# MATTERMOST LOCAL API SETUP
## SSH-based BTCPay Onion Address Retrieval

**Purpose:** Run a local web API on your Mattermost server that executes SSH commands to retrieve BTCPay onion addresses  
**Method:** Mattermost Slash Command → Local API → SSH to VPS → Return Results  
**Security:** No external ports exposed on VPS, SSH key authentication only

---

## 🚀 **SETUP ON YOUR MATTERMOST SERVER**

### **Step 1: Install Dependencies**
```bash
# On your Mattermost server
mkdir ~/btcpay-api
cd ~/btcpay-api

# Copy the local API script
# (Copy mattermost_local_api.js to this directory)

# Install Node.js if not installed
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo bash -
sudo apt-get install -y nodejs npm

# Install Express
npm init -y
npm install express
```

### **Step 2: Configure SSH Access**
```bash
# Copy your VPS SSH key to Mattermost server
# (Copy vps_hardening_key to your Mattermost server)

# Set correct permissions
chmod 600 ~/btcpay-api/vps_hardening_key

# Test SSH access to VPS
ssh -i ~/btcpay-api/vps_hardening_key -p 2255 sysadmin@thebankofdebbie.giize.com "echo 'SSH test successful'"
```

### **Step 3: Update Configuration**
```javascript
// Edit mattermost_local_api.js
const config = {
    vps_domain: 'thebankofdebbie.giize.com',
    vps_port: 2255,
    vps_user: 'sysadmin',
    ssh_key_path: '/home/your-user/btcpay-api/vps_hardening_key', // UPDATE THIS
    mattermost_token: 'dr7gz6xwmt8qjg71wxcqjwqz1r',
    allowed_users: ['bankofdebbie', 'admin', 'sysadmin'] // ADD YOUR USERS
};
```

### **Step 4: Start the Local API**
```bash
cd ~/btcpay-api
node mattermost_local_api.js

# Or run as service
nohup node mattermost_local_api.js > api.log 2>&1 &
```

**Expected Output:**
```
🚀 Mattermost BTCPay Local API running on localhost:3333
🎯 Target VPS: thebankofdebbie.giize.com:2255
🔑 Method: SSH-based command execution
💡 Endpoints:
   POST /btcpay - Mattermost slash command handler
   GET  /test - Test SSH connectivity
   GET  /health - Health check

🔧 Mattermost Slash Command Setup:
   Command: /btcpay
   URL: http://localhost:3333/btcpay
   Token: dr7gz6xwmt8qjg71wxcqjwqz1r
   Method: POST
```

---

## 📱 **MATTERMOST SLASH COMMAND CONFIGURATION**

### **Create Slash Command in Mattermost:**

1. **Go to:** System Console → Integrations → Slash Commands
2. **Click:** Add Slash Command
3. **Configure:**
   - **Title:** BTCPay Server Info
   - **Command Trigger Word:** `btcpay`
   - **Request URL:** `http://localhost:3333/btcpay`
   - **Request Method:** POST
   - **Response Username:** BTCPay Bot
   - **Response Icon:** 🧅 (optional)
   - **Autocomplete:** Yes
   - **Autocomplete Description:** Get BTCPay Server onion addresses

### **Usage in Mattermost:**
```
/btcpay                    - Get onion addresses
/btcpay onion             - Get onion addresses  
/btcpay status            - Get full system status
/btcpay help              - Show available commands
```

---

## 🧅 **EXAMPLE RESPONSES**

### **`/btcpay` or `/btcpay onion`:**
```
## 🧅 BTCPay Tor Onion Addresses

🌐 Domain: https://thebankofdebbie.giize.com

🧅 Tor Hidden Services:
• BTCPay Server: gs76yqhlb4oysidnnswfoigxtwz3kmlmz4ekp2r6knmerpvsjdtbpxyd.onion
• Bitcoin P2P: p4gve626jjn73ia35ikr7zhnmwknokrzv2eb2gfbqlytlgbckhaeibyd.onion

🔐 Access Methods:
• Clearnet: https://thebankofdebbie.giize.com
• Tor Browser: http://gs76yqhlb4oysidnnswfoigxtwz3kmlmz4ekp2r6knmerpvsjdtbpxyd.onion

⚡ API Endpoints:
• REST API: https://thebankofdebbie.giize.com/api
• Tor API: http://gs76yqhlb4oysidnnswfoigxtwz3kmlmz4ekp2r6knmerpvsjdtbpxyd.onion/api

📅 Retrieved: 2025-09-10 17:20:15
👤 Requested by: bankofdebbie
```

