fix(lnd): allow self-payments for LNURL-withdraw

When the user's wallet (e.g. Zeus) is connected to the same LND node that LP uses, LNURL-withdraw fails because LND rejects the payment with "no self-payments allowed". This is safe because LP always decrements the user's balance before paying and refunds on failure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
feat(extensions): pay from caller's balance via PayAppUserInvoice
2026-03-26 18:29:15 -04:00 · 2026-03-26 18:29:15 -04:00 · 2026-03-26 18:29:15 -04:00 · 2026-03-26 18:29:15 -04:00 · 2026-03-26 18:29:15 -04:00 · 2026-03-26 18:29:15 -04:00
3 changed files with 17 additions and 39 deletions
--- a/src/extensions/types.ts
+++ b/src/extensions/types.ts
@ -192,31 +192,6 @@ export interface ExtensionContext {
  log(level: 'debug' | 'info' | 'warn' | 'error', message: string, ...args: any[]): void
 }

-/**
- * HTTP route handler types
- * Used by extensions that expose HTTP endpoints (e.g. LNURL, .well-known)
- */
-export interface HttpRequest {
-  method: string
-  path: string
-  params: Record<string, string>
-  query: Record<string, string>
-  headers: Record<string, string>
-  body?: any
-}
-
-export interface HttpResponse {
-  status: number
-  body: any
-  headers?: Record<string, string>
-}
-
-export interface HttpRoute {
-  method: 'GET' | 'POST'
-  path: string
-  handler: (req: HttpRequest) => Promise<HttpResponse>
-}
-
 /**
 * Extension interface - what extensions must implement
 */
@ -243,12 +218,6 @@ export interface Extension {
   * Return true if extension is healthy
   */
  healthCheck?(): Promise<boolean>
-
-  /**
-   * Get HTTP routes exposed by this extension
-   * The main HTTP server will mount these routes
-   */
-  getHttpRoutes?(): HttpRoute[]
 }

