highperfocused/lnbits
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits.git synced 2025-09-29 13:22:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor(paywall): remove unnecessary hashing paranoia

Browse Source
This commit is contained in:
Eneko Illarramendi
2020-04-25 23:55:07 +02:00
parent 5d128523c7
commit 4b4a297c3f
5 changed files with 11 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lnbits/extensions/paywall/__init__.py
View File

@@ -1,7 +1,7 @@
from flask import Blueprint from flask import Blueprint
paywall_ext = Blueprint("paywall", __name__, static_folder="static", template_folder="templates") paywall_ext: Blueprint = Blueprint("paywall", __name__, static_folder="static", template_folder="templates")
from .views_api import * # noqa from .views_api import * # noqa

4
lnbits/extensions/paywall/models.py
View File

@@ -1,4 +1,3 @@
from hashlib import sha256
from typing import NamedTuple from typing import NamedTuple
@@ -10,6 +9,3 @@ class Paywall(NamedTuple):
memo: str memo: str
amount: int amount: int
time: int time: int
def key_for(self, fingerprint: str) -> str:
return sha256(f"{self.secret}{fingerprint}".encode("utf-8")).hexdigest()

4
lnbits/extensions/paywall/static/vendor/fingerprintjs2@2.1.0/fingerprint2.min.js vendored
View File

File diff suppressed because one or more lines are too long

37
lnbits/extensions/paywall/templates/paywall/display.html
View File

@@ -40,7 +40,6 @@
{% endblock %} {% endblock %}
{% block scripts %} {% block scripts %}
<script src="{{ url_for('paywall.static', filename='vendor/fingerprintjs2@2.1.0/fingerprint2.min.js') }}"></script>
<script src="{{ url_for('static', filename='vendor/vue-qrcode@1.0.2/vue-qrcode.min.js') }}"></script> <script src="{{ url_for('static', filename='vendor/vue-qrcode@1.0.2/vue-qrcode.min.js') }}"></script>
<script> <script>
Vue.component(VueQrcode.name, VueQrcode); Vue.component(VueQrcode.name, VueQrcode);
@@ -51,10 +50,6 @@
data: function () { data: function () {
return { return {
paymentReq: null, paymentReq: null,
fingerprint: {
hash: null,
isValid: false
},
redirectUrl: null redirectUrl: null
}; };
}, },
@@ -75,13 +70,13 @@
paymentChecker = setInterval(function () { paymentChecker = setInterval(function () {
axios.post( axios.post(
'/paywall/api/v1/paywalls/{{ paywall.id }}/check_invoice', '/paywall/api/v1/paywalls/{{ paywall.id }}/check_invoice',
{checking_id: response.data.checking_id, fingerprint: self.fingerprint.hash} {checking_id: response.data.checking_id}
).then(function (res) { ).then(function (res) {
if (res.data.paid) { if (res.data.paid) {
clearInterval(paymentChecker); clearInterval(paymentChecker);
dismissMsg(); dismissMsg();
self.redirectUrl = res.data.url; self.redirectUrl = res.data.url;
self.$q.localStorage.set('lnbits.paywall.{{ paywall.id }}', res.data.key); self.$q.localStorage.set('lnbits.paywall.{{ paywall.id }}', res.data.url);
self.$q.notify({ self.$q.notify({
type: 'positive', type: 'positive',
@@ -99,29 +94,13 @@
} }
}, },
created: function () { created: function () {
var self = this; var url = this.$q.localStorage.getItem('lnbits.paywall.{{ paywall.id }}');
Fingerprint2.get(function (components) { if (url) {
self.fingerprint.hash = Fingerprint2.x64hash128(JSON.stringify(components)); this.redirectUrl = url;
} else {
var key = self.$q.localStorage.getItem('lnbits.paywall.{{ paywall.id }}'); this.getInvoice();
};
if (key) {
axios.post(
'/paywall/api/v1/paywalls/{{ paywall.id }}/check_access',
{key: key, fingerprint: self.fingerprint.hash}
).then(function (response) {
if (response.data.valid) {
self.fingerprint.isValid = true;
self.redirectUrl = response.data.url;
} else {
self.getInvoice();
}
});
} else {
self.getInvoice();
};
});
} }
}); });
</script> </script>

28
lnbits/extensions/paywall/views_api.py
View File

@@ -67,12 +67,7 @@ def api_paywall_get_invoice(paywall_id):
@paywall_ext.route("/api/v1/paywalls/<paywall_id>/check_invoice", methods=["POST"]) @paywall_ext.route("/api/v1/paywalls/<paywall_id>/check_invoice", methods=["POST"])
@api_validate_post_request( @api_validate_post_request(schema={"checking_id": {"type": "string", "empty": False, "required": True}})
schema={
"checking_id": {"type": "string", "empty": False, "required": True},
"fingerprint": {"type": "string", "empty": False, "required": True},
}
)
def api_paywal_check_invoice(paywall_id): def api_paywal_check_invoice(paywall_id):
paywall = get_paywall(paywall_id) paywall = get_paywall(paywall_id)
@@ -89,25 +84,6 @@ def api_paywal_check_invoice(paywall_id):
payment = wallet.get_payment(g.data["checking_id"]) payment = wallet.get_payment(g.data["checking_id"])
payment.set_pending(False) payment.set_pending(False)
return jsonify({"paid": True, "key": paywall.key_for(g.data["fingerprint"]), "url": paywall.url}), Status.OK return jsonify({"paid": True, "url": paywall.url}), Status.OK
return jsonify({"paid": False}), Status.OK return jsonify({"paid": False}), Status.OK
@paywall_ext.route("/api/v1/paywalls/<paywall_id>/check_access", methods=["POST"])
@api_validate_post_request(
schema={
"key": {"type": "string", "empty": False, "required": True},
"fingerprint": {"type": "string", "empty": False, "required": True},
}
)
def api_fingerprint_check(paywall_id):
paywall = get_paywall(paywall_id)
if not paywall:
return jsonify({"message": "Paywall does not exist."}), Status.NOT_FOUND
if paywall.key_for(g.data["fingerprint"]) != g.data["key"]:
return jsonify({"valid": False}), Status.OK
return jsonify({"valid": True, "url": paywall.url}), Status.OK