### **`/btcpay status`:**
```
## 📊 BTCPay Server Status Report

🌐 Domain: https://thebankofdebbie.giize.com

🧅 Tor Onion Services:
• BTCPay: gs76yqhlb4oysidnnswfoigxtwz3kmlmz4ekp2r6knmerpvsjdtbpxyd.onion
• Bitcoin P2P: p4gve626jjn73ia35ikr7zhnmwknokrzv2eb2gfbqlytlgbckhaeibyd.onion

📊 System Health:
• Containers: 8 containers running
• Storage: 4.5G used / 394G total
• Bitcoin: 10000 MiB max storage

🔒 Security: Tor-only Bitcoin, Hardened Debian 13
📅 Retrieved: 2025-09-10 17:20:15
👤 Requested by: bankofdebbie
```

---

## 🔧 **SYSTEMD SERVICE (OPTIONAL)**

### **Create Service File:**
```bash
sudo tee /etc/systemd/system/btcpay-api.service << 'EOF'
[Unit]
Description=BTCPay Mattermost Local API
After=network.target

[Service]
Type=simple
User=your-username
WorkingDirectory=/home/your-username/btcpay-api
ExecStart=/usr/bin/node mattermost_local_api.js
Restart=always
RestartSec=10
Environment=NODE_ENV=production

[Install]
WantedBy=multi-user.target
EOF

# Enable and start
sudo systemctl enable btcpay-api
sudo systemctl start btcpay-api
sudo systemctl status btcpay-api
```

---

## 🔍 **TESTING**

### **Test SSH Connectivity:**
```bash
curl http://localhost:3333/test
```

### **Test Health Check:**
```bash
curl http://localhost:3333/health
```

### **Test Mattermost Webhook:**
```bash
curl -X POST http://localhost:3333/btcpay \
  -H "Content-Type: application/json" \
  -d '{
    "token": "dr7gz6xwmt8qjg71wxcqjwqz1r",
    "user_name": "bankofdebbie", 
    "text": "onion"
  }'
```

---

## 🚨 **TROUBLESHOOTING**

### **Common Issues:**

**1. SSH Connection Failed:**
- Check SSH key path in config
- Verify SSH key permissions (600)
- Test manual SSH: `ssh -i path/to/key -p 2255 sysadmin@thebankofdebbie.giize.com`

**2. "Permission Denied" for sudo:**
- VPS sysadmin user needs passwordless sudo for reading onion files
- Or modify commands to not use sudo

**3. "Command Timeout":**
- VPS might be under load
- Increase timeout in executeSSHCommand function

**4. "Invalid Token":**
- Check Mattermost slash command token matches config

---

## 🔒 **SECURITY NOTES**

**✅ Secure Design:**
- API runs on localhost only (127.0.0.1)
- Uses SSH key authentication to VPS
- No persistent connections
- Token-based Mattermost authentication
- User authorization checks

**📝 Security Checklist:**
- [ ] SSH key has correct permissions (600)
- [ ] API runs on localhost only
- [ ] Authorized users configured in config
- [ ] VPS SSH key access tested
- [ ] Mattermost token configured correctly

---

## 📋 **SETUP SUMMARY**

**🏗️ Architecture:**
```
Mattermost → Slash Command → Local API (localhost:3333) → SSH → VPS → Return Data
```

**🔐 Security:**
- No external VPS ports exposed for webhook
- SSH key authentication only
- Localhost API binding
- Token validation
- User authorization

**⚡ Usage:**
- Simple `/btcpay` command in Mattermost
- Instant onion address retrieval
- Full system status on demand
- No persistent connections needed

**🎯 Ready to deploy on your Mattermost server!**