From 814581f3079fddf4963186432e2d9fdf89c8f73e Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 20:30:03 +0200 Subject: [PATCH 01/23] feat: expose GET /tickets/user/{user_id} endpoint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The webapp My Tickets view + the owned-ticket badges in the activities feed both rely on this endpoint to enumerate a buyer's tickets across all events. The CRUD function already existed (`get_tickets_by_user_id`); just expose it. Auth: Bearer access token (the same shape the webapp already sends to other LNbits endpoints). The path param must match the token- bound user.id — users can only enumerate their own tickets, not anyone else's by ID-guessing. Returns full `Ticket` rows rather than `PublicTicket` because the owner needs the payment_hash (for the QR) + the `extra` envelope (for refund / promo / notification state) in My Tickets. Co-Authored-By: Claude Opus 4.7 (1M context) --- views_api.py | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/views_api.py b/views_api.py index 08e94ab..7fd3aa0 100644 --- a/views_api.py +++ b/views_api.py @@ -14,11 +14,12 @@ from fastapi import ( ) from lnbits.core.crud import get_user from lnbits.core.crud.wallets import get_wallet -from lnbits.core.models import Account, WalletTypeInfo +from lnbits.core.models import Account, User, WalletTypeInfo from lnbits.core.models.payments import CreateInvoice from lnbits.core.services import create_payment_request from lnbits.decorators import ( check_admin, + check_user_exists, require_admin_key, require_invoice_key, ) @@ -45,6 +46,7 @@ from .crud import ( get_settings, get_ticket, get_tickets, + get_tickets_by_user_id, purge_unpaid_tickets, update_event, update_settings, @@ -399,6 +401,27 @@ async def api_tickets( return await get_tickets(wallet_ids) +@tickets_api_router.get("/user/{user_id}") +async def api_tickets_by_user( + user_id: str, + user: User = Depends(check_user_exists), +) -> list[Ticket]: + """All tickets for the authenticated user. + + The `user_id` path param must match the token-bound user so a + Bearer-authenticated session can only enumerate its own tickets. + Returns full `Ticket` rows (not `PublicTicket`) since the owner + needs the payment_hash to render the QR + the `extra` envelope + to surface payment/refund state in My Tickets. + """ + if user_id != user.id: + raise HTTPException( + status_code=HTTPStatus.FORBIDDEN, + detail="Can only fetch your own tickets.", + ) + return await get_tickets_by_user_id(user_id) + + @tickets_api_router.get("/{ticket_id}", response_model=PublicTicket) async def api_get_ticket(ticket_id: str) -> Ticket: ticket = await get_ticket(ticket_id) From edf1493e0cb9028bcae707938c31338ecf6f7077 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 20:31:56 +0200 Subject: [PATCH 02/23] feat: publish ticket counts in NIP-52 tags + republish on sale MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Inventory sync over Nostr, mirroring how nostrmarket republishes kind 30018 product events when stock changes. Connected webapp / other-client subscriptions pick up the new state via their existing relay subscription — no REST polling needed. build_nip52_event grows four AIO custom tags on every published kind 31922/31923 event: - tickets_available — current remaining (omitted when amount_tickets is 0, the schema's "unlimited" sentinel, so clients can tell the difference between unlimited and sold-out) - tickets_sold — running count, always emitted (clients derive original_capacity = available + sold for progress bars) - tickets_price — price_per_ticket (0 means free) - tickets_currency — the currency string Tags are AIO additions outside the NIP-52 spec; spec-compliant clients MUST ignore unknown tags so this stays backwards-compatible. set_ticket_paid calls publish_or_delete_nostr_event after the counter update so the new state lands on relays. The whole sequence (counter update + republish) is wrapped in a per-event-id asyncio lock to address the existing # todo: lock and to ensure two paid invoices for the same event can't reorder the published state. Failures inside the Nostr publish are logged + swallowed by the existing wrapper, so a relay outage can never break the payment flow. Co-Authored-By: Claude Opus 4.7 (1M context) --- nostr_publisher.py | 28 ++++++++++++++++++++++++---- services.py | 39 ++++++++++++++++++++++++++++++++------- 2 files changed, 56 insertions(+), 11 deletions(-) diff --git a/nostr_publisher.py b/nostr_publisher.py index a6d487b..240b406 100644 --- a/nostr_publisher.py +++ b/nostr_publisher.py @@ -39,12 +39,23 @@ def build_nip52_event(event: Event, pubkey: str) -> NostrEvent: Time-based (kind 31923) if event_start_date carries an HH:MM, otherwise date-based (kind 31922). Tags: - d - event.id - title - event.name - start - unix timestamp (31923) or YYYY-MM-DD (31922) - end - same encoding (optional) + d - event.id + title - event.name + start - unix timestamp (31923) or YYYY-MM-DD (31922) + end - same encoding (optional) image, location, t (categories) - optional + tickets_available - current remaining capacity (omitted when unlimited) + tickets_sold - running paid-count (always emitted; clients can + derive original_capacity = available + sold) + tickets_price - price_per_ticket (always emitted; 0 means free) + tickets_currency - the currency string Content: event.info + + The four ticket_* tags are AIO custom additions outside the NIP-52 + spec; spec-compliant clients ignore unknown tags so this stays + backwards-compatible. They let connected clients render the + "X tickets remaining" badge and the Buy CTA without an extra REST hop, + and pick up live inventory updates via the same relay subscription. """ time_based = _has_time(event.event_start_date) kind = 31923 if time_based else 31922 @@ -81,6 +92,15 @@ def build_nip52_event(event: Event, pubkey: str) -> NostrEvent: for cat in event.categories or []: tags.append(["t", cat]) + # `amount_tickets == 0` means unlimited capacity in this extension's + # schema. Omitting the tag is how clients distinguish unlimited from + # "0 left" (sold out). + if event.amount_tickets > 0: + tags.append(["tickets_available", str(event.amount_tickets)]) + tags.append(["tickets_sold", str(event.sold)]) + tags.append(["tickets_price", str(event.price_per_ticket)]) + tags.append(["tickets_currency", event.currency]) + nostr_event = NostrEvent( pubkey=pubkey, created_at=int(time.time()), diff --git a/services.py b/services.py index 159bbdc..0a2de28 100644 --- a/services.py +++ b/services.py @@ -1,5 +1,6 @@ from __future__ import annotations +import asyncio from asyncio.tasks import create_task from lnbits.core.models.users import UserNotifications @@ -21,6 +22,7 @@ from .crud import ( update_ticket, ) from .models import Event, Ticket +from .nostr_hooks import publish_or_delete_nostr_event DEFAULT_NOSTR_RELAYS = [ "wss://relay.damus.io", @@ -28,19 +30,42 @@ DEFAULT_NOSTR_RELAYS = [ "wss://relay.nostr.band", ] +# Per-event lock: serializes the counter-update + Nostr republish for a +# single event_id so two paid invoices