Merge pull request #421 from lightninglabs/lightning-uri

Lightning uri

Author: valentinewallace

public/electron.js

@@ -195,8 +195,6 @@ app.on('quit', () => {
 
 app.setAsDefaultProtocolClient(PREFIX_NAME);
 app.on('open-url', (event, url) => {
-  // event.preventDefault();
-  Logger.info(`open-url# ${url}`);
   win && win.webContents.send('open-url', url);
 });
 

src/action/index.js

@@ -25,7 +25,7 @@ store.init();
 
 export const db = new AppStorage(store, AsyncStorage);
 export const log = new LogAction(store, ipcRenderer);
-export const nav = new NavAction(store, ipcRenderer);
+export const nav = new NavAction(store);
 export const grpc = new GrpcAction(store, ipcRenderer);
 export const notify = new NotificationAction(store, nav);
 export const wallet = new WalletAction(store, grpc, db, nav, notify);
@@ -43,6 +43,8 @@ export const invoice = new InvoiceAction(
 export const payment = new PaymentAction(store, grpc, transaction, nav, notify);
 export const setting = new SettingAction(store, wallet, db);
 
+payment.listenForUrl(ipcRenderer);
+
 //
 // Init actions
 //

src/action/nav.js

@@ -1,12 +1,6 @@
-import * as log from './log';
-
 class NavAction {
-  constructor(store, ipcRenderer) {
+  constructor(store) {
     this._store = store;
-    ipcRenderer.on('open-url', (event, arg) => {
-      // TODO: Go to route
-      log.info('open-url', arg);
-    });
   }
 
   goLoader() {

src/action/payment.js

@@ -1,5 +1,12 @@
 import { PREFIX_URI } from '../config';
-import { toSatoshis, toAmount, parseSat } from '../helper';
+import {
+  toSatoshis,
+  toAmount,
+  parseSat,
+  isLnUri,
+  isAddress,
+  nap,
+} from '../helper';
 import * as log from './log';
 
 class PaymentAction {
@@ -11,6 +18,21 @@ class PaymentAction {
     this._notification = notification;
   }
 
+  listenForUrl(ipcRenderer) {
+    ipcRenderer.on('open-url', async (event, url) => {
+      log.info('open-url', url);
+      if (!isLnUri(url)) {
+        return;
+      }
+      while (!this._store.lndReady) {
+        this._tOpenUri = await nap(100);
+      }
+      this.init();
+      this.setAddress({ address: url.replace(PREFIX_URI, '') });
+      this.checkType();
+    });
+  }
+
   init() {
     this._store.payment.address = '';
     this._store.payment.amount = '';
@@ -33,8 +55,10 @@ class PaymentAction {
     }
     if (await this.decodeInvoice({ invoice: this._store.payment.address })) {
       this._nav.goPayLightningConfirm();
-    } else {
+    } else if (isAddress(this._store.payment.address)) {
       this._nav.goPayBitcoin();
+    } else {
+      this._notification.display({ msg: 'Invalid invoice or address' });
     }
   }
 

src/helper.js

@@ -180,6 +180,26 @@ export const reverse = src => {
   return buffer;
 };
 
+/**
+ * Basic uri validation before rendering. More thorough matching
+ * is done by lnd. This is just to mitigates XSS.
+ * @param  {string}  str The uri to validate
+ * @return {boolean}     If the uri is valid
+ */
+export const isLnUri = str => {
+  return /^lightning:ln[a-zA-Z0-9]*$/.test(str);
+};
+
+/**
+ * Basic bitcoin address validation. More thorough matching is
+ * done by lnd. This is just to mitigate XSS.
+ * @param  {string}  str The address to validate
+ * @return {boolean}     If the uri is valid
+ */
+export const isAddress = str => {
+  return /^[a-km-zA-HJ-NP-Z0-9]{26,35}$/.test(str);
+};
+
 /**
  * Check if the HTTP status code signals is successful
  * @param  {Object} response The fetch api's response object

