Added admin feature to allow users to change their Spark seed phrase in the UI

blackcoffeexbt · blackcoffeexbt · commit 30fd6886db33 · 2026-03-14T11:46:48.000Z
diff --git a/flake.nix b/flake.nix
@@ -21,7 +21,7 @@
 
   outputs = { self, nixpkgs, raspberry-pi-nix, lnbits, spark-sidecar, ... }:
   let
-    version = "0.1.47";  # Bump before each release tag to match the next tag name
+    version = "0.1.48";  # Bump before each release tag to match the next tag name
     system = "aarch64-linux";
   in
   {
diff --git a/nixos/admin-app/app.py b/nixos/admin-app/app.py
@@ -7,6 +7,7 @@
 import sys
 import tempfile
 import time
+import grp
 try:
     import crypt
 except ModuleNotFoundError:
@@ -21,6 +22,7 @@
 from pathlib import Path
 from typing import Any
 
+from mnemonic import Mnemonic
 from flask import (
     Flask, render_template, request, redirect,
     url_for, flash, session, jsonify, send_file
@@ -265,6 +267,36 @@ def _read_spark_mnemonic() -> str | None:
         return None
 
 
+def _normalize_mnemonic(value: str) -> str:
+    return " ".join(value.strip().lower().split())
+
+
+def _write_spark_mnemonic(mnemonic: str):
+    SPARK_MNEMONIC_FILE.parent.mkdir(parents=True, exist_ok=True, mode=0o750)
+    fd, tmp_path_str = tempfile.mkstemp(
+        prefix=".mnemonic.",
+        dir=str(SPARK_MNEMONIC_FILE.parent),
+        text=True,
+    )
+    tmp_path = Path(tmp_path_str)
+    try:
+        with os.fdopen(fd, "w", encoding="utf-8") as handle:
+            handle.write(mnemonic + "\n")
+        os.chmod(tmp_path, 0o640)
+        try:
+            spark_gid = grp.getgrnam("spark-sidecar").gr_gid
+            os.chown(tmp_path, 0, spark_gid)
+        except KeyError:
+            pass
+        tmp_path.replace(SPARK_MNEMONIC_FILE)
+    finally:
+        if tmp_path.exists():
+            try:
+                tmp_path.unlink()
+            except OSError:
+                pass
+
+
 def _runtime_env_content(tunnel: dict[str, Any]) -> str:
     return "\n".join(
         [
@@ -768,6 +800,53 @@ def api_stop_service(service):
     return _service_action(service, "stop", "stopping")
 
 
+@app.route("/box/api/spark/seed", methods=["POST"])
+@login_required
+def api_update_spark_seed():
+    payload = request.get_json(silent=True) or {}
+    new_mnemonic = _normalize_mnemonic(str(payload.get("mnemonic", "")))
+
+    if not new_mnemonic:
+        return _json_error("Enter a seed phrase.", 400)
+
+    words = new_mnemonic.split()
+    if len(words) != 12:
+        return _json_error("Enter exactly 12 words.", 400)
+
+    if not Mnemonic("english").check(new_mnemonic):
+        return _json_error("Enter a valid 12-word BIP39 seed phrase.", 400)
+
+    current_mnemonic = _normalize_mnemonic(_read_spark_mnemonic() or "")
+    if current_mnemonic and new_mnemonic == current_mnemonic:
+        return _json_error("That seed phrase is already in use.", 400)
+
+    if DEV_MODE:
+        _write_spark_mnemonic(new_mnemonic)
+        return _json_response(
+            status="ok",
+            message="Spark seed phrase updated successfully. Spark is restarting now.",
+            data={"service": "spark-sidecar", "action": "restart"},
+        )
+
+    try:
+        _write_spark_mnemonic(new_mnemonic)
+        subprocess.run(
+            ["systemctl", "restart", "spark-sidecar.service"],
+            check=True,
+            capture_output=True,
+            timeout=30,
+        )
+        return _json_response(
+            status="ok",
+            message="Spark seed phrase updated successfully. Spark is restarting now.",
+            data={"service": "spark-sidecar", "action": "restart"},
+        )
+    except subprocess.CalledProcessError as e:
+        return _json_error(e.stderr.decode() or "Failed to restart Spark.", 500)
+    except Exception as e:
+        return _json_error(str(e), 500)
+
+
 def _service_action(service, action, verb):
     if service not in ALLOWED_SERVICES:
         return _json_error("Invalid service", 400)
diff --git a/nixos/admin-app/static/css/admin.css b/nixos/admin-app/static/css/admin.css
@@ -577,6 +577,10 @@ video {
     max-width: 28rem
 }
 
