schmidt1024/xmrpay.link
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: schmidt1024:ec99e097c2714969af1688b4a1a6e903aec29907
Branches Tags
schmidt1024:master
schmidt1024:v1.2.2 schmidt1024:v1.2.1 schmidt1024:v1.2.0 schmidt1024:v1.1.1 schmidt1024:v1.1.0 schmidt1024:v1.0.3 schmidt1024:v1.0.2 schmidt1024:v1.0.1 schmidt1024:v1.0.0
..
compare: schmidt1024:v1.0.1
Branches Tags
schmidt1024:master
schmidt1024:v1.2.2 schmidt1024:v1.2.1 schmidt1024:v1.2.0 schmidt1024:v1.1.1 schmidt1024:v1.1.0 schmidt1024:v1.0.3 schmidt1024:v1.0.2 schmidt1024:v1.0.1 schmidt1024:v1.0.0

60 Commits
ec99e097c2 ... v1.0.1

Author SHA1 Message Date
Alexander Schmidt
dc5582aa04 Point source links to GitHub repo
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
2026-03-27 09:11:29 +01:00
Alexander Schmidt
643ced23e9 Fix GitHub Actions: add DOCKER environment, use Node.js 24 2026-03-27 09:09:38 +01:00
Alexander Schmidt
64eee4ebc5 Add Docker self-hosting and CI/CD pipeline 
- Dockerfile: Caddy + PHP-FPM + app in single Alpine container
- Caddyfile: auto-HTTPS, security headers, short URL rewrite
- docker-compose.yml: app + Watchtower for auto-updates
- install.sh: one-liner for fresh VPS setup
- GitHub Actions: build & push to Docker Hub + GHCR on tag

Self-host with:
  curl -sL https://xmrpay.link/install.sh | sh -s your-domain.com
 2026-03-27 08:26:30 +01:00
Alexander Schmidt
5212f586c7 Auto-inject version from git tags in deploy 
Reads version from git describe, injects into i18n.js and index.html
before minification. No manual version bumping needed.
Tag with: git tag v1.1.0
 2026-03-27 08:06:57 +01:00
Alexander Schmidt
6fcc063ad9 Add version number to footer and fix line-height 2026-03-27 08:02:54 +01:00
Alexander Schmidt
2e71959fd1 Add line break in footer i18n string 2026-03-27 07:58:33 +01:00
Alexander Schmidt
25cb0e1a5d Fix deploy permissions and exclude credentials 
- Add --chmod=D755,F644 to rsync (HestiaCP PHP-FPM needs world-readable)
- Exclude scripts/.deploy.env from deploy (contains server credentials)
 2026-03-27 07:55:54 +01:00
Alexander Schmidt
83e7d43a74 Add CSP, SRI, and auto-hash deploy pipeline 
- Content Security Policy via <meta> tag (blocks exfiltration to foreign domains)
- Subresource Integrity on all static and dynamically loaded scripts
- Nginx security headers snippet (HSTS, CSP, frame-ancestors on all responses)
- Auto-minify and SRI hash update in deploy.sh (prevents stale hashes)
 2026-03-27 07:51:01 +01:00
Alexander Schmidt
2a3cc5682c Clarify trust model and wallet-native default in README 2026-03-26 15:28:29 +01:00
Alexander Schmidt
3aa8277530 Add wallet URI copy and shortlink trust toggle 2026-03-26 15:11:11 +01:00
Alexander Schmidt
6f43f34d68 Fix deploy dry-run flag and generalize env example 2026-03-26 14:52:31 +01:00
Alexander Schmidt
77bf794b73 Harden deployment with data backups and restore script 2026-03-26 14:25:35 +01:00
Alexander Schmidt
94c8ecb2aa Add deploy env ignore and example template 2026-03-26 14:15:04 +01:00
Alexander Schmidt
32d509fe9d Harden deploy script config handling 2026-03-26 14:07:07 +01:00
Alexander Schmidt
8ae736bbad Add safe deploy script preserving data directory 2026-03-26 13:55:59 +01:00
Alexander Schmidt
d01b7d0d27 Align privacy rate-limit wording with implementation 2026-03-26 13:53:07 +01:00
Alexander Schmidt
dddda450a7 Update privacy terms: no persistent IP records 2026-03-26 13:48:40 +01:00
Alexander Schmidt
758b2f3589 Preserve absolute invoice deadline across reloads 2026-03-26 13:43:30 +01:00
Alexander Schmidt
69f173bc2f Keep short URL in share field when loaded via short link 2026-03-26 13:40:16 +01:00
Alexander Schmidt
3dd1e55432 Refresh pending proof confirmations on status lookup 2026-03-26 13:28:40 +01:00
Alexander Schmidt
4b0cd3aaab Fix short link integrity check for code parameter 2026-03-26 13:26:05 +01:00
Alexander Schmidt
1e2ea6c24d Bump asset versions and rotate service worker cache 2026-03-26 13:24:18 +01:00
Alexander Schmidt
f6edc4cb58 Fix false short URL integrity warning 2026-03-26 13:22:34 +01:00
Alexander Schmidt
09a5ef703c Add yellow favicon badge for pending invoices 2026-03-26 13:20:11 +01:00
Alexander Schmidt
85039402a7 Regenerate minified translations for pending proof status 2026-03-26 13:15:33 +01:00
Alexander Schmidt
a2c3d8dd00 Add document-and-coin favicon concept and sync paid favicon state 2026-03-26 13:10:30 +01:00
Alexander Schmidt
9cc50188c0 Update README: mark auto-cleanup as complete, add Invoice Lifecycle section 2026-03-26 11:03:59 +01:00
Alexander Schmidt
0049077605 Add type annotations to fix Intelephense type checking errors 2026-03-26 11:03:15 +01:00
Alexander Schmidt
31623fd03e Update cache-busting version to 20260326-2 for cleanup feature 2026-03-26 11:02:20 +01:00
Alexander Schmidt
ee0d0d4124 Implement lazy-cleanup for expired invoices with deadline-based deletion 2026-03-26 11:01:32 +01:00
Alexander Schmidt
c4e3f3cd15 Add deadline cleanup feature to roadmap 2026-03-26 10:54:21 +01:00
Alexander Schmidt
6fd2d05163 Add cache-busting version params for frontend assets 2026-03-26 10:11:13 +01:00
Alexander Schmidt
d2684c3638 Fix paid/pending invoice status UI and date handling 2026-03-26 10:06:08 +01:00
Alexander Schmidt
dc330d2367 refactor: reuse shared style.css and language switcher on privacy page 2026-03-26 08:01:59 +01:00
Alexander Schmidt
2263fbf659 fix: harden PHP type handling across all endpoints 2026-03-26 07:57:11 +01:00
Alexander Schmidt
5d38946c53 feat: add multilingual privacy and terms page + footer link 2026-03-26 07:50:57 +01:00
Alexander Schmidt
59375e647c fix: footer 'Minimal Backend' → 'No Tracking' 2026-03-26 07:39:55 +01:00
Alexander Schmidt
761df8d26b fix: remove duplicate <?php tag in verify.php (HTTP 500) 2026-03-26 07:36:35 +01:00
Alexander Schmidt
4ac12eb083 feat: confirmation-aware TX verification (10-conf threshold) 
- 0-9 confs: show amber 'Pending/N/10' stamp on QR, auto-poll every 60s
- ≥10 confs: show green 'Paid' stamp (Monero standard lock)
- verify.php: store status ('pending'|'paid'), allow upward updates
- i18n: add status_pending + proof_confirmed_pending (all 7 langs)
- style.css: add .proof-result.warning, .pending-stamp, .qr-container.confirming
- Polling stops on resetForm; short-URL viewers also poll verify.php
 2026-03-26 07:30:43 +01:00
Alexander Schmidt
403a08479c fix: remove duplicate <?php tag in check-short.php 2026-03-26 07:15:28 +01:00
Alexander Schmidt
2c3a8a0584 Security hardening: rate limiting, atomic locks, origin check, honest docs 
API / Security:
- Add api/_helpers.php: shared send_security_headers(), verify_origin(),
  get_hmac_secret(), check_rate_limit(), read_json_locked(), write_json_locked()
- shorten.php: remove Access-Control-Allow-Origin:*, restrict to same-origin,
  rate-limit 20 req/h per IP, atomic JSON read+lock, HMAC secret from file
- verify.php: rate-limit GET (30/min) and POST (10/h) per IP, atomic lock,
  prevent overwriting existing proofs, origin check on POST
- node.php: fix rate limit from 1000 to 60 req/min, add security headers,
  origin check
- check-short.php: add security headers, re-derive signature server-side
- s.php: use file-based HMAC secret via get_hmac_secret(), hash_equals()
  for timing-safe comparison

