Reviewers and testers wanted for OpenSats funded OSS Lightning project!
3918 sats \ 50k boost \ 12 comments \ @jowo 18 Dec 2023 bitcoin

Reviewers and testers wanted
This project has just moved out of alpha and into beta. It's time to polish things up and prepare the project for a stable release! Help wanted to get things across the line.

About the project:
A light-weight Lightning auth provider for your Next.js app that's entirely self-hosted and plugs seamlessly into the next-auth framework.
You can find the project on npm and GitHub

Technical review
Focus
If you're a JavaScript or TypeScript engineer, or have an understanding of React, OAuth, lnurl-auth, Next.js, next-auth or OSS in general, you can help by taking a look at the codebase and leaving your thoughts on:
In order of importance:
  • Security - are there any security concerns that I've overlooked?
  • Installation - do you have a Next.js app that uses next-auth? Install this package and let me know how it goes!
  • Use-cases - are there any use cases or scenarios that I should add support for?
  • Implementation - would you implement things differently in the codebase and why?
  • Any other suggestions
Avoid
At this late stage in the project development, please avoid small syntactical suggestions or opinionated coding style suggestions. No nit-picking please :)

Non-technical review
If you're not a coder, you can still help out.
Documentation
There are various README.md documents that need sense checking. Any typos that I've overlooked also need catching!
Here's a list of all the README.md files in the project.
Code comments
There are also many code comments dotted around the codebase. You can search for them on GitHub:
https://github.com/search?q=repo%3Ajowo-io%2Fnext-auth-lightning-provider+%28%22%2F%2F+%22+OR+%22%2F%2F++*%22%29+%28path%3A*.js+OR+path%3A*.ts+OR+path%3A*.jsx+OR+path%3A*.tsx%29&type=code
NOTE: you'll need a GitHub account to use the above link.

Rewards
All reviewers and testers will receive a shout out in the project's main README.md file. And of course, in the spirit of SN, you'll stack some sats!
Sats will be rewarded at my discretion, ranging from 1,000 up to 200,000+ depending on your level of contribution. Quality, not necessarily quantity, will also be considered. For example, if you find a high-severity bug that takes one line of code to fix you'll be rewarded based on the level of impact.

Leaving a review
I'd suggest opening an issue on GitHub before opening a PR, so feel free. Otherwise you can simply leave comments on here on SN.
write
preview
related posts
100 sats \ 0 replies \ @jowo OP 18 Dec 2023
There are also some URLs here for testing the project UI, but they may stop working once the free tier Vercel KV rate limit is hit so I'm posting them here in a comment instead of the main description:
Pages router with generic UI screens:
https://example-next-auth-lightning-provider-git-pr-generic-jowo.vercel.app/
App router with generic UI screens:
https://example-next-auth-lightning-provider-git-ar-generic-jowo.vercel.app/
Pages router with custom UI screens:
https://example-next-auth-lightning-provider-git-pr-custom-jowo.vercel.app/
App router with custom UI screens:
https://example-next-auth-lightning-provider-git-ar-custom-jowo.vercel.app/
reply
60k sats \ 5 replies \ @WeAreAllSatoshi 19 Dec 2023
status: 410, // return a 410 status so the client knows the session no longer exists
TIL, I don't think I've ever seen HTTP 410 used anywhere. Source
const lnurlEncode = // @ts-ignore
    (await import("lnurl/lib/encode.js")).default;
  const encoded = lnurlEncode(callbackUrl.toString()).toUpperCase();
This is an interesting approach to importing. Is it just for smaller bundles? Isn't this code executed server-side? Source
          copy.innerHTML = session.lnurl;
This seems unnecessarily risky. Any reason not to use textContent? Source
  1. Just a general comment - for being a TS project, I see a lot of typeof checks, any, type-casting, etc. I know you said no nit-picking, but I guess I can't help myself.
reply
0 sats \ 3 replies \ @jowo OP 25 Dec 2023
thanks again for your review, I'll be implementing some changes based off of your feedback over the holidays, and I've just boosted you 60k sats on this comment. many thanks and Happy Christmas!
reply
0 sats \ 2 replies \ @WeAreAllSatoshi 26 Dec 2023
Thank you for the sats, and you’re welcome for the review! Merry Christmas!
reply
0 sats \ 1 reply \ @hisatoshi 26 Dec 2023
Merry Christmas
reply
0 sats \ 0 replies \ @elysia 26 Dec 2023
deleted by author
reply
0 sats \ 0 replies \ @jowo OP 19 Dec 2023
great thanks for your feedback. I'll take a deeper look into the points you've made in the next few days and get back to you!
You've made a bunch of good point and I'll be making some amendments to the code based off the back of your feedback.
I'll post back here once I've done so and give a little more context on the changes and on your questions/points :)
reply
10 sats \ 0 replies \ @Rsync25 18 Dec 2023
I saw this project days ago. It is awesome!
Auth with LN.
reply
0 sats \ 1 reply \ @WeAreAllSatoshi 19 Dec 2023
In NextAuthLightningConfig.storage, what is the difference between set and update? They both seem to accept the same arguments and do the same thing. Semantically they might be different in that update should be used to replace an existing value, but does it throw if there isn't already an entry for k1? Is it supposed to? These two methods feel a bit redundant to me. Perhaps I am missing something, though.
reply
0 sats \ 0 replies \ @jowo OP 19 Dec 2023
In NextAuthLightningConfig.storage, what is the difference between set and update? They both seem to accept the same arguments and do the same thing. Semantically they might be different in that update should be used to replace an existing value, but does it throw if there isn't already an entry for k1? Is it supposed to? These two methods feel a bit redundant to me. Perhaps I am missing something, though.
this is a great point.
it's basically as you said, set is to create a new session, update is to modify and existing one. my goal was to ensure people had enough flexibilty with the storage methods to write them easily for any storage type, e.g. database, session store, document store, etc
but does it throw if there isn't already an entry for k1? Is it supposed to?
good points!
I'll have a ponder on this one.
reply
0 sats \ 1 reply \ @WeAreAllSatoshi 19 Dec 2023
Code comments There are also many code comments dotted around the codebase. You can search for them on GitHub:
What do you want people to do with these?
reply
0 sats \ 0 replies \ @jowo OP 19 Dec 2023
Code comments There are also many code comments dotted around the codebase. You can search for them on GitHub:
What do you want people to do with these?
just to sense check them and spot any typos. but tbh there aren't actually that many code comments, so it's not that important. however, i may go through the code and add additional comments to give context on some parts of the code
reply