From ffd87988c828f396936f58a96ee6a6137b0652d6 Mon Sep 17 00:00:00 2001
From: Erfan Besharat <erbesharat@gmail.com>
Date: Thu, 8 Jul 2021 19:17:40 +0430
Subject: [PATCH 01/14] Add new CLI Dockerfile

---
 Dockerfile | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 90e3aef2..78ea8060 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,29 +1,19 @@
-FROM node:12.18.0-alpine3.9
+FROM node:lts-alpine
+
+EXPOSE 9835
+
+VOLUME [ "/lnd", "/data" ]
 
 WORKDIR /usr/src/app
 
+RUN apk update && apk upgrade && \
+    apk add --no-cache bash git openssh
 
 ADD ./package.json /usr/src/app/package.json
 ADD ./yarn.lock /usr/src/app/yarn.lock
-#RUN useradd app && \
-#    mkdir -p /home/app/.lnd
-RUN apk update && apk upgrade && \
-    apk add --no-cache bash git openssh
-RUN yarn install
+
+RUN yarn
 
 ADD . /usr/src/app
-RUN ls /usr/src/app
 
-RUN chmod +x ./docker-start.sh
-#ADD ./tls.cert /usr/src/app/tls.cert
-#ADD ./admin.macaroon /usr/src/app/admin.macaroon
-
-# && \
-#    chown -R app:app /home/app && \
-#    chown -R app:app /usr/src/app && \
-#    chown -R app:app /start.sh
-
-#ARG lnd_address
-#ENV LND_ADDR=$lnd_address
-EXPOSE 9835
-CMD ["./docker-start.sh"]
\ No newline at end of file
+ENTRYPOINT [ "node", "main.js" ]
\ No newline at end of file

From 3d1ea17230b0b50e9dc32d36154401411c1b1927 Mon Sep 17 00:00:00 2001
From: Erfan Besharat <erbesharat@gmail.com>
Date: Thu, 8 Jul 2021 19:44:33 +0430
Subject: [PATCH 02/14] Add Docker usage to README

---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
index 15388634..eeccaff3 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,12 @@ This is an alpha release of the Shockwallet backend service, providing a wrapper
 
 Run this service on your Lightning node and connect with a mobile device or desktop browser.
 
+---
+- [Easy Installation](#easy-installation)
+- [Manual Installation](#manual-installation)
+- [Docker Usage](#docker-usage)
+- [Docker for Raspberry Pi](#docker-for-raspberry-pi)
+---
 ### Easy Installation
 
 For easy setup on your Laptop/Desktop, [a node wizard is available here.](https://github.com/shocknet/wizard)
@@ -47,6 +53,18 @@ yarn install
 
 *Optionally, add the `-t` flag to route through a tunnel.rip webserver for zero-configuration networking. All communication between the api and wallet is end-to-end encrypted and your privacy is protected.*
 
+### Docker Usage
+To run ShockAPI in a fully isolated environment you can use the Docker image
+provided on the Docker Hub and easily interact with API's CLI interface and flags.
+
+Example of listing available configuration flags:
+```
+docker run --rm shockwallet/api:latest --help
+```
+Example of running an local instance:
+```
+docker run shockwallet/api:latest -h 0.0.0.0 -c
+```
 
 ### Docker for Raspberry Pi
 

From 331676863209d2b98d01ceb563cdf48eb4b908fb Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:15:21 -0400
Subject: [PATCH 03/14] Update README.md

---
 README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README.md b/README.md
index eeccaff3..8d21a294 100644
--- a/README.md
+++ b/README.md
@@ -69,3 +69,19 @@ docker run shockwallet/api:latest -h 0.0.0.0 -c
 ### Docker for Raspberry Pi
 
 * [Instructions](https://gist.github.com/boufni95/3f4e1f19cf9525c3b7741b7a29f122bc)
+
+
+### Node Security 
+
+Shockwallet authenticates to the API with the keys of the `GUN` user. Where the API itself typically has full macaroon access to LND, we've implemented an extra security measure at user enrollment to whitelist these keys and prevent rogue authentication.
+
+If installing the ShockAPI onto a pre-existing LND node instance, the decryption passphrase must be proven at user enrollment. This requires LND to be in a locked state when creating the user, and the `GUN` password to be synchronized with the LND decryption phrase. 
+
+The API will verify the defined `GUN` password unlocks LND before completing enrollment, and can thus be used in the future to directly unlock LND from Shockwallet. This will restrict authentication to the API to only this `GUN` key, to change or add alternative user will require repeating this **"lock and enroll"** process.
+
+There are advanced or testing scenarios where you may wish to bypass this sync and whitelist mechanism, to do so pass the env `TRUSTED_KEYS=false`
+
+_New LND nodes will automatically use the `GUN` user password as their decryption phrase upon creation._
+
+
+

