From 2b3d9df11d648bef146331405806d94f5ec704ee Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 16:32:18 +0200 Subject: [PATCH 1/5] feat: events_ticket_register RPC over nostr transport MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Organizer-side ticket scanning over LNbits's freshly-merged nostr-transport (kind 21000, NIP-44 v2). The organizer signs the RPC event with their Nostr key; the transport dispatcher resolves pubkey → Account → wallet (AUTH_WALLET) and the handler verifies event-level ownership (event.wallet ∈ caller_user.wallet_ids) before flipping `registered = True`. Idempotence + state transitions mirror the legacy HTTP endpoint: "Ticket not paid for" / "Ticket already registered" / "Ticket does not exist on this event" / "You do not own this event" come back as ERROR responses. Registration in events_start() is guarded with try/except ImportError so the extension still loads on older LNbits versions that pre-date the transport (HTTP path stays the fallback there). Webapp uses this as the new primary scan call site instead of the legacy HTTP endpoint — see companion webapp PR. Co-Authored-By: Claude Opus 4.7 (1M context) --- __init__.py | 21 +++++++++++++++ transport_rpcs.py | 68 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) create mode 100644 transport_rpcs.py diff --git a/__init__.py b/__init__.py index b6b58a9..bfe3d45 100644 --- a/__init__.py +++ b/__init__.py @@ -46,6 +46,27 @@ def events_start(): task1 = create_permanent_unique_task("ext_events", wait_for_paid_invoices) scheduled_tasks.append(task1) + # Register nostr-transport RPCs. Swallow ImportError on older LNbits + # versions that pre-date the transport (the events extension still + # works fine via HTTP without it). + try: + from lnbits.core.services.nostr_transport.dispatcher import ( + AUTH_WALLET, + register_rpc, + ) + + from .transport_rpcs import handle_events_ticket_register + + register_rpc( + "events_ticket_register", handle_events_ticket_register, AUTH_WALLET + ) + logger.info("[EVENTS] Registered nostr-transport RPC: events_ticket_register") + except ImportError: + logger.info( + "[EVENTS] nostr_transport not available on this LNbits — " + "ticket scanner over Nostr disabled, HTTP endpoint still works" + ) + async def _start_nostr_client(): global nostr_client await asyncio.sleep(10) # Wait for nostrclient to be ready diff --git a/transport_rpcs.py b/transport_rpcs.py new file mode 100644 index 0000000..16060d6 --- /dev/null +++ b/transport_rpcs.py @@ -0,0 +1,68 @@ +""" +Nostr-transport RPC handlers for the aiolabs/events extension. + +Each handler is registered with `lnbits.core.services.nostr_transport. +dispatcher.register_rpc` in `events_start()`. The dispatcher resolves +the caller's Nostr pubkey to an LNbits Account → wallet (`AUTH_WALLET`) +and passes a `WalletTypeInfo` as the first argument; handlers verify +event-level ownership on top. + +Errors raise `PermissionError` / `ValueError` so the dispatcher maps +them into `{status: "ERROR", error: }` responses; any other +exception falls through to a generic "Internal error" reply. +""" + +from __future__ import annotations + +from datetime import datetime, timezone + +from lnbits.core.crud import get_user +from lnbits.core.models import WalletTypeInfo +from lnbits.core.services.nostr_transport.models import NostrRpcRequest + +from .crud import get_event, get_ticket, update_ticket + + +async def handle_events_ticket_register( + auth: WalletTypeInfo, + request: NostrRpcRequest, +) -> dict: + """Mark a ticket as registered at the door (organizer flow). + + The Nostr-transport dispatcher already verified the caller signed + the kind-21000 RPC event and bound them to `auth.wallet`. This + handler adds the event-level check: the ticket's event must be + owned by one of the caller's wallets. + + Idempotence mirrors the HTTP endpoint: scanning the same ticket + twice fails with "Ticket already registered". The buyer-side flow + (notifications etc.) reuses