crud.py

@@ -41,8 +41,19 @@ async def create_ticket(
     email: str | None = None,
     user_id: str | None = None,
     extra: dict | None = None,
+    ticket_id: str | None = None,
 ) -> Ticket:
+    """Persist one ticket row.
+
+    `payment_hash` is the LNbits invoice hash shared across all rows
+    of a multi-ticket purchase. `ticket_id` is the row primary key /
+    scannable id; defaults to `payment_hash` for single-ticket
+    purchases so the legacy id == payment_hash invariant holds.
+    Multi-ticket callers pass a unique uuid here so each attendee
+    gets a distinct scannable QR.
+    """
     now = datetime.now(timezone.utc)
+    row_id = ticket_id or payment_hash
 
     # name/email columns are NOT NULL in the schema, so we store "" when only
     # user_id is supplied. _parse_ticket_row reverses this on read.
@@ -54,7 +65,7 @@ async def create_ticket(
         db_email = email or ""
 
     db_ticket = Ticket(
-        id=payment_hash,
+        id=row_id,
         wallet=wallet,
         event=event,
         name=db_name,
@@ -65,11 +76,12 @@ async def create_ticket(
         reg_timestamp=now,
         time=now,
         extra=TicketExtra(**extra) if extra else TicketExtra(),
+        payment_hash=payment_hash,
     )
     await db.insert("events.ticket", db_ticket)
 
     return Ticket(
-        id=payment_hash,
+        id=row_id,
         wallet=wallet,
         event=event,
         name=name,
@@ -80,6 +92,7 @@ async def create_ticket(
         reg_timestamp=now,
         time=now,
         extra=TicketExtra(**extra) if extra else TicketExtra(),
+        payment_hash=payment_hash,
     )
 
 
@@ -93,6 +106,21 @@ async def update_ticket(ticket: Ticket) -> Ticket:
     return ticket
 
 
+async def get_tickets_by_payment_hash(payment_hash: str) -> list[Ticket]:
+    """All ticket rows sharing the given LNbits invoice payment_hash.
+
+    For a single-ticket purchase returns one row (legacy invariant
+    `id == payment_hash` still holds). For a multi-ticket purchase
+    returns the N rows created with shared `payment_hash` but
+    distinct `id`s — each attendee's scannable QR.
+    """
+    rows = await db.fetchall(
+        "SELECT * FROM events.ticket WHERE payment_hash = :ph",
+        {"ph": payment_hash},
+    )
+    return [Ticket(**_parse_ticket_row(row)) for row in rows]
+
+
 async def get_ticket(payment_hash: str) -> Ticket | None:
     row = await db.fetchone(
         "SELECT * FROM events.ticket WHERE id = :id",

migrations_fork.py

@@ -103,3 +103,28 @@ async def m001_aio_event_schema(db):
     await _alter_add_column_safe(
         db, "ALTER TABLE events.events ADD COLUMN categories TEXT"
     )
+
+
+async def m002_ticket_payment_hash(db):
+    """
+    Add `ticket.payment_hash` for multi-ticket purchases.
+
+    Multi-ticket purchases land as N rows sharing one LNbits invoice
+    (so each attendee gets a distinct scannable QR but the buyer
+    pays once). `ticket.id` stays the row primary key — for legacy
+    single-purchase rows it equals payment_hash; for multi-purchase
+    children it's a uuid generated at create-time. `payment_hash`
+    is the new join key for invoice lookup.
+
+    Backfill existing rows from id so the
+    GET-tickets-by-payment-hash path keeps working for pre-migration
+    data (id was the payment_hash by invariant before this column).
+    """
+    await _alter_add_column_safe(
+        db, "ALTER TABLE events.ticket ADD COLUMN payment_hash TEXT"
+    )
+    await db.execute(
+        "UPDATE events.ticket SET payment_hash = id "
+        "WHERE payment_hash IS NULL OR payment_hash = ''"
+    )
+

models.py

@@ -133,6 +133,9 @@ class CreateTicket(BaseModel):
     nostr_identifier: str | None = None
     payment_method: str | None = None
     fiat_provider: str | None = None
+    # Number of tickets to buy on this single invoice. Bounded so a
+    # bad client can't run away with the organizer's capacity.
+    quantity: int = Field(default=1, ge=1, le=10)
 
