Update samourai-server app to v1.10.1 (#901)

Co-authored-by: Luke Childs <lukechilds123@gmail.com>

apps/registry.json

@@ -271,15 +271,15 @@
         "id": "samourai-server",
         "category": "Wallet Servers",
         "name": "Samourai Server",
-        "version": "1.9.0",
+        "version": "1.10.1",
         "tagline": "Your private backing server for Samourai Wallet",
-        "description": "Samourai Server is an exclusive Umbrel app that runs Samourai Dojo and Whirlpool backing servers, and provides you easy step-by-step instructions to connect your Samourai Wallet to them. Samourai Wallet is unrivaled in transaction privacy, but its default configuration is still subject to network level privacy loss.\n\nBy default, Samourai Wallet will connect to its centrally controlled Dojo hosted in Iceland. By hosting your own Samourai Server, you can bypass its servers completely when using Samourai Wallet or Sentinel, and gain total financial sovereignty without any complexity.",
+        "description": "Samourai Server is an exclusive Umbrel app that runs Samourai Dojo and Whirlpool backing servers, and provides you easy step-by-step instructions to connect your Samourai Wallet to them. Samourai Wallet is unrivaled in transaction privacy, but its default configuration is still subject to network level privacy loss.\n\nBy default, Samourai Wallet will connect to its centrally controlled Dojo hosted in Iceland. By hosting your own Samourai Server, you can bypass its servers completely when using Samourai Wallet or Sentinel, and gain total financial sovereignty without any complexity.\n\nBundles Whirlpool CLI v0.10.11.",
         "developer": "Samourai",
         "website": "https://samouraiwallet.com",
         "dependencies": [
             "bitcoind"
         ],
-        "repo": "https://github.com/louneskmt/umbrel-samourai-dojo/tree/v1.9.0-umbrel",
+        "repo": "https://github.com/louneskmt/umbrel-samourai-dojo/tree/v1.10.1-umbrel",
         "support": "https://t.me/SamouraiWallet",
         "port": 3005,
         "gallery": [
@@ -287,7 +287,7 @@
             "2.jpg",
             "3.jpg"
         ],
-        "path": "/connect/",
+        "path": "",
         "defaultPassword": ""
     },
     {

apps/samourai-server/docker-compose.yml

@@ -22,7 +22,7 @@ services:
         ipv4_address: $APP_SAMOURAI_SERVER_DB_IP
 
   node:
-    image: louneskmt/dojo-nodejs:1.9.0@sha256:fbef514d55dd848e038f9852e5b5146f18675c7c207e6370fb9f54d0fd6eb6ce
+    image: louneskmt/dojo-nodejs:1.10.1@sha256:d1460df18df091837718fcd0a6d3850e2f1a4a49da5914a697648c40d5477184
     init: true
     restart: on-failure
     command: "/home/node/app/wait-for-it.sh db:3306 --timeout=720 --strict -- /home/node/app/restart.sh"
@@ -30,9 +30,10 @@ services:
     environment:
       # GLOBAL
       COMMON_BTC_NETWORK: $BITCOIN_NETWORK
-      DOJO_NODEJS_VERSION_TAG: 1.9.0
-      TOR_PROXY_IP: $TOR_PROXY_IP
-      TOR_PROXY_PORT: $TOR_PROXY_PORT
+      DOJO_NODEJS_VERSION_TAG: 1.10.1
+      NET_DOJO_TOR_IPV4: $TOR_PROXY_IP
+      NET_DOJO_TOR_PORT: $TOR_PROXY_PORT
+      NET_DOJO_MYSQL_IPV4: $APP_SAMOURAI_SERVER_DB_IP
 
       # MYSQL
       MYSQL_DATABASE: samourai-main
@@ -85,12 +86,13 @@ services:
         ipv4_address: $APP_SAMOURAI_SERVER_NODE_IP
 
