Send email confirmation when BTC payment is confirmed

Implement bitcoin donations via BTCPay
Allow other controllers to access lndhub user balance
2024-02-22 15:20:17 +01:00 · 2024-02-22 15:19:27 +01:00 · 2024-02-22 15:19:27 +01:00 · 2024-02-22 15:19:27 +01:00 · 2024-02-22 15:19:27 +01:00
628 changed files with 2394 additions and 8235 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,31 +1,14 @@
-# PRIMARY_DOMAIN=kosmos.org
+PRIMARY_DOMAIN=kosmos.org
-# AKKOUNTS_DOMAIN=accounts.example.com
+AKKOUNTS_DOMAIN=accounts.example.com
-# Generate this using `rails secret`
+SMTP_SERVER=smtp.example.com
-# SECRET_KEY_BASE=
+SMTP_PORT=587
-
+SMTP_LOGIN=accounts
-# Generate these using `rails db:encryption:init`
+SMTP_PASSWORD=123abc
-# (Optional, needed for LndHub integration)
+SMTP_FROM_ADDRESS=accounts@example.com
-# ENCRYPTION_PRIMARY_KEY=
+SMTP_DOMAIN=example.com
-# ENCRYPTION_KEY_DERIVATION_SALT=
+SMTP_AUTH_METHOD=plain
-
+SMTP_ENABLE_STARTTLS=auto
 # The default backend is SQLite
 # DB_ADAPTER=postgresql
 # PG_HOST=localhost
 # PG_PORT=5432
 # PG_DATABASE=akkounts
 # PG_DATABASE_QUEUE=akkounts_queue
 # PG_USERNAME=akkounts
 # PG_PASSWORD=
 # SMTP_SERVER=smtp.example.com
 # SMTP_PORT=587
 # SMTP_LOGIN=accounts
 # SMTP_PASSWORD=123abc
 # SMTP_FROM_ADDRESS=accounts@example.com
 # SMTP_DOMAIN=example.com
 # SMTP_AUTH_METHOD=plain
 # SMTP_ENABLE_STARTTLS=auto
 # S3_ENABLED=true
 # S3_ENDPOINT=https://s3.kosmos.org
@@ -35,58 +18,48 @@
 # S3_ACCESS_KEY=123456abcdefg
 # S3_SECRET_KEY=123456789123456789123456789
-# LDAP_HOST=localhost
+LDAP_HOST=localhost
-# LDAP_PORT=389
+LDAP_PORT=389
-# LDAP_USE_TLS=false
+LDAP_ADMIN_PASSWORD=passthebutter
-# LDAP_UID_ATTR=cn
+LDAP_SUFFIX='dc=kosmos,dc=org'
 # LDAP_BASE="ou=kosmos.org,cn=users,dc=kosmos,dc=org"
 # LDAP_ADMIN_USER="cn=Directory Manager"
 # LDAP_ADMIN_PASSWORD=passthebutter
 # LDAP_SUFFIX="dc=kosmos,dc=org"
-# REDIS_URL='redis://localhost:6379/1'
+REDIS_URL='redis://localhost:6379/1'
-# WEBHOOKS_ALLOWED_IPS='10.1.1.163'
+WEBHOOKS_ALLOWED_IPS='10.1.1.163'
 #
 # Service Integrations
 # (sorted alphabetically by service name)
 #
-# BTCPAY_PUBLIC_URL='https://btcpay.example.com'
+BTCPAY_PUBLIC_URL='https://btcpay.example.com'
-# BTCPAY_API_URL='http://localhost:23001/api/v1'
+BTCPAY_API_URL='http://localhost:23001/api/v1'
-# BTCPAY_STORE_ID=''
+BTCPAY_STORE_ID=''
-# BTCPAY_AUTH_TOKEN=''
+BTCPAY_AUTH_TOKEN=''
-# DISCOURSE_PUBLIC_URL='https://community.kosmos.org'
+DISCOURSE_PUBLIC_URL='https://community.kosmos.org'
-# DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
+DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
-# DRONECI_PUBLIC_URL='https://drone.kosmos.org'
+DRONECI_PUBLIC_URL='https://drone.kosmos.org'
-# EJABBERD_ADMIN_URL='https://xmpp.kosmos.org/admin'
+EJABBERD_ADMIN_URL='https://xmpp.kosmos.org/admin'
-# EJABBERD_API_URL='https://xmpp.kosmos.org/api'
+EJABBERD_API_URL='https://xmpp.kosmos.org/api'
-# GITEA_PUBLIC_URL='https://gitea.kosmos.org'
+GITEA_PUBLIC_URL='https://gitea.kosmos.org'
-# LNDHUB_API_URL='http://localhost:3023'
+LNDHUB_API_URL='http://localhost:3023'
-# LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
-# LNDHUB_PUBLIC_KEY='0123d3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
+LNDHUB_PUBLIC_KEY='0123d3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
-# LNDHUB_ADMIN_UI=true
+LNDHUB_ADMIN_UI=true
-# LNDHUB_ADMIN_TOKEN=123456789
+LNDHUB_ADMIN_TOKEN=123456789
-# LNDHUB_PG_HOST=localhost
+LNDHUB_PG_HOST=localhost
-# LNDHUB_PG_PORT=5432
+LNDHUB_PG_PORT=5432
-# LNDHUB_PG_DATABASE=lndhub
+LNDHUB_PG_DATABASE=lndhub
-# LNDHUB_PG_USERNAME=lndhub
+LNDHUB_PG_USERNAME=lndhub
-# LNDHUB_PG_PASSWORD=''
+LNDHUB_PG_PASSWORD=''
-# MASTODON_PUBLIC_URL='https://kosmos.social'
+MASTODON_PUBLIC_URL='https://kosmos.social'
 # MASTODON_ADDRESS_DOMAIN='https://kosmos.org'
-# MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
+MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
-# NOSTR_PRIVATE_KEY='123456abcdef...'
+RS_STORAGE_URL='https://storage.kosmos.org'
-# NOSTR_PUBLIC_KEY='123456abcdef...'
+RS_REDIS_URL='redis://localhost:6379/2'
 # NOSTR_RELAY_URL='wss://nostr.kosmos.org'
 # RS_STORAGE_URL='https://storage.kosmos.org'
 # RS_REDIS_URL='redis://localhost:6379/2'
--- a/.env.test
+++ b/.env.test
@@ -1,8 +1,4 @@
 PRIMARY_DOMAIN=kosmos.org
 AKKOUNTS_DOMAIN=accounts.kosmos.org
 ENCRYPTION_PRIMARY_KEY=YhNLBgCFMAzw5dV3gISxnGrhNDMQwRdn
 ENCRYPTION_KEY_DERIVATION_SALT=h28g16MRZ1sghF2jTCos1DiLZXUswinR
 REDIS_URL='redis://localhost:6379/0'
@@ -15,17 +11,11 @@ DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 EJABBERD_API_URL='http://xmpp.example.com/api'
 MASTODON_PUBLIC_URL='http://example.social'
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
 NOSTR_PRIVATE_KEY='7c3ef7e448505f0615137af38569d01807d3b05b5005d5ecf8aaafcd40323cea'
 NOSTR_PUBLIC_KEY='bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf'
 RS_REDIS_URL='redis://localhost:6379/1'
 RS_STORAGE_URL='https://storage.kosmos.org'
-RS_AKKOUNTS_DOMAIN=localhost
+RS_REDIS_URL='redis://localhost:6379/1'
 WEBHOOKS_ALLOWED_IPS='10.1.1.23'
--- a/.gitignore
+++ b/.gitignore
@@ -37,7 +37,6 @@
 /yarn-error.log
 yarn-debug.log*
 .yarn-integrity
 bun.lock
 # Ignore local dotenv config file
 .env
@@ -48,6 +47,3 @@ dump.rdb
 /app/assets/builds/*
 !/app/assets/builds/.keep
 # Ignore generated ctags
 *.tags
--- a/13
+++ b/13
@@ -1,11 +1,18 @@
 # syntax=docker/dockerfile:1
-FROM ruby:3.3.4
+FROM debian:bullseye-slim as base
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
+# TODO Remove when upstream Ruby works properly on Apple silicon
-      ldap-utils tini libvips
+RUN apt update && apt install -y build-essential wget autoconf libpq-dev pkg-config
 RUN wget https://github.com/postmodern/ruby-install/releases/download/v0.9.3/ruby-install-0.9.3.tar.gz \
  && tar -xzvf ruby-install-0.9.3.tar.gz \
  && cd ruby-install-0.9.3/ \
  && make install
 RUN ruby-install -p https://github.com/ruby/ruby/pull/9371.diff ruby 3.3.0
 ENV PATH="/opt/rubies/ruby-3.3.0/bin:${PATH}"
 RUN apt-get install -y --no-install-recommends curl ldap-utils tini libvips
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
 RUN apt-get update && apt-get install -y nodejs
--- a/28
+++ b/28
@@ -2,13 +2,13 @@ source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 8.0'
+gem 'rails', '~> 7.1'
 # Use Puma as the app server
-gem 'puma', '~> 6.6'
+gem 'puma', '~> 4.1'
 # View components
 gem "view_component"
-# Asset bundler
+# Separate dependency since Rails 7.0
-gem 'propshaft'
+gem 'sprockets-rails'
 # Allows custom JS build tasks to integrate with the asset pipeline
 gem 'cssbundling-rails'
 # Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
@@ -19,12 +19,17 @@ gem "turbo-rails"
 gem "stimulus-rails"
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
 gem 'jbuilder', '~> 2.7'
 # Use Redis adapter to run Action Cable in production
 # gem 'redis', '~> 4.0'
 # Use Active Model has_secure_password
 gem 'bcrypt', '~> 3.1'
 # Configuration
 gem 'dotenv-rails'
 # Security
 gem 'lockbox'
 # Authentication
 gem 'warden'
 gem 'devise', '~> 4.9.0'
@@ -32,7 +37,6 @@ gem 'devise_ldap_authenticatable'
 gem 'net-ldap'
 # Utilities
 gem 'aasm'
 gem "image_processing", "~> 1.12.2"
 gem "rqrcode", "~> 2.0"
 gem 'rails-settings-cached', '~> 2.8.3'
@@ -40,9 +44,6 @@ gem 'pagy', '~> 6.0', '>= 6.0.2'
 gem 'flipper'
 gem 'flipper-active_record'
 gem 'flipper-ui'
 gem 'gpgme', '~> 2.0.24'
 gem 'zbase32', '~> 0.1.1'
 gem 'kramdown'
 # HTTP requests
 gem 'faraday'
@@ -50,8 +51,8 @@ gem 'down'
 gem 'aws-sdk-s3', require: false
 # Background/scheduled jobs
-gem 'solid_queue'
+gem 'sidekiq', '< 7'
-gem "mission_control-jobs"
+gem 'sidekiq-scheduler'
 # Monitoring
 gem "sentry-ruby"
@@ -60,13 +61,12 @@ gem "sentry-rails"
 # Services
 gem 'discourse_api'
 gem "lnurl"
-gem 'manifique', '~> 1.1.0'
+gem 'manifique'
-gem 'nostr', '~> 0.6.0'
+gem 'nostr'
 gem "redis", "~> 5.4"
 group :development, :test do
  # Use sqlite3 as the database for Active Record
-  gem 'sqlite3', '>= 2.1'
+  gem 'sqlite3', '~> 1.7.2'
  gem 'rspec-rails'
  gem 'rails-controller-testing'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,111 +1,110 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    aasm (5.5.0)
+    actioncable (7.1.3)
-      concurrent-ruby (~> 1.0)
+      actionpack (= 7.1.3)
-    actioncable (8.0.2)
+      activesupport (= 7.1.3)
      actionpack (= 8.0.2)
      activesupport (= 8.0.2)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
      zeitwerk (~> 2.6)
-    actionmailbox (8.0.2)
+    actionmailbox (7.1.3)
-      actionpack (= 8.0.2)
+      actionpack (= 7.1.3)
-      activejob (= 8.0.2)
+      activejob (= 7.1.3)
-      activerecord (= 8.0.2)
+      activerecord (= 7.1.3)
-      activestorage (= 8.0.2)
+      activestorage (= 7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
-      mail (>= 2.8.0)
+      mail (>= 2.7.1)
-    actionmailer (8.0.2)
+      net-imap
-      actionpack (= 8.0.2)
+      net-pop
-      actionview (= 8.0.2)
+      net-smtp
-      activejob (= 8.0.2)
+    actionmailer (7.1.3)
-      activesupport (= 8.0.2)
+      actionpack (= 7.1.3)
-      mail (>= 2.8.0)
+      actionview (= 7.1.3)
      activejob (= 7.1.3)
      activesupport (= 7.1.3)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.2)
-    actionpack (8.0.2)
+    actionpack (7.1.3)
-      actionview (= 8.0.2)
+      actionview (= 7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
      nokogiri (>= 1.8.5)
      racc
      rack (>= 2.2.4)
      rack-session (>= 1.0.1)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.2)
      rails-html-sanitizer (~> 1.6)
-      useragent (~> 0.16)
+    actiontext (7.1.3)
-    actiontext (8.0.2)
+      actionpack (= 7.1.3)
-      actionpack (= 8.0.2)
+      activerecord (= 7.1.3)
-      activerecord (= 8.0.2)
+      activestorage (= 7.1.3)
-      activestorage (= 8.0.2)
+      activesupport (= 7.1.3)
      activesupport (= 8.0.2)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
-    actionview (8.0.2)
+    actionview (7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
      builder (~> 3.1)
      erubi (~> 1.11)
      rails-dom-testing (~> 2.2)
      rails-html-sanitizer (~> 1.6)
-    activejob (8.0.2)
+    activejob (7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
      globalid (>= 0.3.6)
-    activemodel (8.0.2)
+    activemodel (7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
-    activerecord (8.0.2)
+    activerecord (7.1.3)
-      activemodel (= 8.0.2)
+      activemodel (= 7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
      timeout (>= 0.4.0)
-    activestorage (8.0.2)
+    activestorage (7.1.3)
-      actionpack (= 8.0.2)
+      actionpack (= 7.1.3)
-      activejob (= 8.0.2)
+      activejob (= 7.1.3)
-      activerecord (= 8.0.2)
+      activerecord (= 7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
      marcel (~> 1.0)
-    activesupport (8.0.2)
+    activesupport (7.1.3)
      base64
      benchmark (>= 0.3)
      bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.3.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
      connection_pool (>= 2.2.5)
      drb
      i18n (>= 1.6, < 2)
      logger (>= 1.4.2)
      minitest (>= 5.1)
-      securerandom (>= 0.3)
+      mutex_m
-      tzinfo (~> 2.0, >= 2.0.5)
+      tzinfo (~> 2.0)
-      uri (>= 0.13.1)
+    addressable (2.8.6)
-    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 6.0)
-      public_suffix (>= 2.0.2, < 7.0)
+    ast (2.4.2)
-    ast (2.4.3)
+    aws-eventstream (1.3.0)
-    aws-eventstream (1.3.2)
+    aws-partitions (1.886.0)
-    aws-partitions (1.1092.0)
+    aws-sdk-core (3.191.0)
    aws-sdk-core (3.222.2)
      aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.992.0)
+      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.9)
+      aws-sigv4 (~> 1.8)
      base64
      jmespath (~> 1, >= 1.6.1)
-      logger
+    aws-sdk-kms (1.77.0)
-    aws-sdk-kms (1.99.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
-      aws-sdk-core (~> 3, >= 3.216.0)
+      aws-sigv4 (~> 1.1)
-      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.143.0)
-    aws-sdk-s3 (1.183.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.5)
+      aws-sigv4 (~> 1.8)
-    aws-sigv4 (1.11.0)
+    aws-sigv4 (1.8.0)
      aws-eventstream (~> 1, >= 1.0.2)
    backport (1.2.0)
    base64 (0.2.0)
    bcrypt (3.1.20)
-    bech32 (1.5.0)
+    bech32 (1.4.2)