+.max-w-lg {
+    max-width: 32rem
+}
+
 .max-w-sm {
     max-width: 24rem
 }
diff --git a/nixos/admin-app/static/js/dashboard-core.js b/nixos/admin-app/static/js/dashboard-core.js
@@ -52,6 +52,11 @@
         D.state.pendingActionButtonId = null;
         const modal = D.el('confirm-modal');
         if (modal) modal.classList.add('hidden');
+        const btn = D.el('confirm-btn');
+        if (btn) {
+            btn.textContent = 'Confirm';
+            btn.onclick = null;
+        }
     };
 
     D.setActionBusy = function (action, sourceButtonId) {
@@ -109,6 +114,7 @@
         if (modal) modal.classList.remove('hidden');
         const btn = D.el('confirm-btn');
         if (!btn) return;
+        btn.textContent = 'Confirm';
         btn.onclick = function () {
             D.executeAction(action, D.state.pendingActionButtonId);
         };
diff --git a/nixos/admin-app/static/js/dashboard-spark.js b/nixos/admin-app/static/js/dashboard-spark.js
@@ -0,0 +1,202 @@
+(function () {
+  const D = window.LNbitsBoxDashboard;
+  if (!D) return;
+
+  const state = {
+    pendingMnemonic: '',
+  };
+
+  function el(id) {
+    return document.getElementById(id);
+  }
+
+  function openModal(id) {
+    const modal = el(id);
+    if (modal) modal.classList.remove('hidden');
+  }
+
+  function closeModal(id) {
+    const modal = el(id);
+    if (modal) modal.classList.add('hidden');
+  }
+
+  function setError(message) {
+    const errorEl = el('spark-seed-form-error');
+    if (!errorEl) return;
+    if (message) {
+      errorEl.textContent = message;
+      errorEl.classList.remove('hidden');
+    } else {
+      errorEl.textContent = '';
+      errorEl.classList.add('hidden');
+    }
+  }
+
+  function normalizeMnemonic(value) {
+    return (value || '').trim().toLowerCase().split(/\s+/).filter(Boolean).join(' ');
+  }
+
+  function currentMnemonic() {
+    const seedValue = el('spark-seed-value');
+    return normalizeMnemonic(seedValue ? seedValue.dataset.seedPhrase || '' : '');
+  }
+
+  function validateMnemonic(value) {
+    const normalized = normalizeMnemonic(value);
+    if (!normalized) return 'Enter a seed phrase.';
+    const words = normalized.split(' ');
+    if (words.length !== 12) return 'Enter exactly 12 words.';
+    if (normalized === currentMnemonic()) return 'This is already the current seed phrase.';
+    return '';
+  }
+
+  function resetFlow() {
+    state.pendingMnemonic = '';
+    const input = el('spark-seed-new-input');
+    if (input) input.value = '';
+    const checkbox = el('spark-seed-backed-up-checkbox');
+    if (checkbox) checkbox.checked = false;
+    const confirmBtn = el('spark-seed-backup-confirm-btn');
+    if (confirmBtn) confirmBtn.disabled = true;
+    setError('');
+    closeModal('spark-seed-change-modal');
+    closeModal('spark-seed-backup-modal');
+    D.closeModal();
+  }
+
+  async function submitMnemonic() {
+    const actionBtn = el('spark-seed-change-continue-btn');
+    const originalHtml = actionBtn ? actionBtn.innerHTML : '';
+    if (actionBtn) {
+      actionBtn.disabled = true;
+      actionBtn.innerHTML = '<span class="inline-flex items-center gap-2"><span class="w-3.5 h-3.5 border-2 border-white/70 border-t-transparent rounded-full animate-spin"></span><span>Updating...</span></span>';
+    }
+
+    try {
+      const resp = await fetch('/box/api/spark/seed', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ mnemonic: state.pendingMnemonic }),
+      });
+      const data = await resp.json();
+      if (!resp.ok || data.status !== 'ok') {
+        closeModal('spark-seed-backup-modal');
+        openModal('spark-seed-change-modal');
+        setError(data.message || 'Failed to update the seed phrase.');
+        return;
+      }
+
+      const seedValue = el('spark-seed-value');
+      if (seedValue) {
+        seedValue.dataset.seedPhrase = state.pendingMnemonic;
+        seedValue.dataset.masked = 'true';
+        seedValue.textContent = '••••• ••••• ••••• ••••• ••••• ••••• ••••• ••••• ••••• ••••• ••••• •••••';
+      }
+      const toggleBtn = el('spark-seed-toggle-btn');
+      if (toggleBtn) toggleBtn.textContent = 'Show Seed Phrase';
