diff --git a/__init__.py b/__init__.py index 01b145e..b6b58a9 100644 --- a/__init__.py +++ b/__init__.py @@ -46,38 +46,6 @@ def events_start(): task1 = create_permanent_unique_task("ext_events", wait_for_paid_invoices) scheduled_tasks.append(task1) - # Register nostr-transport RPCs. Swallow ImportError on older LNbits - # versions that pre-date the transport (the events extension still - # works fine via HTTP without it). - try: - from lnbits.core.services.nostr_transport.dispatcher import ( - AUTH_WALLET, - register_rpc, - ) - - from .transport_rpcs import ( - handle_events_list_event_tickets, - handle_events_ticket_register, - ) - - register_rpc( - "events_ticket_register", handle_events_ticket_register, AUTH_WALLET - ) - register_rpc( - "events_list_event_tickets", - handle_events_list_event_tickets, - AUTH_WALLET, - ) - logger.info( - "[EVENTS] Registered nostr-transport RPCs: " - "events_ticket_register, events_list_event_tickets" - ) - except ImportError: - logger.info( - "[EVENTS] nostr_transport not available on this LNbits — " - "ticket scanner over Nostr disabled, HTTP endpoint still works" - ) - async def _start_nostr_client(): global nostr_client await asyncio.sleep(10) # Wait for nostrclient to be ready diff --git a/crud.py b/crud.py index 551a3bc..a72b3b3 100644 --- a/crud.py +++ b/crud.py @@ -139,15 +139,6 @@ async def get_tickets(wallet_ids: str | list[str]) -> list[Ticket]: return [Ticket(**_parse_ticket_row(row)) for row in rows] -async def get_tickets_by_event(event_id: str) -> list[Ticket]: - """All ticket rows for the given calendar event id.""" - rows = await db.fetchall( - "SELECT * FROM events.ticket WHERE event = :event_id", - {"event_id": event_id}, - ) - return [Ticket(**_parse_ticket_row(row)) for row in rows] - - async def get_tickets_by_user_id(user_id: str) -> list[Ticket]: """All tickets owned by the given LNbits user_id.""" rows = await db.fetchall( diff --git a/static/js/index.js b/static/js/index.js index 2b4bcb9..a65f5f8 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -14,51 +14,6 @@ window.PageEvents = { settings: { auto_approve: false }, - allUsersEventsTable: { - // Shown on the admin All Users' Events card. Includes the - // wallet owner (`wallet_user_id` resolved server-side) so - // cross-tenant rows are attributable to a user. - columns: [ - { - name: 'wallet_user_id', - align: 'left', - label: 'Owner', - field: 'wallet_user_id' - }, - {name: 'id', align: 'left', label: 'ID', field: 'id'}, - {name: 'name', align: 'left', label: 'Name', field: 'name'}, - { - name: 'event_start_date', - align: 'left', - label: 'Start date', - field: 'event_start_date' - }, - { - name: 'event_end_date', - align: 'left', - label: 'End date', - field: 'event_end_date' - }, - { - name: 'closing_date', - align: 'left', - label: 'Ticket close', - field: 'closing_date' - }, - { - name: 'canceled', - align: 'left', - label: 'Canceled', - field: row => { - if (row.extra && row.extra.conditional && row.canceled) { - return 'Yes' - } - return 'No' - } - }, - {name: 'status', align: 'left', label: 'Status', field: 'status'} - ] - }, eventsTable: { columns: [ {name: 'id', align: 'left', label: 'ID', field: 'id'}, diff --git a/static/js/index.vue b/static/js/index.vue index 6e6891f..4760c6b 100644 --- a/static/js/index.vue +++ b/static/js/index.vue @@ -286,6 +286,51 @@ + + +
+
+
+ All Users' Events + +
+
+
+ + + + + + +
@@ -364,51 +409,6 @@ - - - -
-
-
- All Users' Events - -
-
-
- - - - - -
diff --git a/transport_rpcs.py b/transport_rpcs.py deleted file mode 100644 index e278f91..0000000 --- a/transport_rpcs.py +++ /dev/null @@ -1,120 +0,0 @@ -""" -Nostr-transport RPC handlers for the aiolabs/events extension. - -Each handler is registered with `lnbits.core.services.nostr_transport. -dispatcher.register_rpc` in `events_start()`. The dispatcher resolves -the caller's Nostr pubkey to an LNbits Account → wallet (`AUTH_WALLET`) -and passes a `WalletTypeInfo` as the first argument; handlers verify -event-level ownership on top. - -Errors raise `PermissionError` / `ValueError` so the dispatcher maps -them into `{status: "ERROR", error: }` responses; any other -exception falls through to a generic "Internal error" reply. -""" - -from __future__ import annotations - -from datetime import datetime, timezone - -from lnbits.core.crud import get_user -from lnbits.core.models import WalletTypeInfo -from lnbits.core.services.nostr_transport.models import NostrRpcRequest - -from .crud import get_event, get_ticket, get_tickets_by_event, update_ticket - - -async def handle_events_ticket_register( - auth: WalletTypeInfo, - request: NostrRpcRequest, -) -> dict: - """Mark a ticket as registered at the door (organizer flow). - - The Nostr-transport dispatcher already verified the caller signed - the kind-21000 RPC event and bound them to `auth.wallet`. This - handler adds the event-level check: the ticket's event must be - owned by one of the caller's wallets. - - Idempotence mirrors the HTTP endpoint: scanning the same ticket - twice fails with "Ticket already registered". The buyer-side flow - (notifications etc.) reuses whatever the