diff --git a/Dockerfile b/Dockerfile
index 90e3aef2..78ea8060 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,29 +1,19 @@
-FROM node:12.18.0-alpine3.9
+FROM node:lts-alpine
+
+EXPOSE 9835
+
+VOLUME [ "/lnd", "/data" ]
WORKDIR /usr/src/app
+RUN apk update && apk upgrade && \
+ apk add --no-cache bash git openssh
ADD ./package.json /usr/src/app/package.json
ADD ./yarn.lock /usr/src/app/yarn.lock
-#RUN useradd app && \
-# mkdir -p /home/app/.lnd
-RUN apk update && apk upgrade && \
- apk add --no-cache bash git openssh
-RUN yarn install
+
+RUN yarn
ADD . /usr/src/app
-RUN ls /usr/src/app
-RUN chmod +x ./docker-start.sh
-#ADD ./tls.cert /usr/src/app/tls.cert
-#ADD ./admin.macaroon /usr/src/app/admin.macaroon
-
-# && \
-# chown -R app:app /home/app && \
-# chown -R app:app /usr/src/app && \
-# chown -R app:app /start.sh
-
-#ARG lnd_address
-#ENV LND_ADDR=$lnd_address
-EXPOSE 9835
-CMD ["./docker-start.sh"]
\ No newline at end of file
+ENTRYPOINT [ "node", "main.js" ]
\ No newline at end of file
diff --git a/README.md b/README.md
index 15388634..d4206e57 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,13 @@ This is an alpha release of the Shockwallet backend service, providing a wrapper
Run this service on your Lightning node and connect with a mobile device or desktop browser.
+---
+- [Easy Installation](#easy-installation)
+- [Manual Installation](#manual-installation)
+- [Docker Usage](#docker-usage)
+- [Node Security](#node-security)
+
+---
### Easy Installation
For easy setup on your Laptop/Desktop, [a node wizard is available here.](https://github.com/shocknet/wizard)
@@ -42,12 +49,39 @@ cd api
yarn install
```
-3) Run with `yarn start`
-4) Connect with Shockwallet *(Provide your nodes IP manually or scan QR from ShockWizard)*
-
-*Optionally, add the `-t` flag to route through a tunnel.rip webserver for zero-configuration networking. All communication between the api and wallet is end-to-end encrypted and your privacy is protected.*
+3) Run with `yarn start -t` *(`-t` is recommended but [not required](#node-security))*
+4) Connect with Shockwallet
+### Docker Usage
+To run ShockAPI in a fully isolated environment you can use the Docker image
+provided on the Docker Hub and easily interact with API's CLI interface and flags.
+
+Example of listing available configuration flags:
+```
+docker run --rm shockwallet/api:latest --help
+```
+Example of running an local instance:
+```
+docker run shockwallet/api:latest -h 0.0.0.0 -c
+```
+
+
+### Node Security
+
+Shockwallet authenticates to the API with the keys of the `GUN` user. Where the API itself typically has full macaroon access to LND, we've implemented an extra security measure at user enrollment to whitelist these keys and prevent rogue authentication.
+
+If installing the ShockAPI onto a pre-existing LND node instance, the decryption passphrase must be proven at user enrollment. This requires LND to be in a locked state when creating the user, and the `GUN` password to be synchronized with the LND decryption phrase.
+
+The API will verify the defined `GUN` password unlocks LND before completing enrollment, and can thus be used in the future to directly unlock LND from Shockwallet. This will restrict authentication to only this `GUN` key. Changing or adding alternative users will require repeating this **"lock and enroll"** process.
+
+There are advanced or testing scenarios where you may wish to bypass this sync and whitelist mechanism, to do so pass the env `TRUSTED_KEYS=false`
+
+_New LND nodes will automatically use the `GUN` user password as their decryption phrase upon creation._
+
+Communication between the wallet and API is encrypted regardless of whether or not SSL is used, though an SSL equipped reverse proxy is recommended for better usability with the wallet PWA. Running with `-t` enables the built-in SSL tunnel provider for ease of use and zero-configuration networking.
+
diff --git a/package.json b/package.json
index 962977ac..319298df 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "shockapi",
- "version": "2021.6.28",
+ "version": "2021.07.10",
"description": "",
"main": "src/server.js",
"scripts": {
diff --git a/services/gunDB/contact-api/jobs/onOrders.js b/services/gunDB/contact-api/jobs/onOrders.js
index c7d90c24..168758e2 100644
--- a/services/gunDB/contact-api/jobs/onOrders.js
+++ b/services/gunDB/contact-api/jobs/onOrders.js
@@ -286,7 +286,7 @@ const listenerForAddr = (addr, SEA) => async (order, orderID) => {
TipForwarder.notifySocketIfAny(
postID,
order.from,
- 'TIPPED YOU',
+ paidInvoice.memo || 'TIPPED YOU',
amt + ' sats'
)
const ackData = { tippedPost: postID }
diff --git a/services/tipsCallback.js b/services/tipsCallback.js
index fca084a7..36d19815 100644
--- a/services/tipsCallback.js
+++ b/services/tipsCallback.js
@@ -1,8 +1,21 @@
//@ts-nocheck TODO- fix types
+const { gunUUID } = require("../utils")
class TipsCB {
listeners = {}
- addSocket(postID,socket){
+ postsEnabled = {}
+
+ enablePostNotifications(postID){
+ const accessId = gunUUID()
+ this.postsEnabled[accessId] = postID
+ return accessId
+ }
+
+ addSocket(accessId,socket){
+ if(!this.postsEnabled[accessId]){
+ return "invalid access id"
+ }
+ const postID = this.postsEnabled[accessId]
console.log("subbing new socket for post: "+postID)
if(!this.listeners[postID]){
diff --git a/src/index.html b/src/index.html
index d376198f..d3d5daed 100644
--- a/src/index.html
+++ b/src/index.html
@@ -48,22 +48,33 @@
}
+