whatever the legacy register endpoint + does — we just flip the flag + timestamp. + """ + body = request.body or {} + event_id = body.get("event_id") + ticket_id = body.get("ticket_id") + if not event_id or not ticket_id: + raise ValueError("event_id and ticket_id are required") + + ticket = await get_ticket(ticket_id) + if not ticket or ticket.event != event_id: + raise ValueError("Ticket does not exist on this event") + if not ticket.paid: + raise PermissionError("Ticket not paid for") + if ticket.registered: + raise PermissionError("Ticket already registered") + + event = await get_event(event_id) + if not event: + raise ValueError("Event does not exist") + + user = await get_user(auth.wallet.user) + owned_wallet_ids = user.wallet_ids if user else [auth.wallet.id] + if event.wallet not in owned_wallet_ids: + raise PermissionError("You do not own this event") + + ticket.registered = True + ticket.reg_timestamp = datetime.now(timezone.utc) + await update_ticket(ticket) + return ticket.dict() -- 2.53.0 From 1d8dacbaa3d9b41965b9b7a489dfa7f104b2f82b Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 16:32:29 +0200 Subject: [PATCH 2/5] fix: require admin_key + owner check on PUT /tickets/register MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The legacy register endpoint had no auth decorator and no event-ownership check — any caller who knew a ticket id could mark it registered. Add require_admin_key (matches the rest of the wallet-bound endpoints in this file) and verify the caller's user owns the event the ticket belongs to. Breaking change for any external integration that hit this endpoint unauthed; the in-tree Quasar register page (static/js/register.js) already sends the session admin_key via LNbits.api.request so it keeps working. The Nostr-transport flow at events_ticket_register (previous commit) is the preferred call site for new callers; this HTTP path stays for the legacy LNbits admin UI. Co-Authored-By: Claude Opus 4.7 (1M context) --- views_api.py | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/views_api.py b/views_api.py index e7c118f..d2bac8f 100644 --- a/views_api.py +++ b/views_api.py @@ -766,7 +766,24 @@ async def api_ticket_resend_email( @tickets_api_router.put("/register/{ticket_id}") -async def api_event_register_ticket(ticket_id) -> Ticket: +async def api_event_register_ticket( + ticket_id: str, + key_info: WalletTypeInfo = Depends(require_admin_key), +) -> Ticket: + """Mark a ticket as registered at the door. + + Auth: wallet admin_key. Caller must own the event the ticket + belongs to — we check `event.wallet` against the user's full + wallet set so an organizer with multiple wallets can scan + regardless of which wallet's key they're using. + + Until v1.6.1-aio.3 this endpoint had no auth, which meant any + caller who knew a ticket id could register it. The + Nostr-transport flow at `events_ticket_register` is now the + preferred call site for the webapp; this HTTP path stays for + the legacy LNbits Quasar register page which already sends + the wallet admin_key through `LNbits.api.request`. + """ ticket = await get_ticket(ticket_id) if not ticket: @@ -774,6 +791,20 @@ async def api_event_register_ticket(ticket_id) -> Ticket: status_code=HTTPStatus.NOT_FOUND, detail="Ticket does not exist." ) + event = await get_event(ticket.event) + if not event: + raise HTTPException( + status_code=HTTPStatus.NOT_FOUND, detail="Event does not exist." + ) + + user = await get_user(key_info.wallet.user) + owned_wallet_ids = user.wallet_ids if user else [key_info.wallet.id] + if event.wallet not in owned_wallet_ids: + raise HTTPException( + status_code=HTTPStatus.FORBIDDEN, + detail="You do not own this event.", + ) + if not ticket.paid: raise HTTPException( status_code=HTTPStatus.FORBIDDEN, detail="Ticket not paid for." -- 2.53.0 From 02071e6541a46dcd3ff40148956881f7ea6e7e84 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 18:45:48 +0200 Subject: [PATCH 3/5] feat: events_list_event_tickets