Uses File System API to open files when available. Makes confirmation…

… buttons to delete wallet(s) red. Fixes copy events occurring when the touchend event occurs off of the copy icon. Adds support for scanning invoice QR codes. Displays the transaction's sender and recipient payment proof addresses when sending or receiving a payment. Adds setting to require manually approving receiving payments. Displays amount and fee values in the current currency when sending and receiving payments. Transactions now display their value at the price when they were recorded.
NicolasFlamel1 · Mar 2, 2024 · fa57c80 · fa57c80
1 parent af11b4e
commit fa57c80
Show file tree

Hide file tree

Showing 44 changed files with 6,204 additions and 4,126 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 private
+sessions
 callback.php
 items.php
 public_html/browser_extension_api_example.html

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022-2023 Nicolas Flamel
+Copyright (c) 2022-2024 Nicolas Flamel
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -9,6 +9,55 @@ This wallet also allows for you to manage your MimbleWimble Coin with Ledger and
 
 You can also use your own node, [listener](https://github.com/NicolasFlamel1/WebSocket-Listener), and [Tor proxy](https://github.com/NicolasFlamel1/Tor-Proxy) with this wallet thus allowing it to function without having to rely on any third parties.
 
+### Sending MWC To Exchanges Compatibility
+
+Compatibility for sending MWC from the MimbleWimble Coin web wallet and Ledger Live Desktop/Mobile to exchanges:
+
+|| [TradeOgre](https://tradeogre.com/exchange/BTC-MWC) |
+|-|-|-|
+| [MWC web wallet website](https://mwcwallet.com) | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| [MWC web wallet Onion Service](http://mwcwalletmiq3gdkmfbqlytxunvlxyli4m6zrqozk7xjc353ewqb6bad.onion) | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| MWC web wallet progressive web app version | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| [MWC web wallet browser extension version](https://github.com/NicolasFlamel1/MWC-Wallet-Browser-Extension) | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| [MWC web wallet standalone version](https://github.com/NicolasFlamel1/MWC-Wallet-Standalone) | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| [Ledger Live Desktop/Mobile](https://github.com/NicolasFlamel1/ledger-live) | ✅ |
+
+\* This table assumes that the MimbleWimble Coin web wallet and Ledger Live Desktop/Mobile are using their default settings.
+
+\* [WhiteBIT](https://whitebit.com/trade/MWC-BTC) had temporarily suspended depositing and withdrawing MWC when this table was created which is why they aren't included.
+
+\* CORS issues can by bypassed by disabling CORS checks in your web browser, however this shouldn't be done without understanding the security implications of doing so.
+
+# Receiving MWC From Exchanges Compatibility
+
+Compatibility for receiving MWC from exchanges to the MimbleWimble Coin web wallet and Ledger Live Desktop/Mobile:
+
+|| [TradeOgre](https://tradeogre.com/exchange/BTC-MWC) |
+|-|-|-|
+| [MWC web wallet website](https://mwcwallet.com) | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| [MWC web wallet Onion Service](http://mwcwalletmiq3gdkmfbqlytxunvlxyli4m6zrqozk7xjc353ewqb6bad.onion) | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| MWC web wallet progressive web app version | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| [MWC web wallet browser extension version](https://github.com/NicolasFlamel1/MWC-Wallet-Browser-Extension) | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| [MWC web wallet standalone version](https://github.com/NicolasFlamel1/MWC-Wallet-Standalone) | ✅ Requires version 2.2.0 or newer of the web wallet. |
+| [Ledger Live Desktop/Mobile](https://github.com/NicolasFlamel1/ledger-live) | ✅ |
+
+\* This table assumes that the MimbleWimble Coin web wallet and Ledger Live Desktop/Mobile are using their default settings.
+
+\* [WhiteBIT](https://whitebit.com/trade/MWC-BTC) had temporarily suspended depositing and withdrawing MWC when this table was created which is why they aren't included.
+
+\* It's unlikely that any exchanges currently supports sending MWC to the MimbleWimble Coin web wallet when using a hardware wallet due to that [needing a longer network read timeout](https://github.com/mwcproject/mwc-wallet/pull/17).
+
+### Trust And Privacy Concerns
+By default, the MimbleWimble Coin web wallet is not trustless and sacrifices some of its users' privacy in order to achieve a greater ease of use. This is true for any of the methods that can be used to access this web wallet including accessing it from its website at [https://mwcwallet.com](https://mwcwallet.com), accessing it from its Onion Service at [http://mwcwalletmiq3gdkmfbqlytxunvlxyli4m6zrqozk7xjc353ewqb6bad.onion](http://mwcwalletmiq3gdkmfbqlytxunvlxyli4m6zrqozk7xjc353ewqb6bad.onion), accessing it from its progressive web app version, accessing it from [its browser extension version](https://github.com/NicolasFlamel1/MWC-Wallet-Browser-Extension), and accessing it from [its standalone version](https://github.com/NicolasFlamel1/MWC-Wallet-Standalone).
+
+However, this web wallet does provide a way to use it in a completely trustless and private way. This can be accomplished by performing the following steps.
+
+1. Use the [Tor Browser](https://www.torproject.org/download/) to access this web wallet from [its standalone version](https://github.com/NicolasFlamel1/MWC-Wallet-Standalone).
+2. Run your own [MWC node](https://github.com/mwcproject/mwc-node) and set the web wallet to use it in its settings.
+3. Run your own [listener](https://github.com/NicolasFlamel1/WebSocket-Listener) and set the web wallet to use it in its settings.
+
+Accessing this web wallet in this way will remove the need to trust the servers hosting the site, listener, Tor proxy, and node. This will also preserve your privacy by not leaking your IP address to anyone that you send MWC to and your ISP won't be aware that you're using this web wallet.
+
 ### Develop
 This site can be ran from a local machine for development purposes. To do that, this repo's files are intended to reside at `/srv/mwcwallet.com`, but can be located anywhere as long as the `root` directive in the `nginx.conf` file correctly reflects the `public_html` folder's current location.
 