Service Worker:
- sw.js: navigation requests (mode=navigate) never served from cache;
  network-first with offline fallback to prevent stale invoice state

Documentation (honest claims):
- README: tagline "No backend" -> "No tracking"; new Architecture table
  listing exactly what server sees for each feature; Security Model section
- index.html: meta description and footer updated from "No Backend" to
  "Minimal Backend"
- i18n.js footer: already updated in previous commit
 2026-03-26 07:13:02 +01:00
Alexander Schmidt
7e325abf7d Security: Add HMAC validation for short URLs + improve privacy documentation 
- Implement HMAC-SHA256 signatures on short URLs to detect server-side tampering
- Add client-side signature verification with hostname-derived secret
- New API endpoint: /api/check-short.php for integrity verification
- Update verify.php with privacy notice (addresses not stored)
- Update README to clarify minimal backend requirement (short URLs, rate caching, proof storage)
- Add toast warning when signature mismatch detected
- Support both old and new format in s.php for backward compatibility
- Update all i18n translations (EN, DE, FR, IT, ES, PT, RU)

Addresses security concern: Server compromise could previously result in address
substitution for short-linked invoices. Now client-side verification detects tampering.
 2026-03-26 06:52:20 +01:00
Alexander Schmidt
c1bd97948c docs: update README — 7 languages, 8 currencies, remove completed roadmap items 2026-03-25 18:28:35 +01:00
Alexander Schmidt
bde0e6f7e4 feat: more currencies, auto-detection, globe-only language toggle 
- Add GBP, JPY, RUB, BRL currencies
- Auto-detect currency from browser locale (de-CH→CHF, ru→RUB, etc.)
- USD as default fallback
- Language toggle: globe icon only (compact on mobile), full names in dropdown
- Countdown text updates on language switch
- CoinGecko proxy supports dynamic currency list
 2026-03-25 18:25:27 +01:00
Alexander Schmidt
e7f3451f82 feat: 7 languages — EN, DE, FR, IT, ES, PT, RU 
- Full translations for all UI strings in 7 languages
- Language picker shows native names (Français, Italiano, Español, Português, Русский)
- Auto-detection via navigator.languages
- Cyrillic font subset for Russian (Inter, 19KB)
- Footer shared across all languages (untranslated links)
 2026-03-25 18:15:07 +01:00
Alexander Schmidt
4c93e335f3 feat: Tor hidden service, PDF paid details, subaddress placeholder 
- Tor onion: mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion
- Onion link in footer and README
- PDF "BEZAHLT" block shows TX hash + date in second line
- Address placeholder 8... (encourages subaddress usage)
 2026-03-25 17:37:19 +01:00
Alexander Schmidt
e36ec77bcd fix: PDF approx symbol — use ~ instead of unicode ≈ (unsupported by jsPDF Helvetica) 2026-03-25 17:23:32 +01:00
Alexander Schmidt
506c70e4b8 docs: rewrite README in English for release 
- Complete English README with feature overview, tech stack, project structure
- Self-hosting instructions and security notes
- Accent color contrast fix (--accent-text for text on dark backgrounds)
- CoinGecko rates proxy: User-Agent header + 2min server-side cache
 2026-03-25 17:21:37 +01:00
Alexander Schmidt
787168b248 perf: 100% Lighthouse score — contrast, CLS, caching fixes 
- Font preload eliminates layout shift (CLS 0)
- Dual accent colors: --accent for filled buttons, --accent-text for text on dark bg
- All WCAG AA contrast ratios met (buttons, links, badges, countdown)
- Language picker: position absolute instead of fixed
- CoinGecko rates proxied with 2min server-side cache (no CORS, no rate limit)
- English as default inline text (no empty→text shift)
 2026-03-25 17:18:41 +01:00
Alexander Schmidt
cf3c43ff67 perf: eliminate CLS with inline default text, EN as default language 
- All visible text pre-rendered in HTML (no empty→text shift)
- English as default language (i18n fallback + HTML inline text)
- German auto-detected via navigator.languages for DE browsers
- font-display: optional (no font-swap shift)
- Disabled button contrast fix (#a0a0a0 on #3a2215, 7.2:1)
- CoinGecko rates proxied via /api/rates.php with User-Agent
 2026-03-25 17:08:11 +01:00
Alexander Schmidt
8d3e37239f perf: CoinGecko proxy, font-display optional, contrast fix 
- Route CoinGecko API through /api/rates.php to avoid CORS blocks
- font-display: optional eliminates font-swap layout shifts (CLS ~0)
- Disabled button contrast: #bbb on #5a3520 (5.8:1 ratio)
- Nginx font caching: 1 year, immutable
 2026-03-25 17:00:20 +01:00
Alexander Schmidt
6a9a5b6a75 perf: self-host fonts, eliminate CLS, a11y and contrast fixes 
- Self-host Inter and JetBrains Mono (woff2, 69KB total)
- Remove Google Fonts dependency entirely (no external requests)
- Service Worker pre-caches font files
- Eliminate font-swap layout shifts
- WCAG contrast fix: disabled button uses solid color instead of opacity
- Footer link always underlined for distinguishability
- Translated aria-labels via data-i18n-aria
- Dimmed QR with "Bezahlt" stamp on paid invoices
- Hide wallet/address buttons when invoice is paid
 2026-03-25 16:56:10 +01:00
Alexander Schmidt
8bcdb33fa3 feat: UI polish, a11y, performance optimizations 
- Payment summary card with prominent amount display
- "Bezahlt" stamp over dimmed QR code with TX details below
- Hide wallet/address buttons when paid, show only PDF
- URI box removed (was technical noise)
- Smart countdown: "29 Tage, 23 Std." instead of ticking seconds
- Dynamic page title for shared invoices
- Font fallbacks with size-adjust to prevent layout shifts
- Async Google Fonts loading, proper preconnect hints
- Deferred script loading (defer attribute)
- Minified JS (app.min.js, i18n.min.js)
- WCAG contrast fixes for badges and disabled button
- Footer link always underlined for a11y
- Translated aria-labels via data-i18n-aria
- i18n onChange callback for dynamic content updates
- Result card fade-in animation, responsive QR on mobile
 2026-03-25 16:50:55 +01:00
Alexander Schmidt
b8f2e24a42 feat: PDF invoice, payment summary, UI polish 
- PDF invoice generation with jsPDF (lazy-loaded, includes paid status)
- Payment summary card: amount, fiat equivalent, description prominently displayed
- URI box hidden behind collapsible "Show Monero URI" details
- Smart countdown: "29 Tage, 23 Std." instead of ticking seconds
- Dynamic page title: "0.017 XMR — Rechnung #42 | xmrpay.link"
- Result card fade-in animation
- Responsive QR code on mobile
- Rename .btn-monitor to .btn-proof
- "In Wallet öffnen" unified as <button>
 2026-03-25 16:32:50 +01:00
Alexander Schmidt
cf1b06b5c9 feat: Monero coin favicon with paid indicator 
- Official Monero coin logo as SVG favicon
- Dynamic green dot badge on favicon when invoice is paid
- Paid status shown both in page content and browser tab
 2026-03-25 09:52:22 +01:00
Alexander Schmidt
270a4a79a6 fix: store TX proof under correct invoice code 
The proof was being stored under a newly generated short URL code
instead of the original invoice code. Now tracks invoiceCode from
the hash parameter (c=CODE) or from the first shortenUrl call.
 2026-03-25 09:45:54 +01:00
Alexander Schmidt
32245fccdf feat: replace view-key monitor with TX proof verification 
Remove v2 view-key payment monitor (privacy concern — nobody should
enter their private view key on a website). Replace with TX proof
verification where the sender provides TX Hash + TX Key from their
wallet. The proof is cryptographically verified client-side and
stored with the invoice for persistent "Paid" status.

- Remove monitor.js and all view-key monitoring UI/logic
- Add TX proof section: sender enters TX Hash + TX Key
- Client-side verification via check_tx_key equivalent (noble-curves)
- api/verify.php stores/retrieves payment proofs per invoice
- Short URL redirect now includes invoice code for status lookup
- Invoice link shows "Paid" badge once proof is verified
- Deadline badges (7/14/30 days) for payment terms
 2026-03-25 09:37:09 +01:00
Alexander Schmidt
1acf990943 feat: v2 — view-key payment confirmation with live monitoring 
- Payment monitor: enter private view key to track incoming payments
- Scans mempool + last 100 blocks via PHP proxy with 4-node failover
- Lightweight crypto: 30KB noble-curves bundle (Ed25519 + Keccak-256)
- Subaddress support (network byte 42 detection, a*D validation)
- Confirmation progress bar (0-10 confirmations)
- Underpayment detection
- Deadline badges (7/14/30 days) replacing minutes input
- QR code: standard colors (black on white) for wallet scanner compatibility
- QR hint positioned below QR code
- View key masked input, never stored or transmitted
 2026-03-25 09:09:46 +01:00
Alexander Schmidt
35552b7dff fix: streamline result UI — wallet button, clickable QR, autofill fix 
- Replace "Link kopieren" + "QR speichern" with "In Wallet öffnen" button
- QR code clickable to save as PNG with subtle hint text
- Fix chromium autofill overriding dark input backgrounds
- Center button text and remove underline on link-buttons
 2026-03-24 18:16:23 +01:00
Alexander Schmidt
bd796e46dc feat: complete v1 — QR invoice generator with i18n, short URLs, offline support 
- XMR address validation (standard, subaddress, integrated)
- Amount in XMR/EUR/USD/CHF with CoinGecko conversion
- QR code generation with monero: URI
- Shareable short URLs (/s/abc123) via self-hosted PHP backend
- i18n (DE/EN) with browser language detection
- Service worker for offline capability
- Dark mode, responsive design
 2026-03-24 16:38:44 +01:00
20 changed files with 650 additions and 26 deletions
Expand all files Collapse all files

12
.dockerignore Normal file
View File

@@ -0,0 +1,12 @@
.git
data/
scripts/
branding/
README.md
LICENSE
nginx-security-headers.conf
docker-compose.yml
.dockerignore
.gitignore
app.js
i18n.js

98
.github/workflows/docker.yml vendored Normal file
View File

@@ -0,0 +1,98 @@
name: Build & Push Docker Image
on:
push:
tags:
- 'v*'
env:
IMAGE_NAME: xmrpay
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
jobs:
build:
runs-on: ubuntu-latest
environment: DOCKER
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract version from tag
id: version
run: echo "version=${GITHUB_REF_NAME#v}" >> "$GITHUB_OUTPUT"
- name: Inject version into source
run: |
sed -i "s|VERSION = '[^']*'|VERSION = '${{ steps.version.outputs.version }}'|" i18n.js
sed -i -E "s|(<span class=\"version\">v)[^<]*(</span>)|\1${{ steps.version.outputs.version }}\2|" index.html
- name: Minify JS
run: |
npm i -g terser
terser app.js -c -m -o app.min.js
terser i18n.js -c -m -o i18n.min.js
- name: Update SRI hashes
run: |
sri() { echo "sha384-$(openssl dgst -sha384 -binary "$1" | openssl base64 -A)"; }
H_STYLE=$(sri style.css)
H_QRCODE=$(sri lib/qrcode.min.js)
H_I18N=$(sri i18n.min.js)
H_JSPDF=$(sri lib/jspdf.min.js)
H_CRYPTO=$(sri lib/xmr-crypto.bundle.js)
# Update dynamic SRI in app.js and re-minify
sed -i -E \
-e "s|(jspdf\.min\.js.*integrity\s*=\s*')sha384-[A-Za-z0-9+/=]+|\1${H_JSPDF}|" \
-e "s|(xmr-crypto\.bundle\.js.*integrity\s*=\s*')sha384-[A-Za-z0-9+/=]+|\1${H_CRYPTO}|" \
app.js
terser app.js -c -m -o app.min.js
H_APP=$(sri app.min.js)
# Update index.html
sed -i -E \
-e "s|(style\.css[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${H_STYLE}|" \
-e "s|(qrcode\.min\.js[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${H_QRCODE}|" \
-e "s|(i18n\.min\.js[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${H_I18N}|" \
-e "s|(app\.min\.js[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${H_APP}|" \
index.html
# Update privacy.html
sed -i -E \
-e "s|(style\.css[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${H_STYLE}|" \
privacy.html
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: |
schmidt1024/${{ env.IMAGE_NAME }}:latest
schmidt1024/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}
ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}
cache-from: type=gha
cache-to: type=gha,mode=max

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
scripts/.deploy.env

24
Caddyfile Normal file
View File

@@ -0,0 +1,24 @@
{$DOMAIN:localhost} {
root * /srv
encode gzip
# Security headers
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "no-referrer"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'"
}
# Short URL rewrite: /s/CODE -> s.php?c=CODE
@shorturl path_regexp short ^/s/([a-zA-Z0-9]+)$
rewrite @shorturl /s.php?c={re.short.1}
# PHP via FPM
php_fastcgi 127.0.0.1:9000
# Static files
file_server
}