     @root_validator
     def validate_identifiers(cls, values):
@@ -158,6 +161,11 @@ class Ticket(BaseModel):
     time: datetime
     reg_timestamp: datetime
     extra: TicketExtra = Field(default_factory=TicketExtra)
+    # Shared LNbits invoice payment_hash. Equals `id` for single-ticket
+    # purchases (legacy + post-migration default). Multi-ticket
+    # purchases create N rows sharing one payment_hash so each attendee
+    # gets a distinct scannable id while the buyer pays once.
+    payment_hash: str | None = None
 
 
 class PublicTicket(BaseModel):
@@ -175,3 +183,8 @@ class TicketPaymentRequest(BaseModel):
     fiat_payment_request: str | None = None
     fiat_provider: str | None = None
     is_fiat: bool = False
+    # Row ids created on this invoice — one for single-ticket
+    # purchases, N for multi-ticket (each independently scannable at
+    # the door). Buyers fetch these after payment to render N QRs in
+    # My Tickets.
+    ticket_ids: list[str] = Field(default_factory=list)

static/js/index.js

@@ -9,6 +9,8 @@ window.PageEvents = {
       pendingEvents: [],
       allUserEvents: [],
       isAdmin: false,
+      republishing: false,
+      republishingMine: false,
       settings: {
         auto_approve: false
       },
@@ -275,6 +277,63 @@ window.PageEvents = {
           .catch(LNbits.utils.notifyApiError)
       })
     },
+    republishAllEvents() {
+      LNbits.utils
+        .confirmDialog(
+          'Re-emit every approved event to Nostr relays? This is safe ' +
+          'to run multiple times but generates one event per approved row.'
+        )
+        .onOk(() => {
+          this.republishing = true
+          LNbits.api
+            .request('POST', '/events/api/v1/events/republish-all')
+            .then(response => {
+              Quasar.Notify.create({
+                type: 'positive',
+                message:
+                  'Republished ' +
+                  response.data.republished +
+                  ' of ' +
+                  response.data.total +
+                  ' events'
+              })
+            })
+            .catch(LNbits.utils.notifyApiError)
+            .finally(() => {
+              this.republishing = false
+            })
+        })
+    },
+    republishMyEvents() {
+      LNbits.utils
+        .confirmDialog(
+          'Re-emit your approved events to Nostr relays?'
+        )
+        .onOk(() => {
+          this.republishingMine = true
+          LNbits.api
+            .request(
+              'POST',
+              '/events/api/v1/events/republish-mine?all_wallets=true',
+              this.g.user.wallets[0].adminkey
+            )
+            .then(response => {
+              Quasar.Notify.create({
+                type: 'positive',
+                message:
+                  'Republished ' +
+                  response.data.republished +
+                  ' of your ' +
+                  response.data.total +
+                  ' events'
+              })
+            })
+            .catch(LNbits.utils.notifyApiError)
+            .finally(() => {
+              this.republishingMine = false
+            })
+        })
+    },
     foldDateTime(day, time) {
       // Combine separate date/time inputs into the wire format
       // expected by the events extension: "YYYY-MM-DD" or

static/js/index.vue

@@ -15,14 +15,50 @@
               ></q-toggle>
             </div>
           </div>
+          <q-separator class="q-my-md"></q-separator>
+          <div class="row items-center justify-between">
+            <div class="col">
+              <span class="text-subtitle2">Republish to Nostr</span>
+              <div class="text-caption text-grey-7" style="color: #aaa">
+                Re-emit every approved event so connected clients pick
+                up the latest tag set. Useful after the extension
+                publisher changes (e.g. new tickets_* tags) so existing
+                events don't need a per-event edit.
+              </div>
+            </div>
+            <div class="col-auto">
+              <q-btn
+                outline
+                color="primary"
+                icon="cloud_upload"
+                label="Republish all"
+                :loading="republishing"
+                @click="republishAllEvents"
+              ></q-btn>
+            </div>
+          </div>
         </q-card-section>
       </q-card>
 