From 2eed8a7ab74592d3363b6bcdcf9f01616ebcdeee Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:22:08 -0400
Subject: [PATCH 04/14] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8d21a294..202ec967 100644
--- a/README.md
+++ b/README.md
@@ -83,5 +83,5 @@ There are advanced or testing scenarios where you may wish to bypass this sync a
 
 _New LND nodes will automatically use the `GUN` user password as their decryption phrase upon creation._
 
-
+All communication between the wallet and API is end-to-end encryption regardless of whether or not SSL is used, though an SSL equipped reverse proxy is recommended for better usability with the wallet PWA. Running with `-t` enables the built-in SSL tunnel provider for ease of use and zero-configuratin networking.
 

From a7e181e610cdc88553b7e136e9bf55d6e9a8bff0 Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:22:43 -0400
Subject: [PATCH 05/14] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 202ec967..ab3d9aff 100644
--- a/README.md
+++ b/README.md
@@ -83,5 +83,5 @@ There are advanced or testing scenarios where you may wish to bypass this sync a
 
 _New LND nodes will automatically use the `GUN` user password as their decryption phrase upon creation._
 
-All communication between the wallet and API is end-to-end encryption regardless of whether or not SSL is used, though an SSL equipped reverse proxy is recommended for better usability with the wallet PWA. Running with `-t` enables the built-in SSL tunnel provider for ease of use and zero-configuratin networking.
+All communication between the wallet and API is end-to-end encryption regardless of whether or not SSL is used, though an SSL equipped reverse proxy is recommended for better usability with the wallet PWA. Running with `-t` enables the built-in SSL tunnel provider for ease of use and zero-configuration networking.
 

From c639c21cb36a86f23b1acd0d0e3e5bbdca88f5c1 Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:23:00 -0400
Subject: [PATCH 06/14] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ab3d9aff..bdfde36c 100644
--- a/README.md
+++ b/README.md
@@ -83,5 +83,5 @@ There are advanced or testing scenarios where you may wish to bypass this sync a
 
 _New LND nodes will automatically use the `GUN` user password as their decryption phrase upon creation._
 
-All communication between the wallet and API is end-to-end encryption regardless of whether or not SSL is used, though an SSL equipped reverse proxy is recommended for better usability with the wallet PWA. Running with `-t` enables the built-in SSL tunnel provider for ease of use and zero-configuration networking.
+All communication between the wallet and API is end-to-end encrypted regardless of whether or not SSL is used, though an SSL equipped reverse proxy is recommended for better usability with the wallet PWA. Running with `-t` enables the built-in SSL tunnel provider for ease of use and zero-configuration networking.
 

From 919b87a19884f0f1f1625678e2edeb20007b3abd Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:29:44 -0400
Subject: [PATCH 07/14] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index bdfde36c..b5901853 100644
--- a/README.md
+++ b/README.md
@@ -77,7 +77,7 @@ Shockwallet authenticates to the API with the keys of the `GUN` user. Where the
 
 If installing the ShockAPI onto a pre-existing LND node instance, the decryption passphrase must be proven at user enrollment. This requires LND to be in a locked state when creating the user, and the `GUN` password to be synchronized with the LND decryption phrase. 
 
-The API will verify the defined `GUN` password unlocks LND before completing enrollment, and can thus be used in the future to directly unlock LND from Shockwallet. This will restrict authentication to the API to only this `GUN` key, to change or add alternative user will require repeating this **"lock and enroll"** process.
+The API will verify the defined `GUN` password unlocks LND before completing enrollment, and can thus be used in the future to directly unlock LND from Shockwallet. This will restrict authentication to only this `GUN` key. Changing or adding alternative users will require repeating this **"lock and enroll"** process.
 
