refactor: several negative positioning/margin hacks

[myxmaster]

Description

3 files refactored:

Add a note

• Useless vertical padding removed.

Before	After

Contacts

• The avatar circle now overlaps the banner by exactly half its diameter (75px instead of 80px), I like symmetry... :)
• "Normal" contacts completely unchanged.

Before	After

Import Account

• Existing account switch now similar to other menus

Before	After

This pull request is categorized as a:

• New feature
• Bug fix
• Code refactor
• Configuration change
• Locales update
• Quality assurance
• Other

Checklist

• I’ve run yarn run tsc and made sure my code compiles correctly
• I’ve run yarn run lint and made sure my code didn’t contain any problematic patterns
• I’ve run yarn run prettier and made sure my code is formatted correctly
• I’ve run yarn run test and made sure all of the tests pass

Testing

If you modified or added a utility file, did you add new unit tests?

• No, I’m a fool
• Yes
• N/A

I have tested this PR on the following platforms (please specify OS version and phone model/VM):

• Android
• iOS

I have tested this PR with the following types of nodes (please specify node version and API version where appropriate):

• Embedded LND
• LND (REST)
• LND (Lightning Node Connect)
• Core Lightning (CLNRest)
• Nostr Wallet Connect
• LndHub

Locales

• I’ve added new locale text that requires translations
• I’m aware that new translations should be made on the ZEUS Transfix page and not directly to this repo

Third Party Dependencies and Packages

• Contributors will need to run yarn after this PR is merged in
• 3rd party dependencies have been modified:
  • verify that package.json and yarn.lock have been properly updated
  • verify that dependencies are installed for both iOS and Android platforms

Other:

• Changes were made that require an update to the README
• Changes were made that require an update to onboarding

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on refactoring several UI components to remove 'negative positioning/margin hacks' and improve overall styling consistency. The changes streamline the layout of the 'Add Note' input, enhance the visual alignment of the contact avatar with its banner, and standardize the 'Existing account' switch in the 'Import Account' view, resulting in a more robust and predictable user interface.

Highlights

• Add Note View Refactoring: Removed unnecessary vertical padding and a negative margin hack from the note input field, leading to cleaner styling.
• Contact Details Avatar Positioning: Refactored the contact avatar's positioning to symmetrically overlap the banner by exactly half its diameter, eliminating previous negative margin adjustments.
• Import Account UI Consistency: Updated the 'Existing account' switch to use standard React Native components instead of ListItem, aligning its appearance with other menu elements.

Changelog

• views/AddNotes.tsx
  • Removed unnecessary vertical padding from the note input field.
  • Eliminated a negative marginTop hack in the text input style.
• views/ContactDetails.tsx
  • Extracted avatar rendering logic into a dedicated constant for better reusability.
  • Adjusted avatar positioning to overlap the contact banner symmetrically, removing a negative margin hack.
  • Updated banner container's bottom margin to align with the new avatar placement.
• views/Tools/Accounts/ImportAccount.tsx
  • Removed the ListItem component import as it is no longer used.
  • Refactored the 'Existing account' switch to use standard View and Text components instead of ListItem.
  • Applied new styling to the 'Existing account' switch for improved consistency with other UI elements.

Activity

• The pull request was opened by myxmaster, categorizing it as a code refactor.
• Automated checks for TypeScript compilation, linting, and Prettier formatting passed.
• The author confirmed testing on Android with LND (REST) nodes.
• No human comments or reviews have been posted yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors several UI components, specifically AddNotes.tsx, ContactDetails.tsx, and ImportAccount.tsx, to remove styling hacks like negative margins and positioning, resulting in cleaner, more maintainable, and more idiomatic React Native code. However, a security audit revealed two significant vulnerabilities: a high-severity Broken Access Control (IDOR) in AddNotes.tsx allowing arbitrary storage key overwrites via deep links, and a medium-severity path traversal in ContactDetails.tsx related to loading contact banners from local file URIs. Additionally, a code quality suggestion for ContactDetails.tsx involves moving inline styles to a StyleSheet. Addressing these security vulnerabilities and the suggested code improvement is critical for user data protection, application integrity, and overall code quality.

[gemini-code-assist]

The AddNotes component uses noteKey from route.params (line 41) as a direct key for storage operations (Storage.getItem, Storage.setItem). Since route parameters can be influenced via deep links, an attacker could potentially trick a user into overwriting critical application data (e.g., settings or contacts) by providing a malicious noteKey. For example, a link like zeusln://AddNotes?noteKey=zeus-settings-v2 would allow a user to inadvertently overwrite their entire application configuration if they save a note.

Recommendation: Validate that noteKey belongs to an expected set of keys or implement a restricted namespace for notes in storage to prevent unauthorized access to other application data.

[shubhamkmr04]

unrelated to the PR

[gemini-code-assist]

The Image component's source.uri is populated from contact.getBanner, which is derived from untrusted contact data (e.g., from Nostr). The implementation of getBanner in models/Contact.ts (line 181) constructs a file:// URI by appending a user-controlled string to the app's document directory without sanitizing for path traversal sequences (..). This could allow a malicious contact to point the banner to sensitive internal files (e.g., rnfs://../../../../etc/hosts). While the impact is limited as the file is treated as an image, it still constitutes a path traversal vulnerability.

Recommendation: Sanitize the input in models/Contact.ts to prevent path traversal and validate that the resulting URI points to an expected location.

[gemini-code-assist]

While refactoring to create the avatarCircle component is a great improvement for code deduplication, the component still uses inline styles. To improve maintainability and adhere to best practices, consider moving these styles to the StyleSheet at the bottom of the file. This makes styles reusable and keeps the component's render method cleaner.

Here's a suggestion for the styles to add to your StyleSheet:

const styles = StyleSheet.create({
    // ... other styles
    avatarContainer: {
        width: 150,
        height: 150,
        borderRadius: 75,
    },
    avatarView: {
        backgroundColor: themeColor('secondary'),
        alignItems: 'center',
        justifyContent: 'center',
    },
    avatarInitials: {
        fontSize: 48,
        fontWeight: 'bold',
        color: themeColor('text'),
    },
    avatarIcon: {
        fontSize: 64,
    }
});

You can then apply these styles as shown in the code suggestion.

const avatarCircle = contact.photo ? (
    <Image
        source={{ uri: contact.getPhoto }}
        style={styles.avatarContainer}
    />
) : (
    <View style={[styles.avatarContainer, styles.avatarView]}>
        {contact.getAvatarInitials ? (
            <Text style={styles.avatarInitials}>
                {contact.getAvatarInitials}
            </Text>
        ) : contact.hasOnlyCashuPubkey ? (
            <Ecash fill="#FACC15" width={64} height={64} />
        ) : (
            <Text style={styles.avatarIcon}>⚡</Text>
        )}
    </View>
);

[shubhamkmr04]

@myxmaster we can do this

[myxmaster]

done (only moved those with more than 1 style, otherwise it is kind of pointless imo; also removed unused styles)

[shubhamkmr04]

tACK