landing on the listener queue back- +# to-back can't reorder the published state. Lazy-populated; entries are +# left in memory for the lifetime of the process (cheap — one asyncio.Lock +# object per event ever sold). +_event_paid_locks: dict[str, asyncio.Lock] = {} + + +def _event_paid_lock(event_id: str) -> asyncio.Lock: + lock = _event_paid_locks.get(event_id) + if lock is None: + lock = asyncio.Lock() + _event_paid_locks[event_id] = lock + return lock + async def set_ticket_paid(ticket: Ticket) -> Ticket: if ticket.paid: return ticket - ticket.paid = True - await update_ticket(ticket) + async with _event_paid_lock(ticket.event): + ticket.paid = True + await update_ticket(ticket) - event = await get_event(ticket.event) - assert event, "Couldn't get event from ticket being paid" - event.sold += 1 - event.amount_tickets -= 1 - await update_event(event) + event = await get_event(ticket.event) + assert event, "Couldn't get event from ticket being paid" + event.sold += 1 + event.amount_tickets -= 1 + await update_event(event) + + # Republish the NIP-52 calendar event so connected clients see + # the new tickets_available / tickets_sold counters via their + # existing relay subscription. Failures are logged + swallowed + # inside publish_or_delete_nostr_event so a Nostr outage doesn't + # break the payment flow. + await publish_or_delete_nostr_event(event) return ticket From b0d089d3c9c8a318984247716d49dc2ddd57098c Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 20:37:19 +0200 Subject: [PATCH 03/23] feat: also publish allow_fiat + fiat_currency in NIP-52 tags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The buyer-side webapp Purchase button needs allow_fiat to know whether to surface the fiat method, and fiat_currency for the conversion-preview label. Without these in the published Nostr event, the buyer would either have to REST-fetch the LNbits event again (defeats the inventory-sync goal) or guess. Same backwards-compat reasoning as the four counter tags — tags are AIO additions outside the NIP-52 spec; unknown tags are ignored by spec-compliant clients. - tickets_allow_fiat: "true" when the organizer enabled the fiat toggle. Omitted otherwise so the on-the-wire payload stays small for the common Lightning-only case. - tickets_fiat_currency: only emitted when allow_fiat is on (otherwise it'd be ambiguous what the value represents). Co-Authored-By: Claude Opus 4.7 (1M context) --- nostr_publisher.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/nostr_publisher.py b/nostr_publisher.py index 240b406..6867041 100644 --- a/nostr_publisher.py +++ b/nostr_publisher.py @@ -44,11 +44,13 @@ def build_nip52_event(event: Event, pubkey: str) -> NostrEvent: start - unix timestamp (31923) or YYYY-MM-DD (31922) end - same encoding (optional) image, location, t (categories) - optional - tickets_available - current remaining capacity (omitted when unlimited) - tickets_sold - running paid-count (always emitted; clients can - derive original_capacity = available + sold) - tickets_price - price_per_ticket (always emitted; 0 means free) - tickets_currency - the currency string + tickets_available - current remaining capacity (omitted when unlimited) + tickets_sold - running paid-count (always emitted; clients can + derive original_capacity = available + sold) + tickets_price - price_per_ticket (always emitted; 0 means free) + tickets_currency - the currency string + tickets_allow_fiat - "true" when fiat checkout is enabled (omitted otherwise) + tickets_fiat_currency - the fiat settle currency (only when allow_fiat) Content: event.info The four ticket_* tags are AIO custom additions outside the NIP-52 @@ -100,6 +102,12 @@ def build_nip52_event(event: Event, pubkey: str) -> NostrEvent: tags.append(["tickets_sold", str(event.sold)]) tags.append(["tickets_price", str(event.price_per_ticket)]) tags.append(["tickets_currency", event.currency]) + # Fiat-checkout config — only emitted when allow_fiat is on so + # clients can branch the buy UI without re-reading the schema. + if event.allow_fiat: + tags.append(["tickets_allow_fiat", "true"]) + if event.fiat_currency: + tags.append(["tickets_fiat_currency", event.fiat_currency]) nostr_event = NostrEvent( pubkey=pubkey, From 05593c9c3c8ed5ccecf852d1881a26d00db9b3d6 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 20:58:20 +0200 Subject: [PATCH 04/23] feat: POST /republish-all admin endpoint Loops over approved events and re-emits each NIP-52 calendar event. Useful as a one-shot migration after the publisher's tag set changes (e.g. the tickets_* tag rollout introduced in this PR) so existing events on a deployed instance pick up the new metadata without each organizer having to edit and save. Gated by check_admin (LNbits instance admin), errors swallowed per-event inside the publisher so one bad row doesn't block the rest. Returns a count summary. Co-Authored-By: Claude Opus 4.7 (1M context) --- views_api.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/views_api.py b/views_api.py index 7fd3aa0..b7c6a0d 100644 --- a/views_api.py +++ b/views_api.py @@ -112,6 +112,30 @@ async def api_events_pending( return await get_pending_events() +@events_api_router.post("/republish-all") +async def api_republish_all( + admin: Account = Depends(check_admin), +) -> dict: + """Force-republish every approved event to Nostr relays. Admin only. + + Used by the catalog-bump migration that introduced the AIO ticket + tags: existing events on a deployed instance were published before + the publisher learned the new tag set, so they don't carry + tickets_available / tickets_sold / etc. until something triggers + a republish. This endpoint walks the approved list and re-emits + each calendar event so connected clients see the new metadata + without waiting for a per-event edit. + + Errors are swallowed per-event (logged inside the publisher) so + one bad event doesn't block the rest. Returns a count summary. + """ + events = await get_all_events() + approved = [e for e in events if e.status == "approved" and not e.canceled] + for event in approved: + await publish_or_delete_nostr_event(event) + return {"republished": len(approved), "total": len(events)} + + @events_api_router.get("/settings") async def api_get_settings( admin: Account = Depends(check_admin), From fa2a6e40f0198d9ef26552434c3c63f81f520c82 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 21:00:30 +0200 Subject: [PATCH 05/23] feat(ui): "Republish all" button on the admin Settings card MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Surfaces the POST /republish-all endpoint added in the previous commit. Lives in the existing admin-gated Settings card on the events extension landing page, so the LNbits operator can trigger the migration without curl + access tokens. Confirm dialog before firing (the endpoint emits one Nostr event per approved row, fine to retry but worth a click of friction). Notification shows the republished/total count on success. Self-closing tags expanded per the LNbits UMD rule (webapp CLAUDE.md > LNbits + Quasar UMD