wowario
/
lumo
mirror of https://git.rezisto.net/Apps/lumo
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
A Node JS server that allows you to host a semi transparent and auditable Monero (XMR) wallet for donation and charity purposes.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.1 MiB
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
OPV 8acd694640
initial commit 		1 year ago
docs/images initial commit 1 year ago
public initial commit 1 year ago
views initial commit 1 year ago
.gitignore initial commit 1 year ago
LICENSE initial commit 1 year ago
README.md initial commit 1 year ago
config.json initial commit 1 year ago
main.js initial commit 1 year ago
package.json initial commit 1 year ago

README.md

Table of contents

Introduction

Lumo (loo-mo) , Esperanto for "Light", is a Node JS server that allows you to self host a semi transparent and auditable Monero (XMR) wallet for donation and charity purposes. It was created as a way to bridge transparency with Monero's unique privacy features. The use case is if you would like to accept Monero donations transparently while still providing your donors with privacy. This allows donors to verify their donation(s) and amount(s) easily in an anonymous way online. It also allows donors to monitor funds in and out (there is a caveat to the out transactions though. See the limitations section below).

Think of it as turning a Monero wallet into a Bitcoin-esque wallet that is viewable on a blockchain explorer, albeit yours is self-hosted and done voluntarily. All of this is achieved while donor/receiver information is still kept private. Got to love Monero!

main screen

Limitations

Due to Monero's rock solid security and unique privacy features, the output amounts of the lumo wallet cannot be 100% trustless. Some trust is involved believing that the API is telling the donors or whoever is viewing the truth about the amounts being spent. The wallet owning the transaction can be proven but the amounts technically cannot nor can a receiver address be obtained. For more information about this, please read the following below:

Spend Proof

If you see a string beginning with "SpendProofV1", this means that the transaction private key (txkey) was not available. This could be because you had made the transaction from a different wallet. If you don't preserve knowledge of a txkey after making a transaction, it is lost forever and cannot be recovered by scanning the blockchain. It also means you will be unable to recover the per-output shared secret for the output sent to the other person in the transaction.

The SpendProofV1 string contains a second, newly created ring signature that proves exactly the same input ownership again, but using different random initialization data. Only someone that owned the inputs of the transaction would be able to create this second valid ring signature. That is all the SpendProofV1 string contains. There is no key derivation communicated, because it is unknown by the wallet in this scenario.

Since the ring signature(s) in the SpendProofV1 string will be valid for one of the transactions on the blockchain, it would be possible to identify the transaction from this SpendProofV1 string.

Source & Credit: https://monero.stackexchange.com/a/8131

Disclaimer

This is experimental software and should be considered as a proof-of-concept. It creates a full mirror of your Monero wallet and displays certain aspects to the public. This means that after wallet creation it can technically be used to send, receive, view transaction in and out, etc etc. Lumo itself only retrieves specific wallet information (balances and transactions) and outputs it to the built in API. However, a bad actor with access, could manipulate the code to spend funds. While it does work on mainnet, it is highly advised as of now to use stagenet for testing purposes. To mitigate risk, Lumo requires the password you set at install to unlock the wallet file every time you run it. Therefore, if someone did alter code they would need the password to re-run the app. So make your password a strong one. There will also most likely be bugs so please notify me of them. Once testing period is done we can hopefully transition to mainnet!

With that explained, use it at your own risk.

Development

For now, I'll only be supporting Linux for the project, therefore the instructions below will be for it.

To get a local copy up and running follow these simple steps.

Prerequisites

Before proceeding you should install the following:

  • node (v16)
  • npm (probably bundled with your installation)
  • An existing Monero wallet (you can use the Official GUI/CLI or Monerujo (stagenet version on android) to create a wallet)

Installation

Clone the repository, install all dependencies using npm.

git clone https://git.rezisto.net/Apps/lumo.git
cd lumo
npm install

Configuration

Edit config.json with your information

nano config.json
{
  "server":{
    "url":"0.0.0.0|127.0.0.1|localhost",
    "port":3000,
    "frontend":true
  },
  "monero": {
    "daemon":{
      "url":"0.0.0.0|127.0.0.1|localhost|remote node ip",
      "port":38081,
      "username":"",
      "password":""
    },
    "wallet":{
      "primary_address":"",
      "network":"mainnet|stagenet|testnet",
      "password": "very strong password here",
      "restore_height": 0,
      "private_spend": ""
    },
    "currency":"USD"
  }
}

Options

  1. Server:
    • This is your local Express JS server which will be an API interface for the Monero wallet. Lumo comes with a basic EJS front end baked in that displays the wallet information (as seen in the demo). However, you can turn this off by setting front end to false in the config file. This will give you a wallet information only API for you to send requests to in whatever technology you wish to use for a front end.
  2. Monero:
    • Daemon:
      • This is the Monero node you wish to use. You can use any node (local or remote) you want. Just make sure you trust the node which you choose. It's always best to use your own node! Node and wallet network must coincide (ie. if you create a stagenet wallet then node must also be a stagenet node)
    • Wallet:
      • This is a mirror of whatever wallet you want to use. It must be an already created wallet and you must provide a new password (does not have to be the same as you currently use and it is highly advised that this password is strong), the primary address of the wallet, private spend key, and restore height. All of which can be found in the wallet app you created the wallet in. This information is needed to create a full mirror of the wallet (incoming and *outgoing transactions). All the information is deleted post install and you will be required to enter the password you gave each time you run the app. This is a restriction in how you can run Lumo but is done for security purposes. None of the wallet's sensitive information is stored or sent anywhere (except the node you choose).
    • Currency:
      • This can be any currency code (USD, EUR, CAD, etc etc) that is supported by Coingecko API.

Save file and exit

ctrl s
ctrl x

Run

npm start

API Endpoints

  • type: 'GET',
  • wallet: '/api/wallet',
  • walletProof: '/api/wallet/proof',
  • transaction: '/api/transaction/:hash',
  • transactionProof: '/api/transaction/proof/:hash',
  • node: '/api/node',
  • price: '/api/price'

Technologies

  • "bootstrap": "^5.2.2",
  • "bootstrap-icons": "^1.10.3",
  • "cors": "^2.8.5",
  • "ejs": "^3.1.8",
  • "express": "^4.18.2",
  • "monero-javascript": "^0.7.4",
  • "qrcode": "^1.5.1"

License

This project is licensed under MIT.

Donations

If you find this useful and/or educational then please consider donating Monero to the address below. All donations will go to continued development and funding of the Rezisto ecosystem.

donate qr

86DgQQ12SJk26rnK5LPv9cfdmQwxDCkYXTN9ff7refGSSottZnR3tjk2bhVymtzmnq6hFheeWy22pePnxdNfB26nQH6oLbk