feat: basic isolated apps UI

getAlby · Jul 14, 2024 · 0aa4a9c · 0aa4a9c
1 parent 7346641
commit 0aa4a9c
Show file tree

Hide file tree

Showing 12 changed files with 267 additions and 160 deletions.
diff --git a/README.md b/README.md
@@ -243,6 +243,7 @@ If the client creates the secret the client only needs to share the public key o
 - `budget_renewal` (optional) reset the budget at the end of the given budget renewal. Can be `never` (default), `daily`, `weekly`, `monthly`, `yearly`
 - `request_methods` (optional) url encoded, space separated list of request types that you need permission for: `pay_invoice` (default), `get_balance` (see NIP47). For example: `..&request_methods=pay_invoice%20get_balance`
 - `notification_types` (optional) url encoded, space separated list of notification types that you need permission for: For example: `..&notification_types=payment_received%20payment_sent`
+- `isolated` (optional) makes an isolated app connection with its own balance and only access to its own transaction list. e.g. `&isolated=true`
 
 Example:
 

diff --git a/alby/alby_oauth_service.go b/alby/alby_oauth_service.go
@@ -405,6 +405,7 @@ func (svc *albyOAuthService) LinkAccount(ctx context.Context, lnClient lnclient.
 		renewal,
 		nil,
 		scopes,
+		false,
 	)
 
 	if err != nil {

diff --git a/api/api.go b/api/api.go
@@ -68,7 +68,14 @@ func (api *api) CreateApp(createAppRequest *CreateAppRequest) (*CreateAppRespons
 		}
 	}
 
-	app, pairingSecretKey, err := api.dbSvc.CreateApp(createAppRequest.Name, createAppRequest.Pubkey, createAppRequest.MaxAmountSat, createAppRequest.BudgetRenewal, expiresAt, createAppRequest.Scopes)
+	app, pairingSecretKey, err := api.dbSvc.CreateApp(
+		createAppRequest.Name,
+		createAppRequest.Pubkey,
+		createAppRequest.MaxAmountSat,
+		createAppRequest.BudgetRenewal,
+		expiresAt,
+		createAppRequest.Scopes,
+		createAppRequest.Isolated)
 
 	if err != nil {
 		return nil, err
@@ -212,6 +219,11 @@ func (api *api) GetApp(dbApp *db.App) *App {
 		Scopes:        requestMethods,
 		BudgetUsage:   budgetUsage,
 		BudgetRenewal: paySpecificPermission.BudgetRenewal,
+		Isolated:      dbApp.Isolated,
+	}
+
+	if dbApp.Isolated {
+		response.Balance = queries.GetIsolatedBalance(api.db, dbApp.ID)
 	}
 
 	if lastEventResult.RowsAffected > 0 {
@@ -244,6 +256,11 @@ func (api *api) ListApps() ([]App, error) {
 			CreatedAt:   dbApp.CreatedAt,
 			UpdatedAt:   dbApp.UpdatedAt,
 			NostrPubkey: dbApp.NostrPubkey,
+			Isolated:    dbApp.Isolated,
+		}
+
+		if dbApp.Isolated {
+			apiApp.Balance = queries.GetIsolatedBalance(api.db, dbApp.ID)
 		}
 
 		for _, appPermission := range permissionsMap[dbApp.ID] {

diff --git a/api/models.go b/api/models.go
@@ -68,6 +68,8 @@ type App struct {
 	MaxAmountSat  uint64     `json:"maxAmount"`
 	BudgetUsage   uint64     `json:"budgetUsage"`
 	BudgetRenewal string     `json:"budgetRenewal"`
+	Isolated      bool       `json:"isolated"`
+	Balance       uint64     `json:"balance"`
 }
 
 type ListAppsResponse struct {
@@ -89,6 +91,7 @@ type CreateAppRequest struct {
 	ExpiresAt     string   `json:"expiresAt"`
 	Scopes        []string `json:"scopes"`
 	ReturnTo      string   `json:"returnTo"`
+	Isolated      bool     `json:"isolated"`
 }
 
 type StartRequest struct {

diff --git a/db/db_service.go b/db/db_service.go
@@ -2,9 +2,12 @@ package db
 
 import (
 	"encoding/hex"
+	"errors"
 	"fmt"
+	"slices"
 	"time"
 
+	"github.com/getAlby/hub/constants"
 	"github.com/getAlby/hub/events"
 	"github.com/getAlby/hub/logger"
 	"github.com/nbd-wtf/go-nostr"
@@ -23,7 +26,16 @@ func NewDBService(db *gorm.DB, eventPublisher events.EventPublisher) *dbService
 	}
 }
 