gotchas) — q-separator and q-btn would silently nest wrong otherwise. Co-Authored-By: Claude Opus 4.7 (1M context) --- static/js/index.js | 28 ++++++++++++++++++++++++++++ static/js/index.vue | 22 ++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/static/js/index.js b/static/js/index.js index 022399c..8ec41a6 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -9,6 +9,7 @@ window.PageEvents = { pendingEvents: [], allUserEvents: [], isAdmin: false, + republishing: false, settings: { auto_approve: false }, @@ -275,6 +276,33 @@ window.PageEvents = { .catch(LNbits.utils.notifyApiError) }) }, + republishAllEvents() { + LNbits.utils + .confirmDialog( + 'Re-emit every approved event to Nostr relays? This is safe ' + + 'to run multiple times but generates one event per approved row.' + ) + .onOk(() => { + this.republishing = true + LNbits.api + .request('POST', '/events/api/v1/events/republish-all') + .then(response => { + Quasar.Notify.create({ + type: 'positive', + message: + 'Republished ' + + response.data.republished + + ' of ' + + response.data.total + + ' events' + }) + }) + .catch(LNbits.utils.notifyApiError) + .finally(() => { + this.republishing = false + }) + }) + }, foldDateTime(day, time) { // Combine separate date/time inputs into the wire format // expected by the events extension: "YYYY-MM-DD" or diff --git a/static/js/index.vue b/static/js/index.vue index 4117f47..befc230 100644 --- a/static/js/index.vue +++ b/static/js/index.vue @@ -15,6 +15,28 @@ > + +
+
+ Republish to Nostr +
+ Re-emit every approved event so connected clients pick + up the latest tag set. Useful after the extension + publisher changes (e.g. new tickets_* tags) so existing + events don't need a per-event edit. +
+
+
+ +
+
From ced6ca2b2b7591788424ea990470405dc4275fbc Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 21:02:36 +0200 Subject: [PATCH 06/23] feat: organizer-side "Republish mine" button + scoped endpoint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The admin /republish-all hits every approved event regardless of owner — useful for the catalog migration, but heavy. Organizers who want to re-emit just THEIR own events (e.g. after the AIO publisher gained the tickets_* tags and an organizer's events should pick them up) need a lighter knob. Backend: new POST /republish-mine wallet-scoped via require_admin_key, mirrors api_tickets's `all_wallets=true` shape so the page can re-emit across every wallet the user owns. Filters to approved + non-canceled rows. UI: "Republish mine" button alongside "New Event" so every logged-in user sees it (no isAdmin gate). Loading state + confirm dialog + success count notification. Co-Authored-By: Claude Opus 4.7 (1M context) --- static/js/index.js | 31 +++++++++++++++++++++++++++++++ static/js/index.vue | 20 +++++++++++++++++--- views_api.py | 31 +++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+), 3 deletions(-) diff --git a/static/js/index.js b/static/js/index.js index 8ec41a6..a65f5f8 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -10,6 +10,7 @@ window.PageEvents = { allUserEvents: [], isAdmin: false, republishing: false, + republishingMine: false, settings: { auto_approve: false }, @@ -303,6 +304,36 @@ window.PageEvents = { }) }) }, + republishMyEvents() { + LNbits.utils + .confirmDialog( + 'Re-emit your approved events to Nostr relays?' + ) + .onOk(() => { + this.republishingMine = true + LNbits.api + .request( + 'POST', + '/events/api/v1/events/republish-mine?all_wallets=true', + this.g.user.wallets[0].adminkey + ) + .then(response => { + Quasar.Notify.create({ + type: 'positive', + message: + 'Republished ' + + response.data.republished + + ' of your ' + + response.data.total + + ' events' + }) + }) + .catch(LNbits.utils.notifyApiError) + .finally(() => { + this.republishingMine = false + }) + }) + }, foldDateTime(day, time) { // Combine separate date/time inputs into the wire format // expected by the events extension: "YYYY-MM-DD" or diff --git a/static/js/index.vue b/static/js/index.vue index befc230..4760c6b 100644 --- a/static/js/index.vue +++ b/static/js/index.vue @@ -42,9 +42,23 @@ - New Event +
+ New Event + +
+
+ Re-emit your approved events to Nostr relays. Useful after + a publisher upgrade or if a relay dropped your events. +
diff --git a/views_api.py b/views_api.py index b7c6a0d..35da0cd 100644 --- a/views_api.py +++ b/views_api.py @@ -136,6 +136,37 @@ async def api_republish_all( return {"republished": len(approved), "total": len(events)} +@events_api_router.post("/republish-mine") +async def api_republish_mine( + all_wallets: bool = Query(False), + key_info: WalletTypeInfo = Depends(require_admin_key), +) -> dict: + """Force-republish the caller's own approved events to Nostr relays. + + Same shape as /republish-all but scoped to events owned by the + authenticated wallet (or all wallets belonging to the wallet's + user when `?all_wallets=true`). Lets the organizer trigger the + same migration the admin uses, without needing instance-admin + rights — useful when the AIO publisher gains a new tag set and + an organizer wants their published events to carry it. + + Only events with `status == "approved"` are republished; pending + and rejected rows aren't on relays in the first place, so a + republish for them would be a no-op (or worse, surface a + proposed-but-not-approved row to subscribers). + """ + wallet_ids: list[str] = [key_info.wallet.id] + if all_wallets: + user = await get_user(key_info.wallet.user) + wallet_ids = user.wallet_ids if user else [] + + events = await get_events(wallet_ids) + approved = [e for e in events if e.status == "approved" and not e.canceled] + for event in approved: + await publish_or_delete_nostr_event(event) + return {"republished": len(approved), "total": len(events)} + + @events_api_router.get("/settings") async def api_get_settings( admin: Account = Depends(check_admin), From 902bafe7f20dfbd2f8535afbcf277517a78c244e Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 21:06:03 +0200 Subject: [PATCH 07/23] feat: POST /tickets/{event_id}/{payment_hash} polling endpoint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The webapp's useTicketPurchase polls this every 2s after firing Pay with Wallet (or after presenting the QR) to confirm payment before advancing to the ticket-QR success state. Without this endpoint the post-payment poll loop returns 404 indefinitely and the buyer never sees their ticket land — even though set_ticket_paid fired on the invoice listener and the row is correctly marked paid in the DB. Returns {paid: bool, ticket_id?: str}. A missing or cross-event ticket returns paid: false rather than 404 so the poll loop doesn't need to special-case the not-yet-created race. The WebSocket at /tickets/ws/{payment_hash} is more efficient for push notifications — this POST is the fallback for clients that can't open a relay-side socket. Co-Authored-By: Claude Opus 4.7 (1M context) --- views_api.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/views_api.py b/views_api.py index 35da0cd..f04f24e 100644 --- a/views_api.py +++ b/views_api.py @@ -623,6 +623,29 @@ async def api_ticket_create( ) +@tickets_api_router.post("/{event_id}/{payment_hash}") +async def api_ticket_payment_status(event_id: str, payment_hash: str) -> dict: + """Poll-style payment confirmation for a pending ticket. + + The webapp's `useTicketPurchase` polls this every 2s after firing + `Pay with Wallet` (or after presenting the QR for an external + wallet) until `paid: true` comes back, then advances to the + ticket-QR success state. The companion WebSocket at + `/tickets/ws/{payment_hash}` is more efficient for pushes — this + endpoint is the fallback for clients that can't open a relay-side + socket. + + Returns `{paid: bool, ticket_id?: str}` so the client can hand off + to the ticket-detail flow without an extra GET. A missing / + cross-event ticket returns `paid: false` rather than 404 so the + poll loop doesn't have to special-case the not-yet-created race. + """ + ticket = await get_ticket(payment_hash) + if not ticket or ticket.event != event_id: + return {"paid": False} + return {"paid": ticket.paid, "ticket_id": ticket.id} + + @tickets_api_router.websocket("/ws/{payment_hash}") async def websocket_endpoint(payment_hash: str, websocket: WebSocket) -> None: await websocket.accept() From 36568d3eee6de3bfcb256891a2baf4359c540c2b Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 21:10:33 +0200 Subject: [PATCH 08/23] fix: propagate CreateTicket.user_id to the persisted ticket row MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit api_ticket_create accepted user_id in the CreateTicket request body (its root_validator even requires user_id XOR name+email), but dropped it on the way to crud.create_ticket — tickets ended up with user_id = NULL and the new GET /tickets/user/{id} endpoint returned an empty list for every webapp buyer. Pull data.user_id alongside name/email and forward it to create_ticket. Backfilling existing rows is left to the operator (deployment-specific data fix); fresh purchases starting from this commit are correctly attributed. Co-Authored-By: Claude Opus 4.7 (1M context) --- views_api.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/views_api.py b/views_api.py index f04f24e..b25d2c4 100644 --- a/views_api.py +++ b/views_api.py @@ -513,6 +513,7 @@ async def api_ticket_create( name = data.name email = data.email + user_id = data.user_id promo_code = data.promo_code.upper() if data.promo_code else None refund_address = data.refund_address nostr_identifier = data.nostr_identifier.strip() if data.nostr_identifier else None @@ -605,6 +606,7 @@ async def api_ticket_create( event=event.id, name=name, email=email, + user_id=user_id, extra={ "applied_promo_code": promo_code, "refund_address": refund_address, From 59068fe09d25141c632897f89aa32923ccac3136 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 22:35:56 +0200 Subject: [PATCH 09/23] feat: multi-ticket purchases as N rows sharing one payment_hash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaces the previous "one row, N seats via extra.quantity" model with proper one-row-per-attendee semantics. Each attendee gets a unique scannable id; the door PUT /register/{ticket_id} marks them registered independently — so a buyer can purchase 3 tickets, hand 2 QRs to friends arriving separately, and each attendee can enter on their own schedule. Schema (migrations_fork.py m002): - ticket.payment_hash: new TEXT column shared across all rows of a multi-ticket purchase. Backfilled `payment_hash = id` for pre-migration rows (id WAS the payment_hash by invariant). Wire: - TicketPaymentRequest grows `ticket_ids: list[str]` so the webapp gets every scannable id back in the create response. - POST /tickets/{event_id}/{payment_hash} polling endpoint now reports `ticket_ids` (every row) + keeps `ticket_id` for back-compat. - api_ticket_create loops quantity times; the first row reuses payment_hash as id (preserves legacy `id == payment_hash` invariant for single-ticket purchases), the rest get urlsafe_short_hash() uuids. Payment flow: - on_invoice_paid fetches all rows by payment_hash and marks each paid via set_ticket_paid, which now increments event.sold by 1 per row (was N per row via extra.quantity — simpler now). The per-event asyncio lock still serializes counter + republish so concurrent multi-ticket purchases for the same event don't reorder the published Nostr state. - Each paid row triggers its own send_ticket_notification_in_ background call — no-op for buyers without nostr_identifier / email, useful when the buyer set those on the row. Co-Authored-By: Claude Opus 4.7 (1M context) --- crud.py | 32 +++++++++++++++- migrations_fork.py | 25 ++++++++++++ models.py | 13 +++++++ tasks.py | 33 ++++++++++++---- views_api.py | 95 +++++++++++++++++++++++++++++----------------- 5 files changed, 155 insertions(+), 43 deletions(-) diff --git a/crud.py b/crud.py index 004fa7f..a72b3b3 100644 --- a/crud.py +++ b/crud.py @@ -41,8 +41,19 @@ async def create_ticket( email: str | None = None, user_id: str | None = None, extra: dict | None = None, + ticket_id: str | None = None, ) -> Ticket: + """Persist one ticket row. + + `payment_hash` is the LNbits invoice hash shared across all rows + of a multi-ticket purchase. `ticket_id` is the row primary key / + scannable id; defaults to `payment_hash` for single-ticket + purchases so the legacy id == payment_hash invariant holds. + Multi-ticket callers pass a unique uuid here so each attendee + gets a distinct scannable QR. + """ now = datetime.now(timezone.utc) + row_id = ticket_id or payment_hash # name/email columns are NOT NULL in the schema, so we store "" when only # user_id is supplied. _parse_ticket_row reverses this on read. @@ -54,7 +65,7 @@ async def create_ticket( db_email = email or "" db_ticket = Ticket( - id=payment_hash, + id=row_id, wallet=wallet, event=event, name=db_name, @@ -65,11 +76,12 @@ async def create_ticket( reg_timestamp=now, time=now, extra=TicketExtra(**extra) if extra else TicketExtra(), + payment_hash=payment_hash, ) await db.insert("events.ticket", db_ticket) return Ticket( - id=payment_hash, + id=row_id, wallet=wallet, event=event, name=name, @@ -80,6 +92,7 @@ async def create_ticket( reg_timestamp=now, time=now, extra=TicketExtra(**extra) if extra else TicketExtra(), + payment_hash=payment_hash, ) @@ -93,6 +106,21 @@ async def update_ticket(ticket: Ticket) -> Ticket: return ticket +async def get_tickets_by_payment_hash(payment_hash: str) -> list[Ticket]: + """All ticket rows sharing the given LNbits invoice payment_hash. + + For a single-ticket purchase returns one row (legacy invariant + `id == payment_hash` still holds). For a multi-ticket purchase + returns the N rows created with shared `payment_hash` but + distinct `id`s — each attendee's scannable QR. + """ + rows = await db.fetchall( + "SELECT * FROM events.ticket WHERE payment_hash = :ph", + {"ph": payment_hash}, + ) + return [Ticket(**_parse_ticket_row(row)) for row in rows] + + async def get_ticket(payment_hash: str) -> Ticket | None: row = await db.fetchone( "SELECT * FROM events.ticket