38
Dockerfile Normal file
View File

@@ -0,0 +1,38 @@
FROM php:8.3-fpm-alpine AS base
# Install PHP curl extension (needed for API proxies)
RUN apk add --no-cache caddy curl-dev \
&& docker-php-ext-install curl \
&& rm -rf /var/cache/apk/*
# PHP-FPM tuning for low-memory VPS
RUN { \
echo '[www]'; \
echo 'pm = ondemand'; \
echo 'pm.max_children = 8'; \
echo 'pm.process_idle_timeout = 60s'; \
} > /usr/local/etc/php-fpm.d/zz-tuning.conf
# App files
COPY index.html privacy.html style.css sw.js favicon.svg s.php /srv/
COPY app.min.js /srv/app.min.js
COPY i18n.min.js /srv/i18n.min.js
COPY api/ /srv/api/
COPY lib/ /srv/lib/
COPY fonts/ /srv/fonts/
# Writable data directory
RUN mkdir -p /srv/data && chown www-data:www-data /srv/data
# Caddyfile
COPY Caddyfile /etc/caddy/Caddyfile
# Entrypoint: start PHP-FPM + Caddy
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
EXPOSE 80 443
VOLUME ["/srv/data", "/data/caddy"]
ENTRYPOINT ["docker-entrypoint.sh"]