      thor (>= 1.1.0)
-    benchmark (0.4.0)
+    benchmark (0.3.0)
-    bigdecimal (3.1.9)
+    bigdecimal (3.1.6)
    bindex (0.8.1)
    bip-schnorr (0.7.0)
      ecdsa_ext (~> 0.5.0)
-    builder (3.3.0)
+    builder (3.2.4)
    capybara (3.40.0)
      addressable
      matrix
@@ -115,25 +114,23 @@ GEM
      rack-test (>= 0.6.3)
      regexp_parser (>= 1.5, < 3.0)
      xpath (~> 3.2)
    childprocess (5.1.0)
      logger (~> 1.5)
    chunky_png (1.4.0)
-    concurrent-ruby (1.3.4)
+    concurrent-ruby (1.2.3)
-    connection_pool (2.5.2)
+    connection_pool (2.4.1)
-    crack (1.0.0)
+    crack (0.4.6)
      bigdecimal
      rexml
    crass (1.0.6)
-    cssbundling-rails (1.4.3)
+    cssbundling-rails (1.4.0)
      railties (>= 6.0.0)
-    database_cleaner (2.1.0)
+    database_cleaner (2.0.2)
      database_cleaner-active_record (>= 2, < 3)
-    database_cleaner-active_record (2.2.0)
+    database_cleaner-active_record (2.1.0)
      activerecord (>= 5.a)
      database_cleaner-core (~> 2.0.0)
    database_cleaner-core (2.0.1)
-    date (3.4.1)
+    date (3.3.4)
-    devise (4.9.4)
+    devise (4.9.3)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0)
@@ -142,112 +139,105 @@ GEM
    devise_ldap_authenticatable (0.8.7)
      devise (>= 3.4.1)
      net-ldap (>= 0.16.0)
-    diff-lcs (1.6.1)
+    diff-lcs (1.5.1)
    discourse_api (2.0.1)
      faraday (~> 2.7)
      faraday-follow_redirects
      faraday-multipart
      rack (>= 1.6)
-    dotenv (3.1.8)
+    dotenv (2.8.1)
-    dotenv-rails (3.1.8)
+    dotenv-rails (2.8.1)
-      dotenv (= 3.1.8)
+      dotenv (= 2.8.1)
-      railties (>= 6.1)
+      railties (>= 3.2)
-    down (5.4.2)
+    down (5.4.1)
      addressable (~> 2.8)
-    drb (2.2.1)
+    drb (2.2.0)
      ruby2_keywords
    e2mmap (0.1.0)
    ecdsa (1.2.0)
-    ecdsa_ext (0.5.1)
+    ecdsa_ext (0.5.0)
      ecdsa (~> 1.2.0)
-    erubi (1.13.1)
+    erubi (1.12.0)
-    et-orbi (1.2.11)
+    et-orbi (1.2.7)
      tzinfo
    event_emitter (0.2.6)
    eventmachine (1.2.7)
-    factory_bot (6.5.1)
+    factory_bot (6.4.6)
-      activesupport (>= 6.1.0)
+      activesupport (>= 5.0.0)
-    factory_bot_rails (6.4.4)
+    factory_bot_rails (6.4.3)
-      factory_bot (~> 6.5)
+      factory_bot (~> 6.4)
      railties (>= 5.0.0)
-    faker (3.5.1)
+    faker (3.2.3)
      i18n (>= 1.8.11, < 2)
-    faraday (2.9.2)
+    faraday (2.9.0)
      faraday-net_http (>= 2.0, < 3.2)
    faraday-follow_redirects (0.3.0)
      faraday (>= 1, < 3)
-    faraday-multipart (1.1.0)
+    faraday-multipart (1.0.4)
-      multipart-post (~> 2.0)
+      multipart-post (~> 2)
-    faraday-net_http (3.1.1)
+    faraday-net_http (3.1.0)
      net-http
    faye-websocket (0.11.3)
      eventmachine (>= 0.12.0)
      websocket-driver (>= 0.5.1)
-    ffi (1.17.2)
+    ffi (1.16.3)
-    ffi (1.17.2-arm64-darwin)
+    flipper (1.2.2)
    ffi (1.17.2-x86_64-linux-gnu)
    flipper (1.3.4)
      concurrent-ruby (< 2)
-    flipper-active_record (1.3.4)
+    flipper-active_record (1.2.2)
-      activerecord (>= 4.2, < 9)
+      activerecord (>= 4.2, < 8)
-      flipper (~> 1.3.4)
+      flipper (~> 1.2.2)
-    flipper-ui (1.3.4)
+    flipper-ui (1.2.2)
      erubi (>= 1.0.0, < 2.0.0)
-      flipper (~> 1.3.4)
+      flipper (~> 1.2.2)
      rack (>= 1.4, < 4)
-      rack-protection (>= 1.5.3, < 5.0.0)
+      rack-protection (>= 1.5.3, <= 4.0.0)
-      rack-session (>= 1.0.2, < 3.0.0)
+      sanitize (< 7)
-      sanitize (< 8)
+    fugit (1.9.0)
-    fugit (1.11.1)
+      et-orbi (~> 1, >= 1.2.7)
      et-orbi (~> 1, >= 1.2.11)
      raabro (~> 1.4)
    globalid (1.2.1)
      activesupport (>= 6.1)
-    gpgme (2.0.24)
+    hashdiff (1.1.0)
-      mini_portile2 (~> 2.7)
+    i18n (1.14.1)
    hashdiff (1.1.2)
    i18n (1.14.7)
      concurrent-ruby (~> 1.0)
    image_processing (1.12.2)
      mini_magick (>= 4.9.5, < 5)
      ruby-vips (>= 2.0.17, < 3)
-    importmap-rails (2.1.0)
+    importmap-rails (2.0.1)
      actionpack (>= 6.0.0)
      activesupport (>= 6.0.0)
      railties (>= 6.0.0)
-    io-console (0.8.0)
+    io-console (0.7.2)
-    irb (1.15.2)
+    irb (1.11.1)
-      pp (>= 0.6.0)
+      rdoc
      rdoc (>= 4.0.0)
      reline (>= 0.4.2)
-    jaro_winkler (1.6.0)
+    jaro_winkler (1.5.6)
-    jbuilder (2.13.0)
+    jbuilder (2.11.5)
      actionview (>= 5.0.0)
      activesupport (>= 5.0.0)
    jmespath (1.6.2)
-    json (2.11.3)
+    json (2.7.1)
-    kramdown (2.5.1)
+    kramdown (2.4.0)
-      rexml (>= 3.3.9)
+      rexml
    kramdown-parser-gfm (1.1.0)
      kramdown (~> 2.0)
-    language_server-protocol (3.17.0.4)
+    language_server-protocol (3.17.0.3)
-    launchy (3.1.1)
+    launchy (2.5.2)
      addressable (~> 2.8)
-      childprocess (~> 5.0)
+    letter_opener (1.8.1)
-      logger (~> 1.6)
+      launchy (>= 2.2, < 3)
-    letter_opener (1.10.0)
+    letter_opener_web (2.0.0)
-      launchy (>= 2.2, < 4)
+      actionmailer (>= 5.2)
-    letter_opener_web (3.0.0)
+      letter_opener (~> 1.7)
-      actionmailer (>= 6.1)
+      railties (>= 5.2)
      letter_opener (~> 1.9)
      railties (>= 6.1)
      rexml
-    lint_roller (1.1.0)
+    listen (3.8.0)
    listen (3.9.0)
      rb-fsevent (~> 0.10, >= 0.10.3)
      rb-inotify (~> 0.9, >= 0.9.10)
-    lnurl (1.1.1)
+    lnurl (1.1.0)
      bech32 (~> 1.1)
-    logger (1.7.0)
+    lockbox (1.3.2)
-    loofah (2.24.0)
+    loofah (2.22.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
    mail (2.8.1)
@@ -255,31 +245,22 @@ GEM
      net-imap
      net-pop
      net-smtp
-    manifique (1.1.0)
+    manifique (1.0.1)
      faraday (~> 2.9.0)
      faraday-follow_redirects (= 0.3.0)
      nokogiri (~> 1.16.0)
-    marcel (1.0.4)
+    marcel (1.0.2)
    matrix (0.4.2)
-    method_source (1.1.0)
+    method_source (1.0.0)
-    mini_magick (4.13.2)
+    mini_magick (4.12.0)
    mini_mime (1.1.5)
-    mini_portile2 (2.8.8)
+    mini_portile2 (2.8.5)
-    minitest (5.25.5)
+    minitest (5.21.2)
-    mission_control-jobs (1.0.2)
+    multipart-post (2.3.0)
-      actioncable (>= 7.1)
+    mutex_m (0.2.0)
-      actionpack (>= 7.1)
+    net-http (0.4.1)
      activejob (>= 7.1)
      activerecord (>= 7.1)
      importmap-rails (>= 1.2.1)
      irb (~> 1.13)
      railties (>= 7.1)
      stimulus-rails
      turbo-rails
    multipart-post (2.4.1)
    net-http (0.6.0)
      uri
-    net-imap (0.5.7)
+    net-imap (0.4.9.1)
      date
      net-protocol
    net-ldap (0.19.0)
@@ -287,74 +268,62 @@ GEM
      net-protocol
    net-protocol (0.2.2)
      timeout
-    net-smtp (0.5.1)
+    net-smtp (0.4.0.1)
      net-protocol
-    nio4r (2.7.4)
+    nio4r (2.7.0)
-    nokogiri (1.16.8)
+    nokogiri (1.16.0)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
-    nokogiri (1.16.8-arm64-darwin)
+    nokogiri (1.16.0-arm64-darwin)
      racc (~> 1.4)
-    nokogiri (1.16.8-x86_64-linux)
+    nokogiri (1.16.0-x86_64-linux)
      racc (~> 1.4)
-    nostr (0.6.0)
+    nostr (0.5.0)
      bech32 (~> 1.4)
-      bip-schnorr (~> 0.7)
+      bip-schnorr (~> 0.6)
      ecdsa (~> 1.2)
      event_emitter (~> 0.2)
      faye-websocket (~> 0.11)
      json (~> 2.6)
    observer (0.1.2)
    orm_adapter (0.5.0)
-    ostruct (0.6.1)
+    pagy (6.4.3)
-    pagy (6.5.0)
+    parallel (1.24.0)
-    parallel (1.27.0)
+    parser (3.3.0.5)
    parser (3.3.8.0)
      ast (~> 2.4.1)
      racc
-    pg (1.5.9)
+    pg (1.5.4)
-    pp (0.6.2)
+    psych (5.1.2)
      prettyprint
    prettyprint (0.2.0)
    prism (1.4.0)
    propshaft (1.1.0)
      actionpack (>= 7.0.0)
      activesupport (>= 7.0.0)
      rack
      railties (>= 7.0.0)
    psych (5.2.3)
      date
      stringio
-    public_suffix (6.0.1)
+    public_suffix (5.0.4)
-    puma (6.6.0)
+    puma (4.3.12)
      nio4r (~> 2.0)
    raabro (1.4.0)
-    racc (1.8.1)
+    racc (1.7.3)
-    rack (2.2.13)
+    rack (2.2.8)
    rack-protection (3.2.0)
      base64 (>= 0.1.0)
      rack (~> 2.2, >= 2.2.4)
    rack-session (1.0.2)
      rack (< 3)
-    rack-test (2.2.0)
+    rack-test (2.1.0)
      rack (>= 1.3)
-    rackup (1.0.1)
+    rackup (1.0.0)
      rack (< 3)
      webrick
-    rails (8.0.2)
+    rails (7.1.3)
-      actioncable (= 8.0.2)
+      actioncable (= 7.1.3)
-      actionmailbox (= 8.0.2)
+      actionmailbox (= 7.1.3)
-      actionmailer (= 8.0.2)
+      actionmailer (= 7.1.3)
-      actionpack (= 8.0.2)
+      actionpack (= 7.1.3)
-      actiontext (= 8.0.2)
+      actiontext (= 7.1.3)
-      actionview (= 8.0.2)
+      actionview (= 7.1.3)
-      activejob (= 8.0.2)
+      activejob (= 7.1.3)
-      activemodel (= 8.0.2)
+      activemodel (= 7.1.3)
-      activerecord (= 8.0.2)
+      activerecord (= 7.1.3)
-      activestorage (= 8.0.2)
+      activestorage (= 7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
      bundler (>= 1.15.0)
-      railties (= 8.0.2)
+      railties (= 7.1.3)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
      actionview (>= 5.0.1.rc1)
@@ -363,140 +332,138 @@ GEM
      activesupport (>= 5.0.0)
      minitest
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.2)
+    rails-html-sanitizer (1.6.0)
      loofah (~> 2.21)
-      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+      nokogiri (~> 1.14)
    rails-settings-cached (2.8.3)
      activerecord (>= 5.0.0)
      railties (>= 5.0.0)
-    railties (8.0.2)
+    railties (7.1.3)
-      actionpack (= 8.0.2)
+      actionpack (= 7.1.3)
-      activesupport (= 8.0.2)
+      activesupport (= 7.1.3)
-      irb (~> 1.13)
+      irb
      rackup (>= 1.0.0)
      rake (>= 12.2)
      thor (~> 1.0, >= 1.2.2)
      zeitwerk (~> 2.6)
    rainbow (3.1.1)
-    rake (13.2.1)
+    rake (13.1.0)
    rb-fsevent (0.11.2)
-    rb-inotify (0.11.1)
+    rb-inotify (0.10.1)
      ffi (~> 1.0)
-    rbs (3.9.2)
+    rbs (2.8.4)
-      logger
+    rdoc (6.6.2)
    rdoc (6.13.1)
      psych (>= 4.0.0)
-    redis (5.4.0)
+    redis (4.8.1)
-      redis-client (>= 0.22.0)
+    regexp_parser (2.9.0)
-    redis-client (0.24.0)
+    reline (0.4.2)
      connection_pool
    regexp_parser (2.10.0)
    reline (0.6.1)
      io-console (~> 0.5)
    responders (3.1.1)
      actionpack (>= 5.2)
      railties (>= 5.2)
-    reverse_markdown (3.0.0)
+    reverse_markdown (2.1.1)
      nokogiri
-    rexml (3.4.1)
+    rexml (3.2.6)
    rqrcode (2.2.0)
      chunky_png (~> 1.0)
      rqrcode_core (~> 1.0)
    rqrcode_core (1.2.0)
-    rspec-core (3.13.3)
+    rspec-core (3.12.2)
-      rspec-support (~> 3.13.0)
+      rspec-support (~> 3.12.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.12.3)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.13.0)
+      rspec-support (~> 3.12.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.12.6)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.13.0)
+      rspec-support (~> 3.12.0)
-    rspec-rails (7.1.1)
+    rspec-rails (6.1.1)
-      actionpack (>= 7.0)
+      actionpack (>= 6.1)
-      activesupport (>= 7.0)
+      activesupport (>= 6.1)
-      railties (>= 7.0)
+      railties (>= 6.1)
-      rspec-core (~> 3.13)
+      rspec-core (~> 3.12)
-      rspec-expectations (~> 3.13)
+      rspec-expectations (~> 3.12)
-      rspec-mocks (~> 3.13)
+      rspec-mocks (~> 3.12)
-      rspec-support (~> 3.13)
+      rspec-support (~> 3.12)
-    rspec-support (3.13.2)
+    rspec-support (3.12.1)
-    rubocop (1.75.3)
+    rubocop (1.60.2)
      json (~> 2.3)
-      language_server-protocol (~> 3.17.0.2)
+      language_server-protocol (>= 3.17.0)
      lint_roller (~> 1.1.0)
      parallel (~> 1.10)
      parser (>= 3.3.0.2)
      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 2.9.3, < 3.0)
+      regexp_parser (>= 1.8, < 3.0)
-      rubocop-ast (>= 1.44.0, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
      rubocop-ast (>= 1.30.0, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 4.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.44.1)
+    rubocop-ast (1.30.0)
-      parser (>= 3.3.7.2)
+      parser (>= 3.2.1.0)
      prism (~> 1.4)
    ruby-progressbar (1.13.0)
-    ruby-vips (2.2.3)
+    ruby-vips (2.2.0)
      ffi (~> 1.12)
-      logger
+    ruby2_keywords (0.0.5)
-    sanitize (7.0.0)
+    rufus-scheduler (3.9.1)
      fugit (~> 1.1, >= 1.1.6)
    sanitize (6.1.0)
      crass (~> 1.0.2)
-      nokogiri (>= 1.16.8)
+      nokogiri (>= 1.12.0)
-    securerandom (0.4.1)
+    sentry-rails (5.16.1)
    sentry-rails (5.23.0)
      railties (>= 5.0)