   whirlpool:
-    image: louneskmt/whirlpool:0.10.10@sha256:0914a0784a59819d55605e45b595b2715e5d1ed9b5aa5cd58db0fb068d8f6367
+    image: louneskmt/whirlpool:0.10.11@sha256:a7cfb9e287aa5f2e4137a5d2fdddbfd348624e24e7dd7bed7fa0f4e2e22734d5
     init: true
     restart: on-failure
     user: "1000:1000"
     command:
       - "--listen"
+      - "--cli.apiKey=$SAMOURAI_SERVER_WHIRLPOOL_API_KEY"
       - "--cli.api.http-enable=true"
       - "--cli.api.http-port=$APP_SAMOURAI_SERVER_WHIRLPOOL_PORT"
       - "--cli.tor=true"
@@ -120,15 +122,19 @@ services:
       - ${APP_DATA_DIR}/nginx/wait-for:/wait-for
       - ${APP_DATA_DIR}/nginx/nginx.conf:/etc/nginx/nginx.conf
       - ${APP_DATA_DIR}/nginx/${BITCOIN_NETWORK}.conf:/etc/nginx/sites-enabled/dojo.conf
+      - ${APP_DATA_DIR}/nginx/connect.conf:/etc/nginx/sites-enabled/connect.conf
       - ${APP_DATA_DIR}/nginx/connect:/var/www/connect
     environment:
       COMMON_BTC_NETWORK: $BITCOIN_NETWORK
-      DOJO_HIDDEN_SERVICE: $APP_HIDDEN_SERVICE
+      DOJO_LOCAL_PORT: $APP_SAMOURAI_SERVER_DOJO_PORT
+      DOJO_HIDDEN_SERVICE: $SAMOURAI_SERVER_DOJO_HIDDEN_SERVICE
       WHIRLPOOL_HIDDEN_SERVICE: $SAMOURAI_SERVER_WHIRLPOOL_HIDDEN_SERVICE
       NODE_PREFIX_SUPPORT: support
       NODE_ADMIN_KEY: $SAMOURAI_SERVER_NODE_ADMIN_KEY
+      WHIRLPOOL_API_KEY: $SAMOURAI_SERVER_WHIRLPOOL_API_KEY
     ports:
-      - "$APP_SAMOURAI_SERVER_PORT:80"
+      - "$APP_SAMOURAI_SERVER_DOJO_PORT:80"
+      - "$APP_SAMOURAI_SERVER_CONNECT_PORT:8081"
     depends_on:
       - node
     networks:

apps/samourai-server/mysql/mysql-dojo.cnf

@@ -1,10 +1,11 @@
 [mysqld]
 sql_mode="NO_ENGINE_SUBSTITUTION"
+transaction_isolation=READ-COMMITTED
 performance_schema=off
 innodb_buffer_pool_size=128M
 innodb_buffer_pool_chunk_size=16M
 key_buffer_size=8M
 tmp_table_size=1M
-max_connections=20
+max_connections=80
 sort_buffer_size=1M
 query_cache_size=8M

apps/samourai-server/nginx/connect.conf

@@ -0,0 +1,22 @@
+# Connect UI Configuration
+server {
+    listen 8081;
+    server_name _;
+
+    root /var/www/connect;
+    index index.html;
+
+    # Proxy pairing endpoint to dojo api
+    location /v2/support/pairing {
+        proxy_pass http://node:8080/support/pairing;
+    }
+
+    location /test/v2/support/pairing {
+        proxy_pass http://node:8080/support/pairing;
+    }
+
+    # Server Connect UI static files
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}

apps/samourai-server/nginx/connect/index.html

@@ -59,7 +59,7 @@
         <div class="note">
             <h5 class="note-heading text-muted text-small">Advanced</h5>
             <p class="note-text">
-                If you need to access the Dojo Maintenance Tool, <a href="/admin/" target="_blank">click here</a>.
+                If you need to access the Dojo Maintenance Tool, <a id="dmt-link" href="#" target="_blank">click here</a>.
             </p>
             <p class="note-text text-small">
                 Admin key: <code id="dojo-admin-key"></code>
@@ -76,11 +76,13 @@
             <li class="step">Install <a href="https://gist.github.com/lukechilds/0be1d56ecd28092822e4fa750b5945c0" target="_blank">Tor</a> on your computer.</li>
             <li class="step">Download and install <a href="https://code.samourai.io/whirlpool/whirlpool-gui/-/releases"
                     target="_blank">Whirlpool GUI</a>.</li>
-            <li class="step">Select: Advanced: remote CLI.</li>
+            <li class="step">Select: “Advanced: remote CLI”.</li>
             <li class="step">Enter "<b id="whirlpool-hidden-service"></b>" (without quotes) in “CLI
                 address”.</li>
             <li class="step">Tor proxy should now auto enable and set itself to “socks5://127.0.0.1:9050”.</li>
-            <li class="step">Click connect.</li>
+            <li class="step">Click “Configure API key?”.</li>
+            <li class="step">Enter "<b id="whirlpool-api-key"></b>" (without quotes) in “API key”.</li>
+            <li class="step">Click “Connect”.</li>
             <li class="step">Click QR code icon to scan a QR code from Samourai Wallet on your phone.</li>
             <li class="step">Open Samourai Wallet on your phone.</li>
             <li class="step">Go Settings > Transactions > Experimental > Pair to Whirlpool GUI. Show the QR code on your
@@ -94,8 +96,8 @@
         <p><strong>Note:</strong> You'll need to open Whirlpool GUI and re-enter your password to continue mixing after restarting or updating your Umbrel.</p>
     </section>
     <script src="js/qrcode.min.js"></script>
-    <script src="js/conf.js"></script>
-    <script src="js/script.js"></script>
+    <script src="js/conf.js?v1.10.1"></script>
+    <script src="js/script.js?v1.10.1"></script>
 </body>
 
