From 5c029a7af9062a79b91d43d2f71017c4e562632e Mon Sep 17 00:00:00 2001 From: ben Date: Fri, 25 Nov 2022 19:10:18 +0000 Subject: [PATCH] only allows admins to use custom themes --- lnbits/extensions/satspay/migrations.py | 4 ++-- .../extensions/satspay/templates/satspay/index.html | 13 ++++++++++++- lnbits/extensions/satspay/views.py | 9 ++++++--- lnbits/extensions/satspay/views_api.py | 10 ++++++++++ 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/lnbits/extensions/satspay/migrations.py b/lnbits/extensions/satspay/migrations.py index 8787cc8b3..c6beb658c 100644 --- a/lnbits/extensions/satspay/migrations.py +++ b/lnbits/extensions/satspay/migrations.py @@ -38,7 +38,7 @@ async def m002_add_charge_extra_data(db): """ ) -async def m002_add_themes_table(db): +async def m003_add_themes_table(db): """ Themes table """ @@ -55,7 +55,7 @@ async def m002_add_themes_table(db): ) -async def m003_add_custom_css_to_charges(db): +async def m004_add_custom_css_to_charges(db): """ Add custom css option column to the 'charges' table """ diff --git a/lnbits/extensions/satspay/templates/satspay/index.html b/lnbits/extensions/satspay/templates/satspay/index.html index 08bf785dc..decf2b91a 100644 --- a/lnbits/extensions/satspay/templates/satspay/index.html +++ b/lnbits/extensions/satspay/templates/satspay/index.html @@ -10,11 +10,20 @@ New CSS Theme + New CSS Theme + For security reason, custom css is only available to server admins. @@ -267,7 +276,7 @@ - +
@@ -522,6 +531,7 @@ return { settings: {}, filter: '', + admin: '{{ admin }}', balance: null, walletLinks: [], chargeLinks: [], @@ -938,6 +948,7 @@ } }, created: async function () { + console.log(this.admin) await this.getThemes() await this.getCharges() await this.getWalletConfig() diff --git a/lnbits/extensions/satspay/views.py b/lnbits/extensions/satspay/views.py index 72362f862..7ba73acf8 100644 --- a/lnbits/extensions/satspay/views.py +++ b/lnbits/extensions/satspay/views.py @@ -10,17 +10,20 @@ from starlette.responses import HTMLResponse from lnbits.core.models import User from lnbits.decorators import check_user_exists from lnbits.extensions.satspay.helpers import public_charge +from lnbits.settings import LNBITS_ADMIN_USERS from . import satspay_ext, satspay_renderer -from .crud import get_charge, get_charge_config, get_themes, get_theme +from .crud import get_charge, get_theme templates = Jinja2Templates(directory="templates") - @satspay_ext.get("/", response_class=HTMLResponse) async def index(request: Request, user: User = Depends(check_user_exists)): + admin = False + if LNBITS_ADMIN_USERS and user.id not in LNBITS_ADMIN_USERS: + admin = True return satspay_renderer().TemplateResponse( - "satspay/index.html", {"request": request, "user": user.dict()} + "satspay/index.html", {"request": request, "user": user.dict(), "admin": admin} ) diff --git a/lnbits/extensions/satspay/views_api.py b/lnbits/extensions/satspay/views_api.py index d5b510ab1..2bce1a720 100644 --- a/lnbits/extensions/satspay/views_api.py +++ b/lnbits/extensions/satspay/views_api.py @@ -15,6 +15,11 @@ from lnbits.decorators import ( ) from lnbits.extensions.satspay import satspay_ext +from lnbits.settings import ( + LNBITS_ADMIN_EXTENSIONS, + LNBITS_ADMIN_USERS, +) + from .crud import ( check_address_balance, create_charge, @@ -157,6 +162,11 @@ async def api_themes_save( wallet: WalletTypeInfo = Depends(require_invoice_key), css_id: str = None, ): + if LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS: + raise HTTPException( + status_code=HTTPStatus.FORBIDDEN, + detail="Only server admins can create themes.", + ) if css_id: theme = await save_theme(css_id=css_id, data=data) else: