From 3831bca9e2dbb739f91d8f4ec276e777733380a0 Mon Sep 17 00:00:00 2001 From: Stefan Stammberger Date: Sat, 27 Nov 2021 10:13:32 +0100 Subject: [PATCH 1/8] fix: cleanup core/views/generic.py * Fixed withdraw endpoint query params access was: request.query_params.get("usr") corrected: request.query_params.get("usr") * Added missing response classes * Removed old comments and commeted out code * Deleted the unused auth_bearer.py file --- lnbits/auth_bearer.py | 51 ------------------------------ lnbits/core/views/generic.py | 61 +++++++++++++++++++----------------- 2 files changed, 32 insertions(+), 80 deletions(-) delete mode 100644 lnbits/auth_bearer.py diff --git a/lnbits/auth_bearer.py b/lnbits/auth_bearer.py deleted file mode 100644 index 163785dd..00000000 --- a/lnbits/auth_bearer.py +++ /dev/null @@ -1,51 +0,0 @@ -from fastapi import Request, HTTPException -from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader, APIKey - -# https://medium.com/data-rebels/fastapi-authentication-revisited-enabling-api-key-authentication-122dc5975680 - -from fastapi import Security, Depends, FastAPI, HTTPException -from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader, APIKey -from fastapi.security.base import SecurityBase - - -API_KEY = "usr" -API_KEY_NAME = "X-API-key" - -api_key_query = APIKeyQuery(name=API_KEY_NAME, auto_error=False) -api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=False) - - -class AuthBearer(SecurityBase): - def __init__(self, scheme_name: str = None, auto_error: bool = True): - self.scheme_name = scheme_name or self.__class__.__name__ - self.auto_error = auto_error - - async def __call__(self, request: Request): - key = await self.get_api_key() - print(key) - # credentials: HTTPAuthorizationCredentials = await super(AuthBearer, self).__call__(request) - # if credentials: - # if not credentials.scheme == "Bearer": - # raise HTTPException( - # status_code=403, detail="Invalid authentication scheme.") - # if not self.verify_jwt(credentials.credentials): - # raise HTTPException( - # status_code=403, detail="Invalid token or expired token.") - # return credentials.credentials - # else: - # raise HTTPException( - # status_code=403, detail="Invalid authorization code.") - - async def get_api_key( - self, - api_key_query: str = Security(api_key_query), - api_key_header: str = Security(api_key_header), - ): - if api_key_query == API_KEY: - return api_key_query - elif api_key_header == API_KEY: - return api_key_header - else: - raise HTTPException( - status_code=403, detail="Could not validate credentials" - ) diff --git a/lnbits/core/views/generic.py b/lnbits/core/views/generic.py index 5e0ededf..5dbe92a7 100644 --- a/lnbits/core/views/generic.py +++ b/lnbits/core/views/generic.py @@ -4,18 +4,16 @@ from typing import Optional from fastapi import Request, status from fastapi.exceptions import HTTPException -from fastapi.param_functions import Body from fastapi.params import Depends, Query from fastapi.responses import FileResponse, RedirectResponse from fastapi.routing import APIRouter from pydantic.types import UUID4 -from starlette.responses import HTMLResponse +from starlette.responses import HTMLResponse, JSONResponse from lnbits.core import db from lnbits.core.models import User from lnbits.decorators import check_user_exists from lnbits.helpers import template_renderer, url_for -from lnbits.requestvars import g from lnbits.settings import LNBITS_ALLOWED_USERS, LNBITS_SITE_TITLE, SERVICE_FEE from ..crud import ( @@ -32,7 +30,7 @@ from ..services import pay_invoice, redeem_lnurl_withdraw core_html_routes: APIRouter = APIRouter(tags=["Core NON-API Website Routes"]) -@core_html_routes.get("/favicon.ico") +@core_html_routes.get("/favicon.ico", response_class=FileResponse) async def favicon(): return FileResponse("lnbits/core/static/favicon.ico") @@ -44,7 +42,11 @@ async def home(request: Request, lightning: str = None): ) -@core_html_routes.get("/extensions", name="core.extensions") +@core_html_routes.get( + "/extensions", + name="core.extensions", + response_class=HTMLResponse, +) async def extensions( request: Request, user: User = Depends(check_user_exists), @@ -77,9 +79,19 @@ async def extensions( ) -@core_html_routes.get("/wallet", response_class=HTMLResponse) -# Not sure how to validate -# @validate_uuids(["usr", "nme"]) +@core_html_routes.get( + "/wallet", + response_class=HTMLResponse, + description=""" +Args: + +just **wallet_name**: create a new user, then create a new wallet for user with wallet_name