-      sentry-ruby (~> 5.23.0)
+      sentry-ruby (~> 5.16.1)
-    sentry-ruby (5.23.0)
+    sentry-ruby (5.16.1)
      bigdecimal
      concurrent-ruby (~> 1.0, >= 1.0.2)
-    solargraph (0.54.2)
+    sidekiq (6.5.12)
      connection_pool (>= 2.2.5, < 3)
      rack (~> 2.0)
      redis (>= 4.5.0, < 5)
    sidekiq-scheduler (5.0.3)
      rufus-scheduler (~> 3.2)
      sidekiq (>= 6, < 8)
      tilt (>= 1.4.0)
    solargraph (0.50.0)
      backport (~> 1.2)
-      benchmark (~> 0.4)
+      benchmark
      bundler (~> 2.0)
      diff-lcs (~> 1.4)
-      jaro_winkler (~> 1.6)
+      e2mmap
      jaro_winkler (~> 1.5)
      kramdown (~> 2.3)
      kramdown-parser-gfm (~> 1.1)
      logger (~> 1.6)
      observer (~> 0.1)
      ostruct (~> 0.6)
      parser (~> 3.0)
-      rbs (~> 3.3)
+      rbs (~> 2.0)
-      reverse_markdown (~> 3.0)
+      reverse_markdown (~> 2.0)
      rubocop (~> 1.38)
      thor (~> 1.0)
      tilt (~> 2.0)
      yard (~> 0.9, >= 0.9.24)
-      yard-solargraph (~> 0.1)
+    sprockets (4.2.1)
-    solid_queue (1.1.5)
+      concurrent-ruby (~> 1.0)
-      activejob (>= 7.1)
+      rack (>= 2.2.4, < 4)
-      activerecord (>= 7.1)
+    sprockets-rails (3.4.2)
-      concurrent-ruby (>= 1.3.1)
+      actionpack (>= 5.2)
-      fugit (~> 1.11.0)
+      activesupport (>= 5.2)
-      railties (>= 7.1)
+      sprockets (>= 3.0.0)
-      thor (~> 1.3.1)
+    sqlite3 (1.7.2)
    sqlite3 (2.6.0)
      mini_portile2 (~> 2.8.0)
-    sqlite3 (2.6.0-arm64-darwin)
+    sqlite3 (1.7.2-arm64-darwin)
-    sqlite3 (2.6.0-x86_64-linux-gnu)
+    sqlite3 (1.7.2-x86_64-linux)
-    stimulus-rails (1.3.4)
+    stimulus-rails (1.3.3)
      railties (>= 6.0.0)
    stringio (3.1.0)
    thor (1.3.0)
    tilt (2.3.0)
    timeout (0.4.1)
    turbo-rails (1.5.0)
      actionpack (>= 6.0.0)
      activejob (>= 6.0.0)
      railties (>= 6.0.0)
    stringio (3.1.7)
    thor (1.3.2)
    tilt (2.6.0)
    timeout (0.4.3)
    turbo-rails (2.0.13)
      actionpack (>= 7.1.0)
      railties (>= 7.1.0)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    unicode-display_width (3.1.4)
+    unicode-display_width (2.5.0)
-      unicode-emoji (~> 4.0, >= 4.0.4)
+    uri (0.13.0)
-    unicode-emoji (4.0.4)
+    view_component (3.10.0)
-    uri (1.0.3)
+      activesupport (>= 5.2.0, < 8.0)
-    useragent (0.16.11)
+      concurrent-ruby (~> 1.0)
    view_component (3.22.0)
      activesupport (>= 5.2.0, < 8.1)
      concurrent-ruby (= 1.3.4)
      method_source (~> 1.0)
    warden (1.2.9)
      rack (>= 2.0.9)
@@ -505,22 +472,18 @@ GEM
      activemodel (>= 6.0.0)
      bindex (>= 0.4.0)
      railties (>= 6.0.0)
-    webmock (3.25.1)
+    webmock (3.19.1)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.9.1)
+    webrick (1.8.1)
-    websocket-driver (0.7.7)
+    websocket-driver (0.7.6)
      base64
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    yard (0.9.37)
+    yard (0.9.34)
-    yard-solargraph (0.1.0)
+    zeitwerk (2.6.12)
      yard (~> 0.9)
    zbase32 (0.1.1)
    zeitwerk (2.7.2)
 PLATFORMS
  arm64-darwin-22
@@ -528,7 +491,6 @@ PLATFORMS
  x86_64-linux
 DEPENDENCIES
  aasm
  aws-sdk-s3
  bcrypt (~> 3.1)
  capybara
@@ -545,34 +507,32 @@ DEPENDENCIES
  flipper
  flipper-active_record
  flipper-ui
  gpgme (~> 2.0.24)
  image_processing (~> 1.12.2)
  importmap-rails
  jbuilder (~> 2.7)
  kramdown
  letter_opener
  letter_opener_web
  listen (~> 3.2)
  lnurl
-  manifique (~> 1.1.0)
+  lockbox
-  mission_control-jobs
+  manifique
  net-ldap
-  nostr (~> 0.6.0)
+  nostr
  pagy (~> 6.0, >= 6.0.2)
  pg (~> 1.5)
-  propshaft
+  puma (~> 4.1)
-  puma (~> 6.6)
+  rails (~> 7.1)
  rails (~> 8.0)
  rails-controller-testing
  rails-settings-cached (~> 2.8.3)
  redis (~> 5.4)
  rqrcode (~> 2.0)
  rspec-rails
  sentry-rails
  sentry-ruby
  sidekiq (< 7)
  sidekiq-scheduler
  solargraph
-  solid_queue
+  sprockets-rails
-  sqlite3 (>= 2.1)
+  sqlite3 (~> 1.7.2)
  stimulus-rails
  turbo-rails
  tzinfo-data
@@ -580,7 +540,6 @@ DEPENDENCIES
  warden
  web-console (~> 4.2)
  webmock
  zbase32 (~> 0.1.1)
 BUNDLED WITH
   2.5.5
--- a/README.md
+++ b/README.md
@@ -14,10 +14,8 @@ so:
 1. Make sure [Docker Compose is installed][1] and Docker is running (included in
   Docker Desktop)
-3. Run `docker compose up --build` and wait until all services have started
+3. Run `docker compose up` and wait until 389ds announces its successful start
-   (389ds might take an extra minute to be ready). This will take a while when
+   in the log output
   running for the first time, so you might want to do something else in the
   meantime.
 4. `docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"`
 5. `docker compose run web rails ldap:setup`
 6. `docker compose run web rails db:setup`
@@ -30,44 +28,38 @@ have the password "user is user".
 ### Rails app
 _Note: when using Docker Compose, prefix the following commands with `docker-compose
 run web`._
 Installing dependencies:
    bundle install
    yarn install
-Migrating the local database (after schema changes):
+Setting up local database (SQLite):
    bundle exec rails db:create
    bundle exec rails db:migrate
-Running the dev server, and auto-building CSS files on change _(automatic with Docker Compose)_:
+Running the dev server and auto-building CSS files on change:
    bin/dev
-Running the background workers (requires Redis) _(automatic with Docker Compose)_:
+Running the background workers (requires Redis):
    bundle exec sidekiq -C config/sidekiq.yml
-Running the test suite:
+Running all specs:
    bundle exec rspec
-Running the test suite with Docker Compose requires overriding the Rails
+### Docker (Compose)
 environment:
-    docker-compose exec -e "RAILS_ENV=test" web rspec
+There is a working Docker Compose config file, which define a number of services including
 an app server for Rails as well as a local 389ds (LDAP) server.
-### Docker Compose
+For Rails developers, you probably just want to start the LDAP server: `docker-compose up ldap`, 
 listening on port 389 on your machine. 
-Services/containers are configured in `docker-compose.yml`.
+You can pick and choose your services adding them by name (listed in `docker-compose.yml`) at 
-
+the end of the docker compose command. eg. `docker compose up ldap redis`
 You can run services selectively, for example if you want to run the Rails app
 and test suite on the host machine. Just add the service names of the
 containers you want to run to the `up` command, like so:
    docker-compose up ldap redis
 #### LDAP server
@@ -84,15 +76,13 @@ Now you can seed the back-end with data using this Rails task:
 The setup task will first delete any existing entries in the directory tree
 ("dc=kosmos,dc=org"), and then create our development entries.
-Note that all 389ds data is stored in the `389ds-data` volume. So if you want
+Note that all 389ds data is stored in `tmp/389ds`. So if you want to start over
-to start over with a fresh installation, delete both that volume as well as the
+with a fresh installation, delete both that directory as well as the container.
 container.
-#### Minio / remoteStorage
+#### Minio / RS
 If you want to run remoteStorage accounts locally, you will have to create the
-respective bucket first. With the `minio` container running (run by default
+respective bucket first:
 when using Docker Compose), follow these steps:
 * `docker compose up web redis minio liquor-cabinet`
 * Head to http://localhost:9001 and log in with user `minioadmin`, password
@@ -128,7 +118,6 @@ command:
 ### Front-end
 * [Icons](https://feathericons.com)
 * [Tailwind CSS](https://tailwindcss.com/)
 * [Sass](https://sass-lang.com/documentation)
 * [Stimulus](https://stimulus.hotwired.dev/handbook/)
--- a/app/assets/config/manifest.js
+++ b/app/assets/config/manifest.js
@@ -0,0 +1,4 @@
 //= link_tree ../images
 //= link_tree ../../javascript .js
 //= link_tree ../builds
 //= link_tree ../../../vendor/javascript .js
--- a/app/assets/stylesheets/application.tailwind.css
+++ b/app/assets/stylesheets/application.tailwind.css
@@ -7,6 +7,7 @@
@import "components/buttons";
@import "components/dashboard_services";
@import "components/forms";
@import "components/links";
@import "components/notifications";
@import "components/pagination";
@import "components/tables";
--- a/app/assets/stylesheets/components/base.css
+++ b/app/assets/stylesheets/components/base.css
@@ -6,7 +6,6 @@
  body {
    @apply leading-none bg-cover bg-fixed;
    background-image: linear-gradient(35deg, rgba(255,0,255,0.2) 0, rgba(13,79,153,0.8) 100%), url('/img/bg-1.jpg');
    color: black;
  }
  body#admin {
@@ -33,10 +32,6 @@
    @apply pt-8 sm:pt-12;
  }
  main section h3:not(:first-child) {
    @apply mt-8;
  }
  main section:first-of-type {
    @apply pt-0;
  }
@@ -60,11 +55,4 @@
  main ul li {
    @apply leading-6;
  }
  main a:not(nav > *) {
    @apply text-blue-600;
    &:hover   { @apply underline; }
    &:visited { @apply text-indigo-600; }
    &:active  { @apply text-red-600; }
  }
 }
--- a/app/assets/stylesheets/components/buttons.css
+++ b/app/assets/stylesheets/components/buttons.css
@@ -1,15 +1,5 @@
@layer components {
  .btn-text-dark          { @apply text-black; }
  .btn-text-dark:hover    { @apply text-black no-underline; }
  .btn-text-dark:visited  { @apply text-black; }
  .btn-text-dark:active   { @apply text-black; }
  .btn-text-light         { @apply text-white; }
  .btn-text-light:hover   { @apply text-white no-underline; }
  .btn-text-light:visited { @apply text-white; }
  .btn-text-light:active  { @apply text-white; }
  .btn {
    @apply btn-text-dark;
    @apply inline-block font-semibold rounded-md leading-none cursor-pointer text-center
           transition-colors duration-75 focus:outline-none focus:ring-4;
  }
@@ -38,28 +28,20 @@
  }
  .btn-blue {
-    @apply btn-text-light;
+    @apply bg-blue-500 hover:bg-blue-600 text-white
    @apply bg-blue-500 hover:bg-blue-600
           focus:ring-blue-400 focus:ring-opacity-75;
  }
  .btn-emerald {
-    @apply btn-text-light;
+    @apply bg-emerald-500 hover:bg-emerald-600 text-white
    @apply bg-emerald-500 hover:bg-emerald-600
           focus:ring-emerald-400 focus:ring-opacity-75;
  }
  .btn-red {
-    @apply btn-text-light;
+    @apply bg-red-600 hover:bg-red-700 text-white
    @apply bg-red-600 hover:bg-red-700
           focus:ring-red-500 focus:ring-opacity-75;
  }
  .btn-outline-purple {
    @apply border-2 border-purple-500 hover:bg-purple-100
           focus:ring-purple-400 focus:ring-opacity-75;
  }
  .btn:disabled {
    @apply bg-gray-100 hover:bg-gray-200 text-gray-400
           focus:ring-gray-300 focus:ring-opacity-75;
--- a/app/assets/stylesheets/components/dashboard_services.css
+++ b/app/assets/stylesheets/components/dashboard_services.css
@@ -1,5 +1,5 @@
@layer components {
  .services > div > a {
-    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 20%, rgba(255,255,255,0.88) 100%);
+    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 0, rgba(255,255,255,0.88) 100%);
  }
 }
--- a/app/assets/stylesheets/components/links.css
+++ b/app/assets/stylesheets/components/links.css
@@ -0,0 +1,8 @@
@layer components {
  .ks-text-link {
    @apply text-blue-600;
    &:hover   { @apply underline; }
    &:visited { @apply text-indigo-600; }
    &:active  { @apply text-red-600; }
  }
 }
--- a/app/assets/stylesheets/components/pagination.css
+++ b/app/assets/stylesheets/components/pagination.css
@@ -34,7 +34,7 @@
  .pagy-nav .page a, .page.gap {
    @apply bg-white border-gray-300 text-gray-500 hover:bg-gray-100 relative
           inline-flex items-center border px-4 py-2 text-sm font-medium
-           no-underline focus:z-20;
+           focus:z-20;
  }
  .pagy-nav .page.active {
--- a/app/components/app_catalog/web_app_icon_component.html.erb
+++ b/app/components/app_catalog/web_app_icon_component.html.erb
@@ -1,5 +0,0 @@
 <% if @image_url %>
  <%= image_tag @image_url, class: "h-full w-full" %>
 <% else %>
  <%= render partial: "icons/remotestorage", locals: { custom_class: "h-full w-full p-0.5 text-gray-200" } %>
 <% end %>
--- a/app/components/app_catalog/web_app_icon_component.rb
+++ b/app/components/app_catalog/web_app_icon_component.rb
@@ -1,15 +0,0 @@
 # frozen_string_literal: true
 module AppCatalog
  class WebAppIconComponent < ViewComponent::Base
    include ApplicationHelper
    def initialize(web_app:)
      if web_app&.icon&.attached?
