feat: events_ticket_register RPC over nostr transport

Organizer-side ticket scanning over LNbits's freshly-merged nostr-transport (kind 21000, NIP-44 v2). The organizer signs the RPC event with their Nostr key; the transport dispatcher resolves pubkey → Account → wallet (AUTH_WALLET) and the handler verifies event-level ownership (event.wallet ∈ caller_user.wallet_ids) before flipping `registered = True`. Idempotence + state transitions mirror the legacy HTTP endpoint: "Ticket not paid for" / "Ticket already registered" / "Ticket does not exist on this event" / "You do not own this event" come back as ERROR responses. Registration in events_start() is guarded with try/except ImportError so the extension still loads on older LNbits versions that pre-date the transport (HTTP path stays the fallback there). Webapp uses this as the new primary scan call site instead of the legacy HTTP endpoint — see companion webapp PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 16:32:18 +02:00 · 2026-05-24 16:32:18 +02:00 · 2b3d9df11d
commit 2b3d9df11d
parent 7b761a1aef
2 changed files with 89 additions and 0 deletions
--- a/transport_rpcs.py
+++ b/transport_rpcs.py
@ -0,0 +1,68 @@
+"""
+Nostr-transport RPC handlers for the aiolabs/events extension.
+
+Each handler is registered with `lnbits.core.services.nostr_transport.
+dispatcher.register_rpc` in `events_start()`. The dispatcher resolves
+the caller's Nostr pubkey to an LNbits Account → wallet (`AUTH_WALLET`)
+and passes a `WalletTypeInfo` as the first argument; handlers verify
+event-level ownership on top.
+
+Errors raise `PermissionError` / `ValueError` so the dispatcher maps
+them into `{status: "ERROR", error: <msg>}` responses; any other
+exception falls through to a generic "Internal error" reply.
+"""
+
+from __future__ import annotations
+
+from datetime import datetime, timezone
+
+from lnbits.core.crud import get_user
+from lnbits.core.models import WalletTypeInfo
+from lnbits.core.services.nostr_transport.models import NostrRpcRequest
+
+from .crud import get_event, get_ticket, update_ticket
+
+
+async def handle_events_ticket_register(
+    auth: WalletTypeInfo,
+    request: NostrRpcRequest,
+) -> dict:
+    """Mark a ticket as registered at the door (organizer flow).
+
+    The Nostr-transport dispatcher already verified the caller signed
+    the kind-21000 RPC event and bound them to `auth.wallet`. This
+    handler adds the event-level check: the ticket's event must be
+    owned by one of the caller's wallets.
+
+    Idempotence mirrors the HTTP endpoint: scanning the same ticket
+    twice fails with "Ticket already registered". The buyer-side flow
+    (notifications etc.) reuses whatever the legacy register endpoint
+    does — we just flip the flag + timestamp.
+    """
+    body = request.body or {}
+    event_id = body.get("event_id")
+    ticket_id = body.get("ticket_id")
+    if not event_id or not ticket_id:
+        raise ValueError("event_id and ticket_id are required")
+
+    ticket = await get_ticket(ticket_id)
+    if not ticket or ticket.event != event_id:
+        raise ValueError("Ticket does not exist on this event")
+    if not ticket.paid:
+        raise PermissionError("Ticket not paid for")
+    if ticket.registered:
+        raise PermissionError("Ticket already registered")
+
+    event = await get_event(event_id)
+    if not event:
+        raise ValueError("Event does not exist")
+
+    user = await get_user(auth.wallet.user)
+    owned_wallet_ids = user.wallet_ids if user else [auth.wallet.id]
+    if event.wallet not in owned_wallet_ids:
+        raise PermissionError("You do not own this event")
+
+    ticket.registered = True
+    ticket.reg_timestamp = datetime.now(timezone.utc)
+    await update_ticket(ticket)
+    return ticket.dict()