pull down to refresh

Reviewers and testers wanted

This project has just moved out of alpha and into beta. It's time to polish things up and prepare the project for a stable release! Help wanted to get things across the line.

About the project:

A light-weight Lightning auth provider for your Next.js app that's entirely self-hosted and plugs seamlessly into the next-auth framework.
You can find the project on npm and GitHub

Technical review

Focus
If you're a JavaScript or TypeScript engineer, or have an understanding of React, OAuth, lnurl-auth, Next.js, next-auth or OSS in general, you can help by taking a look at the codebase and leaving your thoughts on:
In order of importance:
  • Security - are there any security concerns that I've overlooked?
  • Installation - do you have a Next.js app that uses next-auth? Install this package and let me know how it goes!
  • Use-cases - are there any use cases or scenarios that I should add support for?
  • Implementation - would you implement things differently in the codebase and why?
  • Any other suggestions
Avoid
At this late stage in the project development, please avoid small syntactical suggestions or opinionated coding style suggestions. No nit-picking please :)

Non-technical review

If you're not a coder, you can still help out.
Documentation
There are various README.md documents that need sense checking. Any typos that I've overlooked also need catching!
Here's a list of all the README.md files in the project.
Code comments
There are also many code comments dotted around the codebase. You can search for them on GitHub:
NOTE: you'll need a GitHub account to use the above link.

Rewards

All reviewers and testers will receive a shout out in the project's main README.md file. And of course, in the spirit of SN, you'll stack some sats!
Sats will be rewarded at my discretion, ranging from 1,000 up to 200,000+ depending on your level of contribution. Quality, not necessarily quantity, will also be considered. For example, if you find a high-severity bug that takes one line of code to fix you'll be rewarded based on the level of impact.

Leaving a review

I'd suggest opening an issue on GitHub before opening a PR, so feel free. Otherwise you can simply leave comments on here on SN.
status: 410, // return a 410 status so the client knows the session no longer exists
TIL, I don't think I've ever seen HTTP 410 used anywhere. Source
const lnurlEncode = //
This is an interesting approach to importing. Is it just for smaller bundles? Isn't this code executed server-side? Source
copy.innerHTML = session.lnurl;
This seems unnecessarily risky. Any reason not to use textContent? Source
  1. Just a general comment - for being a TS project, I see a lot of typeof checks, any, type-casting, etc. I know you said no nit-picking, but I guess I can't help myself.
reply
thanks again for your review, I'll be implementing some changes based off of your feedback over the holidays, and I've just boosted you 60k sats on this comment. many thanks and Happy Christmas!
reply
Thank you for the sats, and you’re welcome for the review! Merry Christmas!
reply
Merry Christmas
reply
deleted by author
reply
great thanks for your feedback. I'll take a deeper look into the points you've made in the next few days and get back to you!
You've made a bunch of good point and I'll be making some amendments to the code based off the back of your feedback.
I'll post back here once I've done so and give a little more context on the changes and on your questions/points :)
reply
I saw this project days ago. It is awesome!
Auth with LN.
reply
Code comments There are also many code comments dotted around the codebase. You can search for them on GitHub:
What do you want people to do with these?
reply
Code comments There are also many code comments dotted around the codebase. You can search for them on GitHub:
What do you want people to do with these?
just to sense check them and spot any typos. but tbh there aren't actually that many code comments, so it's not that important. however, i may go through the code and add additional comments to give context on some parts of the code
reply
In NextAuthLightningConfig.storage, what is the difference between set and update? They both seem to accept the same arguments and do the same thing. Semantically they might be different in that update should be used to replace an existing value, but does it throw if there isn't already an entry for k1? Is it supposed to? These two methods feel a bit redundant to me. Perhaps I am missing something, though.