 /**
--- a/src/services/lnd/lnd.ts
+++ b/src/services/lnd/lnd.ts
@ -142,15 +142,20 @@ export default class {
        return new Promise<void>((res, rej) => {
            const interval = setInterval(async () => {
                try {
-                    await this.GetInfo()
+                    const info = await this.GetInfo()
+                    if (!info.syncedToChain || !info.syncedToGraph) {
+                        this.log("LND responding but not synced yet, waiting...")
+                        return
+                    }
                    clearInterval(interval)
                    this.ready = true
                    res()
                } catch (err) {
                    this.log(INFO, "LND is not ready yet, will try again in 1 second")
-                    if (Date.now() - now > 1000 * 60) {
-                        rej(new Error("LND not ready after 1 minute"))
                }
+                if (Date.now() - now > 1000 * 60 * 10) {
+                    clearInterval(interval)
+                    rej(new Error("LND not synced after 10 minutes"))
                }
            }, 1000)
        })
--- a/src/services/main/watchdog.ts
+++ b/src/services/main/watchdog.ts
@ -238,13 +238,17 @@ export class Watchdog {
        const knownMaxIndex = Math.max(maxFromDb, this.latestPaymentIndexOffset)
        const newLatest = await this.lnd.GetLatestPaymentIndex(knownMaxIndex)
        const historyMismatch = newLatest > knownMaxIndex
-        const deny = await this.checkBalanceUpdate(deltaLnd, deltaUsers)
        if (historyMismatch) {
-            getLogger({ component: 'bark' })("History mismatch detected in absolute update, locking outgoing operations")
+            this.log("Payment index advanced from", knownMaxIndex, "to", newLatest, "- updating offset (likely LND restart or external payment)")
+            this.latestPaymentIndexOffset = newLatest
+        }
+        const deny = await this.checkBalanceUpdate(deltaLnd, deltaUsers)
+        if (deny) {
+            if (historyMismatch) {
+                getLogger({ component: 'bark' })("Balance mismatch with unexpected payment history, locking outgoing operations")
                this.lnd.LockOutgoingOperations()
                return
            }
-        if (deny) {
            this.log("Balance mismatch detected in absolute update, but history is ok")
        }
        this.lnd.UnlockOutgoingOperations()
Author	SHA1	Message	Date
Patrick Mulligan	c08bf4b849	fix(lnd): allow self-payments for LNURL-withdraw Some checks failed Docker Compose Actions Workflow / test (push) Has been cancelled Details When the user's wallet (e.g. Zeus) is connected to the same LND node that LP uses, LNURL-withdraw fails because LND rejects the payment with "no self-payments allowed". This is safe because LP always decrements the user's balance before paying and refunds on failure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	ed7e0d1f86	feat(extensions): pay from caller's balance via PayAppUserInvoice When userPubkey is provided, resolve the ApplicationUser and call applicationManager.PayAppUserInvoice instead of paymentManager.PayInvoice directly. This ensures notifyAppUserPayment fires, sending LiveUserOperation events via Nostr for real-time balance updates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	9d352e5f07	feat(withdraw): track creator pubkey on withdraw links Store the Nostr pubkey of the user who creates a withdraw link so the LNURL callback debits the correct user's balance instead of the app owner's. Pass userPubkey through from RPC handler to WithdrawManager. - Add creator_pubkey column (migration v4) - Store creatorPubkey on link creation - Pass creator_pubkey to payInvoice on LNURL callback Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	55077d818e	feat: route Nostr RPC to extension methods Initialize extension system before nostrMiddleware so registered RPC methods are available. Extension methods (e.g. withdraw.createLink) are intercepted and routed to the extension loader before falling through to the standard nostrTransport. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	512c83ad21	feat(withdraw): add HTTP API for creating withdraw links Add POST /api/v1/withdraw/create endpoint to allow external apps (ATM, web clients) to create LNURL-withdraw links via HTTP instead of RPC. Changes: - Add handleCreateWithdrawLink HTTP handler - Fix route ordering: callback routes before wildcard :unique_hash - Extract app_id from Authorization header (Bearer app_<id>) - Use is_unique=false for simple single-use ATM links Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	2cac13b5a4	feat(server): add CORS support for extension HTTP routes Enable CORS on the extension HTTP server to allow cross-origin requests from ATM apps and other web-based clients. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	de233b16c7	feat: integrate extension system with withdraw extension support - Add extension loader initialization to startup - Create mainHandlerAdapter to bridge mainHandler with extension context - Mount extension HTTP routes on separate port (main port + 1) - Configure EXTENSION_SERVICE_URL for LNURL link generation The withdraw extension provides LUD-03 LNURL-withdraw support for creating withdraw links that allow users to pull funds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	59d3b0e888	feat(extensions): add LNURL-withdraw extension Implements LUD-03 (LNURL-withdraw) for creating withdraw links that allow anyone to pull funds from a Lightning wallet. Features: - Create withdraw links with min/max amounts - Quick vouchers: batch creation of single-use codes - Multi-use links with wait time between uses - Unique QR codes per use (prevents sharing exploits) - Webhook notifications on successful withdrawals - Full LNURL protocol compliance for wallet compatibility Use cases: - Faucets - Gift cards / prepaid cards - Tips / donations - User onboarding Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	4d0d12a4d9	fix: use fresh balance in PayAppUserInvoice notification notifyAppUserPayment was sending the stale cached balance from the entity loaded before PayInvoice decremented it. Update the entity's balance_sats from the PayInvoice response so LiveUserOperation events contain the correct post-payment balance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	b31d043d6f	chore: update Docker build and dependencies - Add .dockerignore for runtime state files (sqlite, logs, secrets) - Bump Node.js base image from 18 to 20 - Add @types/better-sqlite3 dev dependency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	64bf155bfb	fix: correct nip44v1 secp256k1 getSharedSecret argument types The @noble/curves secp256k1.getSharedSecret expects Uint8Array arguments, not hex strings. Use hex.decode() to convert the private and public keys. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	211776ff2e	feat(extensions): add getLnurlPayInfo to ExtensionContext Enables extensions to get LNURL-pay info for users by pubkey, supporting Lightning Address (LUD-16) and zap (NIP-57) functionality. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	ba999f8b33	docs(extensions): add comprehensive extension loader documentation Covers architecture, API reference, lifecycle, database isolation, RPC methods, HTTP routes, event handling, and complete examples. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	2ceec5b571	feat(extensions): add extension loader infrastructure Adds a modular extension system for Lightning.Pub that allows third-party functionality to be added without modifying core code. Features: - ExtensionLoader: discovers and loads extensions from directory - ExtensionContext: provides extensions with access to Lightning.Pub APIs - ExtensionDatabase: isolated SQLite database per extension - Lifecycle management: initialize, shutdown, health checks - RPC method registration: extensions can add new RPC methods - Event dispatching: routes payments and Nostr events to extensions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	01ea762ec0	fix(watchdog): handle LND restarts without locking outgoing operations When the payment index advances (e.g. after an LND restart or external payment), update the cached offset instead of immediately locking. Only lock if both a history mismatch AND a balance discrepancy are detected — indicating a real security concern rather than a benign LND restart. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	2ce5a8ffcd	fix(lnd): wait for chain/graph sync before marking LND ready Warmup() previously only checked that LND responded to GetInfo(), but did not verify syncedToChain/syncedToGraph. This caused LP to accept requests while LND was still syncing, leading to "not synced" errors on every Health() check. Now waits for full sync with a 10min timeout. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	48ee930b36	fix(nostr): close SimplePool after publishing to prevent connection leak Each sendEvent() call created a new SimplePool() but never closed it, causing relay WebSocket connections to accumulate indefinitely (~20/min). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	cc9aa49b5b	fix(handlers): await NostrSend calls throughout codebase Update all NostrSend call sites to properly handle the async nature of the function now that it returns Promise<void>. Changes: - handler.ts: Add async to sendResponse, await nostrSend calls - debitManager.ts: Add logging for Kind 21002 response sending - nostrMiddleware.ts: Update nostrSend signature - tlvFilesStorageProcessor.ts: Update nostrSend signature - webRTC/index.ts: Add async/await for nostrSend calls This ensures Kind 21002 (ndebit) responses are properly sent to wallet clients, fixing the "Debit request failed" issue in ShockWallet. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00
Patrick Mulligan	3b03c64d0c	fix(nostr): update NostrSend type to Promise<void> with error handling The NostrSend type was incorrectly typed as returning void when it actually returns Promise<void>. This caused async errors to be silently swallowed. Changes: - Update NostrSend type signature to return Promise<void> - Make NostrSender._nostrSend default to async function - Add .catch() error handling in NostrSender.Send() to log failures - Add logging to track event publishing status Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:29:15 -04:00