 </html>

apps/samourai-server/nginx/connect/js/conf.template.js

@@ -1,5 +1,7 @@
+var dojoLocalPort = "$DOJO_LOCAL_PORT";
 var dojoHiddenService = "$DOJO_HIDDEN_SERVICE";
-var whirlpoolHiddenService = "http://$WHIRLPOOL_HIDDEN_SERVICE";
+var whirlpoolHiddenService = "$WHIRLPOOL_HIDDEN_SERVICE";
 var bitcoinNetwork = "$COMMON_BTC_NETWORK";
 var dojoAdminKey = "$NODE_ADMIN_KEY";
-var supportPrefix = "$NODE_PREFIX_SUPPORT";
+var whirlpoolApiKey = "$WHIRLPOOL_API_KEY";
+var dojoSupportPrefix = "$NODE_PREFIX_SUPPORT";

apps/samourai-server/nginx/connect/js/script.js

@@ -1,8 +1,16 @@
-document.getElementById('dojo-admin-key').innerText = dojoAdminKey;
+let dojoHost = `${window.location.hostname}:${dojoLocalPort}`;
+const dojoBaseRoute = bitcoinNetwork == "testnet" ? "test/v2" : "v2";
+
+if(window.location.hostname.endsWith(".onion")) {
+  dojoHost = dojoHiddenService;
+}
 
-var baseRoute = bitcoinNetwork == "testnet" ? "test/v2" : "v2";
+document.getElementById('dojo-admin-key').innerText = dojoAdminKey;
+document.getElementById('whirlpool-api-key').innerText = whirlpoolApiKey;
+document.getElementById('whirlpool-hidden-service').innerText = `http://${whirlpoolHiddenService}`;
+document.getElementById('dmt-link').setAttribute("href", `http://${dojoHost}/admin/`);
 
-fetch(`http://${window.location.host}/${baseRoute}/auth/login`, {
+fetch(`http://${dojoHost}/${dojoBaseRoute}/auth/login`, {
     method: 'POST',
     headers: new Headers({
       'Content-Type': 'application/x-www-form-urlencoded'
@@ -11,7 +19,7 @@ fetch(`http://${window.location.host}/${baseRoute}/auth/login`, {
  })
  .then(response => response.json())
  .then(data => {
-    fetch(`http://${window.location.host}/${baseRoute}/${supportPrefix}/pairing`, {
+    fetch(`http://${window.location.host}/${dojoBaseRoute}/${dojoSupportPrefix}/pairing`, {
         method: 'GET',
         headers: new Headers({
             'Authorization': 'Bearer ' + data.authorizations.access_token,
@@ -19,9 +27,8 @@ fetch(`http://${window.location.host}/${baseRoute}/auth/login`, {
         })
     })
     .then(response => response.json())
-    .then(data => {
-        var pairingInfo = data;
-        pairingInfo.pairing.url = `http://${dojoHiddenService}/${baseRoute}`;
+    .then(pairingInfo => {
+        pairingInfo.pairing.url = `http://${dojoHiddenService}/${dojoBaseRoute}`;
 
         const qrcodeSvg = new QRCode({
           content: JSON.stringify(pairingInfo),
@@ -33,7 +40,5 @@ fetch(`http://${window.location.host}/${baseRoute}/auth/login`, {
           ecl: "M",
         }).svg();
         document.querySelector('.qr-contents').innerHTML = qrcodeSvg;
-
-        document.getElementById('whirlpool-hidden-service').innerText = `${whirlpoolHiddenService}`;
     });
  });

apps/samourai-server/nginx/mainnet.conf

@@ -21,13 +21,6 @@ server {
     proxy_send_timeout 600;
     send_timeout 600;
 