@@ -49,10 +98,10 @@ For example, here's what a file for a French translation, `public_html/languages
 ```
 <?php
 
-	$availableLanguages["fr"] = [
+	$availableLanguages["fr-FR"] = [
 	
 		"Contributors" => [
-			"Your name here"
+			"Your name here" => "http://yourLinkHere"
 		],
 		
 		"Constants" => [
@@ -63,7 +112,11 @@ For example, here's what a file for a French translation, `public_html/languages
 			
 			"Image" => "./images/countries/france.svg",
 			
-			"Currency" => "EUR"
+			"Currency" => "EUR",
+			
+			"Extension Locale Code" => "fr",
+			
+			"Fallback" => "fr"
 		],
 		
 		"Text" => [

diff --git a/docs/exchange compatibility.md b/docs/exchange compatibility.md
diff --git a/docs/trust and privacy concerns.md b/docs/trust and privacy concerns.md
diff --git a/nginx.conf b/nginx.conf
@@ -698,8 +698,8 @@ server {
 		}
 
 		# Push resources
-		more_set_headers -s 200 "Set-Cookie: $cookie";
-		more_set_headers -s 200 "Link: $resources";
+		more_set_headers -s 200 "Set-Cookie: $mwcwallet_cookie";
+		more_set_headers -s 200 "Link: $mwcwallet_resources";
 
 		# Only allow being in an iframes of the same origin
 		more_set_headers -s 200 "X-Frame-Options: SAMEORIGIN";
@@ -718,7 +718,7 @@ server {
 		more_set_headers -s 200 "Strict-Transport-Security: max-age=63072000; includeSubDomains; preload";
 
 		# Set content security policy
-		more_set_headers -s 200 "Content-Security-Policy: default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:";
+		more_set_headers -s 200 "Content-Security-Policy: default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://mwcplace.com";
 
 		# Set referrer policy to not include a referrer header
 		more_set_headers -s 200 "Referrer-Policy: same-origin";
@@ -753,8 +753,8 @@ server {
 		}
 
 		# Push resources
-		add_header Set-Cookie $cookie always;
-		add_header Link $resources always;
+		add_header Set-Cookie $mwcwallet_cookie always;
+		add_header Link $mwcwallet_resources always;
 
 		# Only allow being in an iframes of the same origin
 		add_header X-Frame-Options "SAMEORIGIN" always;
@@ -773,13 +773,13 @@ server {
 		add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 
 		# Set content security policy
-		add_header Content-Security-Policy "default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:" always;
+		add_header Content-Security-Policy "default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://mwcplace.com" always;
 
 		# Set referrer policy to not include a referrer header
 		add_header Referrer-Policy "same-origin" always;
 
 		# Add onion location
-		add_header Onion-Location $onion_location always;
+		add_header Onion-Location $mwcwallet_onion_location always;
 
 		# Set permissions policy
 		add_header Permissions-Policy "camera=(self), screen-wake-lock=(self), clipboard-write=(self), usb=(self), bluetooth=(self), cross-origin-isolated=(self), vertical-scroll=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), focus-without-user-activation=(self), unload=(self), autoplay=(), display-capture=(), encrypted-media=(), fullscreen=(), hid=(), idle-detection=(), otp-credentials=(), picture-in-picture=(), serial=(), sync-xhr=(), accelerometer=(), document-domain=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), xr-spatial-tracking=(), clipboard-read=(), ambient-light-sensor=(), attribution-reporting=(), gamepad=(), keyboard-map=(), window-placement=(), identity-credentials-get=(), local-fonts=(), private-state-token-issuance=(), private-state-token-redemption=()" always;
@@ -1522,7 +1522,7 @@ server {
 		more_set_headers -s 200 "Cross-Origin-Embedder-Policy: require-corp";
 
 		# Set content security policy
-		more_set_headers -s 200 "Content-Security-Policy: default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:";
+		more_set_headers -s 200 "Content-Security-Policy: default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://mwcplace.com";
 
 		# Set referrer policy to not include a referrer header
 		more_set_headers -s 200 "Referrer-Policy: same-origin";
@@ -1567,7 +1567,7 @@ server {