legacy register endpoint - does — we just flip the flag + timestamp. - """ - body = request.body or {} - event_id = body.get("event_id") - ticket_id = body.get("ticket_id") - if not event_id or not ticket_id: - raise ValueError("event_id and ticket_id are required") - - ticket = await get_ticket(ticket_id) - if not ticket or ticket.event != event_id: - raise ValueError("Ticket does not exist on this event") - if not ticket.paid: - raise PermissionError("Ticket not paid for") - if ticket.registered: - raise PermissionError("Ticket already registered") - - event = await get_event(event_id) - if not event: - raise ValueError("Event does not exist") - - user = await get_user(auth.wallet.user) - owned_wallet_ids = user.wallet_ids if user else [auth.wallet.id] - if event.wallet not in owned_wallet_ids: - raise PermissionError("You do not own this event") - - ticket.registered = True - ticket.reg_timestamp = datetime.now(timezone.utc) - await update_ticket(ticket) - return ticket.dict() - - -async def handle_events_list_event_tickets( - auth: WalletTypeInfo, - request: NostrRpcRequest, -) -> dict: - """Return paid + registered counts plus the per-ticket roster for - one calendar event, organizer-only. - - Backs the door scanner's counts strip and "All scanned" tab so the - UI reads authoritative state from the backend instead of relying - on per-device localStorage (which diverges the moment a second - organizer scans, or the operator switches devices). - - The roster only includes paid tickets — proposed/unpaid rows are - irrelevant at the door. - """ - body = request.body or {} - event_id = body.get("event_id") - if not event_id: - raise ValueError("event_id is required") - - event = await get_event(event_id) - if not event: - raise ValueError("Event does not exist") - - user = await get_user(auth.wallet.user) - owned_wallet_ids = user.wallet_ids if user else [auth.wallet.id] - if event.wallet not in owned_wallet_ids: - raise PermissionError("You do not own this event") - - tickets = await get_tickets_by_event(event_id) - paid_tickets = [t for t in tickets if t.paid] - registered_count = sum(1 for t in paid_tickets if t.registered) - - return { - "event_id": event_id, - "sold": len(paid_tickets), - "registered": registered_count, - "remaining": len(paid_tickets) - registered_count, - "tickets": [ - { - "id": t.id, - "name": t.name, - "registered": t.registered, - "registered_at": ( - t.reg_timestamp.isoformat() if t.reg_timestamp else None - ), - } - for t in paid_tickets - ], - } diff --git a/views_api.py b/views_api.py index 3edd953..e7c118f 100644 --- a/views_api.py +++ b/views_api.py @@ -101,22 +101,9 @@ async def api_events_public() -> list[Event]: @events_api_router.get("/all") async def api_events_all( admin: Account = Depends(check_admin), -) -> list[dict]: - """All events across all wallets, with each row's wallet owner - resolved to a user_id. LNbits admin only. - - Returns dicts (not strict `Event` rows) so the response can carry - the synthetic `wallet_user_id` column the admin UI uses to attribute - each cross-tenant event to a user. - """ - events = await get_all_events() - enriched: list[dict] = [] - for event in events: - wallet = await get_wallet(event.wallet) - row = event.dict() - row["wallet_user_id"] = wallet.user if wallet else None - enriched.append(row) - return enriched +) -> list[Event]: + """All events across all wallets. LNbits admin only.""" + return await get_all_events() @events_api_router.get("/pending") @@ -779,24 +766,7 @@ async def api_ticket_resend_email( @tickets_api_router.put("/register/{ticket_id}") -async def api_event_register_ticket( - ticket_id: str, - key_info: WalletTypeInfo = Depends(require_admin_key), -) -> Ticket: - """Mark a ticket as registered at the door. - - Auth: wallet admin_key. Caller must own the event the ticket - belongs to — we check `event.wallet` against the user's full - wallet set so an organizer with multiple wallets can scan - regardless of which wallet's key they're using. - - Until v1.6.1-aio.3 this endpoint had no auth, which meant any - caller who knew a ticket id could register it. The - Nostr-transport flow at `events_ticket_register` is now the - preferred call site for the webapp; this HTTP path stays for - the legacy LNbits Quasar register page which already sends - the wallet admin_key through `LNbits.api.request`. - """ +async def api_event_register_ticket(ticket_id) -> Ticket: ticket = await get_ticket(ticket_id) if not ticket: @@ -804,20 +774,6 @@ async def api_event_register_ticket( status_code=HTTPStatus.NOT_FOUND, detail="Ticket does not exist." ) - event = await get_event(ticket.event) - if not event: - raise HTTPException( - status_code=HTTPStatus.NOT_FOUND, detail="Event does not exist." - ) - - user = await get_user(key_info.wallet.user) - owned_wallet_ids = user.wallet_ids if user else [key_info.wallet.id] - if event.wallet not in owned_wallet_ids: - raise HTTPException( - status_code=HTTPStatus.FORBIDDEN, - detail="You do not own this event.", - ) - if not ticket.paid: raise HTTPException( status_code=HTTPStatus.FORBIDDEN, detail="Ticket not paid for."