0.0.3 beta (#159)

* Add skip onboarding option * update the initial pin auth screen * update disclaimer screen * update github issues url * update the invoice screen, share invoice Fixes #147 * update nav "settings" to "options" * improve UX on claiming while having no mint * update the donation row under settings * skip mint selection screen if user has 1 mint * fix negative bal. in txOverview after invoice scan * update history entries, see #154 * add SECURITY_POLICY.md * update security_policy * update * update app config * update hash_list * add submit:ios * update submit:ios * update security policy * update security policy * sign apk & hash_list * update SECURITY.md
cashubtc · Sep 8, 2023 · 92d05a4 · 92d05a4
1 parent 7c84cf3
commit 92d05a4
Show file tree

Hide file tree

Showing 21 changed files with 246 additions and 83 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,53 @@
+# Security Policy
+
+<!-- ## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                | -->
+
+## Reporting a Vulnerability
+
+We take the security of our users seriously. If you believe you have discovered a security vulnerability or have any security concerns regarding this project, please follow our responsible disclosure guidelines outlined below.
+
+### How to Report
+
+To report a security vulnerability or concern, you can use one of the following methods:
+
+#### Related to the eNuts implementation
+
+- Github: [https://github.com/cashubtc/eNuts/security/advisories/new](https://github.com/cashubtc/eNuts/security/advisories/new)
+- Email: [[email protected]](mailto:[email protected])
+- Telegram: [https://t.me/eNutsWallet](https://t.me/eNutsWallet)
+
+#### Related to the Cashu protocol
+
+- Telegram: [https://t.me/CashuBTC](https://t.me/CashuBTC)
+
+Feel free to request a private discussion with the maintainers for a more personalized conversation. When reporting, please provide as much detail as possible, including a clear description of the vulnerability and any potential impact.
+
+### Disclosure Process
+
+We will acknowledge your report immediatly and provide an estimated timeline for resolution. We will work closely with you to understand the issue and verify its validity.
+
+Once the vulnerability is confirmed and resolved, we will coordinate with you to determine an appropriate disclosure timeline, which may include a coordinated public release of information.
+
+### Bug Bounty Program
+
+We highly value the contributions of security researchers who responsibly disclose security vulnerabilities to us. While we aspire to have a bug bounty program in place to reward these efforts, we regret to inform you that, at the moment, we do not have sufficient funds allocated for this purpose.
+
+We are committed to the idea of establishing a bug bounty program as soon as our financial situation allows. Our aim is to fairly compensate security researchers and any collaborator for their valuable contributions to our projects.
+
+We appreciate your understanding and patience in this matter. In the meantime, please continue to report security vulnerabilities using the methods outlined above.
+
+## Legal Disclaimer
+
+We kindly request that you refrain from disclosing any security-related information publicly until we have had a chance to review and address the reported issue. We are committed to acting in accordance with all relevant laws and regulations to protect the security of our users.
+
+Thank you for helping us make eNuts more secure.
diff --git a/assets/translations/de.json b/assets/translations/de.json
@@ -15,7 +15,7 @@
 		"createPin": "PIN erstellen",
 		"editPin": "PIN ändern",
 		"pinMismatch": "PIN inkorrekt!",
-		"pinSetup": "Sie können eine PIN erstellen um Ihre App zu schützen. Wenn die PIN vergessen wird, ist derzeit keine Wiederherstellung möglich.",
+		"pinSetup": "Sie können optional eine PIN erstellen um Ihre App zu schützen.\n\n ACHTUNG: Wenn die PIN vergessen wird, ist derzeit keine Wiederherstellung möglich!",
 		"pleaseConfirm": "Bitte bestätigen Sie Ihre PIN.",
 		"pleaseConfirmNewPin": "Bitte bestätigen Sie Ihre neue PIN.",
 		"pleaseEnter": "Bitte geben Sie Ihre PIN ein.",
@@ -67,7 +67,7 @@
 		"contactNotSaved": "Kontakt konnte nicht gespeichert werden. Möglicher Duplikat.",
 		"continue": "Fortfahren",
 		"copied": "Kopiert",
-		"copyInvoice": "Rechnung kopieren",
+		"shareInvoice": "Rechnung teilen",
 		"copyToken": "Token kopieren",
 		"createBackup": "Sicherung erstellen",
 		"createInvoice": "Rechnung erstellen",
@@ -105,7 +105,8 @@
 		"generateInvoiceErr": "Rechnung für \"{{input}}\" konnte nicht erstellt werden.",
 		"german": "Deutsch",
 		"getStarted": "Loslegen",
-		"githubIssues": "GitHub Probleme und Fragen",
+		"githubIssues": "Melden Sie Fehler auf Github",
+		"shareOrReport": "Feedback teilen oder Fehler melden",
 		"historyDeleted": "Verlauf gelöscht",
 		"invalidInvoice": "Rechnung invalid",
 		"invalidOrSpent": "Invalider Token oder bereits ausgegeben",
@@ -167,7 +168,7 @@
 		"share": "Teilen",
 		"smthWrong": "Etwas is schief gelaufen",
 		"startHint": "Sie können entweder die bereits vorhandene eNuts-Mint verwenden oder Ihre eigene.",
-		"submitPaymentReq": "Zahlungsanfrage absenden",
+		"submitPaymentReq": "Auszahlen",
 		"to": "bis",
 		"today": "Heute",
 		"tokenInfoErr": "Ein Fehler ist aufgetreten während der Token-Info-Abfrage",
@@ -212,11 +213,13 @@
 		"hideLatestTxs": "Aktuellste Transaktionen verbergen",
 		"hiddenTxs": "Transaktionen verborgen",
 		"next": "Weiter",
+		"skip": "Überspringen",
 		"donateLn": "Spenden über Lightning",
 		"supportDev": "Zap die Entwicklung",
-		"supportHint": "Jeder Beitrag, ganz gleich in welcher Höhe, hat eine bedeutende Auswirkung. Die Zap Bestätigungsseite befindet sich in der Entwicklung",
+		"supportHint": "Jeder Beitrag, ganz gleich in welcher Höhe, hat eine bedeutende Auswirkung. Die Bestätigungsseite befindet sich in der Entwicklung.",
 		"newToken": "Neuer Cashu Token",
-		"EcashRdy": "Du bist nun bereit, die Magie von privatem Ecash auf Bitcoin zu erleben!"
+		"EcashRdy": "Du bist nun bereit, die Magie von privatem Ecash auf Bitcoin zu erleben!",
+		"disclaimerHint": "Dieser Haftungsausschluss sollte ernst genommen und nicht ignoriert oder unterschätzt werden. Wir schätzen Ihr Interesse an diesem Projekt und werden weiterhin daran arbeiten, es zu verbessern."
 	},
 	"error": {
 		"addAllMintIdsErr": "Fehler beim Abrufen der Schlüsselsatz-IDs von Mint",
@@ -293,7 +296,7 @@
 		"meltToken": "Satoshi zurückfordern",
 		"mintConnectionFail": "Verbindung zu Mint fehlgeschlagen",
 		"mintInfo": "Mint Info",
-		"mintNewTokens": "Neues Ecash Anfordern",
+		"mintNewTokens": "Neues Ecash anfordern",
 		"mintNoContact": "Diese Mint verfügt über keine Kontakt Informationen",
 		"mntAlreadyAdded": "Mint bereits vorhanden",
 		"newMintSuccess": "{{mintUrl}} erfolgreich hinzugefügt",
@@ -331,7 +334,7 @@
 		"mintBackup": "Guthabensicherung",
 		"mintSettings": "Mint Management",
 		"security": "Sicherheit",
-		"settings": "Einstellungen",
+		"settings": "Optionen",
 		"privacy": "Privatsphäre",
 		"general": "Allgemein"
 	},