35
README.md
View File

@@ -10,7 +10,7 @@
**xmrpay.link** is a client-side web app that lets anyone create a professional Monero payment request in under 30 seconds — no account registration, no KYC, no custodial services.
Enter your address, the amount, an optional description — and get a QR code, a shareable short link, and a PDF invoice. Done.
Enter your address, the amount, an optional description — and get a wallet-native `monero:` URI, QR code, and PDF invoice. Short links are optional.
### Architecture & Transparency
@@ -25,8 +25,15 @@ xmrpay.link uses a **minimal backend** for the following specific purposes:
| Short URL storage | Server | Invoice hash (address + amount + description), HMAC-signed |
| Payment proof storage | Server | TX hash + amount — **not** your XMR address |
**Self-hosting** eliminates any trust in the public instance.
**No short links** (use the long `/#...` URL or QR code) = zero server involvement.
**Self-hosting** eliminates trust in the public instance.
**No short links** (use wallet URI / long `/#...` URL / QR code) = no shortlink lookup dependency.
### Trust Model (Important)
- **Default mode:** wallet-native URI + QR (no shortlink lookup).
- **Short links are opt-in:** convenience feature with a trust trade-off.
- **Public instance caution:** if a server is fully compromised, first-access shortlink resolution can be manipulated.
- **Best security posture:** use wallet URI directly or self-host.
### Security Model
@@ -34,6 +41,7 @@ xmrpay.link uses a **minimal backend** for the following specific purposes:
- **Address never stored:** Payment verification is cryptographic and runs client-side. The server never learns your XMR address.
- **Rate-limited APIs:** All write endpoints are rate-limited per IP.
- **Origin-restricted:** API endpoints reject cross-origin requests.
- **Clear scope:** HMAC improves integrity checks, but it is not a complete defense against a fully compromised server.
---
@@ -57,8 +65,9 @@ xmrpay.link uses a **minimal backend** for the following specific purposes:
- XMR address input with validation (standard, subaddress, integrated)
- Amount in XMR or fiat (EUR/USD/CHF/GBP/JPY/RUB/BRL via CoinGecko, auto-detected)
- Description and payment deadline (7/14/30 days or custom)
- QR code with `monero:` URI
- Shareable short URLs (`/s/abc123`) with HMAC signatures for integrity
- Wallet-native `monero:` URI with copy action
- QR code for the same wallet-native URI
- Optional short URL toggle (`/s/abc123`) with explicit trust trade-off hint
- PDF invoice download (with QR, amount, fiat equivalent, deadline)
- i18n (EN, DE, FR, IT, ES, PT, RU) with automatic browser detection
@@ -136,7 +145,7 @@ xmrpay.link/
## Self-Hosting
```bash
git clone https://gitea.schmidt.eco/schmidt1024/xmrpay.link.git
git clone https://github.com/schmidt1024/xmrpay.git
cd xmrpay.link
# Serve with any web server that supports PHP
# No build tools, no npm, no database required
@@ -158,6 +167,20 @@ Use the provided deploy script to avoid deleting runtime files in `data/`:
This script deploys with `rsync --delete` but explicitly excludes `data/`.
Hardening built in:
- Creates a remote pre-deploy backup archive of `data/`
- Keeps the latest N backups (`DEPLOY_BACKUP_KEEP`, default `14`)
- Supports dry runs (`DEPLOY_DRY_RUN=1`)
- Configurable via `scripts/.deploy.env`
Restore examples:
```bash
./scripts/restore-data.sh --list
./scripts/restore-data.sh --latest
./scripts/restore-data.sh --file data-YYYYMMDD-HHMMSS.tgz
```
---
## Security

46
app.js
View File

@@ -35,14 +35,17 @@
const qrContainer = $('#qr');
const uriBox = $('#uri');
const openWalletBtn = $('#openWallet');
const copyUriBtn = $('#copyUri');
const copyAddrBtn = $('#copyAddr');
const countdownEl = $('#countdown');
const fiatHint = $('#fiatHint');
const toast = $('#toast');
const shareLinkInput = $('#shareLink');
const copyShareLinkBtn = $('#copyShareLink');
const useShortLinkCheckbox = $('#useShortLink');
const newRequestBtn = $('#newRequest');
const homeLink = $('#homeLink');
let currentInvoiceHash = null;
// TX Proof DOM
const proofToggle = $('#proofToggle');
@@ -119,8 +122,12 @@
amountInput.addEventListener('input', updateFiatHint);
currencySelect.addEventListener('change', updateFiatHint);
generateBtn.addEventListener('click', generate);
copyUriBtn.addEventListener('click', () => copyToClipboard(uriBox.textContent));
copyAddrBtn.addEventListener('click', () => copyToClipboard(addrInput.value.trim()));
copyShareLinkBtn.addEventListener('click', () => copyToClipboard(shareLinkInput.value));
useShortLinkCheckbox.addEventListener('change', function () {
if (currentInvoiceHash) updateShareLink(currentInvoiceHash);
});
qrContainer.addEventListener('click', downloadQR);
newRequestBtn.addEventListener('click', resetForm);
homeLink.addEventListener('click', function (e) { e.preventDefault(); resetForm(); });
@@ -179,6 +186,8 @@
qrContainer.classList.remove('paid', 'confirming');
uriBox.textContent = '';
shareLinkInput.value = '';
useShortLinkCheckbox.checked = false;
currentInvoiceHash = null;
// Reset proof
invoiceCode = null;
stopConfirmationPolling();
@@ -326,7 +335,7 @@
buildSummary(xmrAmount, desc, timer);
updatePageTitle(xmrAmount, desc);
// Share link — keep existing short URL if present; otherwise shorten new hash
// Share link
var deadlineTs = null;
if (timer && timer > 0) {
if (!deadlineEndMs) {
@@ -335,14 +344,8 @@
deadlineTs = Math.floor(deadlineEndMs / 1000);
}
const hash = buildHash(addr, xmrAmount, desc, timer, deadlineTs);
if (invoiceCode) {
shareLinkInput.value = location.origin + '/s/' + invoiceCode;
} else {
shareLinkInput.value = location.origin + '/#' + hash;
shortenUrl(hash).then(function (shortUrl) {
if (shortUrl) shareLinkInput.value = shortUrl;
});
}
currentInvoiceHash = hash;
updateShareLink(hash);
// QR
qrContainer.innerHTML = '';
@@ -410,6 +413,7 @@
const code = params.get('c');
if (code) {
invoiceCode = code;
useShortLinkCheckbox.checked = true;
// Verify short URL integrity (detect tampering)
setTimeout(function () {
verifyShortUrlIntegrity(code, hash);
@@ -422,6 +426,26 @@
return true;
}
function updateShareLink(hash) {
var longUrl = location.origin + '/#' + hash;
shareLinkInput.value = longUrl;
if (!useShortLinkCheckbox.checked) {
return;
}
if (invoiceCode) {
shareLinkInput.value = location.origin + '/s/' + invoiceCode;
return;
}
shortenUrl(hash).then(function (shortUrl) {
if (shortUrl && useShortLinkCheckbox.checked && currentInvoiceHash === hash) {
shareLinkInput.value = shortUrl;
}
});
}
// Verify that the redirected hash still matches the stored short URL mapping.
function verifyShortUrlIntegrity(code, currentHash) {
fetch('/api/check-short.php?code=' + encodeURIComponent(code))
@@ -590,6 +614,8 @@
if (window.jspdf) { resolve(); return; }
var script = document.createElement('script');
script.src = 'lib/jspdf.min.js';
script.integrity = 'sha384-GwHhSt8QjC7J+v0zZ0Flfho/T76YHEcCL9w4rvjTIUHauh6gWJeBSIi3vWXxNhtA';
script.crossOrigin = 'anonymous';
script.onload = function () { pdfLoaded = true; resolve(); };
script.onerror = function () { reject(new Error('Failed to load jsPDF')); };
document.head.appendChild(script);