+
+      resetFlow();
+      D.showNotice(data.message || 'Spark seed phrase updated. Spark is restarting automatically.', 'Success');
+      if (typeof D.fetchStats === 'function') {
+        setTimeout(D.fetchStats, 1200);
+      }
+    } catch (error) {
+      closeModal('spark-seed-backup-modal');
+      openModal('spark-seed-change-modal');
+      setError('Request failed.');
+    } finally {
+      if (actionBtn) {
+        actionBtn.disabled = false;
+        actionBtn.innerHTML = originalHtml;
+      }
+    }
+  }
+
+  function openFinalConfirm() {
+    closeModal('spark-seed-backup-modal');
+    D.state.pendingAction = null;
+    D.state.pendingActionButtonId = null;
+    D.setText('confirm-title', 'Final confirmation');
+    D.setText('confirm-message', 'Are you absolutely sure you want to replace the Spark wallet seed phrase now? This cannot be undone from LNbitsBox.');
+    const confirmBtn = el('confirm-btn');
+    if (confirmBtn) {
+      confirmBtn.textContent = 'Replace Seed Phrase';
+      confirmBtn.onclick = function () {
+        D.closeModal();
+        submitMnemonic();
+      };
+    }
+    openModal('confirm-modal');
+  }
+
+  const openBtn = el('spark-seed-change-btn');
+  const closeBtn = el('spark-seed-change-close-btn');
+  const cancelBtn = el('spark-seed-change-cancel-btn');
+  const continueBtn = el('spark-seed-change-continue-btn');
+  const backupCancelBtn = el('spark-seed-backup-cancel-btn');
+  const backupConfirmBtn = el('spark-seed-backup-confirm-btn');
+  const backupCheckbox = el('spark-seed-backed-up-checkbox');
+
+  if (openBtn) {
+    openBtn.addEventListener('click', function () {
+      setError('');
+      openModal('spark-seed-change-modal');
+      const input = el('spark-seed-new-input');
+      if (input) input.focus();
+    });
+  }
+
+  [closeBtn, cancelBtn].filter(Boolean).forEach(function (button) {
+    button.addEventListener('click', function () {
+      resetFlow();
+    });
+  });
+
+  if (continueBtn) {
+    continueBtn.addEventListener('click', function () {
+      const input = el('spark-seed-new-input');
+      const normalized = normalizeMnemonic(input ? input.value : '');
+      const error = validateMnemonic(normalized);
+      if (error) {
+        setError(error);
+        return;
+      }
+      state.pendingMnemonic = normalized;
+      setError('');
+      closeModal('spark-seed-change-modal');
+      openModal('spark-seed-backup-modal');
+    });
+  }
+
+  if (backupCheckbox && backupConfirmBtn) {
+    backupCheckbox.addEventListener('change', function () {
+      backupConfirmBtn.disabled = !backupCheckbox.checked;
+    });
+  }
+
+  if (backupCancelBtn) {
+    backupCancelBtn.addEventListener('click', function () {
+      closeModal('spark-seed-backup-modal');
+      openModal('spark-seed-change-modal');
+    });
+  }
+
+  if (backupConfirmBtn) {
+    backupConfirmBtn.addEventListener('click', function () {
+      if (backupConfirmBtn.disabled) return;
+      openFinalConfirm();
+    });
+  }
+
+  document.addEventListener('keydown', function (event) {
+    if (event.key !== 'Escape') return;
+    if (!el('spark-seed-change-modal')?.classList.contains('hidden')) {
+      resetFlow();
+      return;
+    }
+    if (!el('spark-seed-backup-modal')?.classList.contains('hidden')) {
+      closeModal('spark-seed-backup-modal');
+      openModal('spark-seed-change-modal');
+    }
+  });
+})();
diff --git a/nixos/admin-app/templates/advanced.html b/nixos/admin-app/templates/advanced.html
@@ -16,6 +16,7 @@
 <script src="{{ url_for('static', filename='js/dashboard-services.js') }}"></script>
 <script src="{{ url_for('static', filename='js/dashboard-tunnel.js') }}"></script>
 <script src="{{ url_for('static', filename='js/dashboard-app.js') }}"></script>
+<script src="{{ url_for('static', filename='js/dashboard-spark.js') }}"></script>
 <script>
 const sparkSeedValue = document.getElementById('spark-seed-value');
 const sparkSeedToggleBtn = document.getElementById('spark-seed-toggle-btn');
diff --git a/nixos/admin-app/templates/dashboard.html b/nixos/admin-app/templates/dashboard.html
@@ -443,7 +443,7 @@
 