 		add_header Cross-Origin-Embedder-Policy "require-corp" always;
 
 		# Set content security policy
-		add_header Content-Security-Policy "default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:" always;
+		add_header Content-Security-Policy "default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://mwcplace.com" always;
 
 		# Set referrer policy to not include a referrer header
 		add_header Referrer-Policy "same-origin" always;
@@ -1652,19 +1652,19 @@ server {
 }
 
 # Cookie
-map $http_cookie $cookie {
+map $http_cookie $mwcwallet_cookie {
 	"~*__Host-Preloaded=true" "$sent_http_set_cookie";
 	default "__Host-Preloaded=true; Max-Age=63072000; HttpOnly; Secure; SameSite=Strict; Priority=High; Path=/; Partitioned";
 }
 
 # Resources
-map $http_cookie $resources {
+map $http_cookie $mwcwallet_resources {
 	"~*__Host-Preloaded=true" "";
 	default "</images/logo_big.svg?3>; as=image; rel=preload, </images/logo_small.svg?3>; as=image; rel=preload, </fonts/open_sans/open_sans-1.10.woff2?4>; as=font; rel=preload; crossorigin=anonymous, </fonts/open_sans/open_sans_semibold-1.10.woff2?1>; as=font; rel=preload; crossorigin=anonymous, </fonts/mwc/mwc.woff2?3>; as=font; rel=preload; crossorigin=anonymous, </fonts/grin/grin.woff2?3>; as=font; rel=preload; crossorigin=anonymous, </fonts/epic/epic.woff2?1>; as=font; rel=preload; crossorigin=anonymous, </fonts/btc/btc.woff2?3>; as=font; rel=preload; crossorigin=anonymous, </fonts/eth/eth.woff2?3>; as=font; rel=preload; crossorigin=anonymous, </styles/normalize.css-8.0.1.css?3>; as=style; rel=preload; integrity=sha512-oHDEc8Xed4hiW6CxD7qjbnI+B07vDdX7hEPTvn9pSZO1bcRqHp8mj9pyr+8RVC2GmtEfI2Bi9Ke9Ass0as+zpg==, </fonts/open_sans/open_sans.css?5>; as=style; rel=preload, </fonts/font_awesome/font_awesome.css?4>; as=style; rel=preload, </images/circle.svg?3>; as=image; rel=preload, </images/down_arrow.svg?3>; as=image; rel=preload";
 }
 
 # Onion location
-map $http_referer $onion_location {
+map $http_referer $mwcwallet_onion_location {
 	"~^https://mwcwallet\.com/scripts/service_worker\.js$" "http://mwcwalletmiq3gdkmfbqlytxunvlxyli4m6zrqozk7xjc353ewqb6bad.onion/";
 	"~^https://mwcwallet\.com(/.*)$" "http://mwcwalletmiq3gdkmfbqlytxunvlxyli4m6zrqozk7xjc353ewqb6bad.onion$1";
 	default "http://mwcwalletmiq3gdkmfbqlytxunvlxyli4m6zrqozk7xjc353ewqb6bad.onion$request_uri";

diff --git a/public_html/.user.ini b/public_html/.user.ini
@@ -19,9 +19,9 @@ default_charset = "UTF-8"
 output_handler = mb_output_handler
 output_buffering = 4096
 session.name = __Host-Session_ID
-session.gc_probability = 1
-session.gc_divisor = 1000
+session.gc_probability = 0
 session.gc_maxlifetime = 31536000
+session.save_path="/srv/mwcwallet.com/sessions"
 date.timezone = UTC
 display_errors = Off
 session.auto_start = 0

diff --git a/public_html/backend/common.php b/public_html/backend/common.php
@@ -3,19 +3,22 @@
 	// Constants
 
 	// Version number
-	const VERSION_NUMBER = "2.4.1";
+	const VERSION_NUMBER = "2.5.0";
 
 	// Version release date
-	const VERSION_RELEASE_DATE = "27 Aug 2023 21:43:00 UTC";
+	const VERSION_RELEASE_DATE = "02 Mar 2024 12:49:00 UTC";
 
 	// Version changes
 	const VERSION_CHANGES = [
 		"Fixed bold fonts displaying incorrectly on Safari.",
 		"Fixed caching main page when using URL parameters.",
 		"Fixed canceling connecting to a locked Trezor Model T hardware wallet.",
-		"Updated dependencies.",
-		"Removes wallet and network protocol from pasted recipient addresses.",
-		"Added support for Trezor Safe 3 hardware wallets."
+		"Added support for Trezor Safe 3 hardware wallets.",
+		"Added support for scanning invoice QR codes.",
+		"Displays the transaction's sender and recipient payment proof addresses when sending or receiving a payment.",
+		"Added setting to require manual approval when receiving payments.",
+		"Displays the amount and fee values in the current currency when sending or receiving a payment.",
+		"Transactions now display their value at the price when they was recorded."
 	];
 
 	// Maintenance start time