        @image_url = image_url_for(web_app.icon)
      elsif web_app&.apple_touch_icon&.attached?
        @image_url = image_url_for(web_app.apple_touch_icon)
      end
    end
  end
 end
--- a/app/components/dropdown_link_component.html.erb
+++ b/app/components/dropdown_link_component.html.erb
@@ -1,4 +1,4 @@
-<%= link_to @href, class: @class, target: @target, data: {
+<%= link_to @href, class: @class, data: {
      'dropdown-target': "menuItem",
      'action': "keydown.up->dropdown#previousItem:prevent keydown.down->dropdown#nextItem:prevent"
    } do %>
--- a/app/components/dropdown_link_component.rb
+++ b/app/components/dropdown_link_component.rb
@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 class DropdownLinkComponent < ViewComponent::Base
-  def initialize(href:, open_in_new_tab: false, separator: false, add_class: nil)
+  def initialize(href:, separator: false, add_class: nil)
    @href = href
    @target = open_in_new_tab ? "_blank" : nil
    @class = class_str(separator, add_class)
  end
--- a/app/components/edit_content_button_component.html.erb
+++ b/app/components/edit_content_button_component.html.erb
@@ -1,30 +0,0 @@
 <div class="inline-block text-left" data-controller="modal" data-action="keydown.esc->modal#close">
  <button class="btn-md btn-outline text-red-600" data-action="click->modal#open" title="Edit">
    <%= content || "Edit" %>
  </button>
  <%= render ModalComponent.new(show_close_button: false) do %>
    <%= form_with model: [:admin, @editable_content],
                  html: { autocomplete: "off" } do |form| %>
      <%= form.hidden_field :redirect_to, value: @redirect_to  %>
      <p class="mb-2">
        <%= form.label :content, @editable_content.key.capitalize, class: 'font-bold' %>
      </p>
      <% if @editable_content.rich_text %>
        <p>
          <%= form.textarea :content, class: "md:w-[56rem] md:h-[28rem]" %>
        </p>
        <p class="text-right">
          <%= form.submit "Save", class: "ml-2 btn-md btn-blue" %>
        </p>
      <% else %>
        <p class="">
          <%= form.text_field :content, class: "w-80" %>
        </p>
        <p>
          <%= form.submit "Save", class: "btn-md btn-blue w-full" %>
        </p>
      <% end %>
    <% end %>
  <% end %>
 </div>
--- a/app/components/edit_content_button_component.rb
+++ b/app/components/edit_content_button_component.rb
@@ -1,6 +0,0 @@
 class EditContentButtonComponent < ViewComponent::Base
  def initialize(context:, key:, rich_text: false, redirect_to: nil)
    @editable_content = EditableContent.find_or_create_by(context:, key:, rich_text:)
    @redirect_to = redirect_to
  end
 end
--- a/app/components/editable_content_component.html.erb
+++ b/app/components/editable_content_component.html.erb
@@ -1,9 +0,0 @@
 <% if @editable_content.has_content? %>
  <% if @editable_content.rich_text %>
    <%= helpers.markdown_to_html @editable_content.content %>
  <% else %>
    <%= @editable_content.content %>
  <% end %>
 <% else %>
  <%= @default %>
 <% end %>
--- a/app/components/editable_content_component.rb
+++ b/app/components/editable_content_component.rb
@@ -1,6 +0,0 @@
 class EditableContentComponent < ViewComponent::Base
  def initialize(context:, key:, rich_text: false, default: nil)
    @editable_content = EditableContent.find_or_create_by(context:, key:, rich_text:)
    @default = default
  end
 end
--- a/app/components/form_elements/fieldset_resettable_setting_component.html.erb
+++ b/app/components/form_elements/fieldset_resettable_setting_component.html.erb
@@ -6,7 +6,6 @@
    ) do %>
  <%= method("#{@type}_field").call :setting, @key,
    value: Setting.public_send(@key),
    placeholder: @placeholder,
    data: {
      :'default-value' => Setting.get_field(@key)[:default]
    },
--- a/app/components/form_elements/fieldset_resettable_setting_component.rb
+++ b/app/components/form_elements/fieldset_resettable_setting_component.rb
@@ -2,7 +2,7 @@
 module FormElements
  class FieldsetResettableSettingComponent < ViewComponent::Base
-    def initialize(tag: "li", key:, type: :text, title:, description: nil, placeholder: nil)
+    def initialize(tag: "li", key:, type: :text, title:, description: nil)
      @tag         = tag
      @positioning = :vertical
      @title       = title
@@ -10,7 +10,6 @@ module FormElements
      @key         = key.to_sym
      @type        = type
      @resettable  = is_resettable?(@key)
      @placeholder = placeholder
    end
    def is_resettable?(key)
--- a/app/components/form_elements/fieldset_toggle_component.html.erb
+++ b/app/components/form_elements/fieldset_toggle_component.html.erb
@@ -6,7 +6,7 @@
  <div class="flex flex-col">
    <label class="font-bold mb-1"><%= @title %></label>
    <% if @description.present? %>
-    <p class="text-gray-500"><%= @description %></p>
+    <p class="text-gray-500"><%= @descripton %></p>
    <% end %>
  </div>
  <div class="relative ml-4 inline-flex flex-shrink-0">
--- a/app/components/form_elements/fieldset_toggle_component.rb
+++ b/app/components/form_elements/fieldset_toggle_component.rb
@@ -12,7 +12,7 @@ module FormElements
      @enabled = enabled
      @input_enabled = input_enabled
      @title = title
-      @description = description
+      @descripton = description
      @button_text = @enabled ? "Switch off" : "Switch on"
    end
  end
--- a/app/components/main_compact_component.html.erb
+++ b/app/components/main_compact_component.html.erb
@@ -1,4 +1,4 @@
-<main class="w-full max-w-xl mx-auto px-4 sm:px-6 lg:px-8">
+<main class="w-full max-w-xl mx-auto pb-12 px-4 sm:px-6 lg:px-8">
  <div class="bg-white rounded-lg shadow px-6 sm:px-12 py-8 sm:py-12">
    <%= content %>
  </div>
--- a/app/components/main_simple_component.html.erb
+++ b/app/components/main_simple_component.html.erb
@@ -1,4 +1,4 @@
-<main class="w-full max-w-6xl mx-auto px-4 md:px-6 lg:px-8">
+<main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
  <div class="md:min-h-[50vh] bg-white rounded-lg shadow px-6 sm:px-12 py-8 sm:py-12">
    <%= content %>
  </div>
--- a/app/components/main_with_sidenav_component.html.erb
+++ b/app/components/main_with_sidenav_component.html.erb
@@ -1,4 +1,4 @@
-<main class="w-full max-w-6xl mx-auto px-4 md:px-6 lg:px-8">
+<main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
  <div class="bg-white rounded-lg shadow">
    <div class="md:min-h-[50vh] divide-y divide-gray-200 lg:grid lg:grid-cols-12 lg:divide-y-0 lg:divide-x">
      <aside class="py-6 sm:py-8 lg:col-span-3">
--- a/app/components/main_with_tabnav_component.html.erb
+++ b/app/components/main_with_tabnav_component.html.erb
@@ -1,4 +1,4 @@
-<main class="w-full max-w-6xl mx-auto px-4 md:px-6 lg:px-8">
+<main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
  <div class="md:min-h-[50vh] bg-white rounded-lg shadow">
    <div class="px-6 sm:px-12 pt-2 sm:pt-4">
      <%= render partial: @tabnav_partial %>
--- a/app/components/rs_auth_component.html.erb
+++ b/app/components/rs_auth_component.html.erb
@@ -1,10 +1,16 @@
 <div class="flex items-center gap-4">
  <div class="h-16 w-16 flex-none">
-    <%= render AppCatalog::WebAppIconComponent.new(web_app: @web_app) %>
+    <% if @web_app.icon.attached? %>
    <%= image_tag s3_image_url(@web_app.icon), class: "h-full w-full" %>
    <% elsif @web_app.apple_touch_icon.attached? %>
    <%= image_tag s3_image_url(@web_app.apple_touch_icon), class: "h-full w-full" %>
    <% else %>
    <%= render partial: "icons/remotestorage", locals: { custom_class: "h-full w-full p-0.5 text-gray-200" } %>
    <% end %>
  </div>
  <div class="flex-grow">
    <h4 class="mb-1 text-lg font-bold">
-      <%= @web_app&.name || @auth.app_name %>
+      <%= @web_app.name %>
    </h4>
    <p class="text-sm text-gray-500">
      <%= @auth.client_id %>
@@ -12,8 +18,7 @@
  </div>
  <%= render DropdownComponent.new do %>
    <%= render DropdownLinkComponent.new(
-          href: launch_app_services_storage_rs_auth_url(@auth),
+          href: launch_app_services_storage_rs_auth_url(@auth)
          open_in_new_tab: true
        ) do %>
      Launch app
    <% end %>
--- a/app/components/sidenav_link_component.rb
+++ b/app/components/sidenav_link_component.rb
@@ -29,7 +29,7 @@ class SidenavLinkComponent < ViewComponent::Base
  def class_names_icon(path)
    if @active
-      "text-teal-600 group-hover:text-teal-600 flex-shrink-0 -ml-1 mr-3 h-6 w-6"
+      "text-teal-500 group-hover:text-teal-500 flex-shrink-0 -ml-1 mr-3 h-6 w-6"
    elsif @disabled
      "text-gray-300 group-hover:text-gray-300 flex-shrink-0 -ml-1 mr-3 h-6 w-6"
    else
--- a/app/controllers/admin/donations_controller.rb
+++ b/app/controllers/admin/donations_controller.rb
@@ -4,22 +4,11 @@ class Admin::DonationsController < Admin::BaseController
  # GET /donations
  def index
-    @username = params[:username].presence
+    @pagy, @donations = pagy(Donation.completed.order('paid_at desc'))
    pending_scope   = Donation.incomplete.joins(:user).order('paid_at desc')
    completed_scope = Donation.completed.joins(:user).order('paid_at desc')
    if @username
      pending_scope   = pending_scope.where(users: { cn: @username })
      completed_scope = completed_scope.where(users: { cn: @username })
    end
    @pending_donations = pending_scope
    @pagy, @donations  = pagy(completed_scope)
    @stats = {
-      overall_sats: completed_scope.sum("amount_sats"),
+      overall_sats: @donations.sum("amount_sats"),
-      donor_count: completed_scope.distinct.count(:user_id)
+      donor_count: @donations.distinct.count(:user_id)
    }
  end
--- a/app/controllers/admin/editable_contents_controller.rb
+++ b/app/controllers/admin/editable_contents_controller.rb
@@ -1,45 +0,0 @@
 class Admin::EditableContentsController < Admin::BaseController
  before_action :set_content, only: [:show, :edit, :update]
  before_action :set_current_section, only: [:index, :show, :edit]
  def index
    @path = params[:path].presence
    scope = EditableContent.order(path: :asc)
    scope = scope.where(path: @path) if @path
    @pagy, @contents = pagy(scope)
  end
  def show
  end
  def edit
  end
  def update
    return_to = params[:editable_content][:redirect_to].presence
    if @editable_content.update(content_params)
      if return_to
        redirect_to return_to
      else
        render status: :ok
      end
    else
      render :edit, status: :unprocessable_entity
    end
  end
  private
  def set_content
    @editable_content = EditableContent.find(params[:id])
  end
  def content_params
    params.require(:editable_content).permit(:path, :key, :lang, :content, :rich_text)
  end
  def set_current_section
    @current_section = :content
  end
 end
--- a/app/controllers/admin/invitations_controller.rb
+++ b/app/controllers/admin/invitations_controller.rb
@@ -1,28 +1,12 @@
 class Admin::InvitationsController < Admin::BaseController
  before_action :set_current_section
  def index
-    @username = params[:username].presence
+    @current_section = :invitations
-    accepted_scope = Invitation.used.order('used_at desc')
+    @pagy, @invitations_used = pagy(Invitation.used.order('used_at desc'))
    unused_scope = Invitation.unused
    if @username
      accepted_scope = accepted_scope.joins(:user).where(users: { cn: @username })
      unused_scope = unused_scope.joins(:user).where(users: { cn: @username })
    end
    @pagy, @invitations_used = pagy(accepted_scope)
    @stats = {
-      available: unused_scope.count,
+      available: Invitation.unused.count,
-      accepted: accepted_scope.count,
+      accepted: @invitations_used.length,
-      users_with_referrals: accepted_scope.distinct.count(:user_id)
+      users_with_referrals: Invitation.used.distinct.count(:user_id)
    }
  end
  private
    def set_current_section
      @current_section = :invitations
    end
 end
--- a/app/controllers/admin/lightning_controller.rb
+++ b/app/controllers/admin/lightning_controller.rb
@@ -4,7 +4,7 @@ class Admin::LightningController < Admin::BaseController
  def index
    @current_section = :lightning
-    @users = User.pluck(:cn, :ou, :lndhub_username)
+    @users = User.pluck(:cn, :ou, :ln_account)
    @accounts = LndhubAccount.with_balances.order(balance: :desc).to_a
    @ln = {}
--- a/app/controllers/admin/settings/membership_controller.rb
+++ b/app/controllers/admin/settings/membership_controller.rb
@@ -1,23 +0,0 @@
 class Admin::Settings::MembershipController < Admin::SettingsController
  def show
  end
  def update
    update_settings
    redirect_to admin_settings_membership_path, flash: {
      success: "Settings saved"
    }
  end
  private
    def setting_params
      params.require(:setting).permit([
        :member_status_contributor,
        :member_status_sustainer,
        :user_index_show_contributors,
        :user_index_show_sustainers
      ])
    end
 end
--- a/app/controllers/admin/settings/registrations_controller.rb
+++ b/app/controllers/admin/settings/registrations_controller.rb
@@ -1,20 +1,12 @@
 class Admin::Settings::RegistrationsController < Admin::SettingsController
-  def show
+  def index
  end
-  def update
+  def create
    update_settings
    redirect_to admin_settings_registrations_path, flash: {
      success: "Settings saved"
    }
  end
  private
    def setting_params
      params.require(:setting).permit([
        :reserved_usernames, default_services: []
      ])
    end
 end
--- a/app/controllers/admin/settings/services_controller.rb
+++ b/app/controllers/admin/settings/services_controller.rb
@@ -1,32 +1,19 @@
 class Admin::Settings::ServicesController < Admin::SettingsController
  before_action :set_service, only: [:show, :update]
  def index
-    redirect_to admin_settings_service_path("btcpay")
+    @service = params[:s]
    if @service.blank?
      redirect_to admin_settings_services_path(params: { s: "btcpay" })
    end
  end
-  def show
+  def create
-  end
+    service = params.require(:service)
  def update
    update_settings
-    redirect_to admin_settings_service_path(@service), flash: {
+    redirect_to admin_settings_services_path(params: { s: service }), flash: {
      success: "Settings saved"
    }
  end
  private
    def set_subsection
      @subsection = "services"
    end
    def set_service
      @service = params[:service]
      if @service.blank?
        redirect_to admin_settings_services_path and return
      end
    end
 end
--- a/app/controllers/admin/settings_controller.rb
+++ b/app/controllers/admin/settings_controller.rb
@@ -9,23 +9,22 @@ class Admin::SettingsController < Admin::BaseController
    changed_keys = []
    setting_params.keys.each do |key|
-      next if clean_param(key).nil? ||
+      next if setting_params[key].nil? ||
-        (Setting.send(key).to_s == clean_param(key))
+              (Setting.send(key).to_s == setting_params[key].strip)
      changed_keys.push(key)
      setting = Setting.new(var: key)
-      setting.value = clean_param(key)
+      setting.value = setting_params[key].strip
      unless setting.valid?