       <q-card>
         <q-card-section>
-          <q-btn unelevated color="primary" @click="openEventDialog"
+          <div class="row items-center q-gutter-sm">
-            >New Event</q-btn
+            <q-btn unelevated color="primary" @click="openEventDialog"
-          >
+              >New Event</q-btn
+            >
+            <q-btn
+              outline
+              color="primary"
+              icon="cloud_upload"
+              label="Republish mine"
+              :loading="republishingMine"
+              @click="republishMyEvents"
+            ></q-btn>
+          </div>
+          <div class="text-caption q-mt-sm" style="color: #aaa">
+            Re-emit your approved events to Nostr relays. Useful after
+            a publisher upgrade or if a relay dropped your events.
+          </div>
         </q-card-section>
       </q-card>
 

tasks.py

@@ -4,7 +4,7 @@ from lnbits.core.models import Payment
 from lnbits.tasks import register_invoice_listener
 from loguru import logger
 
-from .crud import get_ticket
+from .crud import get_ticket, get_tickets_by_payment_hash
 from .models import Ticket
 from .services import send_ticket_notification_in_background, set_ticket_paid
 
@@ -37,13 +37,32 @@ async def on_invoice_paid(payment: Payment) -> None:
     if not payment.extra or "events" != payment.extra.get("tag"):
         return
 
-    ticket = await get_ticket(payment.payment_hash)
+    # Multi-ticket purchases land as N rows sharing this payment_hash;
-    if not ticket:
+    # each one needs to be marked paid + counted against capacity, and
-        logger.warning(f"Ticket for payment {payment.payment_hash} not found.")
+    # each gets its own buyer notification (mostly a no-op when all
+    # rows are owned by the same buyer, but cheap and consistent).
+    tickets = await get_tickets_by_payment_hash(payment.payment_hash)
+    if not tickets:
+        # Backstop for any legacy row created before the payment_hash
+        # column was populated by the migration backfill.
+        legacy = await get_ticket(payment.payment_hash)
+        if legacy:
+            tickets = [legacy]
+
+    if not tickets:
+        logger.warning(f"No tickets for payment {payment.payment_hash}.")
         return
 
-    ticket = await set_ticket_paid(ticket)
+    paid_tickets: list[Ticket] = []
-    send_ticket_notification_in_background(ticket)
+    for ticket in tickets:
+        paid_tickets.append(await set_ticket_paid(ticket))
+
+    for paid_ticket in paid_tickets:
+        send_ticket_notification_in_background(paid_ticket)
+
+    # Wake up the WebSocket / poll listeners. Forward the first paid
+    # ticket so the existing single-ticket subscribers still work; the
+    # webapp re-fetches all ids via the polling endpoint anyway.
     if payment_listeners.get(payment.payment_hash):
         for paid_ticket_queue in payment_listeners[payment.payment_hash]:
-            paid_ticket_queue.put_nowait(ticket)
+            paid_ticket_queue.put_nowait(paid_tickets[0])

views_api.py

@@ -17,6 +17,7 @@ from lnbits.core.crud.wallets import get_wallet
 from lnbits.core.models import Account, User, WalletTypeInfo
 from lnbits.core.models.payments import CreateInvoice
 from lnbits.core.services import create_payment_request
+from lnbits.helpers import urlsafe_short_hash
 from lnbits.decorators import (
     check_admin,
     check_user_exists,
@@ -46,6 +47,7 @@ from .crud import (
     get_settings,
     get_ticket,
     get_tickets,
+    get_tickets_by_payment_hash,
     get_tickets_by_user_id,
     purge_unpaid_tickets,
     update_event,
@@ -112,6 +114,61 @@ async def api_events_pending(
     return await get_pending_events()
 
 
+@events_api_router.post("/republish-all")
+async def api_republish_all(
+    admin: Account = Depends(check_admin),
+) -> dict:
+    """Force-republish every approved event to Nostr relays. Admin only.
+
+    Used by the catalog-bump migration that introduced the AIO ticket
+    tags: existing events on a deployed instance were published before
+    the publisher learned the new tag set, so they don't carry
+    tickets_available / tickets_sold / etc. until something triggers
+    a republish. This endpoint walks the approved list and re-emits
+    each calendar event so connected clients see the new metadata
+    without waiting for a per-event edit.
+
+    Errors are swallowed per-event (logged inside the publisher) so
+    one bad event doesn't block the rest. Returns a count summary.
+    """
+    events = await get_all_events()
+    approved = [e for e in events if e.status == "approved" and not e.canceled]
+    for event in approved:
+        await publish_or_delete_nostr_event(event)
+    return {"republished": len(approved), "total": len(events)}
+
+
+@events_api_router.post("/republish-mine")
+async def api_republish_mine(
+    all_wallets: bool = Query(False),
+    key_info: WalletTypeInfo = Depends(require_admin_key),
+) -> dict:
+    """Force-republish the caller's own approved events to Nostr relays.
+
+    Same shape as /republish-all but scoped to events owned by the
+    authenticated wallet (or all wallets belonging to the wallet's
+    user when `?all_wallets=true`). Lets the organizer trigger the
+    same migration the admin uses, without needing instance-admin
+    rights — useful when the AIO publisher gains a new tag set and
+    an organizer wants their published events to carry it.
+
+    Only events with `status == "approved"` are republished; pending
+    and rejected rows aren't on relays in the first place, so a
+    republish for them would be a no-op (or worse, surface a
+    proposed-but-not-approved row to subscribers).
+    """
+    wallet_ids: list[str] = [key_info.wallet.id]
+    if all_wallets:
+        user = await get_user(key_info.wallet.user)
+        wallet_ids = user.wallet_ids if user else []
+
+    events = await get_events(wallet_ids)
+    approved = [e for e in events if e.status == "approved" and not e.canceled]
+    for event in approved:
+        await publish_or_delete_nostr_event(event)
+    return {"republished": len(approved), "total": len(events)}
+
+
 @events_api_router.get("/settings")
 async def api_get_settings(
     admin: Account = Depends(check_admin),
@@ -453,11 +510,20 @@ async def api_ticket_create(
         )
     if event.canceled:
         raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is canceled.")
-    if event.amount_tickets > 0 and event.sold >= event.amount_tickets:
+    quantity = data.quantity
-        raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is sold out.")
+    if event.amount_tickets > 0:
+        if event.sold >= event.amount_tickets:
+            raise HTTPException(status_code=HTTPStatus.GONE, detail="Event is sold out.")
+        remaining = event.amount_tickets - event.sold
+        if quantity > remaining:
+            raise HTTPException(
+                status_code=HTTPStatus.BAD_REQUEST,
+                detail=f"Only {remaining} ticket(s) remaining for this event.",
+            )
 
     name = data.name
     email = data.email
+    user_id = data.user_id
     promo_code = data.promo_code.upper() if data.promo_code else None
     refund_address = data.refund_address
     nostr_identifier = data.nostr_identifier.strip() if data.nostr_identifier else None
@@ -475,7 +541,7 @@ async def api_ticket_create(
                 status_code=HTTPStatus.BAD_REQUEST,
                 detail="Invalid Nostr identifier.",
             ) from exc
-    price = event.price_per_ticket
+    unit_price = event.price_per_ticket
     extra: dict[str, Any] = {"tag": "events", "name": name, "email": email}
 
