fix(lnd): allow self-payments for LNURL-withdraw

When the user's wallet (e.g. Zeus) is connected to the same LND node that LP uses, LNURL-withdraw fails because LND rejects the payment with "no self-payments allowed". This is safe because LP always decrements the user's balance before paying and refunds on failure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
feat(extensions): pay from caller's balance via PayAppUserInvoice
2026-04-01 13:26:43 -04:00 · 2026-04-01 13:26:43 -04:00 · 2026-04-01 13:26:43 -04:00 · 2026-04-01 13:26:43 -04:00 · 2026-04-01 13:26:43 -04:00 · 2026-04-01 13:26:43 -04:00
3 changed files with 40 additions and 18 deletions
--- a/src/extensions/types.ts
+++ b/src/extensions/types.ts
@ -192,6 +192,31 @@ export interface ExtensionContext {
  log(level: 'debug' | 'info' | 'warn' | 'error', message: string, ...args: any[]): void
 }
 /**
 * HTTP route handler types
 * Used by extensions that expose HTTP endpoints (e.g. LNURL, .well-known)
 */
 export interface HttpRequest {
  method: string
  path: string
  params: Record<string, string>
  query: Record<string, string>
  headers: Record<string, string>
  body?: any
 }
 export interface HttpResponse {
  status: number
  body: any
  headers?: Record<string, string>
 }
 export interface HttpRoute {
  method: 'GET' | 'POST'
  path: string
  handler: (req: HttpRequest) => Promise<HttpResponse>
 }
 /**
 * Extension interface - what extensions must implement
 */
@ -218,6 +243,12 @@ export interface Extension {
   * Return true if extension is healthy
   */
  healthCheck?(): Promise<boolean>
  /**
   * Get HTTP routes exposed by this extension
   * The main HTTP server will mount these routes
   */
  getHttpRoutes?(): HttpRoute[]
 }
 /**
--- a/src/services/lnd/lnd.ts
+++ b/src/services/lnd/lnd.ts
@ -142,20 +142,15 @@ export default class {
        return new Promise<void>((res, rej) => {
            const interval = setInterval(async () => {
                try {
-                    const info = await this.GetInfo()
+                    await this.GetInfo()
                    if (!info.syncedToChain || !info.syncedToGraph) {
                        this.log("LND responding but not synced yet, waiting...")
                        return
                    }
                    clearInterval(interval)
                    this.ready = true
                    res()
                } catch (err) {
                    this.log(INFO, "LND is not ready yet, will try again in 1 second")
-                }
+                    if (Date.now() - now > 1000 * 60) {
-                if (Date.now() - now > 1000 * 60 * 10) {
+                        rej(new Error("LND not ready after 1 minute"))
-                    clearInterval(interval)
+                    }
                    rej(new Error("LND not synced after 10 minutes"))
                }
            }, 1000)
        })
--- a/src/services/main/watchdog.ts
+++ b/src/services/main/watchdog.ts
@ -238,17 +238,13 @@ export class Watchdog {
        const knownMaxIndex = Math.max(maxFromDb, this.latestPaymentIndexOffset)
        const newLatest = await this.lnd.GetLatestPaymentIndex(knownMaxIndex)
        const historyMismatch = newLatest > knownMaxIndex
        if (historyMismatch) {
            this.log("Payment index advanced from", knownMaxIndex, "to", newLatest, "- updating offset (likely LND restart or external payment)")
            this.latestPaymentIndexOffset = newLatest
        }
        const deny = await this.checkBalanceUpdate(deltaLnd, deltaUsers)
        if (historyMismatch) {
            getLogger({ component: 'bark' })("History mismatch detected in absolute update, locking outgoing operations")
            this.lnd.LockOutgoingOperations()
            return
        }
        if (deny) {
            if (historyMismatch) {
                getLogger({ component: 'bark' })("Balance mismatch with unexpected payment history, locking outgoing operations")
                this.lnd.LockOutgoingOperations()
                return
            }
            this.log("Balance mismatch detected in absolute update, but history is ok")
        }
        this.lnd.UnlockOutgoingOperations()
Author	SHA1	Message	Date
Patrick Mulligan	4c69a4d390	fix(lnd): allow self-payments for LNURL-withdraw Some checks are pending Docker Compose Actions Workflow / test (push) Waiting to run Details When the user's wallet (e.g. Zeus) is connected to the same LND node that LP uses, LNURL-withdraw fails because LND rejects the payment with "no self-payments allowed". This is safe because LP always decrements the user's balance before paying and refunds on failure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 13:26:43 -04:00
Patrick Mulligan	220a332196	feat(extensions): pay from caller's balance via PayAppUserInvoice When userPubkey is provided, resolve the ApplicationUser and call applicationManager.PayAppUserInvoice instead of paymentManager.PayInvoice directly. This ensures notifyAppUserPayment fires, sending LiveUserOperation events via Nostr for real-time balance updates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 13:26:43 -04:00
Patrick Mulligan	1a1a3b2a38	feat(withdraw): track creator pubkey on withdraw links Store the Nostr pubkey of the user who creates a withdraw link so the LNURL callback debits the correct user's balance instead of the app owner's. Pass userPubkey through from RPC handler to WithdrawManager. - Add creator_pubkey column (migration v4) - Store creatorPubkey on link creation - Pass creator_pubkey to payInvoice on LNURL callback Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 13:26:43 -04:00
Patrick Mulligan	61912ff5c6	feat: route Nostr RPC to extension methods Initialize extension system before nostrMiddleware so registered RPC methods are available. Extension methods (e.g. withdraw.createLink) are intercepted and routed to the extension loader before falling through to the standard nostrTransport. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 13:26:43 -04:00
