omniauth-lightning 1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 040a37ee31c22a382c2fd4a8d393684d8adf3b02accca452ae83a27e1893a6b5
+  data.tar.gz: 5c7d0cc3b48357a841f8b29c92994dd0c46be6889ef596d3956e067f923ebbcb
+SHA512:
+  metadata.gz: df233b22170ea947d55e218a1cc9a5f07f00f70b71b6a1b57edc4d89fecb31fb0496ec4ba261f1379a301d61df81a94a089cc3a9832c584c6c80cc1f1f156b38
+  data.tar.gz: 70abfab149c5e438a5e82d76222457ec93c8291d766fc55ae49db781a1c1c2054f52219426b07bee4f3bfbc097a32be2786d0957c38934b07856a9ce621878b6

data/.gitignore

@@ -0,0 +1 @@
+pkg

data/Gemfile

@@ -0,0 +1,23 @@
+source 'https://rubygems.org'
+
+gemspec
+
+ruby '2.6.4'
+
+gem 'rake'
+
+group :test do
+  if Gem::Version.create(RUBY_VERSION) < Gem::Version.create("2.0.0")
+    # for jruby 1.7.x
+    gem "addressable", "2.4.0"
+  end
+
+  if Gem::Version.create(RUBY_VERSION) < Gem::Version.create("2.2.2")
+    gem "rack", "~> 1.6"
+  end
+
+  gem 'rspec', '~> 3.2'
+  gem 'rack-test'
+  gem 'simplecov'
+  gem 'webmock'
+end

data/Gemfile.lock

@@ -0,0 +1,87 @@
+PATH
+  remote: .
+  specs:
+    omniauth-lightning (1.0)
+      omniauth-oauth (~> 1.1)
+      rack
+      rest-client (~> 2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.3)
+    docile (1.3.2)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
+    hashdiff (1.0.0)
+    hashie (3.6.0)
+    http-accept (1.7.0)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2019.1009)
+    netrc (0.11.0)
+    oauth (0.5.4)
+    omniauth (1.9.0)
+      hashie (>= 3.4.6, < 3.7.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-oauth (1.1.0)
+      oauth
+      omniauth (~> 1.0)
+    public_suffix (4.0.3)
+    rack (2.2.2)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rake (13.0.1)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.2)
+    safe_yaml (1.0.5)
+    simplecov (0.18.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.6)
+    webmock (3.8.2)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  omniauth-lightning!
+  rack-test
+  rake
+  rspec (~> 3.2)
+  simplecov
+  webmock
+
+RUBY VERSION
+   ruby 2.6.4p104
+
+BUNDLED WITH
+   2.1.4

data/README.md

@@ -0,0 +1,85 @@
+# omniauth-lightning
+
+This gem implements an Omniauth strategy to login via the Lightning Network. It uses [LNPay.co]
+as the backend.
+
+Once integrated, users of your application can submit an invoice from their own node,
+this gem will decode the invoice to extract the pubkey of the user's node and use that pubkey
+as the UID of the user.
+
+Note that the user will submit Lightning Network invoices to your application, but your application
+won't need to pay them.
+
+## Installation
+
+Add to your `Gemfile`:
+
+```ruby
+gem 'omniauth-lightning'
+```
+
+and run `bundle install`.
+
+## Integration
+
+Next, tell OmniAuth about this provider. For a Rails app, your `config/initializers/omniauth.rb` file should look like this:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :lightning,
+    invoice_sats_amount: 1,
+    validating_text: 'my-app-auth-string',
+    lnpay_key: 'my-lnpay-key' # secret api key from https://lnpay.co/dashboard/developers
+end
+```
+
+This configuration will make the strategy require a `1 sat` invoice that includes the text `my-app-auth-string`
+to validate the invoice.
+
+### Configuration
+
+The following settings are available:
+```ruby
+:title                      # title of the rendered form that prompts user to submit their invoice
+:sats_amount                # amount of sats that the invoice should include
+:validating_text            # text that should be included in the invoice's description
+:invoice_max_age_in_seconds # maximum age of invoices that are accepted in seconds
+:lnpay_key                  # Key from LNPay.co to use to decode invoices
+```
+
+### Error keys
+
+The following errors might be returned from the gem; you might want to handle them on your
+application to display errors:
+
+```ruby
+:invalid_invoice                 # invoice invalid
+:invoice_without_required_amount # invoice wasn't for the amount specified on :sats_amount
+:invoice_without_required_text   # invoice didn't include the required text specified on :validating_text
+:old_invoice                     # invoice is older than :invoice_max_age_in_seconds
+:custodial_wallet                # invoice was generated by a custodial wallet
+```
+
+## Customizing Invoice Form
+
+To use your own custom invoice form, create a form that POSTs to '/auth/lightning/callback' with `invoice`.
+
+```erb
+<%= form_tag '/auth/lightning/callback' do |f| %>
+  <h1>Submit your invoice</h1>
+  <%= text_field_tag :invoice %>
+  <%= submit_tag %>
+<% end %>
+```
+
+## Example app
+
+If you want to see an app using this gem, checkout [bitcoiners-best]. To see a live version of this, checkout https://bitcoiners.best/
+
+## Author
+
+Written by [@pablof7z].
+
+[LNPay.co]: https://lnpay.co
+[bitcoiners-best]: https://github.com/bitcoiners-Best/bitcoinersbest
+[@pablof7z]: https://twitter.com/pablof7z

data/Rakefile

@@ -0,0 +1 @@
+require 'bundler/gem_tasks'

data/lib/omniauth-lightning.rb

@@ -0,0 +1,2 @@
+require "omniauth-lightning/version"
+require 'omniauth/strategies/lightning'