diff --git a/assets/translations/en.json b/assets/translations/en.json
@@ -15,7 +15,7 @@
 		"createPin": "Create PIN",
 		"editPin": "Edit PIN",
 		"pinMismatch": "Incorrect PIN!",
-		"pinSetup": "You can setup a PIN to secure your app. If the PIN is forgotten, restoration is currently unavailable.",
+		"pinSetup": "You can optionally setup a PIN to secure your app.\n\nWARNING: If the PIN is forgotten, restoration is currently unavailable!",
 		"pleaseConfirm": "Please confirm your PIN.",
 		"pleaseConfirmNewPin": "Please confirm your new PIN.",
 		"pleaseEnter": "Please enter your PIN now.",
@@ -67,7 +67,7 @@
 		"contactNotSaved": "Contact could not be saved. Possible name or address duplication.",
 		"continue": "Continue",
 		"copied": "Copied",
-		"copyInvoice": "Copy invoice",
+		"shareInvoice": "Share invoice",
 		"copyToken": "Copy token",
 		"createBackup": "Create a backup token",
 		"createInvoice": "Create invoice",
@@ -105,7 +105,8 @@
 		"generateInvoiceErr": "Unable to generate invoice for \"{{input}}\"",
 		"german": "German",
 		"getStarted": "Get started",
-		"githubIssues": "GitHub issues and questions",
+		"githubIssues": "Report bugs on Github",
+		"shareOrReport": "Share feedback or report bugs",
 		"historyDeleted": "History deleted",
 		"invalidInvoice": "Invalid invoice",
 		"invalidOrSpent": "Token invalid or already claimed",
@@ -167,7 +168,7 @@
 		"share": "Share",
 		"smthWrong": "Something went wrong",
 		"startHint": "You can either use the pre-existing eNuts mint or introduce another custom mint.",
-		"submitPaymentReq": "Submit Payment Request",
+		"submitPaymentReq": "Cash out",
 		"to": "to",
 		"today": "Today",
 		"tokenInfoErr": "Error while getting token info",
@@ -212,11 +213,13 @@
 		"hideLatestTxs": "Hide your latest transactions",
 		"hiddenTxs": "Latest transactions hidden",
 		"next": "Next",
+		"skip": "Skip",
 		"donateLn": "Donate via Lightning",
 		"supportDev": "Zap the devs",
-		"supportHint": "Every contribution, no matter the size, makes a significant impact. Zap confirmation screen is under development",
+		"supportHint": "Every contribution, no matter the size, makes a significant impact. Confirmation screen is under development.",
 		"newToken": "New Cashu token",
-		"EcashRdy": "You are now ready to experience the magic of private Ecash on Bitcoin!"
+		"EcashRdy": "You are now ready to experience the magic of private Ecash on Bitcoin!",
+		"disclaimerHint": "This disclaimer should be taken seriously and should not be ignored or underestimated. We appreciate your interest in this project and will continue to work on improving it."
 	},
 	"error": {
 		"addAllMintIdsErr": "Error while getting keyset ids from mint",
@@ -331,7 +334,7 @@
 		"mintBackup": "Backup funds",
 		"mintSettings": "Mint management",
 		"security": "Security",
-		"settings": "Settings",
+		"settings": "Options",
 		"privacy": "Privacy",
 		"general": "General"
 	},