@@ -796,6 +822,8 @@
if (window.XmrCrypto) { resolve(); return; }
const script = document.createElement('script');
script.src = 'lib/xmr-crypto.bundle.js';
script.integrity = 'sha384-ta9IpDZOod8WcA7TprKyb/TxmOSNfkG0fCjhWssiSmpft9MLXAtSO8L8YmnH3DCY';
script.crossOrigin = 'anonymous';
script.onload = resolve;
script.onerror = function () { reject(new Error('Failed to load crypto module')); };
document.head.appendChild(script);

2
app.min.js vendored
View File

File diff suppressed because one or more lines are too long

27
docker-compose.yml Normal file
View File

@@ -0,0 +1,27 @@
services:
xmrpay:
image: ${XMRPAY_IMAGE:-schmidt1024/xmrpay:latest}
container_name: xmrpay
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
- DOMAIN=${DOMAIN:-localhost}
volumes:
- xmrpay-data:/srv/data
- caddy-data:/data/caddy
watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: unless-stopped
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_POLL_INTERVAL=21600
volumes:
- /var/run/docker.sock:/var/run/docker.sock
volumes:
xmrpay-data:
caddy-data:

8
docker-entrypoint.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
set -e
# Start PHP-FPM in background
php-fpm &
# Run Caddy in foreground
exec caddy run --config /etc/caddy/Caddyfile --adapter caddyfile

25
i18n.js
View File

@@ -11,7 +11,9 @@ var I18n = (function () {
ru: { name: 'Русский' }
};
var footer = 'Open Source &middot; No Tracking &middot; No KYC &middot; <a href="https://gitea.schmidt.eco/schmidt1024/xmrpay.link" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a>';
var VERSION = '1.0.0';
var footer = 'Open Source &middot; No Tracking &middot; No KYC<br /><a href="https://github.com/schmidt1024/xmrpay" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a><br /><span class="version">v' + VERSION + '</span>';
var translations = {
en: {
@@ -26,6 +28,7 @@ var I18n = (function () {
placeholder_timer_custom: 'Days',
btn_generate: 'Create payment request',
btn_open_wallet: 'Open in wallet',
btn_copy_uri: 'Copy payment URI',
btn_copy_addr: 'Copy address',
btn_download_pdf: 'PDF Invoice',
pdf_title: 'Payment Request',
@@ -41,6 +44,8 @@ var I18n = (function () {
footer: footer,
aria_currency: 'Currency',
label_share_link: 'Shareable link',
shortlink_toggle_label: 'Use short link (requires server trust)',
shortlink_toggle_hint: 'Trade-off: short links are convenient, but a compromised server could swap invoice data on first access.',
btn_new_request: 'New payment request',
toast_copied: 'Copied!',
countdown_expired: 'Payment deadline expired',
@@ -75,6 +80,7 @@ var I18n = (function () {
placeholder_timer_custom: 'Tage',
btn_generate: 'Zahlungsanforderung erstellen',
btn_open_wallet: 'In Wallet öffnen',
btn_copy_uri: 'Zahlungs-URI kopieren',
btn_copy_addr: 'Adresse kopieren',
btn_download_pdf: 'PDF Rechnung',
pdf_title: 'Zahlungsanforderung',
@@ -90,6 +96,8 @@ var I18n = (function () {
footer: footer,
aria_currency: 'Währung',
label_share_link: 'Teilbarer Link',
shortlink_toggle_label: 'Kurzlink verwenden (Server-Vertrauen erforderlich)',
shortlink_toggle_hint: 'Trade-off: Kurzlinks sind bequem, aber ein kompromittierter Server könnte Rechnungsdaten beim ersten Aufruf austauschen.',
btn_new_request: 'Neue Zahlungsanforderung',
toast_copied: 'Kopiert!',
countdown_expired: 'Zahlungsfrist abgelaufen',
@@ -124,6 +132,7 @@ var I18n = (function () {
placeholder_timer_custom: 'Jours',
btn_generate: 'Créer une demande de paiement',
btn_open_wallet: 'Ouvrir dans le wallet',
btn_copy_uri: 'Copier l\'URI de paiement',
btn_copy_addr: 'Copier l\'adresse',
btn_download_pdf: 'Facture PDF',
pdf_title: 'Demande de paiement',
@@ -139,6 +148,8 @@ var I18n = (function () {
footer: footer,
aria_currency: 'Devise',
label_share_link: 'Lien partageable',
shortlink_toggle_label: 'Utiliser un lien court (confiance serveur requise)',
shortlink_toggle_hint: 'Compromis: les liens courts sont pratiques, mais un serveur compromis pourrait remplacer les donnees de facture au premier acces.',
btn_new_request: 'Nouvelle demande de paiement',
toast_copied: 'Copié !',
countdown_expired: 'Délai de paiement expiré',
@@ -173,6 +184,7 @@ var I18n = (function () {
placeholder_timer_custom: 'Giorni',
btn_generate: 'Crea richiesta di pagamento',
btn_open_wallet: 'Apri nel wallet',
btn_copy_uri: 'Copia URI pagamento',
btn_copy_addr: 'Copia indirizzo',
btn_download_pdf: 'Fattura PDF',
pdf_title: 'Richiesta di pagamento',
@@ -188,6 +200,8 @@ var I18n = (function () {
footer: footer,
aria_currency: 'Valuta',
label_share_link: 'Link condivisibile',
shortlink_toggle_label: 'Usa link breve (richiede fiducia nel server)',
shortlink_toggle_hint: 'Compromesso: i link brevi sono comodi, ma un server compromesso potrebbe sostituire i dati fattura al primo accesso.',
btn_new_request: 'Nuova richiesta di pagamento',
toast_copied: 'Copiato!',
countdown_expired: 'Scadenza pagamento superata',
@@ -222,6 +236,7 @@ var I18n = (function () {
placeholder_timer_custom: 'Días',
btn_generate: 'Crear solicitud de pago',
btn_open_wallet: 'Abrir en wallet',
btn_copy_uri: 'Copiar URI de pago',
btn_copy_addr: 'Copiar dirección',
btn_download_pdf: 'Factura PDF',
pdf_title: 'Solicitud de pago',
@@ -237,6 +252,8 @@ var I18n = (function () {
footer: footer,
aria_currency: 'Moneda',
label_share_link: 'Enlace compartible',
shortlink_toggle_label: 'Usar enlace corto (requiere confiar en el servidor)',
shortlink_toggle_hint: 'Compromiso: los enlaces cortos son comodos, pero un servidor comprometido podria cambiar los datos de la factura en el primer acceso.',
btn_new_request: 'Nueva solicitud de pago',
toast_copied: '¡Copiado!',
countdown_expired: 'Plazo de pago vencido',
@@ -271,6 +288,7 @@ var I18n = (function () {
placeholder_timer_custom: 'Dias',
btn_generate: 'Criar pedido de pagamento',
btn_open_wallet: 'Abrir na wallet',
btn_copy_uri: 'Copiar URI de pagamento',
btn_copy_addr: 'Copiar endereço',
btn_download_pdf: 'Fatura PDF',
pdf_title: 'Pedido de pagamento',
@@ -286,6 +304,8 @@ var I18n = (function () {
footer: footer,
aria_currency: 'Moeda',
label_share_link: 'Link partilhável',
shortlink_toggle_label: 'Usar link curto (requer confianca no servidor)',
shortlink_toggle_hint: 'Compromisso: links curtos sao praticos, mas um servidor comprometido pode trocar os dados da fatura no primeiro acesso.',
btn_new_request: 'Novo pedido de pagamento',
toast_copied: 'Copiado!',
countdown_expired: 'Prazo de pagamento expirado',
@@ -320,6 +340,7 @@ var I18n = (function () {
placeholder_timer_custom: 'Дней',
btn_generate: 'Создать запрос на оплату',
btn_open_wallet: 'Открыть в кошельке',
btn_copy_uri: 'Копировать платежный URI',
btn_copy_addr: 'Копировать адрес',
btn_download_pdf: 'PDF счёт',
pdf_title: 'Запрос на оплату',
@@ -335,6 +356,8 @@ var I18n = (function () {
footer: footer,
aria_currency: 'Валюта',
label_share_link: 'Ссылка для отправки',
shortlink_toggle_label: 'Использовать короткую ссылку (нужно доверять серверу)',
shortlink_toggle_hint: 'Компромисс: короткие ссылки удобны, но скомпрометированный сервер может подменить данные счета при первом открытии.',
btn_new_request: 'Новый запрос на оплату',
toast_copied: 'Скопировано!',
