From f23ba5ee00b4d57a565ee33483c4acd7f4f9939d Mon Sep 17 00:00:00 2001 From: userAdityaa Date: Fri, 1 May 2026 23:38:57 +0000 Subject: [PATCH] fix: manual Lightning payment reconciliation with Stripe invoice state (#54) Reviewed-on: https://gitea.coracle.social/coracle/caravel/pulls/54 Co-authored-by: userAdityaa Co-committed-by: userAdityaa --- backend/.env.template | 1 + backend/README.md | 47 +++---- .../0004_invoice_manual_lightning_payment.sql | 11 ++ backend/src/api.rs | 60 ++++++++- backend/src/billing.rs | 124 +++++++++++++++++- backend/src/command.rs | 31 ++++- backend/src/crypto.rs | 49 +++++++ backend/src/infra.rs | 6 +- backend/src/lib.rs | 1 + backend/src/main.rs | 1 + backend/src/query.rs | 25 +++- frontend/src/lib/api.ts | 1 + frontend/src/lib/hooks.ts | 2 +- frontend/src/pages/Account.tsx | 6 +- frontend/src/pages/relays/RelayDetail.tsx | 2 +- 15 files changed, 321 insertions(+), 46 deletions(-) create mode 100644 backend/migrations/0004_invoice_manual_lightning_payment.sql create mode 100644 backend/src/crypto.rs diff --git a/backend/.env.template b/backend/.env.template index d1ba7d4..8f7cc2e 100644 --- a/backend/.env.template +++ b/backend/.env.template @@ -28,5 +28,6 @@ LIVEKIT_API_SECRET= # Billing NWC_URL= # Nostr Wallet Connect URL for generating Lightning invoices +ENCRYPTION_SECRET= # Nostr secret key (hex or nsec) used for NIP-44 encryption of tenant nwc_url at rest STRIPE_SECRET_KEY= # Required Stripe API secret key (sk_...) STRIPE_WEBHOOK_SECRET=whsec_test_00000000000000000000000000 # Webhook signing secret (use real value in production) diff --git a/backend/README.md b/backend/README.md index 040f425..d8b822e 100644 --- a/backend/README.md +++ b/backend/README.md @@ -30,29 +30,30 @@ backend/ Environment variables: -| Variable | Description | Default | -| ------------------------ | ----------------------------------------------------------------------- | ------------------------------------ | -| `DATABASE_URL` | SQLite URL. Relative paths are resolved under `backend/`. | `sqlite:///data/caravel.db` | -| `HOST` | API bind host (also used for NIP-98 `u` host check) | `127.0.0.1` | -| `PORT` | API bind port | `2892` | -| `ADMINS` | Comma-separated admin pubkeys (hex) | _optional_ | -| `ALLOW_ORIGINS` | Comma-separated CORS origins. If empty, CORS is permissive. | _optional_ | -| `ZOOID_API_URL` | Zooid API base URL used by infra worker | _required for infra sync_ | -| `ZOOID_API_SECRET` | Nostr secret key used for authentication of requests to the zooid API | _required_ | -| `RELAY_DOMAIN` | Base domain appended to relay subdomains | empty | -| `LIVEKIT_URL` | LiveKit URL sent to zooid when relay livekit is enabled | _optional_ | -| `LIVEKIT_API_KEY` | LiveKit API key sent to zooid | _optional_ | -| `LIVEKIT_API_SECRET` | LiveKit API secret sent to zooid | _optional_ | -| `NWC_URL` | Platform NWC URL used to generate BOLT11 invoices | _required for invoice generation_ | -| `STRIPE_SECRET_KEY` | Stripe API secret key used for billing API operations | _required_ | -| `STRIPE_WEBHOOK_SECRET` | Stripe webhook signing secret used to verify `Stripe-Signature` headers | _required_ | -| `ROBOT_SECRET` | Robot Nostr secret key | _required_ | -| `ROBOT_NAME` | Robot display name (kind `0`) | _optional_ | -| `ROBOT_DESCRIPTION` | Robot description (kind `0`) | _optional_ | -| `ROBOT_PICTURE` | Robot picture URL (kind `0`) | _optional_ | -| `ROBOT_OUTBOX_RELAYS` | Comma-separated relays published as kind `10002` | _required_ | -| `ROBOT_INDEXER_RELAYS` | Comma-separated relays used for recipient relay discovery | _required_ | -| `ROBOT_MESSAGING_RELAYS` | Comma-separated relays published as kind `10050` | _required_ | +| Variable | Description | Default | +| ------------------------ | --------------------------------------------------------------------------------------- | ---------------------------------------- | +| `DATABASE_URL` | SQLite URL. Relative paths are resolved under `backend/`. | `sqlite:///data/caravel.db` | +| `HOST` | API bind host (also used for NIP-98 `u` host check) | `127.0.0.1` | +| `PORT` | API bind port | `2892` | +| `ADMINS` | Comma-separated admin pubkeys (hex) | _optional_ | +| `ALLOW_ORIGINS` | Comma-separated CORS origins. If empty, CORS is permissive. | _optional_ | +| `ZOOID_API_URL` | Zooid API base URL used by infra worker | _required for infra sync_ | +| `ZOOID_API_SECRET` | Nostr secret key used for authentication of requests to the zooid API | _required_ | +| `RELAY_DOMAIN` | Base domain appended to relay subdomains | empty | +| `LIVEKIT_URL` | LiveKit URL sent to zooid when relay livekit is enabled | _optional_ | +| `LIVEKIT_API_KEY` | LiveKit API key sent to zooid | _optional_ | +| `LIVEKIT_API_SECRET` | LiveKit API secret sent to zooid | _optional_ | +| `NWC_URL` | Platform NWC URL used to generate BOLT11 invoices | _required for invoice generation_ | +| `ENCRYPTION_SECRET` | Nostr secret key (hex or `nsec`) used for NIP-44 encryption of tenant `nwc_url` at rest | _required when tenant `nwc_url` is used_ | +| `STRIPE_SECRET_KEY` | Stripe API secret key used for billing API operations | _required_ | +| `STRIPE_WEBHOOK_SECRET` | Stripe webhook signing secret used to verify `Stripe-Signature` headers | _required_ | +| `ROBOT_SECRET` | Robot Nostr secret key | _required_ | +| `ROBOT_NAME` | Robot display name (kind `0`) | _optional_ | +| `ROBOT_DESCRIPTION` | Robot description (kind `0`) | _optional_ | +| `ROBOT_PICTURE` | Robot picture URL (kind `0`) | _optional_ | +| `ROBOT_OUTBOX_RELAYS` | Comma-separated relays published as kind `10002` | _required_ | +| `ROBOT_INDEXER_RELAYS` | Comma-separated relays used for recipient relay discovery | _required_ | +| `ROBOT_MESSAGING_RELAYS` | Comma-separated relays published as kind `10050` | _required_ | Relay list env vars are comma-separated and trimmed. If a relay has no `ws://` or `wss://` scheme, `wss://` is prepended. diff --git a/backend/migrations/0004_invoice_manual_lightning_payment.sql b/backend/migrations/0004_invoice_manual_lightning_payment.sql new file mode 100644 index 0000000..b590955 --- /dev/null +++ b/backend/migrations/0004_invoice_manual_lightning_payment.sql @@ -0,0 +1,11 @@ +CREATE TABLE IF NOT EXISTS invoice_manual_lightning_payment ( + invoice_id TEXT PRIMARY KEY, + tenant_pubkey TEXT NOT NULL, + bolt11 TEXT NOT NULL, + created_at INTEGER NOT NULL, + updated_at INTEGER NOT NULL, + FOREIGN KEY (tenant_pubkey) REFERENCES tenant(pubkey) +); + +CREATE INDEX IF NOT EXISTS idx_invoice_manual_lightning_payment_tenant_pubkey +ON invoice_manual_lightning_payment (tenant_pubkey); diff --git a/backend/src/api.rs b/backend/src/api.rs index 4fe2f9b..032fd09 100644 --- a/backend/src/api.rs +++ b/backend/src/api.rs @@ -445,6 +445,17 @@ struct IdentityResponse { is_admin: bool, } +#[derive(Serialize)] +struct TenantResponse { + pubkey: String, + nwc_configured: bool, + nwc_error: Option, + created_at: i64, + stripe_customer_id: String, + stripe_subscription_id: Option, + past_due_at: Option, +} + #[derive(Deserialize)] struct CreateRelayRequest { tenant: String, @@ -486,7 +497,7 @@ async fn list_tenants( state.api.require_admin(&pubkey)?; match state.api.query.list_tenants().await { - Ok(tenants) => Ok(ok(StatusCode::OK, tenants)), + Ok(tenants) => Ok(ok(StatusCode::OK, scrub_tenants_for_response(tenants))), Err(e) => Ok(err( StatusCode::INTERNAL_SERVER_ERROR, "internal", @@ -515,7 +526,7 @@ async fn create_tenant( let pubkey = state.api.extract_auth_pubkey(&headers)?; match state.api.query.get_tenant(&pubkey).await { - Ok(Some(t)) => Ok(ok(StatusCode::OK, t)), + Ok(Some(t)) => Ok(ok(StatusCode::OK, scrub_tenant_for_response(t))), Ok(None) => { let stripe_customer_id = match state.api.billing.stripe_create_customer(&pubkey).await { Ok(id) => id, @@ -539,10 +550,10 @@ async fn create_tenant( }; match state.api.command.create_tenant(&tenant).await { - Ok(()) => Ok(ok(StatusCode::OK, tenant)), + Ok(()) => Ok(ok(StatusCode::OK, scrub_tenant_for_response(tenant))), Err(e) if matches!(map_unique_error(&e), Some("pubkey-exists")) => { match state.api.query.get_tenant(&pubkey).await { - Ok(Some(t)) => Ok(ok(StatusCode::OK, t)), + Ok(Some(t)) => Ok(ok(StatusCode::OK, scrub_tenant_for_response(t))), Ok(None) => Ok(err( StatusCode::INTERNAL_SERVER_ERROR, "internal", @@ -585,7 +596,7 @@ async fn get_tenant( let auth = state.api.extract_auth_pubkey(&headers)?; state.api.require_admin_or_tenant(&auth, &pubkey)?; let tenant = state.api.get_tenant_or_404(&pubkey).await?; - Ok(ok(StatusCode::OK, tenant)) + Ok(ok(StatusCode::OK, scrub_tenant_for_response(tenant))) } async fn list_relays( @@ -1009,6 +1020,13 @@ async fn get_invoice( .map_err(map_invoice_lookup_error)?; state.api.require_admin_or_tenant(&auth, &tenant.pubkey)?; + let invoice = state + .api + .billing + .reconcile_manual_lightning_invoice(&id, &invoice) + .await + .map_err(map_invoice_lookup_error)?; + Ok(ok(StatusCode::OK, invoice)) } @@ -1026,6 +1044,13 @@ async fn get_invoice_bolt11( .map_err(map_invoice_lookup_error)?; state.api.require_admin_or_tenant(&auth, &tenant.pubkey)?; + let invoice = state + .api + .billing + .reconcile_manual_lightning_invoice(&id, &invoice) + .await + .map_err(map_invoice_lookup_error)?; + let status = invoice["status"].as_str().unwrap_or_default(); if status != "open" { return Ok(err( @@ -1038,7 +1063,12 @@ async fn get_invoice_bolt11( let amount_due = invoice["amount_due"].as_i64().unwrap_or(0); let currency = invoice["currency"].as_str().unwrap_or("usd"); - match state.api.billing.create_bolt11(amount_due, currency).await { + match state + .api + .billing + .get_or_create_manual_lightning_bolt11(&id, &tenant.pubkey, amount_due, currency) + .await + { Ok(bolt11) => Ok(ok(StatusCode::OK, serde_json::json!