test/unit/action/nav.spec.js

@@ -5,31 +5,19 @@ import NavAction from '../../../src/action/nav';
 describe('Action Nav Unit Tests', () => {
   let store;
   let sandbox;
-  let ipcRenderer;
   let nav;
 
   beforeEach(() => {
     sandbox = sinon.createSandbox({});
     sandbox.stub(log);
-    ipcRenderer = {
-      send: sinon.stub(),
-      on: sinon.stub().yields('some-event', 'some-arg'),
-    };
     store = new Store();
-    nav = new NavAction(store, ipcRenderer);
+    nav = new NavAction(store);
   });
 
   afterEach(() => {
     sandbox.restore();
   });
 
-  describe('constructor()', () => {
-    it('should listen to open-url event', () => {
-      expect(nav._store, 'to be ok');
-      expect(ipcRenderer.on, 'was called with', 'open-url');
-    });
-  });
-
   describe('goLoader()', () => {
     it('should set correct route', () => {
       nav.goLoader();

test/unit/action/payment.spec.js

@@ -1,10 +1,12 @@
+import { EventEmitter } from 'events';
 import { Store } from '../../../src/store';
 import GrpcAction from '../../../src/action/grpc';
 import PaymentAction from '../../../src/action/payment';
 import TransactionAction from '../../../src/action/transaction';
 import NotificationAction from '../../../src/action/notification';
 import NavAction from '../../../src/action/nav';
 import * as logger from '../../../src/action/log';
+import { nap } from '../../../src/helper';
 
 describe('Action Payments Unit Tests', () => {
   let store;
@@ -28,9 +30,48 @@ describe('Action Payments Unit Tests', () => {
   });
 
   afterEach(() => {
+    clearTimeout(payment.tOpenUri);
     sandbox.restore();
   });
 
+  describe('listenForUrl()', () => {
+    let ipcRendererStub;
+
+    beforeEach(() => {
+      ipcRendererStub = new EventEmitter();
+      payment.listenForUrl(ipcRendererStub);
+      sandbox.stub(payment, 'init');
+      sandbox.stub(payment, 'checkType');
+    });
+
+    it('should not navigate to payment view for invalid uri', () => {
+      const uri = 'invalid-uri';
+      ipcRendererStub.emit('open-url', 'some-event', uri);
+      expect(payment.init, 'was not called');
+    });
+
+    it('should navigate to payment view for valid uri and lndReady', () => {
+      store.lndReady = true;
+      const uri = 'lightning:lntb100n1pdn2e0app';
+      ipcRendererStub.emit('open-url', 'some-event', uri);
+      expect(payment.init, 'was called once');
+      expect(store.payment.address, 'to equal', 'lntb100n1pdn2e0app');
+      expect(payment.checkType, 'was called once');
+    });
+
+    it('should wait for lndReady', async () => {
+      store.lndReady = false;
+      const uri = 'lightning:lntb100n1pdn2e0app';
+      ipcRendererStub.emit('open-url', 'some-event', uri);
+      expect(payment.init, 'was not called');
+      store.lndReady = true;
+      await nap(300);
+      expect(payment.init, 'was called once');
+      expect(store.payment.address, 'to equal', 'lntb100n1pdn2e0app');
+      expect(payment.checkType, 'was called once');
+    });
+  });
+
   describe('init()', () => {
     it('should clear attributes and navigate to payment view', () => {
       store.payment.address = 'foo';
@@ -58,6 +99,41 @@ describe('Action Payments Unit Tests', () => {
     });
   });
 