-    # Connection details page
-    location /connect {
-        alias /var/www/connect;
-        index index.html;
-        try_files $uri $uri/ =404;
-    }
-
     # Proxy WebSocket connections first
     location /v2/inv {
         proxy_pass http://websocket;
@@ -71,4 +64,3 @@ server {
         add_header Content-Type application/json;
     }
 }
-

apps/samourai-server/nginx/nginx.conf

@@ -42,4 +42,3 @@ http {
 
     include  /etc/nginx/sites-enabled/*.conf;
 }
-

apps/samourai-server/nginx/testnet.conf

@@ -21,13 +21,6 @@ server {
     proxy_send_timeout 600;
     send_timeout 600;
 
-    # Connection details page
-    location /connect {
-        alias /var/www/connect;
-        index index.html;
-        try_files $uri $uri/ =404;
-    }
-
     # Proxy WebSocket connections first
     location /test/v2/inv {
         proxy_pass http://websocket;
@@ -76,4 +69,3 @@ server {
         add_header Content-Type application/json;
     }
 }
-

scripts/app

@@ -120,11 +120,14 @@ compose() {
   # App specific env vars
   # Note: Hardcoding app specific env vars is a short term solution. Long term
   # these values will be registered in an apps manifest and generated dynamically.
+  local dojo_hidden_service_file="${UMBREL_ROOT}/tor/data/app-${app}-dojo/hostname"
   local whirlpool_hidden_service_file="${UMBREL_ROOT}/tor/data/app-${app}-whirlpool/hostname"
+  export SAMOURAI_SERVER_DOJO_HIDDEN_SERVICE="$(cat "${dojo_hidden_service_file}" 2>/dev/null || echo "notyetset.onion")"
   export SAMOURAI_SERVER_WHIRLPOOL_HIDDEN_SERVICE="$(cat "${whirlpool_hidden_service_file}" 2>/dev/null || echo "notyetset.onion")"
   export SAMOURAI_SERVER_NODE_API_KEY=$(derive_entropy "env-${app_entropy_identifier}-NODE_API_KEY")
   export SAMOURAI_SERVER_NODE_ADMIN_KEY=$(derive_entropy "env-${app_entropy_identifier}-NODE_ADMIN_KEY")
   export SAMOURAI_SERVER_NODE_JWT_SECRET=$(derive_entropy "env-${app_entropy_identifier}-NODE_JWT_SECRET")
+  export SAMOURAI_SERVER_WHIRLPOOL_API_KEY=$(derive_entropy "env-${app_entropy_identifier}-WHIRLPOOL_API_KEY")
 
   docker-compose \
     --env-file "${env_file}" \

scripts/configure

@@ -150,7 +150,8 @@ APP_MEMPOOL_PORT="3006"
 APP_MEMPOOL_API_IP="10.21.21.27"
 APP_MEMPOOL_DB_IP="10.21.21.28"
 APP_SAMOURAI_SERVER_IP="10.21.21.22"
-APP_SAMOURAI_SERVER_PORT="3005"
+APP_SAMOURAI_SERVER_DOJO_PORT="3009"
+APP_SAMOURAI_SERVER_CONNECT_PORT="3005"
 APP_SAMOURAI_SERVER_WHIRLPOOL_IP="10.21.21.23"
 APP_SAMOURAI_SERVER_WHIRLPOOL_PORT="8898"
 APP_SAMOURAI_SERVER_DB_IP="10.21.21.24"
@@ -339,7 +340,8 @@ for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "
   sed -i "s/<app-mempool-db-ip>/${APP_MEMPOOL_DB_IP}/g" "${template}"
   sed -i "s/<app-mempool-api-ip>/${APP_MEMPOOL_API_IP}/g" "${template}"
   sed -i "s/<app-samourai-server-ip>/${APP_SAMOURAI_SERVER_IP}/g" "${template}"
-  sed -i "s/<app-samourai-server-port>/${APP_SAMOURAI_SERVER_PORT}/g" "${template}"
+  sed -i "s/<app-samourai-server-dojo-port>/${APP_SAMOURAI_SERVER_DOJO_PORT}/g" "${template}"
+  sed -i "s/<app-samourai-server-connect-port>/${APP_SAMOURAI_SERVER_CONNECT_PORT}/g" "${template}"
   sed -i "s/<app-samourai-server-whirlpool-ip>/${APP_SAMOURAI_SERVER_WHIRLPOOL_IP}/g" "${template}"
   sed -i "s/<app-samourai-server-whirlpool-port>/${APP_SAMOURAI_SERVER_WHIRLPOOL_PORT}/g" "${template}"
   sed -i "s/<app-samourai-server-db-ip>/${APP_SAMOURAI_SERVER_DB_IP}/g" "${template}"

