highperfocused/lnbits
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits.git synced 2025-06-14 02:41:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #475 from talvasconcelos/fix/chargepermission

Browse Source 
fix wallet key permission for create
This commit is contained in:
Arc 2021-12-31 15:43:10 +00:00 committed by GitHub
commit db666fd103
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 103 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lnbits/decorators.py
View File

@ -171,6 +171,24 @@ async def require_admin_key(
else: else:
return wallet return wallet
async def require_invoice_key(
r: Request,
api_key_header: str = Security(api_key_header),
api_key_query: str = Security(api_key_query),
):
token = api_key_header if api_key_header else api_key_query
wallet = await get_key_type(r, token)
if wallet.wallet_type > 1:
# If wallet type is not invoice then return the unauthorized status
# This also covers when the user passes an invalid key type
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, detail="Invoice (or Admin) key required."
)
else:
return wallet
async def check_user_exists(usr: UUID4) -> User: async def check_user_exists(usr: UUID4) -> User:
g().user = await get_user(usr.hex) g().user = await get_user(usr.hex)

10
lnbits/extensions/satspay/__init__.py
View File

@ -1,7 +1,10 @@
import asyncio
from fastapi import APIRouter from fastapi import APIRouter
from lnbits.db import Database from lnbits.db import Database
from lnbits.helpers import template_renderer from lnbits.helpers import template_renderer
from lnbits.tasks import catch_everything_and_restart
db = Database("ext_satspay") db = Database("ext_satspay")
@ -12,6 +15,11 @@ satspay_ext: APIRouter = APIRouter(prefix="/satspay", tags=["satspay"])
def satspay_renderer(): def satspay_renderer():
return template_renderer(["lnbits/extensions/satspay/templates"]) return template_renderer(["lnbits/extensions/satspay/templates"])
from .tasks import wait_for_paid_invoices
from .views import * # noqa from .views import * # noqa
from .views_api import * # noqa from .views_api import * # noqa
def satspay_start():
loop = asyncio.get_event_loop()
loop.create_task(catch_everything_and_restart(wait_for_paid_invoices))

5
lnbits/extensions/satspay/crud.py
View File

@ -25,7 +25,10 @@ async def create_charge(user: str, data: CreateCharge) -> Charges:
onchainaddress = None onchainaddress = None
if data.lnbitswallet: if data.lnbitswallet:
payment_hash, payment_request = await create_invoice( payment_hash, payment_request = await create_invoice(
wallet_id=data.lnbitswallet, amount=data.amount, memo=charge_id wallet_id=data.lnbitswallet,
amount=data.amount,
memo=charge_id,
extra={"tag": "charge"},
) )
else: else:
payment_hash = None payment_hash = None

31
lnbits/extensions/satspay/tasks.py Normal file
View File

@ -0,0 +1,31 @@
import asyncio
from lnbits.core.models import Payment
from lnbits.extensions.satspay.crud import check_address_balance, get_charge
from lnbits.tasks import register_invoice_listener
# from .crud import get_ticket, set_ticket_paid
async def wait_for_paid_invoices():
invoice_queue = asyncio.Queue()
register_invoice_listener(invoice_queue)
while True:
payment = await invoice_queue.get()
await on_invoice_paid(payment)
async def on_invoice_paid(payment: Payment) -> None:
if "charge" != payment.extra.get("tag"):
# not a charge invoice
return
charge = await get_charge(payment.memo)
if not charge:
print("this should never happen", payment)
return
await payment.set_pending(False)
await check_address_balance(charge_id=charge.id)

22
lnbits/extensions/satspay/templates/satspay/display.html
View File

@ -132,7 +132,7 @@
lightning-network invoice</span lightning-network invoice</span
> >
</center> </center>
<a href="lightning://{{ charge.payment_request }}"> <a href="lightning:{{ charge.payment_request }}">
<q-responsive :ratio="1" class="q-mx-md"> <q-responsive :ratio="1" class="q-mx-md">
<qrcode <qrcode
:value="'{{ charge.payment_request }}'" :value="'{{ charge.payment_request }}'"
@ -182,7 +182,7 @@
to this onchain address</span to this onchain address</span
> >
</center> </center>
<a href="bitcoin://{{ charge.onchainaddress }}"> <a href="bitcoin:{{ charge.onchainaddress }}">
<q-responsive :ratio="1" class="q-mx-md"> <q-responsive :ratio="1" class="q-mx-md">
<qrcode <qrcode
:value="'{{ charge.onchainaddress }}'" :value="'{{ charge.onchainaddress }}'"
@ -235,10 +235,24 @@
charge_time_elapsed: '{{charge.time_elapsed}}', charge_time_elapsed: '{{charge.time_elapsed}}',
charge_amount: '{{charge.amount}}', charge_amount: '{{charge.amount}}',
charge_balance: '{{charge.balance}}', charge_balance: '{{charge.balance}}',
charge_paid: '{{charge.paid}}' charge_paid: '{{charge.paid}}',
wallet: {
inkey: ''
},
cancelListener: () => {}
} }
}, },
methods: { methods: {
startPaymentNotifier(){
this.cancelListener()
this.cancelListener = LNbits.event.onInvoicePaid(
this.wallet,
payment => {
this.checkBalance()
}
)
},
checkBalance: function () { checkBalance: function () {
var self = this var self = this
LNbits.api LNbits.api
@ -307,12 +321,14 @@
this.lnbtc = false this.lnbtc = false
this.onbtc = true this.onbtc = true
} }
this.wallet.inkey = '{{ wallet_inkey }}'
this.getTheTime() this.getTheTime()
this.getThePercentage() this.getThePercentage()
var timerCount = this.timerCount var timerCount = this.timerCount
if ('{{ charge.paid }}' == 'False') { if ('{{ charge.paid }}' == 'False') {
timerCount() timerCount()
} }
this.startPaymentNotifier()
} }
}) })
</script> </script>