diff --git a/assets/translations/fr.json b/assets/translations/fr.json
@@ -15,7 +15,7 @@
 		"createPin": "Créer un PIN",
 		"editPin": "Modifier le PIN",
 		"pinMismatch": "PIN incorrect!",
-		"pinSetup": "Vous pouvez configurer un PIN pour sécuriser votre app. Si le code PIN est oublié, la restauration est actuellement indisponible.",
+		"pinSetup": "Vous pouvez facultativement configurer un PIN pour sécuriser votre app.\n\nATTENTION: Si le code PIN est oublié, la restauration est actuellement indisponible!",
 		"pleaseConfirm": "Veuillez confirmer votre PIN.",
 		"pleaseConfirmNewPin": "Veuillez confirmer votre nouveau PIN.",
 		"pleaseEnter": "Veuillez entrer votre PIN",
@@ -67,7 +67,7 @@
 		"contactNotSaved": "Le contact n'a pas pu être enregistré. Possibilité de doublon de nom ou d'adresse.",
 		"continue": "Continuer",
 		"copied": "Copié",
-		"copyInvoice": "Copier la facture",
+		"shareInvoice": "Partager la facture",
 		"copyToken": "Copier le token",
 		"createBackup": "Créer un token de sauvegarde",
 		"createInvoice": "Créer une facture",
@@ -105,7 +105,8 @@
 		"generateInvoiceErr": "Impossible de générer la facture pour \"{{input}}\"",
 		"german": "Allemand",
 		"getStarted": "Commencer",
-		"githubIssues": "GitHub problèmes et questions",
+		"githubIssues": "Signalez des bugs sur Github",
+		"shareOrReport": "Signaler des bugs",
 		"historyDeleted": "Historique supprimé",
 		"invalidInvoice": "Facture invalide",
 		"invalidOrSpent": "Token invalide ou déjà utilisé",
@@ -167,7 +168,7 @@
 		"share": "Partager",
 		"smthWrong": "Quelque chose s'est mal passé",
 		"startHint": "Vous pouvez soit utiliser la mint de eNuts préexistante, soit une autre out votre propre mint.",
-		"submitPaymentReq": "Demande de paiement",
+		"submitPaymentReq": "Retirer votre argent",
 		"to": "à",
 		"today": "Aujourd'hui",
 		"tokenInfoErr": "Erreur lors de l'obtention des informations sur le token",
@@ -209,11 +210,13 @@
 		"seeFullHistory": "Gesamter Transaktionsverlauf",
 		"hiddenTxs": "Dernières transactions masquées",
 		"next": "Suivant",
+		"skip": "Sauter",
 		"donateLn": "Faire un don via Lightning",
 		"supportDev": "Zap le développement",
-		"supportHint": "Chaque contribution, quelle que soit sa taille, a un impact significatif. L'écran de confirmation est en cours de développement",
+		"supportHint": "Chaque contribution, quelle que soit sa taille, a un impact significatif. L'écran de confirmation est en cours de développement.",
 		"newToken": "Nouveau Cashu Token",
-		"EcashRdy": "Vous êtes maintenant prêt à découvrir la magie de l'Ecash privé sur Bitcoin!"
+		"EcashRdy": "Vous êtes maintenant prêt à découvrir la magie de l'Ecash privé sur Bitcoin!",
+		"disclaimerHint": "Cette clause de non-responsabilité doit être prise au sérieux et ne doit pas être ignorée ni sous-estimée. Nous apprécions votre intérêt pour ce projet et continuerons à travailler à son amélioration."
 	},
 	"error": {
 		"addAllMintIdsErr": "Erreur lors de l'obtention de l'ensemble de clés de la mint",
@@ -332,7 +335,7 @@
 		"mintBackup": "Sauvegarde des fonds",
 		"mintSettings": "Paramètres des mints",
 		"security": "Sécurité",
-		"settings": "Paramètres",
+		"settings": "Options",
 		"privacy": "Vie privée",
 		"general": "Général"
 	},