 There are advanced or testing scenarios where you may wish to bypass this sync and whitelist mechanism, to do so pass the env `TRUSTED_KEYS=false`
 

From 3c65893d3303ae42e1762aac2ebc3f5b70b50dae Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:32:15 -0400
Subject: [PATCH 08/14] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b5901853..80bc8bdc 100644
--- a/README.md
+++ b/README.md
@@ -83,5 +83,5 @@ There are advanced or testing scenarios where you may wish to bypass this sync a
 
 _New LND nodes will automatically use the `GUN` user password as their decryption phrase upon creation._
 
-All communication between the wallet and API is end-to-end encrypted regardless of whether or not SSL is used, though an SSL equipped reverse proxy is recommended for better usability with the wallet PWA. Running with `-t` enables the built-in SSL tunnel provider for ease of use and zero-configuration networking.
+Communication between the wallet and API is encrypted regardless of whether or not SSL is used, though an SSL equipped reverse proxy is recommended for better usability with the wallet PWA. Running with `-t` enables the built-in SSL tunnel provider for ease of use and zero-configuration networking.
 

From b9be81e2ac373913d903eb85e475cad33f378434 Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:37:24 -0400
Subject: [PATCH 09/14] Update README.md

---
 README.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 80bc8bdc..f6e62eb9 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,8 @@ Run this service on your Lightning node and connect with a mobile device or desk
 - [Easy Installation](#easy-installation)
 - [Manual Installation](#manual-installation)
 - [Docker Usage](#docker-usage)
-- [Docker for Raspberry Pi](#docker-for-raspberry-pi)
+- [Node Security](#node-security)
+<!--- - [Docker for Raspberry Pi](#docker-for-raspberry-pi) -->
 ---
 ### Easy Installation
 
@@ -65,11 +66,11 @@ Example of running an local instance:
 ```
 docker run shockwallet/api:latest -h 0.0.0.0 -c
 ```
-
+<!---
 ### Docker for Raspberry Pi
 
 * [Instructions](https://gist.github.com/boufni95/3f4e1f19cf9525c3b7741b7a29f122bc)
-
+-->
 
 ### Node Security 
 

From 200a5bdca38b58eeac907725815e96ff8280b58f Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:39:14 -0400
Subject: [PATCH 10/14] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f6e62eb9..1cec1062 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ yarn install
 3) Run with `yarn start`
 4) Connect with Shockwallet *(Provide your nodes IP manually or scan QR from ShockWizard)*
 
-*Optionally, add the `-t` flag to route through a tunnel.rip webserver for zero-configuration networking. All communication between the api and wallet is end-to-end encrypted and your privacy is protected.*
+*Recommended: add the `-t` flag to route through a tunnel.rip webserver for zero-configuration networking. All communication between the api and wallet is end-to-end encrypted and your privacy is protected.*
 
 ### Docker Usage
 To run ShockAPI in a fully isolated environment you can use the Docker image

From fc0c194d4a4cebb9b828a6847a9933c6573decfe Mon Sep 17 00:00:00 2001
From: CapDog <34176400+capitalistdog@users.noreply.github.com>
Date: Thu, 8 Jul 2021 12:42:01 -0400
Subject: [PATCH 11/14] Update README.md

