From 5ac91ee2cfb126c02035b98e8c1cd55099101f72 Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@alhur.es>
Date: Fri, 11 Sep 2020 21:24:41 -0300
Subject: [PATCH] db commits at the right places when sending payments.

fixing vulnerabilities introduced in https://github.com/lnbits/lnbits/pull/90
---
 lnbits/core/services.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lnbits/core/services.py b/lnbits/core/services.py
index eb82bd70c..fd42aa6ad 100644
--- a/lnbits/core/services.py
+++ b/lnbits/core/services.py
@@ -44,6 +44,7 @@ def create_invoice(
         extra=extra,
     )
 
+    g.db.commit()
     return invoice.payment_hash, payment_request
 
 
@@ -97,6 +98,8 @@ def pay_invoice(
     if wallet.balance_msat < 0:
         g.db.rollback()
         raise PermissionError("Insufficient balance.")
+    else:
+        g.db.commit()
 
     if internal:
         # mark the invoice from the other side as not pending anymore
@@ -112,6 +115,7 @@ def pay_invoice(
         else:
             raise Exception(error_message or "Failed to pay_invoice on backend.")
 
+    g.db.commit()
     return invoice.payment_hash