WHERE id = :id", diff --git a/migrations_fork.py b/migrations_fork.py index 365d259..864cbb8 100644 --- a/migrations_fork.py +++ b/migrations_fork.py @@ -103,3 +103,28 @@ async def m001_aio_event_schema(db): await _alter_add_column_safe( db, "ALTER TABLE events.events ADD COLUMN categories TEXT" ) + + +async def m002_ticket_payment_hash(db): + """ + Add `ticket.payment_hash` for multi-ticket purchases. + + Multi-ticket purchases land as N rows sharing one LNbits invoice + (so each attendee gets a distinct scannable QR but the buyer + pays once). `ticket.id` stays the row primary key — for legacy + single-purchase rows it equals payment_hash; for multi-purchase + children it's a uuid generated at create-time. `payment_hash` + is the new join key for invoice lookup. + + Backfill existing rows from id so the + GET-tickets-by-payment-hash path keeps working for pre-migration + data (id was the payment_hash by invariant before this column). + """ + await _alter_add_column_safe( + db, "ALTER TABLE events.ticket ADD COLUMN payment_hash TEXT" + ) + await db.execute( + "UPDATE events.ticket SET payment_hash = id " + "WHERE payment_hash IS NULL OR payment_hash = ''" + ) + diff --git a/models.py b/models.py index d3f43d3..04520a0 100644 --- a/models.py +++ b/models.py @@ -133,6 +133,9 @@ class CreateTicket(BaseModel): nostr_identifier: str | None = None payment_method: str | None = None fiat_provider: str | None = None + # Number of tickets to buy on this single invoice. Bounded so a + # bad client can't run away with the organizer's capacity. + quantity: int = Field(default=1, ge=1, le=10) @root_validator def validate_identifiers(cls, values): @@ -158,6 +161,11 @@ class Ticket(BaseModel): time: datetime reg_timestamp: datetime extra: TicketExtra = Field(default_factory=TicketExtra) + # Shared LNbits invoice payment_hash. Equals `id` for single-ticket + # purchases (legacy + post-migration default). Multi-ticket + # purchases create N rows sharing one payment_hash so each attendee + # gets a distinct scannable id while the buyer pays once. + payment_hash: str | None = None class PublicTicket(BaseModel): @@ -175,3 +183,8 @@ class TicketPaymentRequest(BaseModel): fiat_payment_request: str | None = None fiat_provider: str | None = None is_fiat: bool = False + # Row ids created on this invoice — one for single-ticket + # purchases, N for multi-ticket (each independently scannable at + # the door). Buyers fetch these after payment to render N QRs in + # My Tickets. + ticket_ids: list[str] = Field(default_factory=list) diff --git a/tasks.py b/tasks.py index 1d30dce..1641a75 100644 --- a/tasks.py +++ b/tasks.py @@ -4,7 +4,7 @@ from lnbits.core.models import Payment from lnbits.tasks import register_invoice_listener from loguru import logger -from .crud import get_ticket +from .crud import get_ticket, get_tickets_by_payment_hash from .models import Ticket from .services import send_ticket_notification_in_background, set_ticket_paid @@ -37,13 +37,32 @@ async def on_invoice_paid(payment: Payment) -> None: if not payment.extra or "events" != payment.extra.get("tag"): return - ticket = await get_ticket(payment.payment_hash) - if not ticket: - logger.warning(f"Ticket for payment {payment.payment_hash} not found.") + # Multi-ticket purchases land as N rows sharing this payment_hash; + # each one needs to be marked paid + counted against capacity, and + # each gets its own buyer notification (mostly a no-op when all + # rows are owned by the same buyer, but cheap and consistent). + tickets = await get_tickets_by_payment_hash(payment.payment_hash) + if not tickets: + # Backstop for any legacy row created before the payment_hash + # column was populated by the migration backfill. + legacy = await get_ticket(payment.payment_hash) + if legacy: + tickets = [legacy] + + if not tickets: + logger.warning(f"No tickets for payment {payment.payment_hash}.") return - ticket = await set_ticket_paid(ticket) - send_ticket_notification_in_background(ticket) + paid_tickets: list[Ticket] = [] + for ticket in tickets: + paid_tickets.append(await set_ticket_paid(ticket)) + + for paid_ticket in paid_tickets: + send_ticket_notification_in_background(paid_ticket) + + # Wake up the WebSocket / poll listeners. Forward the first paid + # ticket so the existing single-ticket subscribers still work; the + # webapp re-fetches all ids via the polling endpoint anyway. if payment_listeners.get(payment.payment_hash): for paid_ticket_queue in payment_listeners[payment.payment_hash]: - paid_ticket_queue.put_nowait(ticket) + paid_ticket_queue.put_nowait(paid_tickets[0]) diff --git a/views_api.py b/views_api.py index b25d2c4..c288c20 100644 --- a/views_api.py +++ b/views_api.py @@ -17,6 +17,7 @@ from lnbits.core.crud.wallets import get_wallet from lnbits.core.models import Account, User, WalletTypeInfo from lnbits.core.models.payments import CreateInvoice from lnbits.core.services import create_payment_request +from lnbits.helpers import urlsafe_short_hash from lnbits.decorators import ( check_admin, check_user_exists, @@ -46,6 +47,7 @@ from .crud import ( get_settings, get_ticket, get_tickets, + get_tickets_by_payment_hash, get_tickets_by_user_id, purge_unpaid_tickets, update_event, @@ -508,8 +510,16 @@ async def api_ticket_create( ) if event.canceled: raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is canceled.") - if event.amount_tickets > 0 and event.sold >= event.amount_tickets: - raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is sold out.") + quantity = data.quantity + if event.amount_tickets > 0: + if event.sold >= event.amount_tickets: + raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is sold out.") + remaining = event.amount_tickets - event.sold + if quantity > remaining: + raise HTTPException( + status_code=HTTPStatus.BAD_REQUEST, + detail=f"Only {remaining} ticket(s) remaining for this event.", + ) name = data.name email = data.email @@ -531,7 +541,7 @@ async def api_ticket_create( status_code=HTTPStatus.BAD_REQUEST, detail="Invalid Nostr identifier.", ) from exc - price = event.price_per_ticket + unit_price = event.price_per_ticket extra: dict[str, Any] = {"tag": "events", "name": name, "email": email} if promo_code: @@ -543,7 +553,9 @@ async def api_ticket_create( # get the promocode promo = next(pc for pc in event.extra.promo_codes if pc.code == promo_code) extra["promo_code"] = promo.code - price = event.price_per_ticket * (1 - promo.discount_percent / 100) + unit_price = event.price_per_ticket * (1 - promo.discount_percent / 100) + # Scale by quantity AFTER the promo applies. One invoice, N tickets. + price = unit_price * quantity if payment_method == "fiat" and not event.allow_fiat: raise HTTPException( @@ -600,21 +612,32 @@ async def api_ticket_create( extra=extra, ), ) - await create_ticket( - payment_hash=payment.payment_hash, - wallet=event.wallet, - event=event.id, - name=name, - email=email, - user_id=user_id, - extra={ - "applied_promo_code": promo_code, - "refund_address": refund_address, - "nostr_identifier": nostr_identifier, - "ticket_base_url": str(request.base_url).rstrip("/"), - "sats_paid": payment.sat, - }, - ) + # Multi-ticket