+just **user_id**: return the first user wallet or create one if none found (with default wallet_name)
+**user_id** and **wallet_name**: create a new wallet for user with wallet_name
+**user_id** and **wallet_id**: return that wallet if user is the owner
+nothing: create everything
+""", +) async def wallet( request: Request = Query(None), nme: Optional[str] = Query(None), @@ -91,12 +103,6 @@ async def wallet( wallet_name = nme service_fee = int(SERVICE_FEE) if int(SERVICE_FEE) == SERVICE_FEE else SERVICE_FEE - # just wallet_name: create a new user, then create a new wallet for user with wallet_name - # just user_id: return the first user wallet or create one if none found (with default wallet_name) - # user_id and wallet_name: create a new wallet for user with wallet_name - # user_id and wallet_id: return that wallet if user is the owner - # nothing: create everything - if not user_id: user = await get_user((await create_account()).id) else: @@ -137,14 +143,13 @@ async def wallet( ) -@core_html_routes.get("/withdraw") -# @validate_uuids(["usr", "wal"], required=True) +@core_html_routes.get("/withdraw", response_class=JSONResponse) async def lnurl_full_withdraw(request: Request): - user = await get_user(request.args.get("usr")) + user = await get_user(request.query_params.get("usr")) if not user: return {"status": "ERROR", "reason": "User does not exist."} - wallet = user.get_wallet(request.args.get("wal")) + wallet = user.get_wallet(request.query_params.get("wal")) if not wallet: return {"status": "ERROR", "reason": "Wallet does not exist."} @@ -159,18 +164,17 @@ async def lnurl_full_withdraw(request: Request): } -@core_html_routes.get("/withdraw/cb") -# @validate_uuids(["usr", "wal"], required=True) +@core_html_routes.get("/withdraw/cb", response_class=JSONResponse) async def lnurl_full_withdraw_callback(request: Request): - user = await get_user(request.args.get("usr")) + user = await get_user(request.query_params.get("usr")) if not user: return {"status": "ERROR", "reason": "User does not exist."} - wallet = user.get_wallet(request.args.get("wal")) + wallet = user.get_wallet(request.query_params.get("wal")) if not wallet: return {"status": "ERROR", "reason": "Wallet does not exist."} - pr = request.args.get("pr") + pr = request.query_params.get("pr") async def pay(): try: @@ -180,14 +184,14 @@ async def lnurl_full_withdraw_callback(request: Request): asyncio.create_task(pay()) - balance_notify = request.args.get("balanceNotify") + balance_notify = request.query_params.get("balanceNotify") if balance_notify: await save_balance_notify(wallet.id, balance_notify) return {"status": "OK"} -@core_html_routes.get("/deletewallet") +@core_html_routes.get("/deletewallet", response_class=RedirectResponse) async def deletewallet(request: Request, wal: str = Query(...), usr: str = Query(...)): user = await get_user(usr) user_wallet_ids = [u.id for u in user.wallets] @@ -211,14 +215,13 @@ async def deletewallet(request: Request, wal: str = Query(...), usr: str = Query @core_html_routes.get("/withdraw/notify/{service}") -# @validate_uuids(["wal"], required=True) async def lnurl_balance_notify(request: Request, service: str): - bc = await get_balance_check(request.args.get("wal"), service) + bc = await get_balance_check(request.query_params.get("wal"), service) if bc: redeem_lnurl_withdraw(bc.wallet, bc.url) -@core_html_routes.get("/lnurlwallet") +@core_html_routes.get("/lnurlwallet", response_class=RedirectResponse) async def lnurlwallet(request: Request): async with db.connect() as conn: account = await create_account(conn=conn) @@ -228,7 +231,7 @@ async def lnurlwallet(request: Request): asyncio.create_task( redeem_lnurl_withdraw( wallet.id, - request.args.get("lightning"), + request.query_params.get("lightning"), "LNbits initial funding: voucher redeem.", {"tag": "lnurlwallet"}, 5, # wait 5 seconds before sending the invoice to the service From 63546036bcfe9d2aee29ca9226c939f2ae0f6bd0 Mon Sep 17 00:00:00 2001 From: Tiago vasconcelos Date: Tue, 30 Nov 2021 14:12:01 +0000 Subject: [PATCH 2/8] fix purge --- lnbits/extensions/lnaddress/crud.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lnbits/extensions/lnaddress/crud.py b/lnbits/extensions/lnaddress/crud.py index 4cfff2f9..3bd636f1 100644 --- a/lnbits/extensions/lnaddress/crud.py +++ b/lnbits/extensions/lnaddress/crud.py @@ -176,7 +176,7 @@ async def purge_addresses(domain_id: str): now = datetime.now().timestamp() for row in rows: - r = Addresses(**row)._asdict() + r = Addresses(**row).dict() start = datetime.fromtimestamp(r["time"]) paid = r["paid"] From 5b01ee6879a2fe37b6668e474070eccd8b0ec939 Mon Sep 17 00:00:00 2001 From: Tiago vasconcelos Date: Tue, 30 Nov 2021 14:20:34 +0000 Subject: [PATCH 3/8] check for missing protocol --- lnbits/extensions/lnaddress/lnurl.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lnbits/extensions/lnaddress/lnurl.py b/lnbits/extensions/lnaddress/lnurl.py index 30b8fc5a..20ec7a96 100644 --- a/lnbits/extensions/lnaddress/lnurl.py +++ b/lnbits/extensions/lnaddress/lnurl.py @@ -15,6 +15,7 @@ from .crud import get_address, get_address_by_username, get_domain async def lnurl_response(username: str, domain: str, request: Request): + print("LNU", username, domain) address = await get_address_by_username(username, domain) if not address: @@ -54,7 +55,7 @@ async def lnurl_callback(address_id, amount: int = Query(...)): if address.wallet_endpoint.endswith("/") else address.wallet_endpoint ) - + print("BASE", base_url) async with httpx.AsyncClient() as client: try: call = await client.post( From f37af0ddf6102871c4a7bf0bcd061399514db42f Mon Sep 17 00:00:00 2001 From: Tiago vasconcelos Date: Tue, 30 Nov 2021 14:41:25 +0000 Subject: [PATCH 4/8] fix request url default --- lnbits/extensions/lnaddress/lnurl.py | 2 +- lnbits/extensions/lnaddress/templates/lnaddress/display.html | 2 +- lnbits/extensions/lnaddress/templates/lnaddress/index.html | 1 + lnbits/extensions/lnaddress/views.py | 5 ++++- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lnbits/extensions/lnaddress/lnurl.py b/lnbits/extensions/lnaddress/lnurl.py index 20ec7a96..22e54b8a 100644 --- a/lnbits/extensions/lnaddress/lnurl.py +++ b/lnbits/extensions/lnaddress/lnurl.py @@ -55,7 +55,7 @@ async def lnurl_callback(address_id, amount: int = Query(...)): if address.wallet_endpoint.endswith("/") else address.wallet_endpoint ) - print("BASE", base_url) + print("BASE", base_url ) async with httpx.AsyncClient() as client: try: call = await client.post( diff --git a/lnbits/extensions/lnaddress/templates/lnaddress/display.html b/lnbits/extensions/lnaddress/templates/lnaddress/display.html index 67745fa8..f820c81f 100644 --- a/lnbits/extensions/lnaddress/templates/lnaddress/display.html +++ b/lnbits/extensions/lnaddress/templates/lnaddress/display.html @@ -370,7 +370,7 @@ if (data.wallet_endpoint == '') { data.wallet_endpoint = null } - data.wallet_endpoint = data.wallet_endpoint ?? '{{ request.url_root }}' + data.wallet_endpoint = data.wallet_endpoint ?? '{{ root_url }}' data.duration = parseInt(data.duration) console.log('data', data) diff --git a/lnbits/extensions/lnaddress/templates/lnaddress/index.html b/lnbits/extensions/lnaddress/templates/lnaddress/index.html index ef04b593..3969d6f5 100644 --- a/lnbits/extensions/lnaddress/templates/lnaddress/index.html +++ b/lnbits/extensions/lnaddress/templates/lnaddress/index.html @@ -489,6 +489,7 @@ this.getDomains() this.getAddresses() } + console.log('{{ request.url.path }}') // var self = this // // // axios is available for making requests diff --git a/lnbits/extensions/lnaddress/views.py b/lnbits/extensions/lnaddress/views.py index cec12bf8..ef6d2b76 100644 --- a/lnbits/extensions/lnaddress/views.py +++ b/lnbits/extensions/lnaddress/views.py @@ -1,4 +1,5 @@ from http import HTTPStatus +from urllib.parse import urlparse from fastapi import Request from fastapi.params import Depends @@ -34,7 +35,8 @@ async def display(domain_id, request: Request): await purge_addresses(domain_id) wallet = await get_wallet(domain.wallet) - + url = urlparse(str(request.url)) + return lnaddress_renderer().TemplateResponse( "lnaddress/display.html", { @@ -43,5 +45,6 @@ async def display(domain_id, request: Request): "domain_domain": domain.domain, "domain_cost": domain.cost, "domain_wallet_inkey": wallet.inkey, + "root_url": f"{url.scheme}://{url.netloc}" }, ) From d6f3c2f9c44d620c67b69885206cc5eeea1dfda5 Mon Sep 17 00:00:00 2001 From: Tiago vasconcelos Date: Tue, 30 Nov 2021 14:46:48 +0000 Subject: [PATCH 5/8] more debub --- lnbits/extensions/lnaddress/lnurl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lnbits/extensions/lnaddress/lnurl.py b/lnbits/extensions/lnaddress/lnurl.py index 22e54b8a..f233b291 100644 --- a/lnbits/extensions/lnaddress/lnurl.py +++ b/lnbits/extensions/lnaddress/lnurl.py @@ -55,7 +55,7 @@ async def lnurl_callback(address_id, amount: int = Query(...)): if address.wallet_endpoint.endswith("/") else address.wallet_endpoint ) - print("BASE", base_url ) + print("BASE", base_url, address ) async with httpx.AsyncClient() as client: try: call = await client.post( From ccd3a12ed34fc41a1453fdd47331991520dfcf40 Mon Sep 17 00:00:00 2001 From: Tiago vasconcelos Date: Tue, 30 Nov 2021 14:58:03 +0000 Subject: [PATCH 6/8] fix lnbits root url --- lnbits/extensions/lnaddress/lnurl.py | 3 +-- .../lnaddress/templates/lnaddress/display.html | 3 +-- .../lnaddress/templates/lnaddress/index.html | 13 ------------- 3 files changed, 2 insertions(+), 17 deletions(-) diff --git a/lnbits/extensions/lnaddress/lnurl.py b/lnbits/extensions/lnaddress/lnurl.py index f233b291..30b8fc5a 100644 --- a/lnbits/extensions/lnaddress/lnurl.py +++ b/lnbits/extensions/lnaddress/lnurl.py @@ -15,7 +15,6 @@ from .crud import get_address, get_address_by_username, get_domain async def lnurl_response(username: str, domain: str, request: Request): - print("LNU", username, domain) address = await get_address_by_username(username, domain) if not address: @@ -55,7 +54,7 @@ async def lnurl_callback(address_id, amount: int = Query(...)): if address.wallet_endpoint.endswith("/") else address.wallet_endpoint ) - print("BASE", base_url, address ) + async with httpx.AsyncClient() as client: try: call = await client.post( diff --git a/lnbits/extensions/lnaddress/templates/lnaddress/display.html b/lnbits/extensions/lnaddress/templates/lnaddress/display.html index f820c81f..7164752c 100644 --- a/lnbits/extensions/lnaddress/templates/lnaddress/display.html +++ b/lnbits/extensions/lnaddress/templates/lnaddress/display.html @@ -372,8 +372,7 @@ } data.wallet_endpoint = data.wallet_endpoint ?? '{{ root_url }}' data.duration = parseInt(data.duration) - console.log('data', data) - + axios .post('/lnaddress/api/v1/address/{{ domain_id }}', data) .then(response => { diff --git a/lnbits/extensions/lnaddress/templates/lnaddress/index.html b/lnbits/extensions/lnaddress/templates/lnaddress/index.html index 3969d6f5..54836a43 100644 --- a/lnbits/extensions/lnaddress/templates/lnaddress/index.html +++ b/lnbits/extensions/lnaddress/templates/lnaddress/index.html @@ -489,19 +489,6 @@ this.getDomains() this.getAddresses() } - console.log('{{ request.url.path }}') - // var self = this - // - // // axios is available for making requests - // axios({ - // method: 'GET', - // url: '/example/api/v1/tools', - // headers: { - // 'X-example-header': 'not-used' - // } - // }).then(function (response) { - // self.tools = response.data - // }) } }) From e3360514cd4fb02c73497da51139005bbd47cbee Mon Sep 17 00:00:00 2001 From: Tiago vasconcelos Date: Tue, 30 Nov 2021 15:12:13 +0000 Subject: [PATCH 7/8] add documentation reference --- lnbits/extensions/lnaddress/templates/lnaddress/index.html | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lnbits/extensions/lnaddress/templates/lnaddress/index.html b/lnbits/extensions/lnaddress/templates/lnaddress/index.html index 54836a43..dffef837 100644 --- a/lnbits/extensions/lnaddress/templates/lnaddress/index.html +++ b/lnbits/extensions/lnaddress/templates/lnaddress/index.html @@ -186,10 +186,14 @@ + Your API key in cloudflare From 290268885d6a3d41abad36d0a5c4dfa9ef2a9afd Mon Sep 17 00:00:00 2001 From: Tiago vasconcelos Date: Tue, 30 Nov 2021 15:13:06 +0000 Subject: [PATCH 8/8] fix purge check for missing protocol fix request url default more debub fix lnbits root url add documentation reference --- lnbits/extensions/lnaddress/crud.py | 2 +- .../lnaddress/templates/lnaddress/display.html | 5 ++--- .../lnaddress/templates/lnaddress/index.html | 16 ++++------------ lnbits/extensions/lnaddress/views.py | 5 ++++- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/lnbits/extensions/lnaddress/crud.py b/lnbits/extensions/lnaddress/crud.py index 4cfff2f9..3bd636f1 100644 --- a/lnbits/extensions/lnaddress/crud.py +++ b/lnbits/extensions/lnaddress/crud.py @@ -176,7 +176,7 @@ async def purge_addresses(domain_id: str): now = datetime.now().timestamp() for row in rows: - r = Addresses(**row)._asdict() + r = Addresses(**row).dict() start = datetime.fromtimestamp(r["time"]) paid = r["paid"] diff --git a/lnbits/extensions/lnaddress/templates/lnaddress/display.html b/lnbits/extensions/lnaddress/templates/lnaddress/display.html index 67745fa8..7164752c 100644 --- a/lnbits/extensions/lnaddress/templates/lnaddress/display.html +++ b/lnbits/extensions/lnaddress/templates/lnaddress/display.html @@ -370,10 +370,9 @@ if (data.wallet_endpoint == '') { data.wallet_endpoint = null } - data.wallet_endpoint = data.wallet_endpoint ?? '{{ request.url_root }}' + data.wallet_endpoint = data.wallet_endpoint ?? '{{ root_url }}' data.duration = parseInt(data.duration) - console.log('data', data) - + axios .post('/lnaddress/api/v1/address/{{ domain_id }}', data) .then(response => { diff --git a/lnbits/extensions/lnaddress/templates/lnaddress/index.html b/lnbits/extensions/lnaddress/templates/lnaddress/index.html index ef04b593..dffef837 100644 --- a/lnbits/extensions/lnaddress/templates/lnaddress/index.html +++ b/lnbits/extensions/lnaddress/templates/lnaddress/index.html @@ -186,10 +186,14 @@ + Your API key in cloudflare @@ -489,18 +493,6 @@ this.getDomains() this.getAddresses() } - // var self = this - // - // // axios is available for making requests - // axios({ - // method: 'GET', - // url: '/example/api/v1/tools', - // headers: { - // 'X-example-header': 'not-used' - // } - // }).then(function (response) { - // self.tools = response.data - // }) } }) diff --git a/lnbits/extensions/lnaddress/views.py b/lnbits/extensions/lnaddress/views.py index cec12bf8..ef6d2b76 100644 --- a/lnbits/extensions/lnaddress/views.py +++ b/lnbits/extensions/lnaddress/views.py @@ -1,4 +1,5 @@ from http import HTTPStatus +from urllib.parse import urlparse from fastapi import Request from fastapi.params import Depends @@ -34,7 +35,8 @@ async def display(domain_id, request: Request): await purge_addresses(domain_id) wallet = await get_wallet(domain.wallet) - + url = urlparse(str(request.url)) + return lnaddress_renderer().TemplateResponse( "lnaddress/display.html", { @@ -43,5 +45,6 @@ async def display(domain_id, request: Request): "domain_domain": domain.domain, "domain_cost": domain.cost, "domain_wallet_inkey": wallet.inkey, + "root_url": f"{url.scheme}://{url.netloc}" }, )