| _archive/api-ts | ||
| api-sqlcipher | ||
| docs | ||
| scripts | ||
| website-nojs | ||
| woocommerce/cake-merchant-woocommerce | ||
| .env.example | ||
| .gitignore | ||
| ADMIN-PLANNING.md | ||
| CHANGELOG.md | ||
| docker-compose.yml | ||
| NOJS-SPEC.md | ||
| PENTEST-REPORT.md | ||
| README.md | ||
| SWAP-AGGREGATOR-PLAN.md | ||
| UPGRADING.md | ||
| VPS-SETUP.md | ||
Cake Merchant
Privacy-focused Monero payment processor. Self-hostable, no third-party dependencies, works in Tor Browser "Safest" mode.
About this repository — for the Cake Labs team
This codebase is a demonstration project assembled by Joe Lovestech (@joelovestech) as part of an application to work at Cake Labs under Seth (sethforprivacy).
Cake Merchant is a fork of an existing, production privacy-focused Monero payment processor (Rebel Pay), rebranded and rearchitected to align with the Cake Wallet ecosystem. The intent is not to compete with anything Cake already ships — it's to show concrete engineering work in the privacy-payment space along the same product axis Cake operates in: self-hosted, no-JS, onion-first, no-KYC posture by default.
What you're looking at:
- A complete production-quality Monero merchant gateway. Real wallet integration via
monero-wallet-rpc. Encrypted-at-rest SQLite for merchant data. CSRF-protected admin. TOTP step-up auth. Per-merchant API keys with sandbox + production tiers. Webhook delivery with HMAC. WooCommerce plugin inwoocommerce/. Tor hidden-service-ready (Onion-Location headers, .onion-aware UI).- Zero client-side JavaScript on the payment surface. Tor Browser "Safest" mode is a first-class consumer. CSP at
script-src 'none'across the merchant + customer flows. Every interactive thing is server-rendered EJS with POST/Redirect/GET.- An onion-native architecture. Onion-Location headers, .onion-sticky cookie, no clearnet-mandatory assets. Self-hosting an onion service is documented in
docs/deploy-tor.md.- Honest engineering. Pre-pentest report under
PENTEST-REPORT.md. Changelog underCHANGELOG.md. Schema migrations bundled with the code (no separate migration tool needed for a self-host).Live preview during the application window:
cm.joelovestech.com.The visual identity (logo, color palette, "Cake Merchant" name) is intentionally Cake-aligned. If the conversation goes well and a fit emerges, those assets would either be retired or formally adopted — they're placeholder for the demonstration, not a brand assertion.
Happy to walk through any of the code in person or over a call.
— Joe
Features
- Zero JavaScript — payment pages work in Tor Browser "Safest" mode (
script-src 'none') - Self-hosted — your hardware, your keys, your data
- Tor-native — built-in
.onionhidden service support - Field-level encryption — emails, API keys, payout addresses encrypted at rest
- Auto-Convert — swap XMR to stablecoins or BTC on confirmation (USDT-TRC20, USDC, and more)
- Webhook delivery — real-time event notifications with HMAC signatures
- WooCommerce plugin — included in
/woocommerce - Payment Requests — shareable links that let customers choose their own amount
Quick Start (Docker)
git clone https://github.com/cakemerchant/rp2.git
cd rp2
cp .env.example .env
# Edit .env — fill in JWT_SECRET, DB_ENCRYPTION_KEY, SESSION_SECRET (see .env.example)
docker compose up -d
Visit http://localhost:3200/signup to create your merchant account.
For full setup guides: docs/deploy-vps.md · docs/deploy-docker.md · docs/deploy-railway.md · docs/deploy-tor.md
Architecture
Browser
│
├─ clearnet ──► Caddy (HTTPS) ──► website-nojs :3200 ──► api-sqlcipher :4000 ──► SQLite
│
└─ Tor ────────────────────────► website-nojs :3200 ──► api-sqlcipher :4000 ──► SQLite
Two services:
website-nojs/— Express server, server-rendered EJS, no client-side JS (port 3200)api-sqlcipher/— REST API, SQLite with field encryption (port 4000)
Environment Variables
See .env.example for the full list with descriptions.
Required:
| Variable | Description |
|---|---|
JWT_SECRET |
Random hex string (32+ bytes) for JWT signing |
DB_ENCRYPTION_KEY |
Random hex string (32+ bytes) for field encryption |
SESSION_SECRET |
Random hex string (32+ bytes) for session cookies |
Generate secrets:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
Optional:
| Variable | Description |
|---|---|
MONERO_RPC_URL |
Monero wallet RPC endpoint (if running your own wallet) |
SWAP_API_URL |
SmallSwap instance URL for auto-convert |
ONION_URL |
Your .onion address (or use ONION_HOSTNAME_FILE) |
CORS_ORIGINS |
Comma-separated allowed origins (default: http://localhost:3200) |
API
All API endpoints are under /api/. Authenticate with your API key:
curl https://your-server.com/api/charges \
-H "x-api-key: rp_live_your_key"
See the in-app documentation at /docs/api for the full reference.
Tor Hidden Service
# Docker (auto-generates a new address)
docker compose --profile tor up -d
docker compose exec tor cat /var/lib/tor/hidden_service/hostname
# Bring your own vanity key
./scripts/export-onion-keys.sh /path/to/existing/hs/dir
# → paste ONION_SECRET_KEY + ONION_PUBLIC_KEY into .env
docker compose --profile tor up -d
See docs/deploy-tor.md for full options.
Upgrading
See UPGRADING.md. Cake Merchant does not phone home — no automatic update checks.
WooCommerce
Install the plugin from /woocommerce/cake-merchant-woocommerce/. See docs/woocommerce in the dashboard after install.
License
MIT