diff --git a/crud.py b/crud.py index 004fa7f..a72b3b3 100644 --- a/crud.py +++ b/crud.py @@ -41,8 +41,19 @@ async def create_ticket( email: str | None = None, user_id: str | None = None, extra: dict | None = None, + ticket_id: str | None = None, ) -> Ticket: + """Persist one ticket row. + + `payment_hash` is the LNbits invoice hash shared across all rows + of a multi-ticket purchase. `ticket_id` is the row primary key / + scannable id; defaults to `payment_hash` for single-ticket + purchases so the legacy id == payment_hash invariant holds. + Multi-ticket callers pass a unique uuid here so each attendee + gets a distinct scannable QR. + """ now = datetime.now(timezone.utc) + row_id = ticket_id or payment_hash # name/email columns are NOT NULL in the schema, so we store "" when only # user_id is supplied. _parse_ticket_row reverses this on read. @@ -54,7 +65,7 @@ async def create_ticket( db_email = email or "" db_ticket = Ticket( - id=payment_hash, + id=row_id, wallet=wallet, event=event, name=db_name, @@ -65,11 +76,12 @@ async def create_ticket( reg_timestamp=now, time=now, extra=TicketExtra(**extra) if extra else TicketExtra(), + payment_hash=payment_hash, ) await db.insert("events.ticket", db_ticket) return Ticket( - id=payment_hash, + id=row_id, wallet=wallet, event=event, name=name, @@ -80,6 +92,7 @@ async def create_ticket( reg_timestamp=now, time=now, extra=TicketExtra(**extra) if extra else TicketExtra(), + payment_hash=payment_hash, ) @@ -93,6 +106,21 @@ async def update_ticket(ticket: Ticket) -> Ticket: return ticket +async def get_tickets_by_payment_hash(payment_hash: str) -> list[Ticket]: + """All ticket rows sharing the given LNbits invoice payment_hash. + + For a single-ticket purchase returns one row (legacy invariant + `id == payment_hash` still holds). For a multi-ticket purchase + returns the N rows created with shared `payment_hash` but + distinct `id`s — each attendee's scannable QR. + """ + rows = await db.fetchall( + "SELECT * FROM events.ticket WHERE payment_hash = :ph", + {"ph": payment_hash}, + ) + return [Ticket(**_parse_ticket_row(row)) for row in rows] + + async def get_ticket(payment_hash: str) -> Ticket | None: row = await db.fetchone( "SELECT * FROM events.ticket WHERE id = :id", diff --git a/migrations_fork.py b/migrations_fork.py index 365d259..864cbb8 100644 --- a/migrations_fork.py +++ b/migrations_fork.py @@ -103,3 +103,28 @@ async def m001_aio_event_schema(db): await _alter_add_column_safe( db, "ALTER TABLE events.events ADD COLUMN categories TEXT" ) + + +async def m002_ticket_payment_hash(db): + """ + Add `ticket.payment_hash` for multi-ticket purchases. + + Multi-ticket purchases land as N rows sharing one LNbits invoice + (so each attendee gets a distinct scannable QR but the buyer + pays once). `ticket.id` stays the row primary key — for legacy + single-purchase rows it equals payment_hash; for multi-purchase + children it's a uuid generated at create-time. `payment_hash` + is the new join key for invoice lookup. + + Backfill existing rows from id so the + GET-tickets-by-payment-hash path keeps working for pre-migration + data (id was the payment_hash by invariant before this column). + """ + await _alter_add_column_safe( + db, "ALTER TABLE events.ticket ADD COLUMN payment_hash TEXT" + ) + await db.execute( + "UPDATE events.ticket SET payment_hash = id " + "WHERE payment_hash IS NULL OR payment_hash = ''" + ) + diff --git a/models.py b/models.py index d3f43d3..04520a0 100644 --- a/models.py +++ b/models.py @@ -133,6 +133,9 @@ class CreateTicket(BaseModel): nostr_identifier: str | None = None payment_method: str | None = None fiat_provider: str | None = None + # Number of tickets to buy on this single invoice. Bounded so a + # bad client can't run away with the organizer's capacity. + quantity: int = Field(default=1, ge=1, le=10) @root_validator def validate_identifiers(cls, values): @@ -158,6 +161,11 @@ class Ticket(BaseModel): time: datetime reg_timestamp: datetime extra: TicketExtra = Field(default_factory=TicketExtra) + # Shared LNbits invoice payment_hash. Equals `id` for single-ticket + # purchases (legacy + post-migration default). Multi-ticket + # purchases create N rows sharing one payment_hash