        @errors.merge!(setting.errors)
      end
    end
    if @errors.any?
-      render :show and return
+      render :index and return
    end
    changed_keys.each do |key|
-      Setting.send("#{key}=", clean_param(key))
+      Setting.send("#{key}=", setting_params[key].strip)
    end
  end
@@ -38,12 +37,4 @@ class Admin::SettingsController < Admin::BaseController
    def setting_params
      params.require(:setting).permit(Setting.editable_keys.map(&:to_sym))
    end
    def clean_param(key)
      if Setting.get_field(key)[:type] == :string
        setting_params[key].strip
      else
        setting_params[key]
      end
    end
 end
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -5,36 +5,24 @@ class Admin::UsersController < Admin::BaseController
  # GET /admin/users
  def index
    ldap   = LdapService.new
-    ou   = Setting.primary_domain
+    @ou    = Setting.primary_domain
-    @show_contributors = Setting.user_index_show_contributors
+    @pagy, @users = pagy(User.where(ou: @ou).order(cn: :asc))
    @show_sustainers = Setting.user_index_show_sustainers
    @contributors = ldap.search_users(:memberStatus, :contributor, :cn) if @show_contributors
    @sustainers   = ldap.search_users(:memberStatus, :sustainer, :cn) if @show_sustainers
    @admins       = ldap.search_users(:admin, true, :cn)
    @pagy, @users = pagy(User.where(ou: ou).order(cn: :asc))
    @stats = {
-      users_confirmed: User.where(ou: ou).confirmed.count,
+      users_confirmed: User.where(ou: @ou).confirmed.count,
-      users_pending: User.where(ou: ou).pending.count
+      users_pending: User.where(ou: @ou).pending.count
    }
    @stats[:users_contributing] = @contributors.size if @show_contributors
    @stats[:users_paying] = @sustainers.size if @show_sustainers
  end
  # GET /admin/users/:username
  def show
    @invitees = @user.invitees
    @recent_invitees = @user.invitees.order(created_at: :desc).limit(5)
    @more_invitees = (@invitees - @recent_invitees).count
    if Setting.lndhub_admin_enabled?
      @lndhub_user = @user.lndhub_user
    end
    @services_enabled = @user.services_enabled
-    @ldap_avatar = LdapManager::FetchAvatar.call(cn: @user.cn)
+    @avatar = LdapManager::FetchAvatar.call(cn: @user.cn)
  end
  # POST /admin/users/:username/invitations
@@ -42,7 +30,7 @@ class Admin::UsersController < Admin::BaseController
    amount = params[:amount].to_i
    notify_user = ActiveRecord::Type::Boolean.new.cast(params[:notify_user])
-    UserManager::CreateInvitations.call(user: @user, amount: amount, notify: notify_user)
+    CreateInvitations.call(user: @user, amount: amount, notify: notify_user)
    redirect_to admin_user_path(@user.cn), flash: {
      success: "Added #{amount} invitations to #{@user.cn}'s account"
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -63,9 +63,4 @@ class ApplicationController < ActionController::Base
    @fetch_balance_retried = true
    lndhub_fetch_balance
  end
  def nostr_event_from_params
    params.permit!
    params[:signed_event].to_h.symbolize_keys
  end
 end
--- a/app/controllers/avatars_controller.rb
+++ b/app/controllers/avatars_controller.rb
@@ -1,27 +0,0 @@
 class AvatarsController < ApplicationController
  def show
    if user = User.find_by(cn: params[:username])
      http_status :not_found and return unless user.avatar.attached?
      sha256_hash = params[:hash]
      format = params[:format]&.to_sym || :png
      # size = params[:size]&.to_sym || :original
      unless user.avatar.filename.to_s == "#{sha256_hash}.#{format}"
        http_status :not_found and return
      end
      # TODO See note for avatar_variant in user model
      # blob = if size == :original
      #          user.avatar.blob
      #        else
      #          user.avatar_variant(size: size)&.blob
      #        end
      data = user.avatar.blob.download
      send_data data, type: "image/#{format}", disposition: "inline"
    else
      http_status :not_found
    end
  end
 end
--- a/app/controllers/contributions/donations_controller.rb
+++ b/app/controllers/contributions/donations_controller.rb
@@ -11,7 +11,7 @@ class Contributions::DonationsController < ApplicationController
  def index
    @current_section = :contributions
    @donations_completed = current_user.donations.completed.order('paid_at desc')
-    @donations_processing = current_user.donations.processing.order('created_at desc')
+    @donations_pending = current_user.donations.processing.order('created_at desc')
    if Setting.lndhub_enabled?
      begin
@@ -28,7 +28,6 @@ class Contributions::DonationsController < ApplicationController
    if params[:currency] == "sats"
      fiat_amount = nil
      fiat_currency = nil
      amount_sats = params[:amount]
    else
      fiat_amount = params[:amount].to_i
      fiat_currency = params[:currency]
@@ -81,11 +80,14 @@ class Contributions::DonationsController < ApplicationController
    case invoice["status"]
    when "Settled"
-      @donation.complete!
+      @donation.paid_at = DateTime.now
      @donation.payment_status = "settled"
      @donation.save!
      flash_message = { success: "Thank you!" }
    when "Processing"
      unless @donation.processing?
-        @donation.start_processing!
+        @donation.payment_status = "processing"
        @donation.save!
        flash_message = { success: "Thank you! We will send you an email when the payment is confirmed." }
        BtcpayCheckDonationJob.set(wait: 20.seconds).perform_later(@donation)
      end
--- a/app/controllers/contributions/other_controller.rb
+++ b/app/controllers/contributions/other_controller.rb
@@ -1,16 +0,0 @@
 class Contributions::OtherController < ApplicationController
  before_action :authenticate_user!
  before_action :set_content_editing
  # GET /contributions/other
  def index
    @current_section = :contributions
  end
  private
    def set_content_editing
      return unless params[:edit] && current_user.is_admin?
      @edit_content = true
    end
 end
--- a/app/controllers/contributions/projects_controller.rb
+++ b/app/controllers/contributions/projects_controller.rb
@@ -0,0 +1,8 @@
 class Contributions::ProjectsController < ApplicationController
  before_action :authenticate_user!
  # GET /contributions
  def index
    @current_section = :contributions
  end
 end
--- a/app/controllers/discourse/sso_controller.rb
+++ b/app/controllers/discourse/sso_controller.rb
@@ -8,9 +8,6 @@ class Discourse::SsoController < ApplicationController
    sso.email = current_user.email
    sso.username = current_user.cn
    sso.name = current_user.display_name
    if current_user.avatar.attached?
      sso.avatar_url = helpers.image_url_for(current_user.avatar)
    end
    sso.admin = current_user.is_admin?
    sso.sso_secret = secret
--- a/app/controllers/lnurlpay_controller.rb
+++ b/app/controllers/lnurlpay_controller.rb
@@ -1,15 +1,13 @@
 class LnurlpayController < ApplicationController
  before_action :check_service_available
  before_action :find_user
  before_action :set_cors_access_control_headers
  MIN_SATS = 10
  MAX_SATS = 1_000_000
  MAX_COMMENT_CHARS = 100
  # GET /.well-known/lnurlp/:username
  def index
-    res = {
+    render json: {
      status: "OK",
      callback: "https://#{Setting.accounts_domain}/lnurlpay/#{@user.cn}/invoice",
      tag: "payRequest",
@@ -18,16 +16,8 @@ class LnurlpayController < ApplicationController
      metadata: metadata(@user.address),
      commentAllowed: MAX_COMMENT_CHARS
    }
    if Setting.nostr_enabled?
      res[:allowsNostr] = true
      res[:nostrPubkey] = Setting.nostr_public_key
  end
    render json: res
  end
  # GET /.well-known/keysend/:username
  def keysend
    http_status :not_found and return unless Setting.lndhub_keysend_enabled?
@@ -37,14 +27,13 @@ class LnurlpayController < ApplicationController
      pubkey: Setting.lndhub_public_key,
      customData: [{
        customKey: "696969",
-        customValue: @user.lndhub_username
+        customValue: @user.ln_account
      }]
    }
  end
  # GET /lnurlpay/:username/invoice
  def invoice
-    amount = params[:amount].to_i / 1000 # msats to sats
+    amount = params[:amount].to_i / 1000 # msats
    comment = params[:comment] || ""
    address = @user.address
@@ -53,32 +42,40 @@ class LnurlpayController < ApplicationController
      return
    end
-    if params[:nostr].present? && Setting.nostr_enabled?
+    if !valid_comment?(comment)
-      handle_zap_request amount, params[:nostr], params[:lnurl]
+      render json: { status: "ERROR", reason: "Comment too long" }
-    else
+      return
      handle_pay_request address, amount, comment
    end
    memo = "To #{address}"
    memo = "#{memo}: \"#{comment}\"" if comment.present?
    payment_request = @user.ln_create_invoice({
      amount: amount, # we create invoices in sats
      memo: memo,
      description_hash: Digest::SHA2.hexdigest(metadata(address)),
    })
    render json: {
      status: "OK",
      successAction: {
        tag: "message",
        message: "Sats received. Thank you!"
      },
      routes: [],
      pr: payment_request
    }
  end
  private
    def set_cors_access_control_headers
      headers['Access-Control-Allow-Origin'] = "*"
      headers['Access-Control-Allow-Headers'] = "*"
      headers['Access-Control-Allow-Methods'] = "GET"
    end
    def check_service_available
      http_status :not_found unless Setting.lndhub_enabled?
    end
  def find_user
    @user = User.where(cn: params[:username], ou: Setting.primary_domain).first
    http_status :not_found if @user.nil?
  end
  def metadata(address)
-      "[[\"text/identifier\",\"#{address}\"],[\"text/plain\",\"Sats for #{address}\"]]"
+    "[[\"text/identifier\", \"#{address}\"], [\"text/plain\", \"Send sats, receive thanks.\"]]"
  end
  def valid_amount?(amount_in_sats)
@@ -89,73 +86,9 @@ class LnurlpayController < ApplicationController
    comment.length <= MAX_COMMENT_CHARS
  end
-    def handle_pay_request(address, amount, comment)
+  private
      if !valid_comment?(comment)
        render json: { status: "ERROR", reason: "Comment too long" }
        return
      end
-      desc = "To #{address}"
+  def check_service_available
-      desc = "#{desc}: \"#{comment}\"" if comment.present?
+    http_status :not_found unless Setting.lndhub_enabled?
      invoice = LndhubManager::CreateUserInvoice.call(
        user: @user, payload: {
          amount: amount, # sats
          description: desc,
          description_hash: Digest::SHA256.hexdigest(metadata(address)),
        }
      )
      render json: {
        status: "OK",
        successAction: {
          tag: "message",
          message: "Sats received. Thank you!"
        },
        routes: [],
        pr: invoice["payment_request"]
      }
    end
    def nostr_event_from_payload(nostr_param)
      event_obj = JSON.parse(nostr_param).transform_keys(&:to_sym)
      Nostr::Event.new(**event_obj)
    rescue => e
      return nil
    end
    def valid_zap_request?(amount, event, lnurl)
      NostrManager::VerifyZapRequest.call(
        amount: amount, event: event, lnurl: lnurl
      )
    end
    def handle_zap_request(amount, nostr_param, lnurl_param)
      event = nostr_event_from_payload(nostr_param)
      unless event.present? && valid_zap_request?(amount*1000, event, lnurl_param)
        render json: { status: "ERROR", reason: "Invalid zap request" }
        return
      end
      # TODO might want to use the existing invoice and zap record if there are
      # multiple calls with the same zap request
      desc = "Zap for #{@user.address}"
      desc = "#{desc}: \"#{event.content}\"" if event.content.present?
      invoice = LndhubManager::CreateUserInvoice.call(
        user: @user, payload: {
          amount: amount, # sats
          description: desc,
          description_hash: Digest::SHA256.hexdigest(event.to_json),
        }
      )
      @user.zaps.create! request: event,
                         payment_request: invoice["payment_request"],
                         amount: amount
      render json: { status: "OK", pr: invoice["payment_request"] }
  end
 end
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@@ -1,9 +0,0 @@
 class PagesController < ApplicationController
  def privacy
    @current_section = :privacy
  end
  def tos
    @current_section = :tos
  end
 end
--- a/app/controllers/services/chat_controller.rb
+++ b/app/controllers/services/chat_controller.rb
@@ -3,7 +3,7 @@ class Services::ChatController < Services::BaseController
  before_action :require_service_available
  def show
-    @service_enabled = current_user.service_enabled?(:ejabberd)
+    @service_enabled = current_user.services_enabled.include?(:xmpp)
  end
  private
--- a/app/controllers/services/lightning_controller.rb
+++ b/app/controllers/services/lightning_controller.rb
@@ -9,7 +9,7 @@ class Services::LightningController < ApplicationController
  before_action :lndhub_fetch_balance
  def index
-    @wallet_setup_url = "lndhub://#{current_user.lndhub_username}:#{current_user.lndhub_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
+    @wallet_setup_url = "lndhub://#{current_user.ln_account}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
  end
  def transactions
--- a/app/controllers/services/mastodon_controller.rb
+++ b/app/controllers/services/mastodon_controller.rb
@@ -3,7 +3,7 @@ class Services::MastodonController < Services::BaseController
  before_action :require_service_available
  def show
-    @service_enabled = current_user.service_enabled?(:mastodon)
+    @service_enabled = current_user.services_enabled.include?(:mastodon)
  end
  private
--- a/app/controllers/services/remotestorage_controller.rb
+++ b/app/controllers/services/remotestorage_controller.rb
@@ -5,10 +5,11 @@ class Services::RemotestorageController < Services::BaseController
  # Dashboard
  def show
-    # unless current_user.service_enabled?(:remotestorage)
+    # unless current_user.services_enabled.include?(:remotestorage)
    #   redirect_to service_remotestorage_info_path
    # end
-    # @rs_apps_connected = current_user.remote_storage_authorizations.any?
