diff --git a/lnbits/extensions/boltcards/lnurl.py b/lnbits/extensions/boltcards/lnurl.py index 398f218e2..93ca6390a 100644 --- a/lnbits/extensions/boltcards/lnurl.py +++ b/lnbits/extensions/boltcards/lnurl.py @@ -32,6 +32,7 @@ from . import boltcards_ext from .crud import ( create_hit, get_card, + get_card_by_uid, get_card_by_otp, get_card, get_hit, @@ -47,34 +48,31 @@ from .nxp424 import decryptSUN, getSunMAC ###############LNURLWITHDRAW################# # /boltcards/api/v1/scan?p=00000000000000000000000000000000&c=0000000000000000 -@boltcards_ext.get("/api/v1/scan/{card_id}") -async def api_scan(p, c, request: Request, card_id: str = None): +@boltcards_ext.get("/api/v1/scan/{card_uid}") +async def api_scan(p, c, request: Request, card_uid: str = None): # some wallets send everything as lower case, no bueno p = p.upper() c = c.upper() card = None counter = b"" - + card = await get_card_by_uid(card_uid) + if not card: + return {"status": "ERROR", "reason": "No card."} + if not card.enable: + return {"status": "ERROR", "reason": "Card is disabled."} try: - card = await get_card_by_uid(card_uid) - if not card.enable: - return {"status": "ERROR", "reason": "Card is disabled."} card_uid, counter = decryptSUN(bytes.fromhex(p), bytes.fromhex(card.k1)) if card.uid.upper() != card_uid.hex().upper(): return {"status": "ERROR", "reason": "Card UID mis-match."} + if c != getSunMAC(card_uid, counter, bytes.fromhex(card.k2)).hex().upper(): + return {"status": "ERROR", "reason": "CMAC does not check."} except: return {"status": "ERROR", "reason": "Error decrypting card."} - if card == None: - return {"status": "ERROR", "reason": "Unknown card."} - - if c != getSunMAC(card_id, counter, bytes.fromhex(card.k2)).hex().upper(): - return {"status": "ERROR", "reason": "CMAC does not check."} - ctr_int = int.from_bytes(counter, "little") - # if ctr_int <= card.counter: - # return {"status": "ERROR", "reason": "This link is already used."} + if ctr_int <= card.counter: + return {"status": "ERROR", "reason": "This link is already used."} await update_card_counter(ctr_int, card.id) @@ -117,26 +115,23 @@ async def lnurl_callback( k1: str = Query(None), ): hit = await get_hit(k1) - card = await get_card(hit.id) + card = await get_card(hit.card_id) if not hit: return {"status": "ERROR", "reason": f"LNURL-pay record not found."} - - if pr: + try: if hit.id != k1: return {"status": "ERROR", "reason": "Bad K1"} if hit.spent: return {"status": "ERROR", "reason": f"Payment already claimed"} hit = await spend_hit(hit.id) - if not hit: - return {"status": "ERROR", "reason": f"Payment failed"} await pay_invoice( wallet_id=card.wallet, payment_request=pr, - max_sat=card.tx_limit / 1000, + max_sat=card.tx_limit, extra={"tag": "boltcard"}, ) return {"status": "OK"} - else: + except: return {"status": "ERROR", "reason": f"Payment failed"} diff --git a/lnbits/extensions/boltcards/models.py b/lnbits/extensions/boltcards/models.py index cdba5dd3a..c1b113af3 100644 --- a/lnbits/extensions/boltcards/models.py +++ b/lnbits/extensions/boltcards/models.py @@ -50,7 +50,7 @@ class CreateCardData(BaseModel): counter: int = Query(0) tx_limit: int = Query(0) daily_limit: int = Query(0) - enable: bool = Query(...) + enable: bool = Query(True) k0: str = Query(ZERO_KEY) k1: str = Query(ZERO_KEY) k2: str = Query(ZERO_KEY) diff --git a/lnbits/extensions/boltcards/views_api.py b/lnbits/extensions/boltcards/views_api.py index 3891d1fe1..4d2db17db 100644 --- a/lnbits/extensions/boltcards/views_api.py +++ b/lnbits/extensions/boltcards/views_api.py @@ -49,7 +49,6 @@ async def api_card_create_or_update( card_id: str = None, wallet: WalletTypeInfo = Depends(require_admin_key), ): - logger.debug(len(bytes.fromhex(data.uid))) try: if len(bytes.fromhex(data.uid)) != 7: raise HTTPException( @@ -106,8 +105,6 @@ async def enable_card( detail="Not your card.", status_code=HTTPStatus.FORBIDDEN ) card = await enable_disable_card(enable=enable, id=card_id) - logger.debug(enable) - logger.debug(card) return card.dict() @boltcards_ext.delete("/api/v1/cards/{card_id}")