Patrick Mulligan	b8e38aa383	feat(withdraw): add HTTP API for creating withdraw links Add POST /api/v1/withdraw/create endpoint to allow external apps (ATM, web clients) to create LNURL-withdraw links via HTTP instead of RPC. Changes: - Add handleCreateWithdrawLink HTTP handler - Fix route ordering: callback routes before wildcard :unique_hash - Extract app_id from Authorization header (Bearer app_<id>) - Use is_unique=false for simple single-use ATM links Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-04-01 13:26:43 -04:00
Patrick Mulligan	b0747d42ea	feat(server): add CORS support for extension HTTP routes Enable CORS on the extension HTTP server to allow cross-origin requests from ATM apps and other web-based clients. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-04-01 13:26:43 -04:00
Patrick Mulligan	e3d70f84b9	feat: integrate extension system with withdraw extension support - Add extension loader initialization to startup - Create mainHandlerAdapter to bridge mainHandler with extension context - Mount extension HTTP routes on separate port (main port + 1) - Configure EXTENSION_SERVICE_URL for LNURL link generation The withdraw extension provides LUD-03 LNURL-withdraw support for creating withdraw links that allow users to pull funds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-04-01 13:26:43 -04:00
Patrick Mulligan	4bc0e1801f	feat(extensions): add LNURL-withdraw extension Implements LUD-03 (LNURL-withdraw) for creating withdraw links that allow anyone to pull funds from a Lightning wallet. Features: - Create withdraw links with min/max amounts - Quick vouchers: batch creation of single-use codes - Multi-use links with wait time between uses - Unique QR codes per use (prevents sharing exploits) - Webhook notifications on successful withdrawals - Full LNURL protocol compliance for wallet compatibility Use cases: - Faucets - Gift cards / prepaid cards - Tips / donations - User onboarding Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-04-01 13:26:43 -04:00
Patrick Mulligan	5cc7f3998c	fix(extensions): add HTTP route types and getHttpRoutes to Extension interface Some checks are pending Docker Compose Actions Workflow / test (push) Waiting to run Details HttpRoute, HttpRequest, and HttpResponse types were used by extensions (withdraw, nip05) but not defined in the shared types.ts. Adds them here so extensions import from the shared module instead of defining locally. Also adds getHttpRoutes() as an optional method on the Extension interface for extensions that expose HTTP endpoints. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-01 13:24:22 -04:00
Patrick Mulligan	c308d4be78	fix: use fresh balance in PayAppUserInvoice notification Some checks failed Docker Compose Actions Workflow / test (push) Has been cancelled Details notifyAppUserPayment was sending the stale cached balance from the entity loaded before PayInvoice decremented it. Update the entity's balance_sats from the PayInvoice response so LiveUserOperation events contain the correct post-payment balance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00
Patrick Mulligan	f1aa5d7139	chore: update Docker build and dependencies - Add .dockerignore for runtime state files (sqlite, logs, secrets) - Bump Node.js base image from 18 to 20 - Add @types/better-sqlite3 dev dependency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00
Patrick Mulligan	9981e2628e	fix: correct nip44v1 secp256k1 getSharedSecret argument types The @noble/curves secp256k1.getSharedSecret expects Uint8Array arguments, not hex strings. Use hex.decode() to convert the private and public keys. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00
Patrick Mulligan	ece75df22d	feat(extensions): add getLnurlPayInfo to ExtensionContext Enables extensions to get LNURL-pay info for users by pubkey, supporting Lightning Address (LUD-16) and zap (NIP-57) functionality. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00
Patrick Mulligan	c909cd660a	docs(extensions): add comprehensive extension loader documentation Covers architecture, API reference, lifecycle, database isolation, RPC methods, HTTP routes, event handling, and complete examples. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00
Patrick Mulligan	5b88982fed	feat(extensions): add extension loader infrastructure Adds a modular extension system for Lightning.Pub that allows third-party functionality to be added without modifying core code. Features: - ExtensionLoader: discovers and loads extensions from directory - ExtensionContext: provides extensions with access to Lightning.Pub APIs - ExtensionDatabase: isolated SQLite database per extension - Lifecycle management: initialize, shutdown, health checks - RPC method registration: extensions can add new RPC methods - Event dispatching: routes payments and Nostr events to extensions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00
Patrick Mulligan	4d19b55c57	fix(nostr): close SimplePool after publishing to prevent connection leak Each sendEvent() call created a new SimplePool() but never closed it, causing relay WebSocket connections to accumulate indefinitely (~20/min). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00
Patrick Mulligan	071a27ad2d	fix(handlers): await NostrSend calls throughout codebase Update all NostrSend call sites to properly handle the async nature of the function now that it returns Promise<void>. Changes: - handler.ts: Add async to sendResponse, await nostrSend calls - debitManager.ts: Add logging for Kind 21002 response sending - nostrMiddleware.ts: Update nostrSend signature - tlvFilesStorageProcessor.ts: Update nostrSend signature - webRTC/index.ts: Add async/await for nostrSend calls This ensures Kind 21002 (ndebit) responses are properly sent to wallet clients, fixing the "Debit request failed" issue in ShockWallet. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00
Patrick Mulligan	fee87e2741	fix(nostr): update NostrSend type to Promise<void> with error handling The NostrSend type was incorrectly typed as returning void when it actually returns Promise<void>. This caused async errors to be silently swallowed. Changes: - Update NostrSend type signature to return Promise<void> - Make NostrSender._nostrSend default to async function - Add .catch() error handling in NostrSender.Send() to log failures - Add logging to track event publishing status Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-26 18:45:27 -04:00