From df2345bda90638e0ca9c2895256c055e78607a0d Mon Sep 17 00:00:00 2001
From: Tiago vasconcelos <talvasconcelos@gmail.com>
Date: Tue, 28 Dec 2021 15:22:45 +0000
Subject: [PATCH] added require_invoice_key

clean up
---
 lnbits/decorators.py                   | 18 ++++++++++++++++++
 lnbits/extensions/satspay/views_api.py |  9 ++++-----
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/lnbits/decorators.py b/lnbits/decorators.py
index 04f0e2206..f7cf86ec9 100644
--- a/lnbits/decorators.py
+++ b/lnbits/decorators.py
@@ -171,6 +171,24 @@ async def require_admin_key(
     else:
         return wallet
 
+async def require_invoice_key(
+    r: Request,
+    api_key_header: str = Security(api_key_header),
+    api_key_query: str = Security(api_key_query),
+):
+    token = api_key_header if api_key_header else api_key_query
+
+    wallet = await get_key_type(r, token)
+
+    if wallet.wallet_type > 1:
+        # If wallet type is not invoice then return the unauthorized status
+        # This also covers when the user passes an invalid key type
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, detail="Invoice (or Admin) key required."
+        )
+    else:
+        return wallet
+
 
 async def check_user_exists(usr: UUID4) -> User:
     g().user = await get_user(usr.hex)
diff --git a/lnbits/extensions/satspay/views_api.py b/lnbits/extensions/satspay/views_api.py
index 8b5f7b9a4..428f2ef69 100644
--- a/lnbits/extensions/satspay/views_api.py
+++ b/lnbits/extensions/satspay/views_api.py
@@ -6,11 +6,10 @@ from fastapi.params import Depends
 from starlette.exceptions import HTTPException
 
 from lnbits.decorators import (
-    WalletAdminKeyChecker,
-    WalletInvoiceKeyChecker,
     WalletTypeInfo,
     get_key_type,
     require_admin_key,
+    require_invoice_key,
 )
 from lnbits.extensions.satspay import satspay_ext
 
@@ -26,15 +25,15 @@ from .models import CreateCharge
 
 #############################CHARGES##########################
 
-@satspay_ext.post("/api/v1/charge", dependencies=[Depends(WalletInvoiceKeyChecker())])
+@satspay_ext.post("/api/v1/charge")
 async def api_charge_create(
     data: CreateCharge,
-    wallet: WalletTypeInfo = Depends(get_key_type)
+    wallet: WalletTypeInfo = Depends(require_invoice_key)
 ):
     charge = await create_charge(user=wallet.wallet.user, data=data)
     return charge.dict()
 
-@satspay_ext.put("/api/v1/charge/{charge_id}", dependencies=[Depends(WalletAdminKeyChecker())])
+@satspay_ext.put("/api/v1/charge/{charge_id}")
 async def api_charge_update(
     data: CreateCharge,
     wallet: WalletTypeInfo = Depends(require_admin_key),