purchases land as N rows sharing the LNbits invoice + # payment_hash but with distinct `id`s — one independently + # scannable QR per attendee. The first row reuses payment_hash as + # its id so the legacy single-purchase invariant + # (`id == payment_hash`) still holds for quantity == 1 callers. + ticket_ids: list[str] = [] + sats_per_ticket = payment.sat // quantity if quantity else payment.sat + for index in range(quantity): + row_id = payment.payment_hash if index == 0 else urlsafe_short_hash() + await create_ticket( + payment_hash=payment.payment_hash, + wallet=event.wallet, + event=event.id, + name=name, + email=email, + user_id=user_id, + ticket_id=row_id, + extra={ + "applied_promo_code": promo_code, + "refund_address": refund_address, + "nostr_identifier": nostr_identifier, + "ticket_base_url": str(request.base_url).rstrip("/"), + "sats_paid": sats_per_ticket, + }, + ) + ticket_ids.append(row_id) return TicketPaymentRequest( payment_hash=payment.payment_hash, @@ -622,30 +645,34 @@ async def api_ticket_create( fiat_payment_request=getattr(payment, "extra", {}).get("fiat_payment_request"), fiat_provider=getattr(payment, "fiat_provider", None) or fiat_provider, is_fiat=bool(getattr(payment, "fiat_provider", None) or fiat_provider), + ticket_ids=ticket_ids, ) @tickets_api_router.post("/{event_id}/{payment_hash}") async def api_ticket_payment_status(event_id: str, payment_hash: str) -> dict: - """Poll-style payment confirmation for a pending ticket. + """Poll-style payment confirmation for a pending ticket purchase. - The webapp's `useTicketPurchase` polls this every 2s after firing - `Pay with Wallet` (or after presenting the QR for an external - wallet) until `paid: true` comes back, then advances to the - ticket-QR success state. The companion WebSocket at - `/tickets/ws/{payment_hash}` is more efficient for pushes — this - endpoint is the fallback for clients that can't open a relay-side - socket. + The webapp polls this every 2s after presenting the invoice until + `paid: true` comes back, then advances to the success state. The + companion WebSocket at `/tickets/ws/{payment_hash}` is more + efficient for pushes — this endpoint is the fallback. - Returns `{paid: bool, ticket_id?: str}` so the client can hand off - to the ticket-detail flow without an extra GET. A missing / - cross-event ticket returns `paid: false` rather than 404 so the - poll loop doesn't have to special-case the not-yet-created race. + Returns `{paid, ticket_ids: [...]}` so multi-ticket buyers get + every scannable id back in one response (one for single-ticket + purchases). A missing / cross-event purchase returns + `paid: false` rather than 404 so the poll doesn't have to + special-case the not-yet-created race. """ - ticket = await get_ticket(payment_hash) - if not ticket or ticket.event != event_id: + tickets = await get_tickets_by_payment_hash(payment_hash) + relevant = [t for t in tickets if t.event == event_id] + if not relevant: return {"paid": False} - return {"paid": ticket.paid, "ticket_id": ticket.id} + return { + "paid": all(t.paid for t in relevant), + "ticket_id": relevant[0].id, # back-compat with single-ticket clients + "ticket_ids": [t.id for t in relevant], + } @tickets_api_router.websocket("/ws/{payment_hash}") From 7b761a1aef739b83ec336a1e5fe8a0c850402689 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sat, 23 May 2026 22:45:59 +0200 Subject: [PATCH 10/23] fix: every ticket row gets a fresh short-hash id (no payment_hash reuse) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previous commit reused the LNbits invoice payment_hash as the first row's id, so a 3-ticket purchase ended up with one 64-hex id and two short-hash ids — inconsistent and noisy in My Tickets. Switch every row to urlsafe_short_hash. The shared payment_hash column is the join key for invoice lookups (poll endpoint, ws notifier, on_invoice_paid); rows never need to BE the payment hash, they only need to point at it. Co-Authored-By: Claude Opus 4.7 (1M context) --- views_api.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/views_api.py b/views_api.py index c288c20..e7c118f 100644 --- a/views_api.py +++ b/views_api.py @@ -612,15 +612,15 @@ async def api_ticket_create( extra=extra, ), ) - # Multi-ticket purchases land as N rows sharing the LNbits invoice - # payment_hash but with distinct `id`s — one independently - # scannable QR per attendee. The first row reuses payment_hash as - # its id so the legacy single-purchase invariant - # (`id == payment_hash`) still holds for quantity == 1 callers. + # Each row gets a fresh urlsafe_short_hash id so single- and + # multi-ticket purchases stay shape-consistent — every scannable + # ticket id is a short hash, never the long bolt11 payment_hash. + # The shared `payment_hash` column is the join key for invoice + # lookup (poll endpoint, ws notifier, set_ticket_paid loop). ticket_ids: list[str] = [] sats_per_ticket = payment.sat // quantity if quantity else payment.sat - for index in range(quantity): - row_id = payment.payment_hash if index == 0 else urlsafe_short_hash() + for _ in range(quantity): + row_id = urlsafe_short_hash() await create_ticket( payment_hash=payment.payment_hash, wallet=event.wallet, From 2b3d9df11d648bef146331405806d94f5ec704ee Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 16:32:18 +0200 Subject: [PATCH 11/23] feat: events_ticket_register RPC over nostr transport MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Organizer-side ticket scanning over LNbits's freshly-merged nostr-transport (kind 21000, NIP-44 v2). The organizer signs the RPC event with their Nostr key; the transport dispatcher resolves pubkey → Account → wallet (AUTH_WALLET) and the handler verifies event-level ownership (event.wallet ∈ caller_user.wallet_ids) before flipping `registered = True`. Idempotence + state transitions mirror the legacy HTTP endpoint: "Ticket not paid for" / "Ticket already registered" / "Ticket does not exist on this event" / "You do not own this event" come back as ERROR responses. Registration in events_start() is guarded with try/except ImportError so the extension still loads on older LNbits versions that pre-date the transport (HTTP path stays the fallback there). Webapp uses this as the new primary scan call site instead of the legacy HTTP endpoint — see companion webapp PR. Co-Authored-By: Claude Opus 4.7 (1M context) --- __init__.py | 21 +++++++++++++++ transport_rpcs.py | 68 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) create mode 100644 transport_rpcs.py diff --git a/__init__.py b/__init__.py index b6b58a9..bfe3d45 100644 --- a/__init__.py +++ b/__init__.py @@ -46,6 +46,27 @@ def events_start(): task1 = create_permanent_unique_task("ext_events", wait_for_paid_invoices) scheduled_tasks.append(task1) + # Register nostr-transport RPCs. Swallow ImportError on older LNbits + # versions that pre-date the transport (the events extension still + # works fine via HTTP without it). + try: + from lnbits.core.services.nostr_transport.dispatcher import ( + AUTH_WALLET, + register_rpc, + ) + + from .transport_rpcs import handle_events_ticket_register + + register_rpc( + "events_ticket_register", handle_events_ticket_register, AUTH_WALLET + ) + logger.info("[EVENTS] Registered nostr-transport RPC: events_ticket_register") + except ImportError: + logger.info( + "[EVENTS] nostr_transport not available on this LNbits — " + "ticket scanner over Nostr disabled, HTTP endpoint still works" + ) + async def _start_nostr_client(): global nostr_client await asyncio.sleep(10) # Wait for nostrclient to be ready diff --git a/transport_rpcs.py b/transport_rpcs.py new file mode 100644 index 0000000..16060d6 --- /dev/null +++ b/transport_rpcs.py @@ -0,0 +1,68 @@ +""" +Nostr-transport RPC handlers for the aiolabs/events extension. + +Each handler is registered with `lnbits.core.services.nostr_transport. +dispatcher.register_rpc` in `events_start()`. The dispatcher resolves +the caller's Nostr pubkey to an LNbits Account → wallet (`AUTH_WALLET`) +and passes a `WalletTypeInfo` as the first argument; handlers verify +event-level ownership on top. + +Errors raise `PermissionError` / `ValueError` so the dispatcher maps +them into `{status: "ERROR", error: }` responses; any other +exception falls through to a generic "Internal error" reply. +""" + +from __future__ import annotations + +from datetime import datetime, timezone + +from lnbits.core.crud import get_user +from lnbits.core.models import WalletTypeInfo +from lnbits.core.services.nostr_transport.models import NostrRpcRequest + +from .crud import get_event, get_ticket, update_ticket + + +async def handle_events_ticket_register( + auth: WalletTypeInfo, + request: NostrRpcRequest, +) -> dict: + """Mark a ticket as registered at the door (organizer flow). + + The Nostr-transport dispatcher already verified the caller signed + the kind-21000 RPC event and bound them to `auth.wallet`. This + handler adds the event-level check: the ticket's event must be + owned by one of the caller's wallets. + + Idempotence mirrors the HTTP endpoint: scanning the same ticket + twice fails with "Ticket already registered". The buyer-side flow + (notifications etc.) reuses whatever the legacy register endpoint + does — we just flip the flag + timestamp. + """ + body = request.body or {} + event_id = body.get("event_id") + ticket_id = body.get("ticket_id") + if not event_id or not ticket_id: + raise ValueError("event_id and ticket_id are required") + + ticket = await get_ticket(ticket_id) + if not ticket or ticket.event != event_id: + raise ValueError("Ticket does not exist on this event") + if not ticket.paid: + raise PermissionError("Ticket not paid for") + if ticket.registered: + raise PermissionError("Ticket already registered") + + event = await get_event(event_id) + if not event: + raise ValueError("Event does not exist") + + user = await get_user(auth.wallet.user) + owned_wallet_ids = user.wallet_ids if user else [auth.wallet.id] + if event.wallet not in owned_wallet_ids: + raise PermissionError("You do not own this event") + + ticket.registered = True + ticket.reg_timestamp = datetime.now(timezone.utc) + await update_ticket(ticket) + return ticket.dict() From 1d8dacbaa3d9b41965b9b7a489dfa7f104b2f82b Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 16:32:29 +0200 Subject: [PATCH 12/23] fix: require admin_key + owner check on PUT /tickets/register MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The legacy register endpoint had no auth decorator and no event-ownership check — any caller who knew a ticket id could mark it registered. Add require_admin_key (matches the rest of the wallet-bound endpoints in this file) and verify the caller's user owns the event the ticket belongs to. Breaking change for any external integration that hit this endpoint unauthed; the in-tree Quasar register page (static/js/register.js) already sends the session admin_key via LNbits.api.request so it keeps working. The Nostr-transport flow at events_ticket_register (previous commit) is the preferred call site for new callers; this HTTP path stays for the legacy LNbits admin UI. Co-Authored-By: Claude Opus 4.7 (1M context) --- views_api.py | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/views_api.py b/views_api.py index e7c118f..d2bac8f 100644 --- a/views_api.py +++ b/views_api.py @@ -766,7 +766,24 @@ async def api_ticket_resend_email( @tickets_api_router.put("/register/{ticket_id}") -async def api_event_register_ticket(ticket_id) -> Ticket: +async def api_event_register_ticket( + ticket_id: str, + key_info: WalletTypeInfo = Depends(require_admin_key), +) -> Ticket: + """Mark a ticket as registered at the door. + + Auth: wallet admin_key. Caller must own the event the ticket + belongs to — we check `event.wallet` against the user's full + wallet set so an organizer with multiple wallets can scan + regardless of which wallet's key they're using. + + Until v1.6.1-aio.3 this endpoint had no auth, which meant any + caller who knew a ticket id could register it. The + Nostr-transport flow at `events_ticket_register` is now the + preferred call site for the webapp; this HTTP path stays for + the legacy LNbits Quasar register page which already sends + the wallet admin_key through `LNbits.api.request`. + """ ticket = await get_ticket(ticket_id) if not ticket: @@ -774,6 +791,20 @@ async def api_event_register_ticket(ticket_id) -> Ticket: status_code=HTTPStatus.NOT_FOUND, detail="Ticket does not exist." ) + event = await get_event(ticket.event) + if not event: + raise HTTPException( + status_code=HTTPStatus.NOT_FOUND, detail="Event does not exist." + ) + + user = await get_user(key_info.wallet.user) + owned_wallet_ids = user.wallet_ids if user else [key_info.wallet.id] + if event.wallet not in owned_wallet_ids: + raise HTTPException( + status_code=HTTPStatus.FORBIDDEN, + detail="You do not own this event.", + ) + if not ticket.paid: raise HTTPException( status_code=HTTPStatus.FORBIDDEN, detail="Ticket not paid for." From 02071e6541a46dcd3ff40148956881f7ea6e7e84 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 18:45:48 +0200 Subject: [PATCH 13/23] feat: events_list_event_tickets RPC for organizer ticket roster MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Second nostr-transport handler on this branch. Returns paid + registered counts plus the per-ticket roster (id, name, registered status, timestamp) for one calendar event, organizer-only. Backs the door scanner's counts strip and "scanned" list with backend truth so a second organizer scanning on another device, an operator switching from mobile to laptop mid-event, or a refresh in incognito all see the same numbers instead of diverging from a per-device localStorage cache. Same authorisation posture as events_ticket_register: dispatcher binds caller pubkey to wallet via AUTH_WALLET, handler verifies the event's wallet is in the caller's wallet set. Only paid tickets land in the response — proposed/unpaid rows are irrelevant at the door. Webapp consumes this in aiolabs/webapp#73. --- __init__.py | 15 +++++++++++-- crud.py | 9 ++++++++ transport_rpcs.