scripts/update/01-run.sh

@@ -194,6 +194,22 @@ rsync --archive \
     "$UMBREL_ROOT"/.umbrel-"$RELEASE"/ \
     "$UMBREL_ROOT"/
 
+# Handle updating static assets for samourai-server app
+samourai_app_dir="${UMBREL_ROOT}/apps/samourai-server/nginx"
+samourai_data_dir="${UMBREL_ROOT}/app-data/samourai-server/nginx"
+if [[ -d "${samourai_app_dir}" ]] && [[ -d "${samourai_data_dir}" ]]; then
+  echo "Found samourai-server install, attempting to update static assets and nginx configuration..."
+  rsync --archive --verbose "${samourai_app_dir}/" "${samourai_data_dir}"
+fi
+
+# Handle hidden service migration for samourai-server app
+samourai_app_dojo_tor_dir="${UMBREL_ROOT}/tor/data/app-samourai-server"
+samourai_app_new_dojo_tor_dir="${UMBREL_ROOT}/tor/data/app-samourai-server-dojo"
+if [[ -d "${samourai_app_dojo_tor_dir}" ]] && [[ ! -d "${samourai_app_new_dojo_tor_dir}" ]]; then
+  echo "Found samourai-server install, attempting to migrate dojo hidden service directory..."
+  mv "${samourai_app_dojo_tor_dir}/" "${samourai_app_new_dojo_tor_dir}"
+fi
+
 # Fix permissions
 echo "Fixing permissions"
 find "$UMBREL_ROOT" -path "$UMBREL_ROOT/app-data" -prune -o -exec chown 1000:1000 {} +

templates/.env-sample

@@ -53,7 +53,8 @@ APP_MEMPOOL_PORT=<app-mempool-port>
 APP_MEMPOOL_DB_IP=<app-mempool-db-ip>
 APP_MEMPOOL_API_IP=<app-mempool-api-ip>
 APP_SAMOURAI_SERVER_IP=<app-samourai-server-ip>
-APP_SAMOURAI_SERVER_PORT=<app-samourai-server-port>
+APP_SAMOURAI_SERVER_DOJO_PORT=<app-samourai-server-dojo-port>
+APP_SAMOURAI_SERVER_CONNECT_PORT=<app-samourai-server-connect-port>
 APP_SAMOURAI_SERVER_WHIRLPOOL_IP=<app-samourai-server-whirlpool-ip>
 APP_SAMOURAI_SERVER_WHIRLPOOL_PORT=<app-samourai-server-whirlpool-port>
 APP_SAMOURAI_SERVER_DB_IP=<app-samourai-server-db-ip>

templates/torrc-sample

@@ -77,10 +77,14 @@ HiddenServicePort 80 <app-photoprism-ip>:<app-photoprism-port>
 HiddenServiceDir /var/lib/tor/app-mempool
 HiddenServicePort 80 <app-mempool-ip>:<app-mempool-port>
 
-# samourai-server Hidden Service
-HiddenServiceDir /var/lib/tor/app-samourai-server
+# samourai-server dojo Hidden Service
+HiddenServiceDir /var/lib/tor/app-samourai-server-dojo
 HiddenServicePort 80 <app-samourai-server-ip>:80
 
+# samourai-server connect Hidden Service
+HiddenServiceDir /var/lib/tor/app-samourai-server
+HiddenServicePort 80 <app-samourai-server-ip>:8081
+
 # samourai-server whirlpool Hidden Service
 HiddenServiceDir /var/lib/tor/app-samourai-server-whirlpool
 HiddenServicePort 80 <app-samourai-server-whirlpool-ip>:<app-samourai-server-whirlpool-port>