 {# ── Confirm Modal ── #}
 <div id="confirm-modal" class="fixed inset-0 bg-black/60 backdrop-blur-sm z-50 flex items-center justify-center p-4 hidden">
-    <div class="bg-ln-card border border-ln-border rounded-2xl p-6 max-w-sm w-full glow-pink">
+    <div class="bg-ln-card border border-ln-border rounded-2xl p-6 max-w-md w-full glow-pink">
         <p class="text-lg font-display font-semibold mb-2" id="confirm-title">Are you sure?</p>
         <p class="text-ln-muted text-sm font-mono mb-6" id="confirm-message"></p>
         <div class="flex gap-3">
diff --git a/nixos/admin-app/templates/partials/cards/spark_seed_phrase.html b/nixos/admin-app/templates/partials/cards/spark_seed_phrase.html
diff --git a/nixos/admin-app/templates/partials/common_modals.html b/nixos/admin-app/templates/partials/common_modals.html
diff --git a/nixos/admin-package.nix b/nixos/admin-package.nix

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`
`22`	`22`	`outputs = { self, nixpkgs, raspberry-pi-nix, lnbits, spark-sidecar, ... }:`
`23`	`23`	`let`
`24`		`- version = "0.1.47"; # Bump before each release tag to match the next tag name`
	`24`	`+ version = "0.1.48"; # Bump before each release tag to match the next tag name`
`25`	`25`	`system = "aarch64-linux";`
`26`	`26`	`in`
`27`	`27`	`{`
Original file line number	Diff line number	Diff line change
`@@ -577,6 +577,10 @@ video {`
`577`	`577`	`max-width: 28rem`
`578`	`578`	`}`
`579`	`579`
	`580`	`+.max-w-lg {`
	`581`	`+ max-width: 32rem`
	`582`	`+}`
	`583`	`+`
`580`	`584`	`.max-w-sm {`
`581`	`585`	`max-width: 24rem`
`582`	`586`	`}`