_field :cn, value: h(params[:cn]),
+              autofocus: params[:cn].blank?, autocomplete: "username",
               required: true, class: "relative grow", tabindex: "1" %>
-        <span class="relative shrink-0 text-gray-500">@ kosmos.org</span>
+        <span class="relative shrink-0 text-gray-500">@ <%= Setting.primary_domain %></span>
       </p>
     </div>
     <p class="mb-8">
       <%= f.label :password, class: 'block mb-2 font-bold' %>
       <%= f.password_field :password, autocomplete: "current-password",
-            required: true, class: "w-full", tabindex: "2" %>
+            autofocus: params[:cn].present?, required: true,
+            class: "w-full", tabindex: "2" %>
     </p>
 
     <%= tag.div class: "flex items-center mb-8 gap-x-3", data: {

app/views/icons/_alert-triangle.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-alert-triangle"><path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"></path><line x1="12" y1="9" x2="12" y2="13"></line><line x1="12" y1="17" x2="12.01" y2="17"></line></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-alert-triangle <%= custom_class %>"><path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"></path><line x1="12" y1="9" x2="12" y2="13"></line><line x1="12" y1="17" x2="12.01" y2="17"></line></svg>

app/views/icons/_asterisk.html.erb

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 512 512" fill="currentColor" stroke="currentColor" stroke-width="2" class="<%= custom_class %>"><path d="M475.31 364.144L288 256l187.31-108.144c5.74-3.314 7.706-10.653 4.392-16.392l-4-6.928c-3.314-5.74-10.653-7.706-16.392-4.392L272 228.287V12c0-6.627-5.373-12-12-12h-8c-6.627 0-12 5.373-12 12v216.287L52.69 120.144c-5.74-3.314-13.079-1.347-16.392 4.392l-4 6.928c-3.314 5.74-1.347 13.079 4.392 16.392L224 256 36.69 364.144c-5.74 3.314-7.706 10.653-4.392 16.392l4 6.928c3.314 5.74 10.653 7.706 16.392 4.392L240 283.713V500c0 6.627 5.373 12 12 12h8c6.627 0 12-5.373 12-12V283.713l187.31 108.143c5.74 3.314 13.079 1.347 16.392-4.392l4-6.928c3.314-5.74 1.347-13.079-4.392-16.392z"/></svg>

app/views/icons/_folder.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-folder"><path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-folder <%= custom_class %>"><path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"></path></svg>

app/views/icons/_globe.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-globe"><circle cx="12" cy="12" r="10"></circle><line x1="2" y1="12" x2="22" y2="12"></line><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-globe <%= custom_class %>"><circle cx="12" cy="12" r="10"></circle><line x1="2" y1="12" x2="22" y2="12"></line><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"></path></svg>

app/views/icons/_kebab-menu.html.erb

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="800px" height="800px" viewBox="0 0 24 24" class="<%= custom_class %>" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <title>Menu</title>
+    <g id="kebap-menu" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+      <rect id="Container" x="0" y="0" width="24" height="24"></rect>
+      <path d="M12,6 C12.5522847,6 13,5.55228475 13,5 C13,4.44771525 12.5522847,4 12,4 C11.4477153,4 11,4.44771525 11,5 C11,5.55228475 11.4477153,6 12,6 Z" stroke="#030819" stroke-width="2" stroke-linecap="round" stroke-dasharray="0,0"></path>
+      <path d="M12,13 C12.5522847,13 13,12.5522847 13,12 C13,11.4477153 12.5522847,11 12,11 C11.4477153,11 11,11.4477153 11,12 C11,12.5522847 11.4477153,13 12,13 Z" stroke="#030819" stroke-width="2" stroke-linecap="round" stroke-dasharray="0,0"></path>
+      <path d="M12,20 C12.5522847,20 13,19.5522847 13,19 C13,18.4477153 12.5522847,18 12,18 C11.4477153,18 11,18.4477153 11,19 C11,19.5522847 11.4477153,20 12,20 Z" stroke="#030819" stroke-width="2" stroke-linecap="round" stroke-dasharray="0,0"></path>
+    </g>
+</svg>

