highperfocused/lnbits
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits.git synced 2025-09-27 20:36:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

comments and hints

Browse Source
This commit is contained in:
iWarpBTC
2022-06-21 23:41:08 +02:00
committed by Lee Salminen
parent 2f497ac0ee
commit 5af49e3801
3 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lnbits/extensions/boltcards/nxp424.py
View File

@@ -1,3 +1,4 @@
# https://www.nxp.com/docs/en/application-note/AN12196.pdf
from typing import Tuple from typing import Tuple
from Cryptodome.Hash import CMAC from Cryptodome.Hash import CMAC
from Cryptodome.Cipher import AES from Cryptodome.Cipher import AES

12
lnbits/extensions/boltcards/templates/boltcards/index.html
View File

@@ -126,17 +126,15 @@
v-model.trim="cardDialog.data.card_name" v-model.trim="cardDialog.data.card_name"
type="text" type="text"
label="Card name " label="Card name "
><q-tooltip class="bg-grey-8" anchor="bottom left" self="top left"
>The domain to use ex: "example.com"</q-tooltip
></q-input ></q-input
> >
<q-input <q-input
filled filled
dense dense
bottom-slots
v-model.trim="cardDialog.data.uid" v-model.trim="cardDialog.data.uid"
type="text" type="text"
label="Card UID" label="Card UID"
hint="Card unique identificator (7 bytes in HEX)."
> >
</q-input> </q-input>
<q-input <q-input
@@ -145,10 +143,8 @@
v-model.trim="cardDialog.data.file_key" v-model.trim="cardDialog.data.file_key"
type="text" type="text"
label="Card File key" label="Card File key"
hint="Used for CMAC of the message (16 bytes in HEX)."
> >
<q-tooltip class="bg-grey-8" anchor="bottom left" self="top left"
>Create a "Edit zone DNS" API token in cloudflare</q-tooltip
>
</q-input> </q-input>
<q-input <q-input
filled filled
@@ -156,7 +152,7 @@
v-model.trim="cardDialog.data.meta_key" v-model.trim="cardDialog.data.meta_key"
type="text" type="text"
label="Card Meta key" label="Card Meta key"
hint="A URL to be called whenever this link receives a payment." hint="Used for encypting of the message (16 bytes in HEX)."
></q-input> ></q-input>
<q-input <q-input
filled filled
@@ -165,7 +161,7 @@
type="number" type="number"
label="Initial counter" label="Initial counter"
><q-tooltip class="bg-grey-8" anchor="bottom left" self="top left" ><q-tooltip class="bg-grey-8" anchor="bottom left" self="top left"
>How much to charge per day</q-tooltip >Zero if you don't know.</q-tooltip
></q-input ></q-input
> >
<div class="row q-mt-lg"> <div class="row q-mt-lg">

15
lnbits/extensions/boltcards/views_api.py
View File

@@ -51,6 +51,7 @@ async def api_link_create_or_update(
wallet: WalletTypeInfo = Depends(require_admin_key), wallet: WalletTypeInfo = Depends(require_admin_key),
): ):
''' '''
TODO: some checks
if data.uses > 250: if data.uses > 250:
raise HTTPException( raise HTTPException(
detail="250 uses max.", status_code=HTTPStatus.BAD_REQUEST detail="250 uses max.", status_code=HTTPStatus.BAD_REQUEST
@@ -119,7 +120,8 @@ async def api_hits(
return [hit.dict() for hit in await get_hits(cards_ids)] return [hit.dict() for hit in await get_hits(cards_ids)]
@boltcards_ext.get("/api/v1/scan/") # pay.btcslovnik.cz/boltcards/api/v1/scan/?uid=00000000000000&ctr=000000&c=0000000000000000 # /boltcards/api/v1/scan/?uid=00000000000000&ctr=000000&c=0000000000000000
@boltcards_ext.get("/api/v1/scan/")
async def api_scan( async def api_scan(
uid, ctr, c, uid, ctr, c,
request: Request request: Request
@@ -141,6 +143,7 @@ async def api_scan(
await update_card_counter(ctr_int, card.id) await update_card_counter(ctr_int, card.id)
# gathering some info for hit record
ip = request.client.host ip = request.client.host
if request.headers['x-real-ip']: if request.headers['x-real-ip']:
ip = request.headers['x-real-ip'] ip = request.headers['x-real-ip']
@@ -154,6 +157,7 @@ async def api_scan(
link = await get_withdraw_link(card.withdraw, 0) link = await get_withdraw_link(card.withdraw, 0)
return link.lnurl_response(request) return link.lnurl_response(request)
# /boltcards/api/v1/scane/?e=00000000000000000000000000000000&c=0000000000000000
@boltcards_ext.get("/api/v1/scane/") @boltcards_ext.get("/api/v1/scane/")
async def api_scane( async def api_scane(
e, c, e, c,
@@ -162,6 +166,8 @@ async def api_scane(
card = None card = None
counter = b'' counter = b''
# since this route is common to all cards I don't know whitch 'meta key' to use
# so I try one by one until decrypted uid matches
for cand in await get_all_cards(): for cand in await get_all_cards():
if cand.meta_key: if cand.meta_key:
card_uid, counter = decryptSUN(bytes.fromhex(e), bytes.fromhex(cand.meta_key)) card_uid, counter = decryptSUN(bytes.fromhex(e), bytes.fromhex(cand.meta_key))
@@ -182,12 +188,13 @@ async def api_scane(
if ctr_int <= card.counter: if ctr_int <= card.counter:
return {"status": "ERROR", "reason": "This link is already used."} return {"status": "ERROR", "reason": "This link is already used."}
await update_card_counter(counter_int, card.id) await update_card_counter(ctr_int, card.id)
# gathering some info for hit record
ip = request.client.host ip = request.client.host
if request.headers['x-real-ip']: if 'x-real-ip' in request.headers:
ip = request.headers['x-real-ip'] ip = request.headers['x-real-ip']
elif request.headers['x-forwarded-for']: elif 'x-forwarded-for' in request.headers:
ip = request.headers['x-forwarded-for'] ip = request.headers['x-forwarded-for']
agent = request.headers['user-agent'] if 'user-agent' in request.headers else '' agent = request.headers['user-agent'] if 'user-agent' in request.headers else ''