countdown_expired: 'Срок оплаты истёк',

2
i18n.min.js vendored
View File

File diff suppressed because one or more lines are too long

19
index.html
View File

@@ -5,9 +5,10 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>xmrpay.link — Monero Invoice Generator</title>
<meta name="description" content="Create Monero payment requests in seconds. No account registration, no KYC. Minimal backend for short URLs only.">
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self'; form-action 'none'; base-uri 'none'">
<link rel="icon" id="favicon" href="favicon.svg" type="image/svg+xml">
<link rel="preload" href="fonts/inter-400.woff2" as="font" type="font/woff2" crossorigin>
<link rel="stylesheet" href="style.css?v=20260326-3">
<link rel="stylesheet" href="style.css?v=20260326-3" integrity="sha384-TLao5+UFp5VS0Vn+LamdOYwxjGy1ZB0dNemTi7Za0HpPsnA+koCWOmVM0Szwaf3n" crossorigin="anonymous">
</head>
<body>
@@ -67,6 +68,13 @@
<div class="uri-box" id="uri" style="display:none"></div>
<div class="share-link-box" id="shareLinkBox">
<label data-i18n="label_share_link">Shareable link</label>
<div class="shortlink-toggle-row">
<label class="shortlink-toggle-label">
<input type="checkbox" id="useShortLink">
<span data-i18n="shortlink_toggle_label">Use short link (requires server trust)</span>
</label>
<div class="shortlink-tradeoff" data-i18n="shortlink_toggle_hint">Trade-off: short links are convenient, but a compromised server could swap invoice data on first access.</div>
</div>
<div class="share-link-row">
<input type="text" id="shareLink" readonly data-i18n-aria="label_share_link">
<button class="btn btn-secondary btn-icon" id="copyShareLink" title="Copy">
@@ -76,6 +84,7 @@
</div>
<div class="actions">
<button class="btn btn-secondary" id="openWallet" data-i18n="btn_open_wallet">Open in wallet</button>
<button class="btn btn-secondary" id="copyUri" data-i18n="btn_copy_uri">Copy payment URI</button>
<button class="btn btn-secondary" id="copyAddr" data-i18n="btn_copy_addr">Copy address</button>
<button class="btn btn-secondary" id="downloadPdf" data-i18n="btn_download_pdf">PDF Invoice</button>
</div>
@@ -106,7 +115,7 @@
</main>
<footer>
<p data-i18n-html="footer">Open Source &middot; No Tracking &middot; No KYC &middot; <a href="https://gitea.schmidt.eco/schmidt1024/xmrpay.link" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a></p>
<p data-i18n-html="footer">Open Source &middot; No Tracking &middot; No KYC<br /><a href="https://github.com/schmidt1024/xmrpay" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a><br /><span class="version">v1.0.0</span></p>
</footer>
<div class="lang-picker" id="langPicker">
@@ -122,8 +131,8 @@
<div class="toast" id="toast"></div>
<script src="lib/qrcode.min.js?v=20260326-3" defer></script>
<script src="i18n.min.js?v=20260326-3" defer></script>
<script src="app.min.js?v=20260326-3" defer></script>
<script src="lib/qrcode.min.js?v=20260326-3" integrity="sha384-3zSEDfvllQohrq0PHL1fOXJuC/jSOO34H46t6UQfobFOmxE5BpjjaIJY5F2/bMnU" crossorigin="anonymous" defer></script>
<script src="i18n.min.js?v=20260326-3" integrity="sha384-V43P6Gk3Zsd0cmqIx3V1Dffu0i3d3aFyb876gr5ez+1CIAzbFLFATfL1nuEZFzvC" crossorigin="anonymous" defer></script>
<script src="app.min.js?v=20260326-3" integrity="sha384-tdgiaUZYJ6E+/EqlbzOvxRvySKQZNdxjNktRV3K75fitMLdkR5DXuVU9XTppNku5" crossorigin="anonymous" defer></script>
</body>
</html>

60
install.sh Normal file
View File

@@ -0,0 +1,60 @@
#!/bin/sh
set -e
# xmrpay.link — Self-hosting installer
# Usage: curl -sL https://xmrpay.link/install.sh | sh -s your-domain.com
DOMAIN="${1:-}"
INSTALL_DIR="/opt/xmrpay"
IMAGE="schmidt1024/xmrpay:latest"
COMPOSE_URL="https://raw.githubusercontent.com/schmidt1024/xmrpay.link/master/docker-compose.yml"
# ── Helpers ───────────────────────────────────────────────────────────────────
info() { printf '\033[1;34m→\033[0m %s\n' "$1"; }
ok() { printf '\033[1;32m✓\033[0m %s\n' "$1"; }
fail() { printf '\033[1;31m✗\033[0m %s\n' "$1" >&2; exit 1; }
# ── Preflight ─────────────────────────────────────────────────────────────────
[ "$(id -u)" -eq 0 ] || fail "Run as root: curl -sL https://xmrpay.link/install.sh | sudo sh -s $DOMAIN"
[ -n "$DOMAIN" ] || fail "Usage: curl -sL https://xmrpay.link/install.sh | sh -s YOUR-DOMAIN.COM"
# ── Install Docker if missing ─────────────────────────────────────────────────
if ! command -v docker >/dev/null 2>&1; then
info "Installing Docker..."
curl -fsSL https://get.docker.com | sh
systemctl enable --now docker
ok "Docker installed"
else
ok "Docker found"
fi
# ── Set up xmrpay ────────────────────────────────────────────────────────────
info "Setting up xmrpay in $INSTALL_DIR..."
mkdir -p "$INSTALL_DIR"
cd "$INSTALL_DIR"
curl -fsSL "$COMPOSE_URL" -o docker-compose.yml
cat > .env <<EOF
DOMAIN=$DOMAIN
XMRPAY_IMAGE=$IMAGE
EOF
# ── Start ─────────────────────────────────────────────────────────────────────
info "Starting xmrpay..."
docker compose pull
docker compose up -d
ok "xmrpay is running!"
echo ""
echo " https://$DOMAIN"
echo ""
echo " Watchtower checks for updates every 6 hours."
echo " Data stored in Docker volume: xmrpay-data"
echo " Config: $INSTALL_DIR/.env"
echo ""

12
nginx-security-headers.conf Normal file
View File

@@ -0,0 +1,12 @@
# Include this in your nginx server block:
# include /path/to/nginx-security-headers.conf;
#
# This ensures ALL responses (HTML, CSS, JS, fonts) get security headers,
# not just PHP/API responses.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "no-referrer" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'" always;

5
privacy.html
View File

@@ -5,8 +5,9 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>xmrpay.link — Privacy & Terms</title>
<meta name="description" content="Privacy policy and terms of use for xmrpay.link.">
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; base-uri 'none'">
<link rel="icon" href="favicon.svg" type="image/svg+xml">
<link rel="stylesheet" href="style.css?v=20260326-3">
<link rel="stylesheet" href="style.css?v=20260326-3" integrity="sha384-TLao5+UFp5VS0Vn+LamdOYwxjGy1ZB0dNemTi7Za0HpPsnA+koCWOmVM0Szwaf3n" crossorigin="anonymous">
<style>
main.legal-main {
max-width: 920px;
@@ -197,7 +198,7 @@
</main>
<footer>
<p data-i18n-html="footer">Open Source &middot; No Tracking &middot; No KYC &middot; <a href="https://gitea.schmidt.eco/schmidt1024/xmrpay.link" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a></p>
<p data-i18n-html="footer">Open Source &middot; No Tracking &middot; No KYC &middot; <a href="https://github.com/schmidt1024/xmrpay" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a></p>
</footer>
<div class="lang-picker" id="langPicker">

9
scripts/.deploy.env.example Normal file
View File

@@ -0,0 +1,9 @@
# Copy this file to scripts/.deploy.env and fill in your values.
DEPLOY_HOST="USER@HOST"
DEPLOY_TARGET="/home/USER/web/xmrpay.link/public_html"
# Optional hardening settings:
# DEPLOY_BACKUP_ENABLE="1"
# DEPLOY_BACKUP_KEEP="14"
# DEPLOY_BACKUP_DIR="/home/USER/web/xmrpay.link/backups/xmrpay-data"
# DEPLOY_DRY_RUN="0"

106
scripts/deploy.sh
View File

@@ -7,6 +7,12 @@ set -euo pipefail
