From c23c8d9a3714694779bc98a48527151ef892ea49 Mon Sep 17 00:00:00 2001 From: ben Date: Wed, 18 May 2022 11:08:52 +0100 Subject: [PATCH] Fixed unique LNURLw bug --- lnbits/extensions/withdraw/lnurl.py | 36 +++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/lnbits/extensions/withdraw/lnurl.py b/lnbits/extensions/withdraw/lnurl.py index e34add037..801fa62f6 100644 --- a/lnbits/extensions/withdraw/lnurl.py +++ b/lnbits/extensions/withdraw/lnurl.py @@ -30,7 +30,7 @@ async def api_lnurl_response(request: Request, unique_hash): ) if link.is_spent: - raise HTTPException(detail="Withdraw is spent.") + raise HTTPException(status_code=HTTPStatus.NOT_FOUND, detail="Withdraw is spent.") url = request.url_for("withdraw.api_lnurl_callback", unique_hash=link.unique_hash) withdrawResponse = { "tag": "withdrawRequest", @@ -48,7 +48,7 @@ async def api_lnurl_response(request: Request, unique_hash): @withdraw_ext.get("/api/v1/lnurl/cb/{unique_hash}", name="withdraw.api_lnurl_callback") async def api_lnurl_callback( - unique_hash, request: Request, k1: str = Query(...), pr: str = Query(...) + unique_hash, request: Request, k1: str = Query(...), pr: str = Query(...), id_unique_hash=None ): link = await get_withdraw_link_by_hash(unique_hash) now = int(datetime.now().timestamp()) @@ -58,21 +58,36 @@ async def api_lnurl_callback( ) if link.is_spent: - raise HTTPException(status_code=HTTPStatus.OK, detail="Withdraw is spent.") + raise HTTPException(status_code=HTTPStatus.NOT_FOUND, detail="Withdraw is spent.") if link.k1 != k1: - raise HTTPException(status_code=HTTPStatus.OK, detail="Bad request.") + raise HTTPException(status_code=HTTPStatus.NOT_FOUND, detail="Bad request.") if now < link.open_time: return {"status": "ERROR", "reason": f"Wait {link.open_time - now} seconds."} + usescsv = "" try: - usescsv = "" for x in range(1, link.uses - link.used): usecv = link.usescsv.split(",") usescsv += "," + str(usecv[x]) usecsvback = usescsv - usescsv = usescsv[1:] + + found = False + if id_unique_hash is not None: + useslist = link.usescsv.split(",") + for ind, x in enumerate(useslist): + tohash = link.id + link.unique_hash + str(x) + if id_unique_hash == shortuuid.uuid(name=tohash): + found = True + useslist.pop(ind) + usescsv = ','.join(useslist) + if not found: + raise HTTPException( + status_code=HTTPStatus.NOT_FOUND, detail="LNURL-withdraw not found." + ) + else: + usescsv = usescsv[1:] changesback = { "open_time": link.wait_time, @@ -115,11 +130,11 @@ async def api_lnurl_multi_response(request: Request, unique_hash, id_unique_hash if not link: raise HTTPException( - status_code=HTTPStatus.OK, detail="LNURL-withdraw not found." + status_code=HTTPStatus.NOT_FOUND, detail="LNURL-withdraw not found." ) if link.is_spent: - raise HTTPException(status_code=HTTPStatus.OK, detail="Withdraw is spent.") + raise HTTPException(status_code=HTTPStatus.NOT_FOUND, detail="Withdraw is spent.") useslist = link.usescsv.split(",") found = False @@ -127,15 +142,16 @@ async def api_lnurl_multi_response(request: Request, unique_hash, id_unique_hash tohash = link.id + link.unique_hash + str(x) if id_unique_hash == shortuuid.uuid(name=tohash): found = True + if not found: raise HTTPException( - status_code=HTTPStatus.OK, detail="LNURL-withdraw not found." + status_code=HTTPStatus.NOT_FOUND, detail="LNURL-withdraw not found." ) url = request.url_for("withdraw.api_lnurl_callback", unique_hash=link.unique_hash) withdrawResponse = { "tag": "withdrawRequest", - "callback": url, + "callback": url + "?id_unique_hash=" + id_unique_hash, "k1": link.k1, "minWithdrawable": link.min_withdrawable * 1000, "maxWithdrawable": link.max_withdrawable * 1000,