+    @rs_auths = current_user.remote_storage_authorizations
    # TODO sort by app name
  end
  private
--- a/app/controllers/services/rs_auths_controller.rb
+++ b/app/controllers/services/rs_auths_controller.rb
@@ -3,18 +3,13 @@ class Services::RsAuthsController < Services::BaseController
  before_action :require_feature_enabled
  before_action :require_service_available
  # before_action :require_service_enabled
-  before_action :find_rs_auth, only: [:destroy, :launch_app]
+  before_action :find_rs_auth
  def index
    @rs_auths = current_user.remote_storage_authorizations
    # TODO sort by app name?
  end
  def destroy
    @auth.destroy!
    respond_to do |format|
-      format.html do redirect_to apps_services_storage_url, flash: {
+      format.html do redirect_to services_storage_url, flash: {
        success: 'App authorization revoked'
      }
      end
@@ -23,11 +18,7 @@ class Services::RsAuthsController < Services::BaseController
  end
  def launch_app
-    user_address = Rails.env.development? ?
+    launch_url = "#{@auth.launch_url}#remotestorage=#{current_user.address}&access_token=#{@auth.token}"
      "#{current_user.cn}@localhost:3000" :
      current_user.address
    launch_url = "#{@auth.launch_url}#remotestorage=#{user_address}"
    redirect_to launch_url, allow_other_host: true
  end
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -12,21 +12,15 @@ class SettingsController < ApplicationController
  end
  def show
-    case @settings_section
+    if @settings_section == "experiments"
    when "lightning"
      @notifications_enabled = @user.preferences[:lightning_notify_sats_received] != "disabled" ||
                               @user.preferences[:lightning_notify_zap_received] != "disabled"
    when "nostr"
      session[:shared_secret] ||= SecureRandom.base64(12)
    end
  end
  # PUT /settings/:section
  def update
    @user.preferences.merge!(user_params[:preferences] || {})
    @user.display_name = user_params[:display_name]
-    @user.avatar_new   = user_params[:avatar_new]
+    @user.avatar_new = user_params[:avatar]
    @user.pgp_pubkey   = user_params[:pgp_pubkey]
    if @user.save
      if @user.display_name && (@user.display_name != @user.ldap_entry[:display_name])
@@ -34,16 +28,7 @@ class SettingsController < ApplicationController
      end
      if @user.avatar_new.present?
-        if store_user_avatar
+        LdapManager::UpdateAvatar.call(dn: @user.dn, file: @user.avatar_new)
          UserManager::UpdateAvatar.call(user: @user)
        else
          @validation_errors = @user.errors
          render :show, status: :unprocessable_entity and return
        end
      end
      if @user.pgp_pubkey && (@user.pgp_pubkey != @user.ldap_entry[:pgp_key])
        UserManager::UpdatePgpKey.call(user: @user)
      end
      redirect_to setting_path(@settings_section), flash: {
@@ -55,7 +40,6 @@ class SettingsController < ApplicationController
    end
  end
  # POST /settings/update_email
  def update_email
    if @user.valid_ldap_authentication?(security_params[:current_password])
      if @user.update email: email_params[:email]
@@ -73,7 +57,6 @@ class SettingsController < ApplicationController
    end
  end
  # POST /settings/reset_email_password
  def reset_email_password
    @user.current_password = security_params[:current_password]
@@ -96,7 +79,6 @@ class SettingsController < ApplicationController
    end
  end
  # POST /settings/reset_password
  def reset_password
    current_user.send_reset_password_instructions
    sign_out current_user
@@ -104,41 +86,41 @@ class SettingsController < ApplicationController
    redirect_to check_your_email_path, notice: msg
  end
  # POST /settings/set_nostr_pubkey
  def set_nostr_pubkey
-    signed_event = Nostr::Event.new(**nostr_event_from_params)
+    signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
    is_valid_id  = NostrManager::ValidateId.call(event: signed_event)
    is_valid_sig = NostrManager::VerifySignature.call(event: signed_event)
    is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
-    is_valid_sig  = signed_event.verify_signature
+    unless is_valid_id && is_valid_sig && is_correct_content
    is_valid_auth = NostrManager::VerifyAuth.call(
      event: signed_event,
      challenge: session[:shared_secret]
    )
    unless is_valid_sig && is_valid_auth
      flash[:alert] = "Public key could not be verified"
      http_status :unprocessable_entity and return
    end
-    user_with_pubkey = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event.pubkey)
+    pubkey_taken = User.all_except(current_user).where(
      ou: current_user.ou, nostr_pubkey: signed_event[:pubkey]
    ).any?
-    if user_with_pubkey.present? && (user_with_pubkey != current_user)
+    if pubkey_taken
      flash[:alert] = "Public key already in use for a different account"
      http_status :unprocessable_entity and return
    end
-    LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: signed_event.pubkey)
+    current_user.update! nostr_pubkey: signed_event[:pubkey]
    session[:shared_secret] = nil
    flash[:success] = "Public key verification successful"
    http_status :ok
  rescue
    flash[:alert] = "Public key could not be verified"
    http_status :unprocessable_entity and return
  end
  # DELETE /settings/nostr_pubkey
  def remove_nostr_pubkey
-    # TODO require current pubkey or password to delete
+    current_user.update! nostr_pubkey: nil
    LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: nil)
-    redirect_to setting_path(:nostr), flash: {
+    redirect_to setting_path(:experiments), flash: {
      success: 'Public key removed from account'
    }
  end
@@ -152,8 +134,8 @@ class SettingsController < ApplicationController
    def set_settings_section
      @settings_section = params[:section]
      allowed_sections = [
-        :profile, :account, :xmpp, :email,
+        :profile, :account, :xmpp, :email, :lightning, :remotestorage,
-        :lightning, :remotestorage, :nostr
+        :experiments
      ]
      unless allowed_sections.include?(@settings_section.to_sym)
@@ -166,10 +148,11 @@ class SettingsController < ApplicationController
    end
    def user_params
-      params.require(:user).permit(
+      params.require(:user).permit(:display_name, :avatar, preferences: [
-        :display_name, :avatar_new, :pgp_pubkey,
+        :lightning_notify_sats_received,
-        preferences: UserPreferences.pref_keys
+        :remotestorage_notify_auth_created,
-      )
+        :xmpp_exchange_contacts_with_invitees
      ])
    end
    def email_params
@@ -180,6 +163,12 @@ class SettingsController < ApplicationController
      params.require(:user).permit(:current_password)
    end
    def nostr_event_params
      params.permit(signed_event: [
        :id, :pubkey, :created_at, :kind, :tags, :content, :sig
      ])
    end
    def generate_email_password
      characters = [('a'..'z'), ('A'..'Z'), (0..9)].map(&:to_a).flatten
      SecureRandom.random_bytes(16).each_byte.map { |b| characters[b % characters.length] }.join
@@ -189,30 +178,4 @@ class SettingsController < ApplicationController
      salt = BCrypt::Engine.generate_salt
      BCrypt::Engine.hash_secret(password, salt)
    end
    def store_user_avatar
      io = @user.avatar_new.tempfile
      img_data = UserManager::ProcessAvatar.call(io: io)
      if img_data.blank?
        @user.errors.add(:avatar, "failed to process file")
        false
      end
      tempfile = Tempfile.create
      tempfile.binmode
      tempfile.write(img_data)
      tempfile.rewind
      hash = Digest::SHA256.hexdigest(img_data)
      ext = @user.avatar_new.content_type == "image/png" ? "png" : "jpg"
      filename = "#{hash}.#{ext}"
      if filename == @user.avatar.filename.to_s
        @user.errors.add(:avatar, "must be a new file/picture")
        false
      else
        key = "users/#{@user.cn}/avatars/#{filename}"
        @user.avatar.attach io: tempfile, key: key, filename: filename
        @user.save
      end
    end
 end
--- a/app/controllers/signup_controller.rb
+++ b/app/controllers/signup_controller.rb
@@ -96,7 +96,7 @@ class SignupController < ApplicationController
    session[:new_user] = nil
    session[:validation_error] = nil
-    UserManager::CreateAccount.call(account: {
+    CreateAccount.call(account: {
      username: @user.cn,
      domain: Setting.primary_domain,
      email: @user.email,
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -1,62 +0,0 @@
 # frozen_string_literal: true
 class Users::SessionsController < Devise::SessionsController
  # before_action :configure_sign_in_params, only: [:create]
  # GET /resource/sign_in
  def new
    session[:shared_secret] = SecureRandom.base64(12)
    super
  end
  # POST /resource/sign_in
  # def create
  #   super
  # end
  # DELETE /resource/sign_out
  # def destroy
  #   super
  # end
  # POST /users/nostr_login
  def nostr_login
    signed_event = Nostr::Event.new(**nostr_event_from_params)
    is_valid_sig  = signed_event.verify_signature
    is_valid_auth = NostrManager::VerifyAuth.call(
      event: signed_event,
      challenge: session[:shared_secret]
    )
    session[:shared_secret] = nil
    unless is_valid_sig && is_valid_auth
      flash[:alert] = "Login verification failed"
      http_status :unauthorized and return
    end
    user = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event.pubkey)
    if user.present?
      set_flash_message!(:notice, :signed_in)
      sign_in("user", user)
      render json: { redirect_url: after_sign_in_path_for(user) }, status: :ok
    else
      flash[:alert] = "Failed to find your account. Nostr login may be disabled."
      http_status :unauthorized
    end
  end
  protected
    def set_flash_message(key, kind, options = {})
      # Hide flash message after redirecting from a signin route while logged in
      super unless key == :alert && kind == "already_authenticated"
    end
  # If you have extra params to permit, append them to the sanitizer.
  # def configure_sign_in_params
  #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
  # end
 end
--- a/app/controllers/web_key_directory_controller.rb
+++ b/app/controllers/web_key_directory_controller.rb
@@ -1,43 +0,0 @@
 class WebKeyDirectoryController < WellKnownController
  before_action :allow_cross_origin_requests
  # /.well-known/openpgpkey/hu/:hashed_username(.txt)?l=username
  def show
    if params[:l].blank?
      # TODO store hashed username in db if existing implementations trigger
      # this a lot
      msg = "WKD request with \"l\" param omitted for hu: #{params[:hashed_username]}"
      Sentry.capture_message(msg) if Setting.sentry_enabled?
      http_status :bad_request and return
    end
    @user = User.find_by(cn: params[:l].downcase)
    if @user.nil? ||
       @user.pgp_pubkey.blank? ||
       !@user.pgp_pubkey_contains_user_address?
      http_status :not_found and return
    end
    if params[:hashed_username] != @user.wkd_hash
      http_status :unprocessable_entity and return
    end
    respond_to do |format|
      format.text do
        response.headers['Content-Type'] = 'text/plain'
        render plain: @user.pgp_pubkey
      end
      format.any do
        key = @user.gnupg_key.export
        send_data key, filename: "#{@user.wkd_hash}.pem",
                       type: "application/octet-stream"
      end
    end
  end
  def policy
    head :ok
  end
 end
--- a/app/controllers/webfinger_controller.rb
+++ b/app/controllers/webfinger_controller.rb
@@ -1,19 +1,20 @@
-class WebfingerController < WellKnownController
+class WebfingerController < ApplicationController
  before_action :allow_cross_origin_requests, only: [:show]
  layout false
  def show
    resource = params[:resource]
    if resource && @useraddress = resource.match(/acct:(.+)/)&.[](1)
-      @username, @domain = @useraddress.split("@")
+      @username, @org = @useraddress.split("@")
      unless Rails.env.development?
        # Allow different domains (e.g. localhost:3000) in development only
-        head 404 and return unless @domain == Setting.primary_domain
+        head 404 and return unless @org == Setting.primary_domain
      end
-      unless @user = User.where(ou: Setting.primary_domain)
+      unless User.where(cn: @username.downcase, ou: Setting.primary_domain).any?
                         .find_by(cn: @username.downcase)
        head 404 and return
      end
@@ -27,74 +28,22 @@ class WebfingerController < WellKnownController
  private
  def webfinger
-    jrd = {
+    links = [];
      subject: "acct:#{@user.address}",
      aliases: [],
      links: []
    }
-    if @user.avatar.attached?
+    # TODO check if storage service is enabled for user, not just globally
-      jrd[:links] += avatar_link
+    links << remotestorage_link if Setting.remotestorage_enabled
    end
-    if Setting.mastodon_enabled && @user.service_enabled?(:mastodon)
+    { "links" => links }
      # https://docs.joinmastodon.org/spec/webfinger/
      jrd[:aliases] += mastodon_aliases
      jrd[:links] += mastodon_links
    end
    if Setting.remotestorage_enabled && @user.service_enabled?(:remotestorage)
      # https://datatracker.ietf.org/doc/draft-dejong-remotestorage/
      jrd[:links] << remotestorage_link
    end
    jrd
  end
  def avatar_link
    [
      {
        rel: "http://webfinger.net/rel/avatar",
        type: @user.avatar.content_type,
        href: helpers.image_url_for(@user.avatar)
      }
    ]
  end
  def mastodon_aliases
    [
      "#{Setting.mastodon_public_url}/@#{@user.cn}",
      "#{Setting.mastodon_public_url}/users/#{@user.cn}"
    ]
  end
  def mastodon_links
    [
      {
        rel: "http://webfinger.net/rel/profile-page",
        type: "text/html",
        href: "#{Setting.mastodon_public_url}/@#{@user.cn}"
      },
      {
        rel: "self",
        type: "application/activity+json",
        href: "#{Setting.mastodon_public_url}/users/#{@user.cn}"
      },
      {
        rel: "http://ostatus.org/schema/1.0/subscribe",
        template: "#{Setting.mastodon_public_url}/authorize_interaction?uri={uri}"
      }
    ]
  end
  def remotestorage_link
-    auth_url = new_rs_oauth_url(@username, host: Setting.rs_accounts_domain)
+    auth_url = new_rs_oauth_url(@username)
    storage_url = "#{Setting.rs_storage_url}/#{@username}"
    {
-      rel: "http://tools.ietf.org/id/draft-dejong-remotestorage",
+      "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
-      href: storage_url,
+      "href" => storage_url,
-      properties: {
+      "properties" => {
        "http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
        "http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
        "http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter
@@ -103,4 +52,10 @@ class WebfingerController < WellKnownController
      }
    }
  end
  def allow_cross_origin_requests
    return unless Rails.env.development?