# DEPLOY_HOST e.g. root@example.com or deploy@example.com
# DEPLOY_TARGET e.g. /home/user/web/xmrpay.link/public_html
#
# Optional hardening:
# DEPLOY_BACKUP_ENABLE=1 # 1=backup data before deploy, 0=disable
# DEPLOY_BACKUP_KEEP=14 # number of backup archives to keep
# DEPLOY_BACKUP_DIR=... # remote backup folder
# DEPLOY_DRY_RUN=0 # 1=rsync dry-run
#
# Optional local config file (not committed):
# scripts/.deploy.env
@@ -20,6 +26,10 @@ fi
HOST="${DEPLOY_HOST:-}"
TARGET="${DEPLOY_TARGET:-}"
BACKUP_ENABLE="${DEPLOY_BACKUP_ENABLE:-1}"
BACKUP_KEEP="${DEPLOY_BACKUP_KEEP:-14}"
BACKUP_DIR="${DEPLOY_BACKUP_DIR:-$TARGET/../backups/xmrpay-data}"
DRY_RUN="${DEPLOY_DRY_RUN:-0}"
if [[ -z "$HOST" || -z "$TARGET" ]]; then
echo "Missing deploy configuration." >&2
@@ -27,10 +37,104 @@ if [[ -z "$HOST" || -z "$TARGET" ]]; then
exit 1
fi
rsync -avz --delete \
if [[ "$BACKUP_ENABLE" == "1" ]]; then
echo "Creating remote pre-deploy data backup..."
ssh "$HOST" "
set -euo pipefail
TARGET='$TARGET'
DATA_DIR=\"\$TARGET/data\"
BACKUP_DIR='$BACKUP_DIR'
KEEP='$BACKUP_KEEP'
mkdir -p \"\$BACKUP_DIR\"
if [ -d \"\$DATA_DIR\" ]; then
TS=\$(date +%Y%m%d-%H%M%S)
ARCHIVE=\"\$BACKUP_DIR/data-\$TS.tgz\"
tar -C \"\$TARGET\" -czf \"\$ARCHIVE\" data
echo \"backup_created=\$ARCHIVE\"
COUNT=0
for FILE in \$(ls -1t \"\$BACKUP_DIR\"/data-*.tgz 2>/dev/null || true); do
COUNT=\$((COUNT + 1))
if [ \"\$COUNT\" -gt \"\$KEEP\" ]; then
rm -f \"\$FILE\"
fi
done
else
echo \"backup_skipped=no_data_dir\"
fi
"
else
echo "Skipping pre-deploy backup (DEPLOY_BACKUP_ENABLE=0)."
fi
# ── Inject version from git tags ──────────────────────────────────────────────
GIT_VERSION=$(git describe --tags --always 2>/dev/null || echo "dev")
# Turn v1.0.0-3-gabc1234 into 1.0.0+3
VERSION=$(echo "$GIT_VERSION" | sed -E 's/^v//; s/-([0-9]+)-g[0-9a-f]+$/+\1/')
echo "Version: $VERSION"
sed -i -E "s|VERSION = '[^']*'|VERSION = '${VERSION}'|" i18n.js
sed -i -E "s|(<span class=\"version\">v)[^<]*(</span>)|\1${VERSION}\2|" index.html
# ── Minify & update SRI hashes ────────────────────────────────────────────────
echo "Minifying JS..."
TERSER="${TERSER:-terser}"
if ! command -v "$TERSER" &>/dev/null; then
echo "Error: terser not found. Install with: npm i -g terser" >&2
exit 1
fi
"$TERSER" app.js -c -m -o app.min.js
"$TERSER" i18n.js -c -m -o i18n.min.js
echo "Updating SRI hashes..."
sri_hash() { echo "sha384-$(openssl dgst -sha384 -binary "$1" | openssl base64 -A)"; }
HASH_STYLE=$(sri_hash style.css)
HASH_QRCODE=$(sri_hash lib/qrcode.min.js)
HASH_I18N=$(sri_hash i18n.min.js)
HASH_APP=$(sri_hash app.min.js)
HASH_JSPDF=$(sri_hash lib/jspdf.min.js)
HASH_CRYPTO=$(sri_hash lib/xmr-crypto.bundle.js)
# Update index.html SRI attributes
sed -i -E \
-e "s|(style\.css[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${HASH_STYLE}|" \
-e "s|(qrcode\.min\.js[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${HASH_QRCODE}|" \
-e "s|(i18n\.min\.js[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${HASH_I18N}|" \
-e "s|(app\.min\.js[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${HASH_APP}|" \
index.html
# Update privacy.html SRI attributes
sed -i -E \
-e "s|(style\.css[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${HASH_STYLE}|" \
privacy.html
# Update dynamic SRI hashes in app.js and re-minify if changed
sed -i -E \
-e "s|(jspdf\.min\.js.*integrity\s*=\s*')sha384-[A-Za-z0-9+/=]+|\1${HASH_JSPDF}|" \
-e "s|(xmr-crypto\.bundle\.js.*integrity\s*=\s*')sha384-[A-Za-z0-9+/=]+|\1${HASH_CRYPTO}|" \
app.js
# Re-minify app.js (dynamic SRI hashes may have changed)
"$TERSER" app.js -c -m -o app.min.js
HASH_APP_FINAL=$(sri_hash app.min.js)
sed -i -E "s|(app\.min\.js[^\"]*\"\s+integrity=\")sha384-[A-Za-z0-9+/=]+|\1${HASH_APP_FINAL}|" index.html
echo "SRI hashes updated."
RSYNC_DRY_RUN=""
if [[ "$DRY_RUN" == "1" ]]; then
RSYNC_DRY_RUN="--dry-run"
echo "Running in dry-run mode (DEPLOY_DRY_RUN=1)."
fi
rsync -avz --delete --chmod=D755,F644 \
${RSYNC_DRY_RUN} \
--exclude '.git' \
--exclude 'node_modules' \
--exclude 'data/' \
--exclude 'scripts/.deploy.env' \
./ "$HOST:$TARGET"
echo "Deploy complete (data/ preserved)."

115
scripts/restore-data.sh Normal file
View File

@@ -0,0 +1,115 @@
#!/usr/bin/env bash
set -euo pipefail
# Restore runtime data/ from remote backup archives created by deploy.sh
#
# Usage:
# ./scripts/restore-data.sh --latest
# ./scripts/restore-data.sh --file data-20260326-120000.tgz
# ./scripts/restore-data.sh --list
#
# Config (env vars or scripts/.deploy.env):
# DEPLOY_HOST
# DEPLOY_TARGET
# DEPLOY_BACKUP_DIR (optional, defaults to ../backups/xmrpay-data)
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
ENV_FILE="$SCRIPT_DIR/.deploy.env"
if [[ -f "$ENV_FILE" ]]; then
# shellcheck disable=SC1090
source "$ENV_FILE"
fi
HOST="${DEPLOY_HOST:-}"
TARGET="${DEPLOY_TARGET:-}"
BACKUP_DIR="${DEPLOY_BACKUP_DIR:-$TARGET/../backups/xmrpay-data}"
if [[ -z "$HOST" || -z "$TARGET" ]]; then
echo "Missing configuration." >&2
echo "Set DEPLOY_HOST and DEPLOY_TARGET (env vars or scripts/.deploy.env)." >&2
exit 1
fi
MODE=""
ARCHIVE=""
while [[ $# -gt 0 ]]; do
case "$1" in
--latest)
MODE="latest"
shift
;;
--file)
MODE="file"
ARCHIVE="${2:-}"
shift 2
;;
--list)
MODE="list"
shift
;;
-h|--help)
MODE="help"
shift
;;
*)
echo "Unknown argument: $1" >&2
exit 1
;;
esac
done
if [[ -z "$MODE" || "$MODE" == "help" ]]; then
sed -n '1,20p' "$0"
exit 0
fi
if [[ "$MODE" == "list" ]]; then
ssh "$HOST" "ls -1t '$BACKUP_DIR'/data-*.tgz 2>/dev/null || true"
exit 0
fi
if [[ "$MODE" == "latest" ]]; then
ARCHIVE="$(ssh "$HOST" "ls -1t '$BACKUP_DIR'/data-*.tgz 2>/dev/null | head -n 1")"
if [[ -z "$ARCHIVE" ]]; then
echo "No backup archives found in $BACKUP_DIR" >&2
exit 1
fi
fi
if [[ "$MODE" == "file" ]]; then
if [[ -z "$ARCHIVE" ]]; then
echo "--file requires an archive name" >&2
exit 1
fi
ARCHIVE="$BACKUP_DIR/$ARCHIVE"
fi
echo "Restoring data from: $ARCHIVE"
ssh "$HOST" "
set -euo pipefail
TARGET='$TARGET'
DATA_DIR=\"\$TARGET/data\"
ARCHIVE='$ARCHIVE'
if [ ! -f \"\$ARCHIVE\" ]; then
echo 'Backup archive not found: '\"\$ARCHIVE\" >&2
exit 1
fi
TS=\$(date +%Y%m%d-%H%M%S)
SAFETY=\"\$TARGET/../backups/xmrpay-data/pre-restore-\$TS.tgz\"
mkdir -p \"\$(dirname \"\$SAFETY\")\"
if [ -d \"\$DATA_DIR\" ]; then
tar -C \"\$TARGET\" -czf \"\$SAFETY\" data
rm -rf \"\$DATA_DIR\"
fi
tar -C \"\$TARGET\" -xzf \"\$ARCHIVE\"
echo \"restore_ok=\$ARCHIVE\"
echo \"safety_backup=\$SAFETY\"
"
echo "Restore complete."

32
style.css
View File

@@ -459,6 +459,33 @@ textarea {
margin-bottom: 0.3rem;
}
.shortlink-toggle-row {
margin-bottom: 0.45rem;
}
.shortlink-toggle-label {
display: flex;
align-items: center;
gap: 0.45rem;
margin: 0;
font-size: 0.78rem;
color: var(--text);
text-transform: none;
letter-spacing: 0;
}
.shortlink-toggle-label input {
width: auto;
accent-color: var(--accent);
}
.shortlink-tradeoff {
margin-top: 0.28rem;
font-size: 0.7rem;
color: #d08a61;
line-height: 1.35;
}
.share-link-row {
display: flex;
gap: 0.4rem;
@@ -665,6 +692,7 @@ footer {
padding: 2rem 1rem;
color: var(--text-muted);
font-size: 0.75rem;
line-height: 1.5em;
}
footer a {
@@ -672,6 +700,10 @@ footer a {
text-decoration: underline;
}
footer .version {
opacity: 0.5;
}
.countdown {
text-align: center;
font-size: 0.85rem;