RPC for organizer ticket roster MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Second nostr-transport handler on this branch. Returns paid + registered counts plus the per-ticket roster (id, name, registered status, timestamp) for one calendar event, organizer-only. Backs the door scanner's counts strip and "scanned" list with backend truth so a second organizer scanning on another device, an operator switching from mobile to laptop mid-event, or a refresh in incognito all see the same numbers instead of diverging from a per-device localStorage cache. Same authorisation posture as events_ticket_register: dispatcher binds caller pubkey to wallet via AUTH_WALLET, handler verifies the event's wallet is in the caller's wallet set. Only paid tickets land in the response — proposed/unpaid rows are irrelevant at the door. Webapp consumes this in aiolabs/webapp#73. --- __init__.py | 15 +++++++++++-- crud.py | 9 ++++++++ transport_rpcs.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 75 insertions(+), 3 deletions(-) diff --git a/__init__.py b/__init__.py index bfe3d45..01b145e 100644 --- a/__init__.py +++ b/__init__.py @@ -55,12 +55,23 @@ def events_start(): register_rpc, ) - from .transport_rpcs import handle_events_ticket_register + from .transport_rpcs import ( + handle_events_list_event_tickets, + handle_events_ticket_register, + ) register_rpc( "events_ticket_register", handle_events_ticket_register, AUTH_WALLET ) - logger.info("[EVENTS] Registered nostr-transport RPC: events_ticket_register") + register_rpc( + "events_list_event_tickets", + handle_events_list_event_tickets, + AUTH_WALLET, + ) + logger.info( + "[EVENTS] Registered nostr-transport RPCs: " + "events_ticket_register, events_list_event_tickets" + ) except ImportError: logger.info( "[EVENTS] nostr_transport not available on this LNbits — " diff --git a/crud.py b/crud.py index a72b3b3..551a3bc 100644 --- a/crud.py +++ b/crud.py @@ -139,6 +139,15 @@ async def get_tickets(wallet_ids: str | list[str]) -> list[Ticket]: return [Ticket(**_parse_ticket_row(row)) for row in rows] +async def get_tickets_by_event(event_id: str) -> list[Ticket]: + """All ticket rows for the given calendar event id.""" + rows = await db.fetchall( + "SELECT * FROM events.ticket WHERE event = :event_id", + {"event_id": event_id}, + ) + return [Ticket(**_parse_ticket_row(row)) for row in rows] + + async def get_tickets_by_user_id(user_id: str) -> list[Ticket]: """All tickets owned by the given LNbits user_id.""" rows = await db.fetchall( diff --git a/transport_rpcs.py b/transport_rpcs.py index 16060d6..e278f91 100644 --- a/transport_rpcs.py +++ b/transport_rpcs.py @@ -20,7 +20,7 @@ from lnbits.core.crud import get_user from lnbits.core.models import WalletTypeInfo from lnbits.core.services.nostr_transport.models import NostrRpcRequest -from .crud import get_event, get_ticket, update_ticket +from .crud import get_event, get_ticket, get_tickets_by_event, update_ticket async def handle_events_ticket_register( @@ -66,3 +66,55 @@ async def handle_events_ticket_register( ticket.reg_timestamp = datetime.now(timezone.utc) await update_ticket(ticket) return ticket.dict() + + +async def handle_events_list_event_tickets( + auth: WalletTypeInfo, + request: NostrRpcRequest, +) -> dict: + """Return paid + registered counts plus the per-ticket roster for + one calendar event, organizer-only. + + Backs the door scanner's counts strip and "All scanned" tab so the + UI reads authoritative state from the backend instead of relying + on per-device localStorage (which diverges the moment a second + organizer scans, or the operator switches devices). + + The roster only includes paid tickets — proposed/unpaid rows are + irrelevant at the door. + """ + body = request.body or {} + event_id = body.get("event_id") + if not event_id: + raise ValueError("event_id is required") + + event = await get_event(event_id) + if not event: + raise ValueError("Event does not exist") + + user = await