({ "bolt11": bolt11 }))), Err(e) => Ok(err( StatusCode::INTERNAL_SERVER_ERROR, @@ -1103,7 +1133,7 @@ async fn update_tenant( } }); } - Ok(ok(StatusCode::OK, tenant)) + Ok(ok(StatusCode::OK, scrub_tenant_for_response(tenant))) } Err(e) => Ok(err( StatusCode::INTERNAL_SERVER_ERROR, @@ -1112,3 +1142,19 @@ async fn update_tenant( )), } } + +fn scrub_tenant_for_response(tenant: Tenant) -> TenantResponse { + TenantResponse { + pubkey: tenant.pubkey, + nwc_configured: !tenant.nwc_url.is_empty(), + nwc_error: tenant.nwc_error, + created_at: tenant.created_at, + stripe_customer_id: tenant.stripe_customer_id, + stripe_subscription_id: tenant.stripe_subscription_id, + past_due_at: tenant.past_due_at, + } +} + +fn scrub_tenants_for_response(tenants: Vec) -> Vec { + tenants.into_iter().map(scrub_tenant_for_response).collect() +} diff --git a/backend/src/billing.rs b/backend/src/billing.rs index 336500d..3739a54 100644 --- a/backend/src/billing.rs +++ b/backend/src/billing.rs @@ -1,7 +1,8 @@ use anyhow::{Result, anyhow}; use hmac::{Hmac, Mac}; use nwc::prelude::{ - MakeInvoiceRequest, NWC, NostrWalletConnectURI, PayInvoiceRequest as NwcPayInvoiceRequest, + LookupInvoiceRequest, LookupInvoiceResponse, MakeInvoiceRequest, NWC, NostrWalletConnectURI, + PayInvoiceRequest as NwcPayInvoiceRequest, TransactionState, }; use sha2::Sha256; @@ -150,7 +151,11 @@ impl Billing { return Ok(()); } - tracing::info!(source, relay_count = relays.len(), "reconciling relay billing state"); + tracing::info!( + source, + relay_count = relays.len(), + "reconciling relay billing state" + ); for relay in relays { if let Err(error) = self.sync_relay_subscription_for_relay(&relay).await { @@ -718,6 +723,50 @@ impl Billing { Ok((invoice, tenant)) } + pub async fn reconcile_manual_lightning_invoice( + &self, + invoice_id: &str, + invoice: &serde_json::Value, + ) -> std::result::Result { + self.reconcile_manual_lightning_invoice_if_settled(invoice_id, invoice) + .await + } + + pub async fn get_or_create_manual_lightning_bolt11( + &self, + invoice_id: &str, + tenant_pubkey: &str, + amount_due_minor: i64, + currency: &str, + ) -> Result { + if let Some(existing_bolt11) = self + .query + .get_invoice_manual_lightning_bolt11(invoice_id) + .await? + { + return Ok(existing_bolt11); + } + + let bolt11 = self.create_bolt11(amount_due_minor, currency).await?; + + if self + .command + .insert_manual_lightning_invoice_payment(invoice_id, tenant_pubkey, &bolt11) + .await? + { + return Ok(bolt11); + } + + self.query + .get_invoice_manual_lightning_bolt11(invoice_id) + .await? + .ok_or_else(|| { + anyhow!( + "manual lightning payment row missing after insert race for invoice {invoice_id}" + ) + }) + } + pub async fn stripe_create_customer(&self, tenant_pubkey: &str) -> Result { let short_pubkey: String = tenant_pubkey.chars().take(12).collect(); let display_name = format!("Caravel tenant {short_pubkey}"); @@ -950,8 +999,7 @@ impl Billing { customer_id: &str, price_id: &str, ) -> Result<(String, String)> { - let idempotency_key = - self.idempotency_key(&["create_subscription", customer_id, price_id]); + let idempotency_key = self.idempotency_key(&["create_subscription", customer_id, price_id]); let resp = self .http .post(format!