diff --git a/lnbits/extensions/lnurldevice/crud.py b/lnbits/extensions/lnurldevice/crud.py index 423c6a469..182df743a 100644 --- a/lnbits/extensions/lnurldevice/crud.py +++ b/lnbits/extensions/lnurldevice/crud.py @@ -120,7 +120,11 @@ async def create_lnurldevicepayment( payhash: Optional[str] = None, sats: Optional[int] = 0, ) -> lnurldevicepayment: - lnurldevicepayment_id = urlsafe_short_hash() + device = await get_lnurldevice(deviceid) + if device.device == "atm": + lnurldevicepayment_id = shortuuid.uuid(name=payload) + else: + lnurldevicepayment_id = urlsafe_short_hash() await db.execute( """ INSERT INTO lnurldevice.lnurldevicepayment ( diff --git a/lnbits/extensions/lnurldevice/lnurl.py b/lnbits/extensions/lnurldevice/lnurl.py index e03841592..34de20fae 100644 --- a/lnbits/extensions/lnurldevice/lnurl.py +++ b/lnbits/extensions/lnurldevice/lnurl.py @@ -5,12 +5,14 @@ from http import HTTPStatus from io import BytesIO from typing import Optional +import shortuuid from embit import bech32, compact from fastapi import Request from fastapi.param_functions import Query from loguru import logger from starlette.exceptions import HTTPException +from lnbits import bolt11 from lnbits.core.services import create_invoice from lnbits.core.views.api import pay_invoice from lnbits.utils.exchange_rates import fiat_amount_as_satoshis @@ -102,11 +104,6 @@ async def lnurl_v1_params( "status": "ERROR", "reason": f"lnurldevice {device_id} not found on this server", } - paymentcheck = await get_lnurlpayload(p) - if device.device == "atm": - if paymentcheck: - if paymentcheck.payhash != "payment_hash": - return {"status": "ERROR", "reason": f"Payment already claimed"} if device.device == "switch": price_msat = ( await fiat_amount_as_satoshis(float(profit), device.currency) @@ -163,13 +160,21 @@ async def lnurl_v1_params( if device.device != "atm": return {"status": "ERROR", "reason": "Not ATM device."} price_msat = int(price_msat * (1 - (device.profit / 100)) / 1000) - lnurldevicepayment = await create_lnurldevicepayment( - deviceid=device.id, - payload=p, - sats=price_msat * 1000, - pin=pin, - payhash="payment_hash", - ) + lnurldevicepayment = await get_lnurldevicepayment(shortuuid.uuid(name=p)) + if lnurldevicepayment: + logger.debug("lnurldevicepayment") + logger.debug(lnurldevicepayment) + logger.debug("lnurldevicepayment") + if lnurldevicepayment.payload == lnurldevicepayment.payhash: + return {"status": "ERROR", "reason": f"Payment already claimed"} + else: + lnurldevicepayment = await create_lnurldevicepayment( + deviceid=device.id, + payload=p, + sats=price_msat * 1000, + pin=pin, + payhash="payment_hash", + ) if not lnurldevicepayment: return {"status": "ERROR", "reason": "Could not create payment."} return { @@ -222,15 +227,20 @@ async def lnurl_callback( status_code=HTTPStatus.FORBIDDEN, detail="lnurldevice not found." ) if device.device == "atm": + if lnurldevicepayment.payload == lnurldevicepayment.payhash: + return {"status": "ERROR", "reason": f"Payment already claimed"} if not pr: raise HTTPException( status_code=HTTPStatus.FORBIDDEN, detail="No payment request" ) + invoice = bolt11.decode(pr) + if not invoice.payment_hash: + raise HTTPException( + status_code=HTTPStatus.FORBIDDEN, detail="Not valid payment request" + ) else: if lnurldevicepayment.payload != k1: return {"status": "ERROR", "reason": "Bad K1"} - if lnurldevicepayment.payhash != "payment_hash": - return {"status": "ERROR", "reason": f"Payment already claimed"} lnurldevicepayment = await update_lnurldevicepayment( lnurldevicepayment_id=paymentid, payhash=lnurldevicepayment.payload )