    headers['Access-Control-Allow-Origin'] = "*"
    headers['Access-Control-Allow-Methods'] = "GET"
  end
 end
--- a/app/controllers/webhooks_controller.rb
+++ b/app/controllers/webhooks_controller.rb
@@ -2,76 +2,45 @@ class WebhooksController < ApplicationController
  skip_forgery_protection
  before_action :authorize_request
  before_action :process_payload
  def lndhub
-    @user = User.find_by!(lndhub_username: @payload[:user_login])
+    begin
-
+      payload = JSON.parse(request.body.read, symbolize_names: true)
-    if @zap = @user.zaps.find_by(payment_request: @payload[:payment_request])
+      head :no_content and return unless payload[:type] == "incoming"
-      settled_at = Time.parse(@payload[:settled_at])
+    rescue
-      zap_receipt = NostrManager::CreateZapReceipt.call(
+      head :unprocessable_entity and return
        zap: @zap,
        paid_at: settled_at.to_i,
        preimage: @payload[:preimage]
      )
      @zap.update! settled_at: settled_at, receipt: zap_receipt.to_h
      NostrManager::PublishZapReceipt.call(zap: @zap)
    end
-    send_notifications
+    user = User.find_by!(ln_account: payload[:user_login])
    notify = user.preferences[:lightning_notify_sats_received]
    case notify
    when "xmpp"
      notify_xmpp(user.address, payload[:amount], payload[:memo])
    when "email"
      NotificationMailer.with(user: user, amount_sats: payload[:amount])
                        .lightning_sats_received.deliver_later
    end
    head :ok
  end
  private
  # TODO refactor into mailer-like generic class/service
  def notify_xmpp(address, amt_sats, memo)
    payload = {
      type: "normal",
      from: Setting.xmpp_notifications_from_address,
      to: address,
      subject: "Sats received!",
      body: "#{helpers.number_with_delimiter amt_sats} sats received in your Lightning wallet:\n> #{memo}"
    }
    XmppSendMessageJob.perform_later(payload)
  end
  def authorize_request
    if !ENV['WEBHOOKS_ALLOWED_IPS'].split(',').include?(request.remote_ip)
      head :forbidden and return
    end
  end
  def process_payload
    @payload = JSON.parse(request.body.read, symbolize_names: true)
    unless @payload[:type] == "incoming" &&
           @payload[:state] == "settled"
      head :no_content and return
    end
  rescue
    head :unprocessable_entity and return
  end
  def send_notifications
    return if @payload[:amount] < @user.preferences[:lightning_notify_min_sats]
    if @user.preferences[:lightning_notify_only_with_message]
      return if @payload[:memo].blank?
    end
    target = @zap.present? ? @user.preferences[:lightning_notify_zap_received] :
                             @user.preferences[:lightning_notify_sats_received]
    case target
    when "xmpp"
      notify_xmpp
    when "email"
      notify_email
    end
  end
  # TODO refactor into mailer-like generic class/service
  def notify_xmpp
    XmppSendMessageJob.perform_later({
      type: "normal",
      from: Setting.xmpp_notifications_from_address,
      to: @user.address,
      subject: "Sats received!",
      body: "#{helpers.number_with_delimiter @payload[:amount]} sats received in your Lightning wallet:\n> #{@payload[:memo]}"
    })
  end
  def notify_email
    NotificationMailer.with(user: @user, amount_sats: @payload[:amount])
                      .lightning_sats_received.deliver_later
  end
 end
--- a/app/controllers/well_known_controller.rb
+++ b/app/controllers/well_known_controller.rb
@@ -1,47 +1,16 @@
 class WellKnownController < ApplicationController
  before_action :require_nostr_enabled, only: [ :nostr ]
  before_action :allow_cross_origin_requests, only: [ :nostr ]
  layout false
  def nostr
    http_status :unprocessable_entity and return if params[:name].blank?
    domain = request.headers["X-Forwarded-Host"].presence || Setting.primary_domain
    relay_url = Setting.nostr_relay_url.presence
    if params[:name] == "_"
      if domain == Setting.primary_domain
        # pubkey for the primary domain without a username (e.g. kosmos.org)
        res = { names: { "_": Setting.nostr_public_key_primary_domain.presence || Setting.nostr_public_key } }
      else
        # pubkey for the akkounts domain without a username (e.g. accounts.kosmos.org)
        res = { names: { "_": Setting.nostr_public_key } }
      end
      res[:relays] = { "_" => [ relay_url ] } if relay_url
    else
    @user = User.where(cn: params[:name], ou: domain).first
    http_status :not_found and return if @user.nil? || @user.nostr_pubkey.blank?
      res = { names: { @user.cn => @user.nostr_pubkey } }
      res[:relays] = { @user.nostr_pubkey => [ relay_url ] } if relay_url
    end
    respond_to do |format|
      format.json do
-        render json: res.to_json
+        render json: {
          names: { "#{@user.cn}": @user.nostr_pubkey }
        }.to_json
      end
    end
  end
  private
    def require_nostr_enabled
      http_status :not_found unless Setting.nostr_enabled?
    end
    def allow_cross_origin_requests
      headers['Access-Control-Allow-Origin'] = "*"
      headers['Access-Control-Allow-Methods'] = "GET"
    end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -14,23 +14,4 @@ module ApplicationHelper
  def badge(text, color)
    tag.span text, class: "inline-flex items-center rounded-full bg-#{color}-100 px-2.5 py-0.5 text-xs font-medium text-#{color}-800"
  end
  def markdown_to_html(string)
    raw Kramdown::Document.new(string, { input: "GFM" }).to_html
  end
  def image_url_for(attachment)
    return s3_image_url(attachment) if Setting.s3_enabled?
    if attachment.record.is_a?(User) && attachment.name == "avatar"
      hash, format = attachment.blob.filename.to_s.split(".", 2)
      user_avatar_url(
        username: attachment.record.cn,
        hash: hash,
        format: format
      )
    else
      Rails.application.routes.url_helpers.rails_blob_path(attachment, only_path: true)
    end
  end
 end
--- a/app/helpers/dashboard_helper.rb
+++ b/app/helpers/dashboard_helper.rb
@@ -0,0 +1,2 @@
 module DashboardHelper
 end
--- a/app/helpers/donations_helper.rb
+++ b/app/helpers/donations_helper.rb
@@ -0,0 +1,2 @@
 module DonationsHelper
 end
--- a/app/helpers/invitations_helper.rb
+++ b/app/helpers/invitations_helper.rb
@@ -0,0 +1,2 @@
 module InvitationsHelper
 end
--- a/app/helpers/lnurlpay_helper.rb
+++ b/app/helpers/lnurlpay_helper.rb
@@ -0,0 +1,2 @@
 module LnurlpayHelper
 end
--- a/app/helpers/services_helper.rb
+++ b/app/helpers/services_helper.rb
@@ -1,12 +0,0 @@
 module ServicesHelper
  def service_human_name(key, category = :external)
    SERVICES[category][key][:name] || key.to_s
  end
  def service_display_name(key, category = :external)
    SERVICES[category][key][:display_name] ||
    service_human_name(key, category)
  end
 end
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@@ -0,0 +1,2 @@
 module SettingsHelper
 end
--- a/app/helpers/signup_helper.rb
+++ b/app/helpers/signup_helper.rb
@@ -0,0 +1,2 @@
 module SignupHelper
 end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -0,0 +1,2 @@
 module UsersHelper
 end
--- a/app/helpers/wallet_helper.rb
+++ b/app/helpers/wallet_helper.rb
@@ -0,0 +1,2 @@
 module WalletHelper
 end
--- a/app/helpers/welcome_helper.rb
+++ b/app/helpers/welcome_helper.rb
@@ -0,0 +1,2 @@
 module WelcomeHelper
 end
--- a/app/javascript/controllers/nostr_login_controller.js
+++ b/app/javascript/controllers/nostr_login_controller.js
@@ -1,53 +0,0 @@
 import { Controller } from "@hotwired/stimulus"
 // Connects to data-controller="nostr-login"
 export default class extends Controller {
  static targets = [ "loginForm", "loginButton" ]
  static values  = { site: String, sharedSecret: String }
  connect() {
    if (window.nostr) {
      this.loginButtonTarget.disabled = false
      this.loginFormTarget.classList.remove("hidden")
    }
  }
  async login () {
    this.loginButtonTarget.disabled = true
    try {
      // Auth based on NIP-42
      const signedEvent = await window.nostr.signEvent({
        created_at: Math.floor(Date.now() / 1000),
        kind: 22242,
        tags: [
          ["site", this.siteValue],
          ["challenge", this.sharedSecretValue]
        ],
        content: ""
      })
      const res = await fetch("/users/nostr_login", {
        method: "POST", credentials: "include", headers: {
          "Accept": "application/json", 'Content-Type': 'application/json',
          "X-CSRF-Token": this.csrfToken
        }, body: JSON.stringify({ signed_event: signedEvent })
      })
      if (res.status === 200) {
        res.json().then(r => { window.location.href = r.redirect_url })
      } else {
        window.location.reload()
      }
    } catch (error) {
      console.warn('Unable to authenticate:', error.message)
    } finally {
      this.loginButtonTarget.disabled = false
    }
  }
  get csrfToken () {
    const element = document.head.querySelector('meta[name="csrf-token"]')
    return element.getAttribute("content")
  }
 }
--- a/app/javascript/controllers/settings/nostr_pubkey_controller.js
+++ b/app/javascript/controllers/settings/nostr_pubkey_controller.js
@@ -3,12 +3,7 @@ import { Controller } from "@hotwired/stimulus"
 // Connects to data-controller="settings--nostr-pubkey"
 export default class extends Controller {
  static targets = [ "noExtension", "setPubkey", "pubkeyBech32Input" ]
-  static values  = {
+  static values  = { userAddress: String, pubkeyHex: String, sharedSecret: String }
    userAddress: String,
    pubkeyHex: String,
    site: String,
    sharedSecret: String
  }
  connect () {
    if (window.nostr) {
@@ -24,15 +19,11 @@ export default class extends Controller {
    this.setPubkeyTarget.disabled = true
    try {
      // Auth based on NIP-42
      const signedEvent = await window.nostr.signEvent({
        created_at: Math.floor(Date.now() / 1000),
-        kind: 22242,
+        kind: 1,
-        tags: [
+        tags: [],
-          ["site", this.siteValue],
+        content: `Connect my public key to ${this.userAddressValue} (confirmation ${this.sharedSecretValue})`
          ["challenge", this.sharedSecretValue]
        ],
        content: ""
      })
      const res = await fetch("/settings/set_nostr_pubkey", {
--- a/app/jobs/btcpay_check_donation_job.rb
+++ b/app/jobs/btcpay_check_donation_job.rb
@@ -10,7 +10,9 @@ class BtcpayCheckDonationJob < ApplicationJob
    case invoice["status"]
    when "Settled"
-      donation.complete!
+      donation.paid_at = DateTime.now
      donation.payment_status = "settled"
      donation.save!
      NotificationMailer.with(user: donation.user)
                        .bitcoin_donation_confirmed
--- a/app/jobs/create_ldap_user_job.rb
+++ b/app/jobs/create_ldap_user_job.rb
@@ -1,10 +1,10 @@
 class CreateLdapUserJob < ApplicationJob
  queue_as :default
-  def perform(username:, domain:, email:, hashed_pw:, confirmed: false)
+  def perform(username, domain, email, hashed_pw)
    dn = "cn=#{username},ou=#{domain},cn=users,dc=kosmos,dc=org"
    attr = {
-      objectclass: ["top", "account", "person", "inetOrgPerson", "extensibleObject"],
+      objectclass: ["top", "account", "person", "extensibleObject"],
      cn: username,
      sn: username,
      uid: username,
@@ -12,10 +12,6 @@ class CreateLdapUserJob < ApplicationJob
      userPassword: hashed_pw
    }
    if confirmed
      attr[:serviceEnabled] = Setting.default_services
    end
    ldap_client.add(dn: dn, attributes: attr)
  end
--- a/app/jobs/create_lndhub_account_job.rb
+++ b/app/jobs/create_lndhub_account_job.rb
@@ -2,12 +2,12 @@ class CreateLndhubAccountJob < ApplicationJob
  queue_as :default
  def perform(user)
-    return if user.lndhub_username.present? && user.lndhub_password.present?
+    return if user.ln_account.present? && user.ln_password.present?
    lndhub = LndhubV2.new
    credentials = lndhub.create_account
-    user.update! lndhub_username: credentials["login"],
+    user.update! ln_account: credentials["login"],
-                 lndhub_password: credentials["password"]
+                 ln_password: credentials["password"]
  end
 end
--- a/app/jobs/nostr_publish_event_job.rb
+++ b/app/jobs/nostr_publish_event_job.rb
@@ -1,7 +0,0 @@
 class NostrPublishEventJob < ApplicationJob
  queue_as :nostr
  def perform(event:, relay_url:)
    NostrManager::PublishEvent.call(event: event, relay_url: relay_url)
  end
 end
--- a/app/jobs/remote_storage_expire_authorization_job.rb
+++ b/app/jobs/remote_storage_expire_authorization_job.rb
@@ -3,6 +3,8 @@ class RemoteStorageExpireAuthorizationJob < ApplicationJob
  def perform(rs_auth_id)
    rs_auth = RemoteStorageAuthorization.find rs_auth_id
    return unless rs_auth.expire_at.nil? || rs_auth.expire_at <= DateTime.now
    rs_auth.destroy!
  end
 end
--- a/app/jobs/xmpp_exchange_contacts_job.rb
+++ b/app/jobs/xmpp_exchange_contacts_job.rb
@@ -2,6 +2,21 @@ class XmppExchangeContactsJob < ApplicationJob
  queue_as :default
  def perform(inviter, invitee)
-    EjabberdManager::ExchangeContacts.call(inviter:, invitee:)
+    return unless inviter.services_enabled.include?("xmpp") &&
                  invitee.services_enabled.include?("xmpp") &&
                  inviter.preferences[:xmpp_exchange_contacts_with_invitees]
    ejabberd = EjabberdApiClient.new
    ejabberd.add_rosteritem({
      "localuser": invitee.cn, "localhost": invitee.ou,
      "user": inviter.cn, "host": inviter.ou,
      "nick": inviter.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
    })
    ejabberd.add_rosteritem({
      "localuser": inviter.cn, "localhost": inviter.ou,
      "user": invitee.cn, "host": invitee.ou,
      "nick": invitee.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
    })
  end
 end
--- a/app/jobs/xmpp_send_message_job.rb
+++ b/app/jobs/xmpp_send_message_job.rb
@@ -2,6 +2,7 @@ class XmppSendMessageJob < ApplicationJob
  queue_as :default
  def perform(payload)
-    EjabberdManager::SendMessage.call(payload:)
+    ejabberd = EjabberdApiClient.new
    ejabberd.send_message payload
  end
 end
--- a/app/jobs/xmpp_set_avatar_job.rb
+++ b/app/jobs/xmpp_set_avatar_job.rb
@@ -1,7 +0,0 @@
 class XmppSetAvatarJob < ApplicationJob
  queue_as :default
  def perform(user:, overwrite: false)
    EjabberdManager::SetAvatar.call(user:, overwrite:)
  end
 end
--- a/app/jobs/xmpp_set_default_bookmarks_job.rb
+++ b/app/jobs/xmpp_set_default_bookmarks_job.rb
@@ -2,6 +2,25 @@ class XmppSetDefaultBookmarksJob < ApplicationJob
  queue_as :default
  def perform(user)
-    EjabberdManager::SetDefaultBookmarks.call(user:)
+    return unless Setting.xmpp_default_rooms.any?