("{STRIPE_API}/subscriptions")) @@ -1138,6 +1186,72 @@ impl Billing { Ok(()) } + async fn reconcile_manual_lightning_invoice_if_settled( + &self, + invoice_id: &str, + invoice: &serde_json::Value, + ) -> std::result::Result { + if invoice["status"].as_str().unwrap_or_default() != "open" { + return Ok(invoice.clone()); + } + + let Some(bolt11) = self + .query + .get_invoice_manual_lightning_bolt11(invoice_id) + .await? + else { + return Ok(invoice.clone()); + }; + + let settled = match self.is_manual_lightning_invoice_settled(&bolt11).await { + Ok(settled) => settled, + Err(error) => { + tracing::warn!( + error = %error, + invoice_id, + "failed to lookup manual lightning invoice settlement" + ); + return Ok(invoice.clone()); + } + }; + + if !settled { + return Ok(invoice.clone()); + } + + if let Err(error) = self.stripe_pay_invoice_out_of_band(invoice_id).await { + tracing::warn!( + error = %error, + invoice_id, + "failed to mark settled manual lightning invoice as paid_out_of_band" + ); + } + + self.stripe_get_invoice(invoice_id).await + } + + async fn is_manual_lightning_invoice_settled(&self, bolt11: &str) -> Result { + let system_uri = Self::parse_nwc_uri(&self.nwc_url, "system")?; + let system_nwc = NWC::new(system_uri); + + let lookup_req = LookupInvoiceRequest { + payment_hash: None, + invoice: Some(bolt11.to_string()), + }; + + let lookup_result = system_nwc.lookup_invoice(lookup_req).await; + system_nwc.shutdown().await; + + let lookup_response = + lookup_result.map_err(|error| anyhow!("failed to lookup invoice: {error}"))?; + + Ok(Self::lookup_invoice_response_is_settled(&lookup_response)) + } + + fn lookup_invoice_response_is_settled(response: &LookupInvoiceResponse) -> bool { + response.state == Some(TransactionState::Settled) || response.settled_at.is_some() + } + fn parse_nwc_uri(nwc_url: &str, role: &str) -> Result { nwc_url .parse::() @@ -1612,5 +1726,5 @@ mod tests { assert_eq!(billing.stripe_secret_key, "sk_test_dummy"); assert_eq!(billing.stripe_webhook_secret, "whsec_test_dummy"); } - } + diff --git a/backend/src/command.rs b/backend/src/command.rs index fb6c682..0a11387 100644 --- a/backend/src/command.rs +++ b/backend/src/command.rs @@ -2,6 +2,7 @@ use anyhow::Result; use sqlx::{Sqlite, SqlitePool, Transaction}; use tokio::sync::broadcast; +use crate::crypto; use crate::models::{ Activity, RELAY_STATUS_ACTIVE, RELAY_STATUS_DELINQUENT, RELAY_STATUS_INACTIVE, Relay, Tenant, }; @@ -70,6 +71,7 @@ impl Command { anyhow::bail!("stripe_customer_id is required"); } + let encrypted_nwc_url = crypto::encrypt(&tenant.nwc_url)?; let mut tx = self.pool.begin().await?; sqlx::query( @@ -77,7 +79,7 @@ impl Command { VALUES (?, ?, ?, ?)", ) .bind(&tenant.pubkey) - .bind(&tenant.nwc_url) + .bind(&encrypted_nwc_url) .bind(tenant.created_at) .bind(&tenant.stripe_customer_id) .execute(&mut *tx) @@ -92,10 +94,11 @@ impl Command { } pub async fn update_tenant(&self, tenant: &Tenant) -> Result<()> { + let encrypted_nwc_url = crypto::encrypt(&tenant.nwc_url)?; let mut tx = self.pool.begin().await?; sqlx::query("UPDATE tenant SET nwc_url = ? WHERE pubkey = ?") - .bind(&tenant.nwc_url) + .bind(&encrypted_nwc_url) .bind(&tenant.pubkey) .execute(&mut *tx) .await?; @@ -353,6 +356,30 @@ impl Command { Ok(()) } + pub async fn insert_manual_lightning_invoice_payment( + &self, + invoice_id: &str, + tenant_pubkey: &str, + bolt11: &str, + ) -> Result { + let now = chrono::Utc::now().timestamp(); + let result = sqlx::query( + "INSERT INTO invoice_manual_lightning_payment + (invoice_id, tenant_pubkey, bolt11, created_at, updated_at) + VALUES (?, ?, ?, ?, ?) + ON CONFLICT(invoice_id) DO NOTHING", + ) + .bind(invoice_id) + .bind(tenant_pubkey) + .bind(bolt11) + .bind(now) + .bind(now) + .execute(&self.pool) + .await?; + + Ok(result.rows_affected() > 0) + } + pub async fn set_tenant_past_due(&self, pubkey: &str) -> Result<()> { let now = chrono::Utc::now().timestamp(); sqlx::query("UPDATE tenant SET past_due_at = ? WHERE pubkey = ?") diff --git a/backend/src/crypto.rs b/backend/src/crypto.rs new file mode 100644 index 0000000..7812c14 --- /dev/null +++ b/backend/src/crypto.rs @@ -0,0 +1,49 @@ +use anyhow::{Result, anyhow}; +use nostr_sdk::prelude::{Keys, nip44}; + +const ENVELOPE_PREFIX: &str = "enc:nip44:v2:"; + +pub fn encrypt(value: &str) -> Result { + if value.is_empty() { + return Ok(String::new()); + } + + let keys = parse_encryption_keys()?; + let payload = nip44::encrypt( + keys.secret_key(), + &keys.public_key(), + value, + nip44::Version::V2, + ) + .map_err(|e| anyhow!("encrypt failed: {e}"))?; + + Ok(format!("{ENVELOPE_PREFIX}{payload}")) +} + +pub fn decrypt(value: &str) -> Result { + if value.is_empty() { + return Ok(String::new()); + } + + let Some(payload) = value.strip_prefix(ENVELOPE_PREFIX) else { + return Ok(value.to_string()); + }; + + let keys = parse_encryption_keys()?; + nip44::decrypt(keys.secret_key(), &keys.public_key(), payload) + .map_err(|e| anyhow!("decrypt failed: {e}")) +} + +fn parse_encryption_keys() -> Result { + let raw = std::env::var("ENCRYPTION_SECRET") + .map_err(|_| anyhow!("missing ENCRYPTION_SECRET environment variable"))?; + let trimmed = raw.trim(); + + if trimmed.is_empty() { + return Err(anyhow!("missing ENCRYPTION_SECRET environment variable")); + } + + Keys::parse(trimmed).map_err(|e| { + anyhow!("ENCRYPTION_SECRET must be a valid nostr secret key (hex or nsec): {e}") + }) +} diff --git a/backend/src/infra.rs b/backend/src/infra.rs index a0f480e..1bb76d9 100644 --- a/backend/src/infra.rs +++ b/backend/src/infra.rs @@ -106,7 +106,11 @@ impl Infra { return Ok(()); } - tracing::info!(source, relay_count = relays.len(), "reconciling pending relay state"); + tracing::info!( + source, + relay_count = relays.len(), + "reconciling pending relay state" + ); for relay in relays { if relay.sync_error.trim().is_empty() { diff --git a/backend/src/lib.rs b/backend/src/lib.rs index 98f3936..0f1c7de 100644 --- a/backend/src/lib.rs +++ b/backend/src/lib.rs @@ -1,6 +1,7 @@ pub mod api; pub mod billing; pub mod command; +pub mod crypto; pub mod infra; pub mod models; pub mod pool; diff --git a/backend/src/main.rs b/backend/src/main.rs index 1751165..8e6cc8d 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -1,6 +1,7 @@ mod api; mod billing; mod command; +mod crypto; mod infra; mod models; mod pool; diff --git a/backend/src/query.rs b/backend/src/query.rs index c1e3dd0..a2b58e6 100644 --- a/backend/src/query.rs +++ b/backend/src/query.rs @@ -1,6 +1,7 @@ use anyhow::Result; use sqlx::SqlitePool; +use crate::crypto; use crate::models::{Activity, Plan, Relay, Tenant}; #[derive(Clone)] @@ -21,7 +22,7 @@ impl Query { ) .fetch_all(&self.pool) .await?; - Ok(rows) + rows.into_iter().map(decrypt_tenant_nwc_url).collect() } pub async fn get_tenant(&self, pubkey: &str) -> Result> { @@ -33,7 +34,7 @@ impl Query { .bind(pubkey) .fetch_optional(&self.pool) .await?; - Ok(row) + row.map(decrypt_tenant_nwc_url).transpose() } pub fn list_plans() -> Vec { @@ -158,7 +159,7 @@ impl Query { .bind(stripe_customer_id) .fetch_optional(&self.pool) .await?; - Ok(row) + row.map(decrypt_tenant_nwc_url).transpose() } pub async fn get_invoice_nwc_payment_state(&self, invoice_id: &str) -> Result> { @@ -171,6 +172,19 @@ impl Query { Ok(state) } + pub async fn get_invoice_manual_lightning_bolt11( + &self, + invoice_id: &str, + ) -> Result> { + let bolt11 = sqlx::query_scalar::<_, String>( + "SELECT bolt11 FROM invoice_manual_lightning_payment WHERE invoice_id = ?", + ) + .bind(invoice_id) + .fetch_optional(&self.pool) + .await?; + Ok(bolt11) + } + pub async fn has_active_paid_relays(&self, tenant_id: &str) -> Result { let plans = sqlx::query_scalar::<_, String>( "SELECT plan FROM relay WHERE tenant = ? AND status = 'active'", @@ -211,3 +225,8 @@ impl Query { Ok(found.is_some()) } } + +fn decrypt_tenant_nwc_url(mut tenant: Tenant) -> Result { + tenant.nwc_url = crypto::decrypt(&tenant.nwc_url)?; + Ok(tenant) +} diff --git a/frontend/src/lib/api.ts b/frontend/src/lib/api.ts index f9280d7..42c2129 100644 --- a/frontend/src/lib/api.ts +++ b/frontend/src/lib/api.ts @@ -99,6 +99,7 @@ export type UpdateRelayInput = { export type Tenant = { pubkey: string nwc_url: string + nwc_configured: boolean created_at: number stripe_customer_id: string stripe_subscription_id: string | null diff --git a/frontend/src/lib/hooks.ts b/frontend/src/lib/hooks.ts index 87e8c81..e404acd 100644 --- a/frontend/src/lib/hooks.ts +++ b/frontend/src/lib/hooks.ts @@ -135,7 +135,7 @@ export const reactivateRelayById = (id: string) => reactivateRelay(id) export async function tenantNeedsPaymentSetup(): Promise { const tenant = await getTenant(account()!.pubkey) - return !tenant.nwc_url && !tenant.stripe_subscription_id + return !tenant.nwc_configured && !tenant.stripe_subscription_id } export async function getLatestOpenInvoice(): Promise { diff --git a/frontend/src/pages/Account.tsx b/frontend/src/pages/Account.tsx index 9e9ac27..560e4bc 100644 --- a/frontend/src/pages/Account.tsx +++ b/frontend/src/pages/Account.tsx @@ -18,9 +18,9 @@ export default function Account() { const invoicesLoading = useMinLoading(() => invoices.loading) const hasBillingChanges = createMemo(() => { - const current = tenant()?.nwc_url?.trim() ?? "" const next = nwcUrl().trim() - return current !== next + if (next) return true + return tenant()?.nwc_configured ?? false }) createEffect(() => { @@ -169,7 +169,7 @@ export default function Account() {

{periodLabel()}

-
+
Pay now diff --git a/frontend/src/pages/relays/RelayDetail.tsx b/frontend/src/pages/relays/RelayDetail.tsx index e63855d..4b3ab23 100644 --- a/frontend/src/pages/relays/RelayDetail.tsx +++ b/frontend/src/pages/relays/RelayDetail.tsx @@ -52,7 +52,7 @@ export default function RelayDetail() { if (!isPaidRelay()) return false const t = tenant() if (!t) return false - return !t.nwc_url + return !t.nwc_configured }) return (