app/views/icons/_qr_code.html.erb

@@ -0,0 +1,11 @@
+<svg class="icon-qr-code <%= custom_class %>" fill="currentColor" width="90" height="90" version="1.1" viewBox="0 0 90 90" xmlns="http://www.w3.org/2000/svg">
+  <path id="path2" d="m22.014 22.612c0-2.5389 2.0586-4.5976 4.5976-4.5976h9.1937c2.539 0 4.5976 2.0587 4.5976 4.5976v6.1937c0 2.539-2.0586 4.5976-4.5976 4.5976h-9.1937c-2.539 0-4.5976-2.0586-4.5976-4.5976z"/>
+  <path id="path4" d="m22.014 61.598c0-2.539 2.0586-4.5976 4.5976-4.5976h9.1937c2.539 0 4.5976 2.0586 4.5976 4.5976v6.1937c0 2.539-2.0586 4.5976-4.5976 4.5976h-9.1937c-2.539 0-4.5976-2.0586-4.5976-4.5976z"/>
+  <path id="path6" d="m50 22.612c0-2.5389 2.0586-4.5976 4.5976-4.5976h9.1937c2.539 0 4.5976 2.0587 4.5976 4.5976v6.1937c0 2.539-2.0586 4.5976-4.5976 4.5976h-9.1937c-2.539 0-4.5976-2.0586-4.5976-4.5976z"/>
+  <path id="path8" d="m50 61.598c0-2.539 2.0586-4.5976 4.5976-4.5976h9.1937c2.539 0 4.5976 2.0586 4.5976 4.5976v6.1937c0 2.539-2.0586 4.5976-4.5976 4.5976h-9.1937c-2.539 0-4.5976-2.0586-4.5976-4.5976z"/>
+  <path id="path10" d="m8.85 45c0-1.7397 1.4103-3.15 3.15-3.15h66.5c1.7397 0 3.15 1.4103 3.15 3.15s-1.4103 3.15-3.15 3.15h-66.5c-1.7397 0-3.15-1.4103-3.15-3.15z" clip-rule="evenodd" fill-rule="evenodd"/>
+  <path id="path12" d="m11.566 0c-6.3876 0-11.566 5.1782-11.566 11.566v14.627c0 1.7713 1.4359 3.2073 3.2072 3.2073s3.2072-1.436 3.2072-3.2073v-14.627c0-2.845 2.3064-5.1514 5.1514-5.1514h14.627c1.7713 0 3.2073-1.4359 3.2073-3.2072s-1.436-3.2072-3.2073-3.2072z" clip-rule="evenodd" fill-rule="evenodd"/>
+  <path id="path14" d="m11.566 90c-6.3876 0-11.566-5.1782-11.566-11.566v-14.628c0-1.7713 1.4359-3.2072 3.2072-3.2072s3.2072 1.4359 3.2072 3.2072v14.628c0 2.845 2.3064 5.1513 5.1514 5.1513h14.627c1.7713 0 3.2073 1.436 3.2073 3.2073 0 1.7712-1.436 3.2072-3.2073 3.2072z" clip-rule="evenodd" fill-rule="evenodd"/>
+  <path id="path16" d="m78.434 0c6.3876 0 11.566 5.1782 11.566 11.566v14.627c0 1.7713-1.4359 3.2073-3.2072 3.2073s-3.2072-1.436-3.2072-3.2073v-14.627c0-2.845-2.3064-5.1514-5.1514-5.1514h-14.627c-1.7713 0-3.2073-1.4359-3.2073-3.2072s1.436-3.2072 3.2073-3.2072z" clip-rule="evenodd" fill-rule="evenodd"/>
+  <path id="path18" d="m78.434 90c6.3876 0 11.566-5.1782 11.566-11.566v-14.628c0-1.7713-1.4359-3.2072-3.2072-3.2072s-3.2072 1.4359-3.2072 3.2072v14.628c0 2.845-2.3064 5.1513-5.1514 5.1513h-14.627c-1.7713 0-3.2073 1.436-3.2073 3.2073 0 1.7712 1.436 3.2072 3.2073 3.2072z" clip-rule="evenodd" fill-rule="evenodd"/>
+</svg>

app/views/icons/_remotestorage.html.erb

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="24" height="24" class="<%= custom_class %>" clip-rule="evenodd" fill-rule="evenodd" image-rendering="optimizeQuality" shape-rendering="geometricPrecision" text-rendering="geometricPrecision" version="1.1" viewBox="0 0 250 249.9" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
+ <g transform="translate(-66.822 -.16484)">
+  <polygon id="polygon1" fill="currentColor" transform="matrix(.29308 0 0 .29308 83.528 -.028385)" points="228 181 370 100 511 181 652 263 370 425 87 263 87 263 0 213 0 213 0 311 0 378 0 427 0 476 86 525 185 582 370 689 554 582 653 525 653 590 653 592 370 754 0 542 0 640 185 747 370 853 554 747 739 640 739 525 739 476 739 427 739 378 653 427 370 589 86 427 86 361 185 418 370 524 554 418 653 361 739 311 739 213 554 107 370 0 185 107 58 180 144 230"/>
+ </g>
+</svg>