     if promo_code:
@@ -487,7 +553,9 @@ async def api_ticket_create(
         # get the promocode
         promo = next(pc for pc in event.extra.promo_codes if pc.code == promo_code)
         extra["promo_code"] = promo.code
-        price = event.price_per_ticket * (1 - promo.discount_percent / 100)
+        unit_price = event.price_per_ticket * (1 - promo.discount_percent / 100)
+    # Scale by quantity AFTER the promo applies. One invoice, N tickets.
+    price = unit_price * quantity
 
     if payment_method == "fiat" and not event.allow_fiat:
         raise HTTPException(
@@ -544,20 +612,32 @@ async def api_ticket_create(
             extra=extra,
         ),
     )
-    await create_ticket(
+    # Each row gets a fresh urlsafe_short_hash id so single- and
-        payment_hash=payment.payment_hash,
+    # multi-ticket purchases stay shape-consistent — every scannable
-        wallet=event.wallet,
+    # ticket id is a short hash, never the long bolt11 payment_hash.
-        event=event.id,
+    # The shared `payment_hash` column is the join key for invoice
-        name=name,
+    # lookup (poll endpoint, ws notifier, set_ticket_paid loop).
-        email=email,
+    ticket_ids: list[str] = []
-        extra={
+    sats_per_ticket = payment.sat // quantity if quantity else payment.sat
-            "applied_promo_code": promo_code,
+    for _ in range(quantity):
-            "refund_address": refund_address,
+        row_id = urlsafe_short_hash()
-            "nostr_identifier": nostr_identifier,
+        await create_ticket(
-            "ticket_base_url": str(request.base_url).rstrip("/"),
+            payment_hash=payment.payment_hash,
-            "sats_paid": payment.sat,
+            wallet=event.wallet,
-        },
+            event=event.id,
-    )
+            name=name,
+            email=email,
+            user_id=user_id,
+            ticket_id=row_id,
+            extra={
+                "applied_promo_code": promo_code,
+                "refund_address": refund_address,
+                "nostr_identifier": nostr_identifier,
+                "ticket_base_url": str(request.base_url).rstrip("/"),
+                "sats_paid": sats_per_ticket,
+            },
+        )
+        ticket_ids.append(row_id)
 
     return TicketPaymentRequest(
         payment_hash=payment.payment_hash,
@@ -565,9 +645,36 @@ async def api_ticket_create(
         fiat_payment_request=getattr(payment, "extra", {}).get("fiat_payment_request"),
         fiat_provider=getattr(payment, "fiat_provider", None) or fiat_provider,
         is_fiat=bool(getattr(payment, "fiat_provider", None) or fiat_provider),
+        ticket_ids=ticket_ids,
     )
 
 
+@tickets_api_router.post("/{event_id}/{payment_hash}")
+async def api_ticket_payment_status(event_id: str, payment_hash: str) -> dict:
+    """Poll-style payment confirmation for a pending ticket purchase.
+
+    The webapp polls this every 2s after presenting the invoice until
+    `paid: true` comes back, then advances to the success state. The
+    companion WebSocket at `/tickets/ws/{payment_hash}` is more
+    efficient for pushes — this endpoint is the fallback.
+
+    Returns `{paid, ticket_ids: [...]}` so multi-ticket buyers get
+    every scannable id back in one response (one for single-ticket
+    purchases). A missing / cross-event purchase returns
+    `paid: false` rather than 404 so the poll doesn't have to
+    special-case the not-yet-created race.
+    """
+    tickets = await get_tickets_by_payment_hash(payment_hash)
+    relevant = [t for t in tickets if t.event == event_id]
+    if not relevant:
+        return {"paid": False}
+    return {
+        "paid": all(t.paid for t in relevant),
+        "ticket_id": relevant[0].id,  # back-compat with single-ticket clients
+        "ticket_ids": [t.id for t in relevant],
+    }
+
+
 @tickets_api_router.websocket("/ws/{payment_hash}")
 async def websocket_endpoint(payment_hash: str, websocket: WebSocket) -> None:
     await websocket.accept()