get_user(auth.wallet.user) + owned_wallet_ids = user.wallet_ids if user else [auth.wallet.id] + if event.wallet not in owned_wallet_ids: + raise PermissionError("You do not own this event") + + tickets = await get_tickets_by_event(event_id) + paid_tickets = [t for t in tickets if t.paid] + registered_count = sum(1 for t in paid_tickets if t.registered) + + return { + "event_id": event_id, + "sold": len(paid_tickets), + "registered": registered_count, + "remaining": len(paid_tickets) - registered_count, + "tickets": [ + { + "id": t.id, + "name": t.name, + "registered": t.registered, + "registered_at": ( + t.reg_timestamp.isoformat() if t.reg_timestamp else None + ), + } + for t in paid_tickets + ], + } -- 2.53.0 From 66d263ef1467803c7f036b4c8e175580089fc9e4 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 18:46:18 +0200 Subject: [PATCH 4/5] ui(admin): Tickets card above All Users' Events on the admin index MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Tickets table is what an organiser actually scans during day-of operations — it deserves the top slot. All Users' Events stays one section down for the cross-tenant audit view (admin-only anyway). --- static/js/index.vue | 90 ++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/static/js/index.vue b/static/js/index.vue index 4760c6b..4b97fab 100644 --- a/static/js/index.vue +++ b/static/js/index.vue @@ -286,51 +286,6 @@ - - -
-
-
- All Users' Events - -
-
-
- - - - - - -
@@ -409,6 +364,51 @@ + + + +
+
+
+ All Users' Events + +
+
+
+ + + + + +
-- 2.53.0 From 3606fd9a0ae1c55fe8af14d7fe09b66deec8e2a6 Mon Sep 17 00:00:00 2001 From: Padreug Date: Sun, 24 May 2026 18:51:51 +0200 Subject: [PATCH 5/5] feat(admin): Owner column on All Users' Events card Adds the event's wallet owner (user_id) as the first column of the admin-only All Users' Events table so cross-tenant rows are attributable at a glance. Server-side join: GET /events/all now resolves each event.wallet -> wallet.user and stamps the result on the response as wallet_user_id. Frontend gets a dedicated allUsersEventsTable.columns definition so the user's own-events table stays unchanged. Follow-up #22 covers letting the admin actually edit those events once attributed. --- static/js/index.js | 45 +++++++++++++++++++++++++++++++++++++++++++++ static/js/index.vue | 2 +- views_api.py | 19 ++++++++++++++++--- 3 files changed, 62 insertions(+), 4 deletions(-) diff --git a/static/js/index.js b/static/js/index.js index a65f5f8..2b4bcb9 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -14,6 +14,51 @@ window.PageEvents = { settings: { auto_approve: false }, + allUsersEventsTable: { + // Shown on the admin All Users' Events card. Includes the + // wallet owner (`wallet_user_id` resolved server-side) so + // cross-tenant rows are attributable to a user. + columns: [ + { + name: 'wallet_user_id', + align: 'left', + label: 'Owner', + field: 'wallet_user_id' + }, + {name: 'id', align: 'left', label: 'ID', field: 'id'}, + {name: 'name', align: 'left', label: 'Name', field: 'name'}, + { + name: 'event_start_date', + align: 'left', + label: 'Start date', + field: 'event_start_date' + }, + { + name: 'event_end_date', + align: 'left', + label: 'End date', + field: 'event_end_date' + }, + { + name: 'closing_date', + align: 'left', + label: 'Ticket close', + field: 'closing_date' + }, + { + name: 'canceled', + align: 'left', + label: 'Canceled', + field: row => { + if (row.extra && row.extra.conditional && row.canceled) { + return 'Yes' + } + return 'No' + } + }, + {name: 'status', align: 'left', label: 'Status', field: 'status'} + ] + }, eventsTable: { columns: [ {name: 'id', align: 'left', label: 'ID', field: 'id'}, diff --git a/static/js/index.vue b/static/js/index.vue index 4b97fab..6e6891f 100644 --- a/static/js/index.vue +++ b/static/js/index.vue @@ -384,7 +384,7 @@ flat :rows="allUserEvents" row-key="id" - :columns="eventsTable.columns" + :columns="allUsersEventsTable.columns" :pagination="{rowsPerPage: 10}" >