diff --git a/config/app.config.ts b/config/app.config.ts
@@ -78,6 +78,9 @@ const config: ExpoConfig = {
 		infoPlist: {
 			LSApplicationQueriesSchemes: ['cashu']
 		},
+		config: {
+			usesNonExemptEncryption: false
+		},
 		bundleIdentifier: 'com.agron.enuts'
 	},
 	android: {
@@ -113,7 +116,7 @@ const config: ExpoConfig = {
 		]
 	},
 	updates: {
-		enabled:false,
+		enabled: false,
 		url: 'https://u.expo.dev/edb75ccd-71ac-4934-9147-baf1c7f2b068'
 	},
 	runtimeVersion: {

diff --git a/package.json b/package.json
@@ -26,6 +26,7 @@
 		"build:ci:preview:ios": "npx -y eas-cli@latest build --non-interactive -e preview -p ios -m ciPreview --no-wait",
 		"build:ci:prod:android": "npx -y eas-cli@latest build --non-interactive -e production -p android -m ciProduction --no-wait",
 		"build:ci:prod:ios": "npx -y eas-cli@latest build --non-interactive -e production -p ios -m ciProduction --no-wait",
+		"submit:ios":"npx -y eas-cli@latest submit -p ios",
 		"ios": "expo start --ios",
 		"web": "expo start --web",
 		"test": "npx jest -c ./config/jest.config.ts --passWithNoTests ",

diff --git a/src/components/Balance.tsx b/src/components/Balance.tsx
@@ -162,7 +162,7 @@ function HistoryEntry({ icon, txType, timestamp, amount, onPress }: IHistoryEntr
 						</Text>
 					</View>
 				</View>
-				<Txt txt={`${amount > 0 ? '+' : ''}${formatInt(amount)}`} styles={[{ color: mainColors.WHITE, fontWeight: '500' }]} />
+				<Txt txt={`${amount > 0 ? '+' : ''}${formatInt(amount)} Satoshi`} styles={[{ color: mainColors.WHITE }]} />
 			</TouchableOpacity>
 		</>
 	)

diff --git a/src/components/modal/Zap.tsx b/src/components/modal/Zap.tsx
@@ -61,9 +61,10 @@ export function ZapModal({ visible, close }: IQuestionModalProps) {
 
 	return (
 		<MyModal type='bottom' animation='slide' visible={visible} close={close} >
-			<Text style={globals(color).modalHeader}>
-				⚡ {t('supportDev')}
-			</Text>
+			<Txt
+				txt={`⚡ ${t('supportDev')}`}
+				styles={[styles.modalHeader]}
+			/>
 			<Text style={globals(color).modalTxt}>
 				{t('supportHint')}
 			</Text>
@@ -72,7 +73,7 @@ export function ZapModal({ visible, close }: IQuestionModalProps) {
 			</View>
 			<Button
 				// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
-				txt={`${t('donateLn')}  🎁`} 
+				txt={`${t('donateLn')}  🎁`}
 				onPress={() => void handleDonation()}
 				loading={loading}
 			/>
@@ -105,6 +106,11 @@ function Selection({ zap, onPress }: ISelectionProps) {
 }
 
 const styles = StyleSheet.create({
+	modalHeader: {
+		fontSize: 24,
+		fontWeight: '500',
+		marginBottom: 20
+	},
 	zapRow: {
 		flexDirection: 'row',
 		alignItems: 'center',

diff --git a/src/screens/Auth/index.tsx b/src/screens/Auth/index.tsx
@@ -286,7 +286,7 @@ export default function AuthPage({ navigation, route }: TAuthPageProps) {
 								{/* skip or go back from confirm */}
 								{!auth.length && !shouldEdit &&
 									<TxtButton
-										txt={isConfirm ? t('back') : t('willDoLater')}
+										txt={isConfirm ? t('back') : t('skip')}
 										onPress={() => void handleSkip()}
 										style={[styles.skip]}
 										txtColor={mainColors.WHITE}