+  describe('checkType()', () => {
+    beforeEach(() => {
+      sandbox.stub(payment, 'decodeInvoice');
+    });
+
+    it('should notify if address is empty', async () => {
+      payment.decodeInvoice.resolves(true);
+      await payment.checkType();
+      expect(notification.display, 'was called once');
+      expect(payment.decodeInvoice, 'was not called');
+    });
+
+    it('should decode successfully', async () => {
+      store.payment.address = 'some-address';
+      payment.decodeInvoice.resolves(true);
+      await payment.checkType();
+      expect(nav.goPayLightningConfirm, 'was called once');
+    });
+
+    it('should notify if not bitcoin address', async () => {
+      store.payment.address = 'some-address';
+      payment.decodeInvoice.resolves(false);
+      await payment.checkType();
+      expect(nav.goPayBitcoin, 'was not called');
+      expect(notification.display, 'was called once');
+    });
+
+    it('should navigate to bitcoin for valid address', async () => {
+      store.payment.address = 'rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
+      payment.decodeInvoice.resolves(false);
+      await payment.checkType();
+      expect(nav.goPayBitcoin, 'was called once');
+    });
+  });
+
   describe('decodeInvoice()', () => {
     it('should decode successfully', async () => {
       grpc.sendCommand.withArgs('decodePayReq').resolves({

test/unit/helper.spec.js

@@ -508,6 +508,53 @@ describe('Helpers Unit Tests', () => {
     });
   });
 
+  describe('isLnUri()', () => {
+    it('should accept lightning uri', () => {
+      const uri =
+        'lightning:lntb1500n1pdn2e0app5wlyxzspccpfvqmrtfr8p487xcch4hxtu2u0qzcke6mzpv222w8usdpa2fjkzep6ypxx2ap8wvs8qmrp0ysxzgrvd9nksarwd9hxwgrwv468wmmjdvsxwcqzysmr9jxv06zx53cyqa0sqntehy5tyrqu064xvw00qjep5f9gw57qcqp6qnpqyuprh90aqzfyf9ypq8uth7qte5ecjq0fng3y47mywwkfqq3megny';
+      expect(helpers.isLnUri(uri), 'to be', true);
+    });
+
+    it('should reject bitcoin uri', () => {
+      const uri = 'bitcoin:rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
+      expect(helpers.isLnUri(uri), 'to be', false);
+    });
+
+    it('should reject bitcoin address', () => {
+      const uri = 'rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
+      expect(helpers.isLnUri(uri), 'to be', false);
+    });
+
+    it('should reject lightning invoice', () => {
+      const uri =
+        'lntb1500n1pdn2e0app5wlyxzspccpfvqmrtfr8p487xcch4hxtu2u0qzcke6mzpv222w8usdpa2fjkzep6ypxx2ap8wvs8qmrp0ysxzgrvd9nksarwd9hxwgrwv468wmmjdvsxwcqzysmr9jxv06zx53cyqa0sqntehy5tyrqu064xvw00qjep5f9gw57qcqp6qnpqyuprh90aqzfyf9ypq8uth7qte5ecjq0fng3y47mywwkfqq3megny';
+      expect(helpers.isLnUri(uri), 'to be', false);
+    });
+
+    it('should mitigate xss', () => {
+      const uri =
+        'lightning:lntb1500n1<script>alert("XSS")</script>p487xcch4hxtu2u0qzcke6mzpv222w8usdpa2fjkzep6ypxx2ap8wvs8qmrp0ysxzgrvd9nksarwd9hxwgrwv468wmmjdvsxwcqzysmr9jxv06zx53cyqa0sqntehy5tyrqu064xvw00qjep5f9gw57qcqp6qnpqyuprh90aqzfyf9ypq8uth7qte5ecjq0fng3y47mywwkfqq3megny';
+      expect(helpers.isLnUri(uri), 'to be', false);
+    });
+  });
+
+  describe('isAddress()', () => {
+    it('should accept bitcoin uri', () => {
+      const address = 'rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
+      expect(helpers.isAddress(address), 'to be', true);
+    });
+
+    it('should reject invalid bitcoin uri', () => {
+      const address = '/INVALID/rfu4i1Mo2NF7TQsN9bMVLFSoj';
+      expect(helpers.isAddress(address), 'to be', false);
+    });
+
+    it('should mitigate xss', () => {
+      const address = 'rfu<script>alert("XSS")</script>';
+      expect(helpers.isAddress(address), 'to be', false);
+    });
+  });
+
   describe('checkHttpStatus()', () => {
     it('should throw error for 500', () => {
       const response = { status: 500, statusText: 'Boom!' };