---
 README.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 1cec1062..d4206e57 100644
--- a/README.md
+++ b/README.md
@@ -49,10 +49,9 @@ cd api
 yarn install
 ```
 
-3) Run with `yarn start`
-4) Connect with Shockwallet *(Provide your nodes IP manually or scan QR from ShockWizard)*
+3) Run with `yarn start -t` *(`-t` is recommended but [not required](#node-security))*
+4) Connect with Shockwallet
 
-*Recommended: add the `-t` flag to route through a tunnel.rip webserver for zero-configuration networking. All communication between the api and wallet is end-to-end encrypted and your privacy is protected.*
 
 ### Docker Usage
 To run ShockAPI in a fully isolated environment you can use the Docker image

From c49a727739f69e722a186eb8cd537107a900fd2d Mon Sep 17 00:00:00 2001
From: hatim boufnichel <boufni95@gmail.com>
Date: Fri, 9 Jul 2021 19:49:36 +0200
Subject: [PATCH 12/14] tips overlay security

---
 services/gunDB/contact-api/jobs/onOrders.js |  2 +-
 services/tipsCallback.js                    | 15 ++++++++++-
 src/index.html                              |  8 +++---
 src/routes.js                               | 30 ++++++++++++++++++---
 src/sockets.js                              |  9 ++++---
 utils/index.js                              |  2 +-
 6 files changed, 52 insertions(+), 14 deletions(-)

diff --git a/services/gunDB/contact-api/jobs/onOrders.js b/services/gunDB/contact-api/jobs/onOrders.js
index c7d90c24..168758e2 100644
--- a/services/gunDB/contact-api/jobs/onOrders.js
+++ b/services/gunDB/contact-api/jobs/onOrders.js
@@ -286,7 +286,7 @@ const listenerForAddr = (addr, SEA) => async (order, orderID) => {
           TipForwarder.notifySocketIfAny(
             postID,
             order.from,
-            'TIPPED YOU',
+            paidInvoice.memo || 'TIPPED YOU',
             amt + ' sats'
           )
           const ackData = { tippedPost: postID }
diff --git a/services/tipsCallback.js b/services/tipsCallback.js
index fca084a7..36d19815 100644
--- a/services/tipsCallback.js
+++ b/services/tipsCallback.js
@@ -1,8 +1,21 @@
 //@ts-nocheck TODO- fix types
+const { gunUUID } = require("../utils")
 class TipsCB {
     listeners = {}
 
-    addSocket(postID,socket){
+    postsEnabled = {}
+    
+    enablePostNotifications(postID){
+        const accessId = gunUUID()
+        this.postsEnabled[accessId] = postID
+        return accessId
+    }
+
+    addSocket(accessId,socket){
+        if(!this.postsEnabled[accessId]){
+            return "invalid access id"
+        }
+        const postID = this.postsEnabled[accessId]
         console.log("subbing new socket for post: "+postID)
         
         if(!this.listeners[postID]){
diff --git a/src/index.html b/src/index.html
index d376198f..ccd50270 100644
--- a/src/index.html
+++ b/src/index.html
@@ -51,8 +51,8 @@
 </head>
 <body>
     <div class="main">
-        <div class="content hide">
-            <p id="content-name">fdsigfudfsbigbfduigbdfb</p>
+        <div class="content">
+            <p id="content-name">some random name i dont know</p>
             <p id="content-message">JUST TIPPED YOU!</p>
             <p id="content-amount">100sats</p>
         </div>
@@ -61,9 +61,9 @@
     console.log(location.origin)
     const queryString = window.location.search;
     const urlParams = new URLSearchParams(queryString);
-    const postID = urlParams.get("postID")
+    const accessId = urlParams.get("accessId")
     var socket = io(`${location.origin}/streams`);
-    socket.emit("postID",postID)
+    socket.emit("accessId",accessId)
     let latestTimeout = null
     socket.on("update",(update)=>{
         const name = document.querySelector("#content-name")
diff --git a/src/routes.js b/src/routes.js
index 492087bd..77696517 100644
--- a/src/routes.js
+++ b/src/routes.js
@@ -37,6 +37,7 @@ const GunWriteRPC = require('../services/gunDB/rpc')
 const Key = require('../services/gunDB/contact-api/key')
 const { startedStream, endStream } = require('../services/streams')
 const channelRequest = require('../utils/lightningServices/channelRequests')
+const TipsForwarder = require('../services/tipsCallback')
 
 const DEFAULT_MAX_NUM_ROUTES_TO_QUERY = 10
 const SESSION_ID = uuid()
@@ -2291,11 +2292,20 @@ module.exports = async (
 
   app.post(`/api/gun/wall/`, async (req, res) => {
     try {
-      const { tags, title, contentItems } = req.body
+      const { tags, title, contentItems, enableTipsOverlay } = req.body
       const SEA = require('../services/gunDB/Mediator').mySEA
