highperfocused/lnbits
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits.git synced 2025-10-08 18:01:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(lndhub): require admin key for sending funds

Browse Source
This commit is contained in:
Stefan Stammberger
2021-10-17 10:30:59 +02:00
parent 2282e79f4d
commit 70facdaa93
2 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lnbits/extensions/lndhub/decorators.py
View File

@@ -15,10 +15,25 @@ from lnbits.decorators import WalletTypeInfo, get_key_type # type: ignore
api_key_header_auth = APIKeyHeader(name="AUTHORIZATION", auto_error=False, description="Admin or Invoice key for LNDHub API's") api_key_header_auth = APIKeyHeader(name="AUTHORIZATION", auto_error=False, description="Admin or Invoice key for LNDHub API's")
async def check_wallet(r: Request, api_key_header_auth: str = Security(api_key_header_auth)) -> WalletTypeInfo: async def check_wallet(r: Request, api_key_header_auth: str = Security(api_key_header_auth)) -> WalletTypeInfo:
if not api_key_header_auth: if not api_key_header_auth:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST) raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid auth key"
)
t = api_key_header_auth.split(" ")[1] t = api_key_header_auth.split(" ")[1]
_, token = b64decode(t).decode("utf-8").split(":") _, token = b64decode(t).decode("utf-8").split(":")
return await get_key_type(r, api_key_header=token) return await get_key_type(r, api_key_header=token)
async def require_admin_key(r: Request, api_key_header_auth: str = Security(api_key_header_auth)):
wallet = await check_wallet(r, api_key_header_auth)
if wallet.wallet_type != 0:
# If wallet type is not admin then return the unauthorized status
# This also covers when the user passes an invalid key type
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Admin key required.",
)
else:
return wallet

12
lnbits/extensions/lndhub/views_api.py
View File

@@ -9,7 +9,7 @@ from lnbits.settings import WALLET
from lnbits import bolt11 from lnbits import bolt11
from . import lndhub_ext from . import lndhub_ext
from .decorators import check_wallet from .decorators import check_wallet, require_admin_key
from .utils import to_buffer, decoded_as_lndhub from .utils import to_buffer, decoded_as_lndhub
from http import HTTPStatus from http import HTTPStatus
from starlette.exceptions import HTTPException from starlette.exceptions import HTTPException
@@ -83,16 +83,8 @@ class Invoice(BaseModel):
@lndhub_ext.post("/ext/payinvoice") @lndhub_ext.post("/ext/payinvoice")
async def lndhub_payinvoice( async def lndhub_payinvoice(
r_invoice: Invoice, wallet: WalletTypeInfo = Depends(check_wallet) r_invoice: Invoice, wallet: WalletTypeInfo = Depends(require_admin_key)
): ):
# DIRTY HACK NEEDS TO BE ADDRESSED
if wallet.wallet_type == 1:
print("Not enough permission!")
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST,
detail="Not enough permission!",
)
return
try: try:
await pay_invoice( await pay_invoice(
wallet_id=wallet.wallet.id, wallet_id=wallet.wallet.id,