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 75 insertions(+), 3 deletions(-) diff --git a/__init__.py b/__init__.py index bfe3d45..01b145e 100644 --- a/__init__.py +++ b/__init__.py @@ -55,12 +55,23 @@ def events_start(): register_rpc, ) - from .transport_rpcs import handle_events_ticket_register + from .transport_rpcs import ( + handle_events_list_event_tickets, + handle_events_ticket_register, + ) register_rpc( "events_ticket_register", handle_events_ticket_register, AUTH_WALLET ) - logger.info("[EVENTS] Registered nostr-transport RPC: events_ticket_register") + register_rpc( + "events_list_event_tickets", + handle_events_list_event_tickets, + AUTH_WALLET, + ) + logger.info( + "[EVENTS] Registered nostr-transport RPCs: " + "events_ticket_register, events_list_event_tickets" + ) except ImportError: logger.info( "[EVENTS] nostr_transport not available on this LNbits — " diff --git a/crud.py b/crud.py index a72b3b3..551a3bc 100644 --- a/crud.py +++ b/crud.py @@ -139,6 +139,15 @@ async def get_tickets(wallet_ids: str | list[str]) -> list[Ticket]: return [Ticket(**_parse_ticket_row(row)) for row in rows] +async def get_tickets_by_event(event_id: str) -> list[Ticket]: + """All ticket rows for the given calendar event id.""" + rows = await db.fetchall( + "SELECT * FROM events.ticket WHERE event = :event_id", + {"event_id": event_id}, + ) + return [Ticket(**_parse_ticket_row(row)) for row in rows] + + async def get_tickets_by_user_id(user_id: str) -> list[Ticket]: """All tickets owned by the given LNbits user_id.""" rows = await db.fetchall( diff --git a/transport_rpcs.py b/transport_rpcs.py index 16060d6..e278f91 100644 --- a/transport_rpcs.py +++ b/transport_rpcs.py @@ -20,7 +20,7 @@ from lnbits.core.crud import get_user from lnbits.core.models import WalletTypeInfo from lnbits.core.services.nostr_transport.models import NostrRpcRequest -from .crud import get_event, get_ticket, update_ticket +from .crud import get_event, get_ticket, get_tickets_by_event, update_ticket async def handle_events_ticket_register( @@ -66,3 +66,55 @@ async def handle_events_ticket_register( ticket.reg_timestamp = datetime.now(timezone.utc) await update_ticket(ticket) return ticket.dict() + + +async def handle_events_list_event_tickets( + auth: WalletTypeInfo, + request: NostrRpcRequest, +) -> dict: + """Return paid + registered counts plus the per-ticket roster for + one calendar event, organizer-only. + + Backs the door scanner's counts strip and "All scanned" tab so the + UI reads authoritative state from the backend instead of relying + on per-device localStorage (which diverges the moment a second + organizer scans, or the operator switches devices). + + The roster only includes paid tickets — proposed/unpaid rows are + irrelevant at the door. + """ + body = request.body or {} + event_id = body.get("event_id") + if not event_id: + raise ValueError("event_id is required") + + event = await get_event(event_id) + if not event: + raise ValueError("Event does not exist") + + user = await get_user(auth.wallet.user) + owned_wallet_ids = user.wallet_ids if user else [auth.wallet.id] + if event.wallet not in owned_wallet_ids: + raise PermissionError("You do not own this event") + + tickets = await get_tickets_by_event(event_id) + paid_tickets = [t for t in tickets if t.paid] + registered_count = sum(1 for t in paid_tickets if t.registered) + + return { + "event_id": event_id, + "sold": len(paid_tickets), + "registered": registered_count, + "remaining": len(paid_tickets) - registered_count, + "tickets": [ + { + "id": t.id, + "name": t.name, + "registered": t.registered, + "registered_at": ( + t.reg_timestamp.isoformat() if t.reg_timestamp else None + ), + } + for t in paid_tickets + ], + } From 66d263ef1467803c7f036b4c8e175580089fc9e4 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 18:46:18 +0200 Subject: [PATCH 14/23] ui(admin): Tickets card above All Users' Events on the admin index MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Tickets table is what an organiser actually scans during day-of operations — it deserves the top slot. All Users' Events stays one section down for the cross-tenant audit view (admin-only anyway). --- static/js/index.vue | 90 ++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/static/js/index.vue b/static/js/index.vue index 4760c6b..4b97fab 100644 --- a/static/js/index.vue +++ b/static/js/index.vue @@ -286,51 +286,6 @@ - - -
-
-
- All Users' Events - -
-
-
- - - - - - -
@@ -409,6 +364,51 @@ + + + +
+
+
+ All Users' Events + +
+
+
+ + + + + +
From 3606fd9a0ae1c55fe8af14d7fe09b66deec8e2a6 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 18:51:51 +0200 Subject: [PATCH 15/23] feat(admin): Owner column on All Users' Events card Adds the event's wallet owner (user_id) as the first column of the admin-only All Users' Events table so cross-tenant rows are attributable at a glance. Server-side join: GET /events/all now resolves each event.wallet -> wallet.user and stamps the result on the response as wallet_user_id. Frontend gets a dedicated allUsersEventsTable.columns definition so the user's own-events table stays unchanged. Follow-up #22 covers letting the admin actually edit those events once attributed. --- static/js/index.js | 45 +++++++++++++++++++++++++++++++++++++++++++++ static/js/index.vue | 2 +- views_api.py | 19 ++++++++++++++++--- 3 files changed, 62 insertions(+), 4 deletions(-) diff --git a/static/js/index.js b/static/js/index.js index a65f5f8..2b4bcb9 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -14,6 +14,51 @@ window.PageEvents = { settings: { auto_approve: false }, + allUsersEventsTable: { + // Shown on the admin All Users' Events card. Includes the + // wallet owner (`wallet_user_id` resolved server-side) so + // cross-tenant rows are attributable to a user. + columns: [ + { + name: 'wallet_user_id', + align: 'left', + label: 'Owner', + field: 'wallet_user_id' + }, + {name: 'id', align: 'left', label: 'ID', field: 'id'}, + {name: 'name', align: 'left', label: 'Name', field: 'name'}, + { + name: 'event_start_date', + align: 'left', + label: 'Start date', + field: 'event_start_date' + }, + { + name: 'event_end_date', + align: 'left', + label: 'End date', + field: 'event_end_date' + }, + { + name: 'closing_date', + align: 'left', + label: 'Ticket close', + field: 'closing_date' + }, + { + name: 'canceled', + align: 'left', + label: 'Canceled', + field: row => { + if (row.extra && row.extra.conditional && row.canceled) { + return 'Yes' + } + return 'No' + } + }, + {name: 'status', align: 'left', label: 'Status', field: 'status'} + ] + }, eventsTable: { columns: [ {name: 'id', align: 'left', label: 'ID', field: 'id'}, diff --git a/static/js/index.vue b/static/js/index.vue index 4b97fab..6e6891f 100644 --- a/static/js/index.vue +++ b/static/js/index.vue @@ -384,7 +384,7 @@ flat :rows="allUserEvents" row-key="id" - :columns="eventsTable.columns" + :columns="allUsersEventsTable.columns" :pagination="{rowsPerPage: 10}" >