-      return res
-        .status(200)
-        .json(await GunActions.createPostNew(tags, title, contentItems, SEA))
+      const postRes = await GunActions.createPostNew(
+        tags,
+        title,
+        contentItems,
+        SEA
+      )
+      if (enableTipsOverlay) {
+        const [postID] = postRes
+        const accessId = TipsForwarder.enablePostNotifications(postID)
+        return res.status(200).json([...postRes, accessId])
+      }
+      return res.status(200).json(postRes)
     } catch (e) {
       console.log(e)
       return res.status(500).json({
@@ -3348,6 +3358,18 @@ module.exports = async (
   ap.get('/api/subscribeStream', (req, res) => {
     res.sendFile(path.join(__dirname, '/index.html'))
   })
+  ap.post('/api/enableNotificationsOverlay', (req, res) => {
+    const { postID } = req.body
+    if (!postID) {
+      return res.status(400).json({
+        errorMessage: 'no post id provided'
+      })
+    }
+    const accessId = TipsForwarder.enablePostNotifications(postID)
+    res.json({
+      accessId
+    })
+  })
   //this is for wasLive/isLive status
   ap.post('/api/listenStream', (req, res) => {
     try {
diff --git a/src/sockets.js b/src/sockets.js
index 16838705..9273d1a5 100644
--- a/src/sockets.js
+++ b/src/sockets.js
@@ -186,10 +186,13 @@ module.exports = (
 
   io.of('streams').on('connect', socket => {
     console.log('a user connected')
-    socket.on('postID', postID => {
-      TipsForwarder.addSocket(postID, socket)
+    socket.on('accessId', accessId => {
+      const err = TipsForwarder.addSocket(accessId, socket)
+      if (err) {
+        console.log('err invalid socket for tips notifications ' + err)
+        socket.disconnect(true)
+      }
     })
   })
-
   return io
 }
diff --git a/utils/index.js b/utils/index.js
index 516d762a..09549b5d 100644
--- a/utils/index.js
+++ b/utils/index.js
@@ -10,7 +10,7 @@ const { asyncFilter } = require('./helpers')
  */
 const gunUUID = () => {
   // @ts-expect-error Not typed
-  const uuid = Gun.Text.random()
+  const uuid = Gun.text.random()
 
   return uuid
 }

From 5402de99677a6b0d8b6d22c963078fcaa63f45ec Mon Sep 17 00:00:00 2001
From: hatim boufnichel <boufni95@gmail.com>
Date: Sat, 10 Jul 2021 18:51:56 +0200
Subject: [PATCH 13/14] overlay eD integration

---
 src/index.html | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/index.html b/src/index.html
index ccd50270..d3d5daed 100644
--- a/src/index.html
+++ b/src/index.html
@@ -48,22 +48,33 @@
         }
     </style>
     <script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.js" integrity="sha512-q/dWJ3kcmjBLU4Qc47E4A9kTB4m3wuTY7vkFJDTZKjTs8jhyGQnaUrxa0Ytd0ssMZhbNua9hE+E7Qv1j+DyZwA==" crossorigin="anonymous"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.1.3/socket.io.msgpack.min.js" crossorigin="anonymous"></script>
 </head>
 <body>
     <div class="main">
-        <div class="content">
+        <div class="content hide">
             <p id="content-name">some random name i dont know</p>
             <p id="content-message">JUST TIPPED YOU!</p>
             <p id="content-amount">100sats</p>
         </div>
     </div>
     <script>
-    console.log(location.origin)
     const queryString = window.location.search;
     const urlParams = new URLSearchParams(queryString);
     const accessId = urlParams.get("accessId")
-    var socket = io(`${location.origin}/streams`);
-    socket.emit("accessId",accessId)
+    const relayId = urlParams.get("x-shock-hybrid-relay-id-x")
+    
+    const socketSetting = {
+        reconnection: true,
+        rejectUnauthorized: false,
+        withCredentials: true,
+        transports: ["websocket"]
+    }
+    var socket = io(`${location.origin}/streams`,socketSetting);
+    socket.emit('hybridRelayId',{id:relayId})
+    socket.on("connect", () => {
+        setTimeout(()=>{socket.emit("accessId",accessId)},500)
+    })
     let latestTimeout = null
     socket.on("update",(update)=>{
         const name = document.querySelector("#content-name")

From d216b589b802fda5dae3ed3b4b7f3a77be84d2f4 Mon Sep 17 00:00:00 2001
From: Version Update Action <actions@shock.network>
Date: Sat, 10 Jul 2021 16:57:59 +0000
Subject: [PATCH 14/14] version upgraded to 2021.07.10

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 962977ac..319298df 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "shockapi",
-  "version": "2021.6.28",
+  "version": "2021.07.10",
   "description": "",
   "main": "src/server.js",
   "scripts": {