so each attendee + # gets a distinct scannable id while the buyer pays once. + payment_hash: str | None = None class PublicTicket(BaseModel): @@ -175,3 +183,8 @@ class TicketPaymentRequest(BaseModel): fiat_payment_request: str | None = None fiat_provider: str | None = None is_fiat: bool = False + # Row ids created on this invoice — one for single-ticket + # purchases, N for multi-ticket (each independently scannable at + # the door). Buyers fetch these after payment to render N QRs in + # My Tickets. + ticket_ids: list[str] = Field(default_factory=list) diff --git a/tasks.py b/tasks.py index 1d30dce..1641a75 100644 --- a/tasks.py +++ b/tasks.py @@ -4,7 +4,7 @@ from lnbits.core.models import Payment from lnbits.tasks import register_invoice_listener from loguru import logger -from .crud import get_ticket +from .crud import get_ticket, get_tickets_by_payment_hash from .models import Ticket from .services import send_ticket_notification_in_background, set_ticket_paid @@ -37,13 +37,32 @@ async def on_invoice_paid(payment: Payment) -> None: if not payment.extra or "events" != payment.extra.get("tag"): return - ticket = await get_ticket(payment.payment_hash) - if not ticket: - logger.warning(f"Ticket for payment {payment.payment_hash} not found.") + # Multi-ticket purchases land as N rows sharing this payment_hash; + # each one needs to be marked paid + counted against capacity, and + # each gets its own buyer notification (mostly a no-op when all + # rows are owned by the same buyer, but cheap and consistent). + tickets = await get_tickets_by_payment_hash(payment.payment_hash) + if not tickets: + # Backstop for any legacy row created before the payment_hash + # column was populated by the migration backfill. + legacy = await get_ticket(payment.payment_hash) + if legacy: + tickets = [legacy] + + if not tickets: + logger.warning(f"No tickets for payment {payment.payment_hash}.") return - ticket = await set_ticket_paid(ticket) - send_ticket_notification_in_background(ticket) + paid_tickets: list[Ticket] = [] + for ticket in tickets: + paid_tickets.append(await set_ticket_paid(ticket)) + + for paid_ticket in paid_tickets: + send_ticket_notification_in_background(paid_ticket) + + # Wake up the WebSocket / poll listeners. Forward the first paid + # ticket so the existing single-ticket subscribers still work; the + # webapp re-fetches all ids via the polling endpoint anyway. if payment_listeners.get(payment.payment_hash): for paid_ticket_queue in payment_listeners[payment.payment_hash]: - paid_ticket_queue.put_nowait(ticket) + paid_ticket_queue.put_nowait(paid_tickets[0]) diff --git a/views_api.py b/views_api.py index b25d2c4..c288c20 100644 --- a/views_api.py +++ b/views_api.py @@ -17,6 +17,7 @@ from lnbits.core.crud.wallets import get_wallet from lnbits.core.models import Account, User, WalletTypeInfo from lnbits.core.models.payments import CreateInvoice from lnbits.core.services import create_payment_request +from lnbits.helpers import urlsafe_short_hash from lnbits.decorators import ( check_admin, check_user_exists, @@ -46,6 +47,7 @@ from .crud import ( get_settings, get_ticket, get_tickets, + get_tickets_by_payment_hash, get_tickets_by_user_id, purge_unpaid_tickets, update_event, @@ -508,8 +510,16 @@ async def api_ticket_create( ) if event.canceled: raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is canceled.") - if event.amount_tickets > 0 and event.sold >= event.amount_tickets: - raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is sold out.") + quantity = data.quantity + if event.amount_tickets > 0: + if event.sold >= event.amount_tickets: + raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is sold out.") + remaining = event.amount_tickets - event.sold + if quantity > remaining: + raise HTTPException( + status_code=HTTPStatus.BAD_REQUEST, + detail=f"Only {remaining} ticket(s) remaining for this event.", + ) name = data.name email = data.email @@ -531,7 +541,7 @@ async def api_ticket_create( status_code=HTTPStatus.BAD_REQUEST, detail="Invalid Nostr identifier.", ) from exc - price = event.price_per_ticket + unit_price = event.price_per_ticket extra: dict[str, Any] = {"tag": "events", "name": name, "email": email} if promo_code: @@ -543,7 +553,9 @@ async def api_ticket_create( # get the promocode promo = next(pc for pc in event.extra.promo_codes if pc.code == promo_code) extra["promo_code"] = promo.code - price = event.price_per_ticket * (1 - promo.discount_percent / 100) + unit_price = event.price_per_ticket * (1 - promo.discount_percent / 100) + # Scale by quantity AFTER the promo applies. One invoice, N tickets. + price = unit_price * quantity if payment_method == "fiat" and not event.allow_fiat: raise HTTPException( @@ -600,21 +612,32 @@ async def api_ticket_create( extra=extra, ), ) - await create_ticket( - payment_hash=payment.payment_hash, - wallet=event.wallet, - event=event.id, - name=name, - email=email, - user_id=user_id, - extra={ - "applied_promo_code": promo_code, - "refund_address": refund_address, - "nostr_identifier": nostr_identifier, - "ticket_base_url": str(request.base_url).rstrip("/"), - "sats_paid": payment.sat, - }, - ) + # Multi-ticket purchases land as N rows sharing the LNbits invoice + # payment_hash but with distinct `id`s — one independently + # scannable QR per attendee. The first row reuses payment_hash as + # its id so the legacy single-purchase invariant + # (`id == payment_hash`) still holds for quantity == 1 callers. + ticket_ids: list[str] = [] + sats_per_ticket = payment.sat // quantity if quantity else payment.sat + for index in range(quantity): + row_id = payment.payment_hash if index == 0 else urlsafe_short_hash() + await create_ticket( + payment_hash=payment.payment_hash, + wallet=event.wallet, + event=event.id, + name=name, + email=email, + user_id=user_id, + ticket_id=row_id, + extra={ + "applied_promo_code": promo_code, + "refund_address": refund_address, + "nostr_identifier": nostr_identifier, + "ticket_base_url": str(request.base_url).rstrip("/"), + "sats_paid": sats_per_ticket, + }, + ) + ticket_ids.append(row_id) return TicketPaymentRequest( payment_hash=payment.payment_hash, @@ -622,30 +645,34 @@ async def api_ticket_create( fiat_payment_request=getattr(payment, "extra", {}).get("fiat_payment_request"), fiat_provider=getattr(payment, "fiat_provider", None) or fiat_provider, is_fiat=bool(getattr(payment, "fiat_provider", None) or fiat_provider), + ticket_ids=ticket_ids, ) @tickets_api_router.post("/{event_id}/{payment_hash}") async def api_ticket_payment_status(event_id: str, payment_hash: str) -> dict: - """Poll-style payment confirmation for a pending ticket. + """Poll-style payment confirmation for a pending ticket purchase. - The webapp's `useTicketPurchase` polls this every 2s after firing - `Pay with Wallet` (or after presenting the QR for an external - wallet) until `paid: true` comes back, then advances to the - ticket-QR success state. The companion WebSocket at - `/tickets/ws/{payment_hash}` is more efficient for pushes — this - endpoint is the fallback for clients that can't open a relay-side - socket. + The webapp polls this every 2s after presenting the invoice until + `paid: true` comes back, then advances to the success state. The + companion WebSocket at `/tickets/ws/{payment_hash}` is more + efficient for pushes — this endpoint is the fallback. - Returns `{paid: bool, ticket_id?: str}` so the client can hand off - to the ticket-detail flow without an extra GET. A missing / - cross-event ticket returns `paid: false` rather than 404 so the - poll loop doesn't have to special-case the not-yet-created race. + Returns `{paid, ticket_ids: [...]}` so multi-ticket buyers get + every scannable id back in one response (one for single-ticket + purchases). A missing / cross-event purchase returns + `paid: false` rather than 404 so the poll doesn't have to + special-case the not-yet-created race. """ - ticket = await get_ticket(payment_hash) - if not ticket or ticket.event != event_id: + tickets = await get_tickets_by_payment_hash(payment_hash) + relevant = [t for t in tickets if t.event == event_id] + if not relevant: return {"paid": False} - return {"paid": ticket.paid, "ticket_id": ticket.id} + return { + "paid": all(t.paid for t in relevant), + "ticket_id": relevant[0].id, # back-compat with single-ticket clients + "ticket_ids": [t.id for t in relevant], + } @tickets_api_router.websocket("/ws/{payment_hash}")