-func (svc *dbService) CreateApp(name string, pubkey string, maxAmountSat uint64, budgetRenewal string, expiresAt *time.Time, scopes []string) (*App, string, error) {
+func (svc *dbService) CreateApp(name string, pubkey string, maxAmountSat uint64, budgetRenewal string, expiresAt *time.Time, scopes []string, isolated bool) (*App, string, error) {
+	if isolated && (slices.Contains(scopes, constants.GET_INFO_SCOPE)) {
+		// cannot return node info because the isolated app is a custodial subaccount
+		return nil, "", errors.New("Isolated app cannot have get_info scope")
+	}
+	if isolated && (slices.Contains(scopes, constants.SIGN_MESSAGE_SCOPE)) {
+		// cannot sign messages because the isolated app is a custodial subaccount
+		return nil, "", errors.New("Isolated app cannot have sign_message scope")
+	}
+
 	var pairingPublicKey string
 	var pairingSecretKey string
 	if pubkey == "" {
@@ -39,7 +51,7 @@ func (svc *dbService) CreateApp(name string, pubkey string, maxAmountSat uint64,
 		}
 	}
 
-	app := App{Name: name, NostrPubkey: pairingPublicKey}
+	app := App{Name: name, NostrPubkey: pairingPublicKey, Isolated: isolated}
 
 	err := svc.db.Transaction(func(tx *gorm.DB) error {
 		err := tx.Save(&app).Error

diff --git a/db/models.go b/db/models.go
@@ -79,7 +79,7 @@ type Transaction struct {
 }
 
 type DBService interface {
-	CreateApp(name string, pubkey string, maxAmountSat uint64, budgetRenewal string, expiresAt *time.Time, scopes []string) (*App, string, error)
+	CreateApp(name string, pubkey string, maxAmountSat uint64, budgetRenewal string, expiresAt *time.Time, scopes []string, isolated bool) (*App, string, error)
 }
 
 const (

diff --git a/frontend/src/components/Permissions.tsx b/frontend/src/components/Permissions.tsx
@@ -65,10 +65,12 @@ const Permissions: React.FC<PermissionsProps> = ({
   }, [canEditPermissions, isNewConnection]);
 
   const [showBudgetOptions, setShowBudgetOptions] = React.useState(
-    permissions.scopes.has("pay_invoice")
+    //permissions.scopes.has("pay_invoice")
+    false
   );
   const [showExpiryOptions, setShowExpiryOptions] = React.useState(
-    isNewConnection ? !!permissions.expiresAt : true
+    false
+    // isNewConnection ? !!permissions.expiresAt : true
   );
 
   const handlePermissionsChange = React.useCallback(
@@ -80,9 +82,9 @@ const Permissions: React.FC<PermissionsProps> = ({
     [permissions, onPermissionsChange]
   );
 