data/lib/omniauth-lightning/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Lightning
+    VERSION = "1.0"
+  end
+end

data/lib/omniauth/strategies/lightning.rb

@@ -0,0 +1,117 @@
+require 'omniauth-oauth'
+require 'json'
+
+module OmniAuth
+  module Strategies
+    class Lightning
+      include OmniAuth::Strategy
+
+      option :title, 'Lightning Network Verification'
+      option :sats_amount, 10
+      option :validating_text, 'invoice-for-auth'
+      option :invoice_max_age_in_seconds, 1800
+      option :lnpay_key, 'pak_O0iUMxk8kK_qUzkT4YKFvp1ZsUtp'
+      option :fields, [:pubkey]
+
+      uid { @pubkey }
+
+      info do
+        {
+          pubkey: @pubkey,
+          description: @description
+        }
+      end
+
+      def request_phase
+        if options[:on_login]
+          options[:on_login].call(self.env)
+        else
+          OmniAuth::Form.build(
+            title: (options[:title]),
+            url: callback_path
+          ) do |f|
+            f.html """
+                <p>
+                  Create an invoice for #{options[:invoice_sats_amount]}
+                  satoshis that starts with \"#{options[:validating_text]}\".
+                </p>
+              """
+            f.text_field 'Invoice', 'invoice'
+          end.to_response
+        end
+      end
+
+      def callback_phase
+        r = validate_invoice!(request['invoice'])
+
+        if r == :ok
+          super
+        else
+          return fail!(*r)
+        end
+      end
+
+      private
+
+      def invalid_invoice(data)
+        !data || data['error']
+      end
+
+      def invoice_without_required_amount(data)
+        data['num_satoshis'].to_i != options[:sats_amount]
+      end
+
+      def invoice_without_required_text(data)
+        !data['description'].downcase.include?(options[:validating_text].downcase)
+      end
+
+      def invoice_too_old(data)
+        Time.at(data['timestamp'].to_i) < Time.now - options[:invoice_max_age_in_seconds].to_i
+      end
+
+      def invoice_from_custodial_wallet(data)
+        CUSTODIAL_PUBKEYS.include?(data['destination'])
+      end
+
+      def validate_invoice!(invoice)
+        data = decode_invoice(invoice)
+
+        case
+        when invalid_invoice(data)
+          return :invalid_invoice, ((data && data['error']) ? Exception.new(data['error']) : nil)
+        when invoice_without_required_amount(data)
+          return :invoice_without_required_amount,
+                 Exception.new("Invoice amount is #{data['num_satoshis']}; " \
+                  "should have been #{options[:sats_amount]}")
+        when invoice_without_required_text(data)
+          return :invoice_without_required_text,
+                 Exception.new("Invoice's description is '#{data['description']}'; " \
+                 "should have text '#{options[:validating_text]}'")
+        when invoice_too_old(data)
+          return :old_invoice
+        when invoice_from_custodial_wallet(data)
+          return :custodial_wallet
+        end
+
+        @pubkey = data['destination']
+        @description = data['description']
+
+        return :ok
+      end
+
+      def decode_invoice(invoice)
+        response = RestClient.get("https://#{options[:lnpay_key]}@lnpay.co/v1/node/default/payments/decodeinvoice", params: { payment_request: invoice })
+
+        JSON.parse(response.body)
+      end
+    end
+  end
+end
+
+CUSTODIAL_PUBKEYS = [
+  '03021c5f5f57322740e4ee6936452add19dc7ea7ccf90635f95119ab82a62ae268', # bluewallet
+  '02004c625d622245606a1ea2c1c69cfb4516b703b47945a3647713c05fe4aaeb1c', # WalletOfSatoshi.com
+  '03c2abfa93eacec04721c019644584424aab2ba4dff3ac9bdab4e9c97007491dda', # tippin.me
+  '031015a7839468a3c266d662d5bb21ea4cea24226936e2864a7ca4f2c3939836e0', # Breez
+  '02a59dd887d4396178325ffb3f54b7fcb9ada9dd0d615caea2f2306d92a3692f6e', # dropbit.app
+].freeze

data/omniauth-lightning.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "omniauth-lightning/version"
+
+Gem::Specification.new do |s|
+  s.name        = "omniauth-lightning"
+  s.version     = OmniAuth::Lightning::VERSION
+  s.authors     = ["Pablo Fernandez"]
+  s.email       = ["pfer@me.com"]
+  s.homepage    = "https://github.com/heelhook/omniauth-lightning"
+  s.description = %q{OmniAuth strategy for Lightning Network}
+  s.summary     = s.description
+  s.license     = "MIT"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  s.required_ruby_version = Gem::Requirement.new('>= 1.9.3')
+  s.add_dependency 'omniauth-oauth', '~> 1.1'
+  s.add_dependency 'rest-client', '~> 2'
+  s.add_dependency 'rack'
+  # s.add_development_dependency 'bundler', '~> 2.1'
+end

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-lightning
+version: !ruby/object:Gem::Version
+  version: '1.0'
+platform: ruby
+authors:
+- Pablo Fernandez
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-02-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OmniAuth strategy for Lightning Network
+email:
+- pfer@me.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- lib/omniauth-lightning.rb
+- lib/omniauth-lightning/version.rb
+- lib/omniauth/strategies/lightning.rb
+- omniauth-lightning.gemspec
+homepage: https://github.com/heelhook/omniauth-lightning
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.6
+signing_key: 
+specification_version: 4
+summary: OmniAuth strategy for Lightning Network
+test_files: []