    @user = user
    ejabberd = EjabberdApiClient.new
    ejabberd.private_set user, storage_content
  end
  def storage_content
    bookmarks = ""
    Setting.xmpp_default_rooms.each do |r|
      bookmarks << conference_element(
        jid: r[/<(.+)>/, 1], name: r[/^(.+)\s/, 1], nick: @user.cn,
        autojoin: Setting.xmpp_autojoin_default_rooms
      )
    end
    "<storage xmlns='storage:bookmarks'>#{bookmarks}</storage>"
  end
  def conference_element(jid:, name:, autojoin: false, nick:)
    "<conference jid='#{jid}' name='#{name}' autojoin='#{autojoin.to_s}'><nick>#{nick}</nick></conference>"
  end
 end
--- a/app/mailers/application_mailer.rb
+++ b/app/mailers/application_mailer.rb
@@ -1,90 +1,3 @@
 class ApplicationMailer < ActionMailer::Base
  default Rails.application.config.action_mailer.default_options
  layout 'mailer'
  private
    def send_mail
      @template ||= "#{self.class.name.underscore}/#{caller[0][/`([^']*)'/, 1]}"
      headers['Message-ID'] = message_id
      if @user.pgp_pubkey.present?
        mail(to: @user.email, subject: "...", content_type: pgp_content_type) do |format|
          format.text { render plain: pgp_content }
        end
      else
        mail(to: @user.email, subject: @subject) do |format|
          format.text { render @template }
        end
      end
    end
    def from_address
      self.class.default[:from]
    end
    def from_domain
      Mail::Address.new(from_address).domain
    end
    def message_id
      @message_id ||= "#{SecureRandom.uuid}@#{from_domain}"
    end
    def boundary
      @boundary ||= SecureRandom.hex(8)
    end
    def pgp_content_type
      "multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=\"------------#{boundary}\""
    end
    def pgp_nested_content
      message_content = render_to_string(template: @template)
      message_content_base64 = Base64.encode64(message_content)
      nested_boundary = SecureRandom.hex(8)
      <<~NESTED_CONTENT
        Content-Type: multipart/mixed; boundary="------------#{nested_boundary}"; protected-headers="v1"
        Subject: #{@subject}
        From: <#{from_address}>
        To: #{@user.display_name || @user.cn} <#{@user.email}>
        Message-ID: <#{message_id}>
        --------------#{nested_boundary}
        Content-Type: text/plain; charset=UTF-8; format=flowed
        Content-Transfer-Encoding: base64
        #{message_content_base64}
        --------------#{nested_boundary}--
      NESTED_CONTENT
    end
    def pgp_content
      encrypted_content = UserManager::PgpEncrypt.call(user: @user, text: pgp_nested_content)
      encrypted_base64 = Base64.encode64(encrypted_content.to_s)
      <<~EMAIL_CONTENT
        This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
        --------------#{boundary}
        Content-Type: application/pgp-encrypted
        Content-Description: PGP/MIME version identification
        Version: 1
        --------------#{boundary}
        Content-Type: application/octet-stream; name="encrypted.asc"
        Content-Description: OpenPGP encrypted message
        Content-Disposition: inline; filename="encrypted.asc"
        -----BEGIN PGP MESSAGE-----
        #{encrypted_base64}
        -----END PGP MESSAGE-----
        --------------#{boundary}--
      EMAIL_CONTENT
    end
 end
--- a/app/mailers/custom_mailer.rb
+++ b/app/mailers/custom_mailer.rb
@@ -18,6 +18,6 @@ class CustomMailer < ApplicationMailer
    @user = params[:user]
    @subject = params[:subject]
    @body = params[:body]
-    send_mail
+    mail(to: @user.email, subject: @subject)
  end
 end
--- a/app/mailers/notification_mailer.rb
+++ b/app/mailers/notification_mailer.rb
@@ -3,7 +3,7 @@ class NotificationMailer < ApplicationMailer
    @user = params[:user]
    @amount_sats = params[:amount_sats]
    @subject = "Sats received"
-    send_mail
+    mail to: @user.email, subject: @subject
  end
  def remotestorage_auth_created
@@ -15,19 +15,19 @@ class NotificationMailer < ApplicationMailer
      "#{access} #{directory}"
    end
    @subject = "New app connected to your storage"
-    send_mail
+    mail to: @user.email, subject: @subject
  end
  def new_invitations_available
    @user = params[:user]
    @subject = "New invitations added to your account"
-    send_mail
+    mail to: @user.email, subject: @subject
  end
  def bitcoin_donation_confirmed
    @user = params[:user]
    @donation = params[:donation]
    @subject = "Donation confirmed"
-    send_mail
+    mail to: @user.email, subject: @subject
  end
 end
--- a/app/models/app_catalog/web_app.rb
+++ b/app/models/app_catalog/web_app.rb
@@ -1,7 +1,7 @@
 class AppCatalog::WebApp < ApplicationRecord
  store :metadata, coder: JSON
-  has_many :remote_storage_authorizations, dependent: :destroy
+  has_many :remote_storage_authorizations
  has_one_attached :icon
  has_one_attached :apple_touch_icon
--- a/app/models/concerns/settings/btcpay_settings.rb
+++ b/app/models/concerns/settings/btcpay_settings.rb
@@ -1,24 +0,0 @@
 module Settings
  module BtcpaySettings
    extend ActiveSupport::Concern
    included do
      field :btcpay_api_url, type: :string,
        default: ENV["BTCPAY_API_URL"].presence
      field :btcpay_enabled, type: :boolean,
        default: ENV["BTCPAY_API_URL"].present?
      field :btcpay_public_url, type: :string,
        default: ENV["BTCPAY_PUBLIC_URL"].presence
      field :btcpay_store_id, type: :string,
        default: ENV["BTCPAY_STORE_ID"].presence
      field :btcpay_auth_token, type: :string,
        default: ENV["BTCPAY_AUTH_TOKEN"].presence
      field :btcpay_publish_wallet_balances, type: :boolean, default: true
    end
  end
 end
--- a/app/models/concerns/settings/discourse_settings.rb
+++ b/app/models/concerns/settings/discourse_settings.rb
@@ -1,16 +0,0 @@
 module Settings
  module DiscourseSettings
    extend ActiveSupport::Concern
    included do
      field :discourse_public_url, type: :string,
        default: ENV["DISCOURSE_PUBLIC_URL"].presence
      field :discourse_enabled, type: :boolean,
        default: ENV["DISCOURSE_PUBLIC_URL"].present?
      field :discourse_connect_secret, type: :string,
        default: ENV["DISCOURSE_CONNECT_SECRET"].presence
    end
  end
 end
--- a/app/models/concerns/settings/drone_ci_settings.rb
+++ b/app/models/concerns/settings/drone_ci_settings.rb
@@ -1,13 +0,0 @@
 module Settings
  module DroneCiSettings
    extend ActiveSupport::Concern
    included do
      field :droneci_public_url, type: :string,
        default: ENV["DRONECI_PUBLIC_URL"].presence
      field :droneci_enabled, type: :boolean,
        default: ENV["DRONECI_PUBLIC_URL"].present?
    end
  end
 end
--- a/app/models/concerns/settings/ejabberd_settings.rb
+++ b/app/models/concerns/settings/ejabberd_settings.rb
@@ -1,19 +0,0 @@
 module Settings
  module EjabberdSettings
    extend ActiveSupport::Concern
    included do
      field :ejabberd_enabled, type: :boolean,
        default: ENV["EJABBERD_API_URL"].present?
      field :ejabberd_api_url, type: :string,
        default: ENV["EJABBERD_API_URL"].presence
      field :ejabberd_admin_url, type: :string,
        default: ENV["EJABBERD_ADMIN_URL"].presence
      field :ejabberd_buddy_roster, type: :string,
        default: "Buddies"
    end
  end
 end
--- a/app/models/concerns/settings/email_settings.rb
+++ b/app/models/concerns/settings/email_settings.rb
@@ -1,28 +0,0 @@
 module Settings
  module EmailSettings
    extend ActiveSupport::Concern
    included do
      field :email_enabled, type: :boolean,
        default: ENV["EMAIL_SMTP_HOST"].present?
      # field :email_smtp_host, type: :string,
      #   default: ENV["EMAIL_SMTP_HOST"].presence
      #
      # field :email_smtp_port, type: :string,
      #   default: ENV["EMAIL_SMTP_PORT"].presence || 587
      #
      # field :email_smtp_enable_starttls, type: :string,
      #   default: ENV["EMAIL_SMTP_PORT"].presence || true
      #
      # field :email_auth_method, type: :string,
      #   default: ENV["EMAIL_AUTH_METHOD"].presence || "plain"
      #
      # field :email_imap_host, type: :string,
      #   default: ENV["EMAIL_IMAP_HOST"].presence
      #
      # field :email_imap_port, type: :string,
      #   default: ENV["EMAIL_IMAP_PORT"].presence || 993
    end
  end
 end
--- a/app/models/concerns/settings/general_settings.rb
+++ b/app/models/concerns/settings/general_settings.rb
@@ -1,34 +0,0 @@
 module Settings
  module GeneralSettings
    extend ActiveSupport::Concern
    included do
      field :primary_domain, type: :string,
        default: ENV["PRIMARY_DOMAIN"].presence
      field :accounts_domain, type: :string,
        default: ENV["AKKOUNTS_DOMAIN"].presence
      #
      # Internal services
      #
      field :redis_url, type: :string,
        default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
      field :s3_enabled, type: :boolean,
        default: ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false"
      field :sentry_enabled, type: :boolean, readonly: true,
        default: ENV["SENTRY_DSN"].present?
      #
      # Registrations
      #
      field :reserved_usernames, type: :array, default: %w[
        account accounts donations mail webmaster support
      ]
    end
  end
 end
--- a/app/models/concerns/settings/gitea_settings.rb
+++ b/app/models/concerns/settings/gitea_settings.rb
@@ -1,13 +0,0 @@
 module Settings
  module GiteaSettings
    extend ActiveSupport::Concern
    included do
      field :gitea_public_url, type: :string,
        default: ENV["GITEA_PUBLIC_URL"].presence
      field :gitea_enabled, type: :boolean,
        default: ENV["GITEA_PUBLIC_URL"].present?
    end
  end
 end
--- a/app/models/concerns/settings/lightning_network_settings.rb
+++ b/app/models/concerns/settings/lightning_network_settings.rb
@@ -1,25 +0,0 @@
 module Settings
  module LightningNetworkSettings
    extend ActiveSupport::Concern
    included do
      field :lndhub_api_url, type: :string,
        default: ENV["LNDHUB_API_URL"].presence
      field :lndhub_enabled, type: :boolean,
        default: ENV["LNDHUB_API_URL"].present?
      field :lndhub_admin_token, type: :string,
        default: ENV["LNDHUB_ADMIN_TOKEN"].presence
      field :lndhub_admin_enabled, type: :boolean,
        default: ENV["LNDHUB_ADMIN_UI"] || false
      field :lndhub_public_key, type: :string,
        default: (ENV["LNDHUB_PUBLIC_KEY"] || "")
      field :lndhub_keysend_enabled, type: :boolean,
        default: -> { self.lndhub_public_key.present? }
    end
  end
 end
--- a/app/models/concerns/settings/mastodon_settings.rb
+++ b/app/models/concerns/settings/mastodon_settings.rb
@@ -1,19 +0,0 @@
 module Settings
  module MastodonSettings
    extend ActiveSupport::Concern
    included do
      field :mastodon_public_url, type: :string,
        default: ENV["MASTODON_PUBLIC_URL"].presence
      field :mastodon_enabled, type: :boolean,
        default: ENV["MASTODON_PUBLIC_URL"].present?
      field :mastodon_address_domain, type: :string,
        default: ENV["MASTODON_ADDRESS_DOMAIN"].presence || self.primary_domain
      field :mastodon_auth_token, type: :string,
        default: ENV["MASTODON_AUTH_TOKEN"].presence
    end
  end
 end
--- a/app/models/concerns/settings/media_wiki_settings.rb
+++ b/app/models/concerns/settings/media_wiki_settings.rb
@@ -1,13 +0,0 @@
 module Settings
  module MediaWikiSettings
    extend ActiveSupport::Concern
    included do
      field :mediawiki_public_url, type: :string,
        default: ENV["MEDIAWIKI_PUBLIC_URL"].presence
      field :mediawiki_enabled, type: :boolean,
        default: ENV["MEDIAWIKI_PUBLIC_URL"].present?
    end
  end
 end
--- a/app/models/concerns/settings/membership_settings.rb
+++ b/app/models/concerns/settings/membership_settings.rb
@@ -1,18 +0,0 @@
 module Settings
  module MembershipSettings
    extend ActiveSupport::Concern
    included do
      field :member_status_contributor, type: :string,
        default: "Contributor"
      field :member_status_sustainer, type: :string,
        default: "Sustainer"
      # Admin panel
      field :user_index_show_contributors, type: :boolean,
        default: false
      field :user_index_show_sustainers, type: :boolean,
        default: false
    end
  end
 end
--- a/app/models/concerns/settings/nostr_settings.rb
+++ b/app/models/concerns/settings/nostr_settings.rb
@@ -1,25 +0,0 @@
 module Settings
  module NostrSettings
    extend ActiveSupport::Concern
    included do
      field :nostr_enabled, type: :boolean,
        default: ENV["NOSTR_PRIVATE_KEY"].present?
      field :nostr_private_key, type: :string,
        default: ENV["NOSTR_PRIVATE_KEY"].presence
      field :nostr_public_key, type: :string,
        default: ENV["NOSTR_PUBLIC_KEY"].presence
      field :nostr_public_key_primary_domain, type: :string,
        default: ENV["NOSTR_PUBLIC_KEY_PRIMARY_DOMAIN"].presence
      field :nostr_relay_url, type: :string,
        default: ENV["NOSTR_RELAY_URL"].presence
      field :nostr_zaps_relay_limit, type: :integer,
        default: 12
    end
  end
 end
--- a/app/models/concerns/settings/open_collective_settings.rb
+++ b/app/models/concerns/settings/open_collective_settings.rb
@@ -1,9 +0,0 @@
 module Settings
  module OpenCollectiveSettings
    extend ActiveSupport::Concern
    included do
      field :opencollective_enabled, type: :boolean, default: true
    end
  end
 end
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Râu Cao	f57fff0087	Send email confirmation when BTC payment is confirmed All checks were successful continuous-integration/drone/push Build is passing Details	2024-02-22 15:20:17 +01:00
Râu Cao	18ff3d3f0d	Implement bitcoin donations via BTCPay	2024-02-22 15:19:27 +01:00
Râu Cao	1b3ac90ddd	Allow other controllers to access lndhub user balance	2024-02-22 15:19:27 +01:00
Râu Cao	5db0ee6658	DRY up btcpay and lndhub services Removing initialize methods from the main/manager class also allows for different iniitalizers in specific task services	2024-02-22 15:19:27 +01:00
Râu Cao	da31a027c5	Move past donations to partial	2024-02-22 15:19:27 +01:00