-  const handleScopeChange = React.useCallback(
-    (scopes: Set<Scope>) => {
-      handlePermissionsChange({ scopes });
+  const onScopesChanged = React.useCallback(
+    (scopes: Set<Scope>, isolated: boolean) => {
+      handlePermissionsChange({ scopes, isolated });
     },
     [handlePermissionsChange]
   );
@@ -114,7 +116,8 @@ const Permissions: React.FC<PermissionsProps> = ({
         <Scopes
           capabilities={capabilities}
           scopes={permissions.scopes}
-          onScopesChanged={handleScopeChange}
+          isolated={permissions.isolated}
+          onScopesChanged={onScopesChanged}
         />
       ) : (
         <>
@@ -138,91 +141,98 @@ const Permissions: React.FC<PermissionsProps> = ({
           </div>
         </>
       )}
-      {permissions.scopes.has("pay_invoice") &&
-        (!isBudgetAmountEditable ? (
-          <div className="pl-4 ml-2 border-l-2 border-l-primary mb-4">
-            <div className="flex flex-col gap-2 text-muted-foreground text-sm">
-              <p className="capitalize">
-                <span className="text-primary-foreground font-medium">
-                  Budget Renewal:
-                </span>{" "}
-                {permissions.budgetRenewal || "Never"}
-              </p>
-              <p>
-                <span className="text-primary-foreground font-medium">
-                  Budget Amount:
-                </span>{" "}
-                {permissions.maxAmount
-                  ? new Intl.NumberFormat().format(permissions.maxAmount)
-                  : "∞"}
-                {" sats "}
-                {!isNewConnection &&
-                  `(${new Intl.NumberFormat().format(budgetUsage || 0)} sats used)`}
-              </p>
-            </div>
-          </div>
-        ) : (
-          <>
-            {!showBudgetOptions && (
-              <Button
-                type="button"
-                variant="secondary"
-                onClick={() => {
-                  handleBudgetMaxAmountChange(100000);
-                  setShowBudgetOptions(true);
-                }}
-                className={cn(
-                  "mr-4",
-                  (!isExpiryEditable || showExpiryOptions) && "mb-4"
-                )}
-              >
-                <PlusCircle className="w-4 h-4 mr-2" />
-                Set budget
-              </Button>
-            )}
-            {showBudgetOptions && (
-              <>
-                <BudgetRenewalSelect
-                  value={permissions.budgetRenewal}
-                  onChange={handleBudgetRenewalChange}
-                />
-                <BudgetAmountSelect
-                  value={permissions.maxAmount}
-                  onChange={handleBudgetMaxAmountChange}
-                />
-              </>
-            )}
-          </>
-        ))}
-
-      {!isExpiryEditable ? (
+      {!permissions.isolated && permissions.scopes.has("pay_invoice") && (
         <>
-          <p className="text-sm font-medium mb-2">Connection expiry</p>
-          <p className="text-muted-foreground text-sm">
-            {permissions.expiresAt &&
-            new Date(permissions.expiresAt).getFullYear() !== 1
-              ? new Date(permissions.expiresAt).toString()
-              : "This app will never expire"}
-          </p>
+          {!isBudgetAmountEditable ? (
+            <div className="pl-4 ml-2 border-l-2 border-l-primary mb-4">
+              <div className="flex flex-col gap-2 text-muted-foreground text-sm">
+                <p className="capitalize">
+                  <span className="text-primary-foreground font-medium">
+                    Budget Renewal:
+                  </span>{" "}
+                  {permissions.budgetRenewal || "Never"}
+                </p>
+                <p>
+                  <span className="text-primary-foreground font-medium">
+                    Budget Amount:
+                  </span>{" "}
+                  {permissions.maxAmount
+                    ? new Intl.NumberFormat().format(permissions.maxAmount)
+                    : "∞"}
+                  {" sats "}
+                  {!isNewConnection &&
+                    `(${new Intl.NumberFormat().format(budgetUsage || 0)} sats used)`}
+                </p>
+              </div>
+            </div>
+          ) : (
+            <>
+              {!showBudgetOptions && (
+                <Button
+                  type="button"
+                  variant="secondary"
+                  onClick={() => {
+                    handleBudgetMaxAmountChange(100000);
+                    setShowBudgetOptions(true);
+                  }}
+                  className={cn(
+                    "mr-4",
+                    (!isExpiryEditable || showExpiryOptions) && "mb-4"
+                  )}
+                >
+                  <PlusCircle className="w-4 h-4 mr-2" />
+                  Set budget
+                </Button>
+              )}
+              {showBudgetOptions && (
+                <>
+                  <BudgetRenewalSelect
+                    value={permissions.budgetRenewal}
+                    onChange={handleBudgetRenewalChange}
+                  />
+                  <BudgetAmountSelect
+                    value={permissions.maxAmount}
+                    onChange={handleBudgetMaxAmountChange}
+                  />
+                </>
+              )}
+            </>
+          )}
         </>
-      ) : (
+      )}
+
+      {!permissions.isolated && (
         <>
-          {!showExpiryOptions && (
-            <Button
-              type="button"
-              variant="secondary"
-              onClick={() => setShowExpiryOptions(true)}
-            >
-              <PlusCircle className="w-4 h-4 mr-2" />
-              Set expiration time
-            </Button>
-          )}
+          {!isExpiryEditable ? (
+            <>
+              <p className="text-sm font-medium mb-2">Connection expiry</p>
+              <p className="text-muted-foreground text-sm">
+                {permissions.expiresAt &&
+                new Date(permissions.expiresAt).getFullYear() !== 1
+                  ? new Date(permissions.expiresAt).toString()
+                  : "This app will never expire"}
+              </p>
+            </>
+          ) : (
+            <>
+              {!showExpiryOptions && (
+                <Button
+                  type="button"
+                  variant="secondary"
+                  onClick={() => setShowExpiryOptions(true)}
+                >
+                  <PlusCircle className="w-4 h-4 mr-2" />
+                  Set expiration time
+                </Button>
+              )}
 
-          {showExpiryOptions && (
-            <ExpirySelect
-              value={permissions.expiresAt}
-              onChange={handleExpiryChange}
-            />
+              {showExpiryOptions && (
+                <ExpirySelect
+                  value={permissions.expiresAt}
+                  onChange={handleExpiryChange}
+                />
+              )}
+            </>
           )}
         </>
       )}
-Original file line number
+Diff line change
@@ Expand Up @@
     		renewal,
     		nil,
     		scopes,
+    		false,
     	)
     	if err != nil {
@@ Expand Down @@