2
lnbits/extensions/satspay/templates/satspay/index.html
View File

@ -475,7 +475,7 @@
}, },
sendFormDataCharge: function () { sendFormDataCharge: function () {
var self = this var self = this
var wallet = this.g.user.wallets[0].adminkey var wallet = this.g.user.wallets[0].inkey
var data = this.formDialogCharge.data var data = this.formDialogCharge.data
data.amount = parseInt(data.amount) data.amount = parseInt(data.amount)
data.time = parseInt(data.time) data.time = parseInt(data.time)

4
lnbits/extensions/satspay/views.py
View File

@ -6,6 +6,7 @@ from starlette.exceptions import HTTPException
from starlette.requests import Request from starlette.requests import Request
from starlette.responses import HTMLResponse from starlette.responses import HTMLResponse
from lnbits.core.crud import get_wallet
from lnbits.core.models import User from lnbits.core.models import User
from lnbits.decorators import check_user_exists from lnbits.decorators import check_user_exists
@ -29,6 +30,7 @@ async def display(request: Request, charge_id):
raise HTTPException( raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Charge link does not exist." status_code=HTTPStatus.NOT_FOUND, detail="Charge link does not exist."
) )
wallet = await get_wallet(charge.lnbitswallet)
return satspay_renderer().TemplateResponse( return satspay_renderer().TemplateResponse(
"satspay/display.html", {"request": request, "charge": charge} "satspay/display.html", {"request": request, "charge": charge, "wallet_key": wallet.inkey}
) )

21
lnbits/extensions/satspay/views_api.py
View File

@ -5,7 +5,12 @@ from fastapi import Query
from fastapi.params import Depends from fastapi.params import Depends
from starlette.exceptions import HTTPException from starlette.exceptions import HTTPException
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key from lnbits.decorators import (
WalletTypeInfo,
get_key_type,
require_admin_key,
require_invoice_key,
)
from lnbits.extensions.satspay import satspay_ext from lnbits.extensions.satspay import satspay_ext
from .crud import ( from .crud import (
@ -20,18 +25,20 @@ from .models import CreateCharge
#############################CHARGES########################## #############################CHARGES##########################
@satspay_ext.post("/api/v1/charge") @satspay_ext.post("/api/v1/charge")
async def api_charge_create(
data: CreateCharge,
wallet: WalletTypeInfo = Depends(require_invoice_key)
):
charge = await create_charge(user=wallet.wallet.user, data=data)
return charge.dict()
@satspay_ext.put("/api/v1/charge/{charge_id}") @satspay_ext.put("/api/v1/charge/{charge_id}")
async def api_charge_create_or_update( async def api_charge_update(
data: CreateCharge, data: CreateCharge,
wallet: WalletTypeInfo = Depends(require_admin_key), wallet: WalletTypeInfo = Depends(require_admin_key),
charge_id=None, charge_id=None,
): ):
if not charge_id:
charge = await create_charge(user=wallet.wallet.user, data=data)
return charge.dict()
else:
charge = await update_charge(charge_id=charge_id, data=data) charge = await update_charge(charge_id=charge_id, data=data)
return charge.dict() return charge.dict()

2
lnbits/extensions/withdraw/templates/withdraw/display.html
View File

@ -7,7 +7,7 @@
{% if link.is_spent %} {% if link.is_spent %}
<q-badge color="red" class="q-mb-md">Withdraw is spent.</q-badge> <q-badge color="red" class="q-mb-md">Withdraw is spent.</q-badge>
{% endif %} {% endif %}
<a href="lightning://{{ lnurl }}"> <a href="lightning:{{ lnurl }}">
<q-responsive :ratio="1" class="q-mx-md"> <q-responsive :ratio="1" class="q-mx-md">
<qrcode <qrcode
:value="this.here + '/?lightning={{lnurl }}'" :value="this.here + '/?lightning={{lnurl }}'"