From 1b433f9cbcb6ccc46eaa05d3018000872393696f Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@alhur.es>
Date: Wed, 23 Jun 2021 16:24:52 -0300
Subject: [PATCH 1/4] remove secure headers.

---
 Pipfile          |  1 -
 lnbits/app.py    | 13 -------------
 requirements.txt |  1 -
 3 files changed, 15 deletions(-)

diff --git a/Pipfile b/Pipfile
index addd84b6..951ea9bf 100644
--- a/Pipfile
+++ b/Pipfile
@@ -17,7 +17,6 @@ shortuuid = "*"
 quart = "*"
 quart-cors = "*"
 quart-compress = "*"
-secure = "*"
 typing-extensions = "*"
 httpx = "*"
 quart-trio = "*"
diff --git a/lnbits/app.py b/lnbits/app.py
index 35852cd9..fe86e730 100644
--- a/lnbits/app.py
+++ b/lnbits/app.py
@@ -7,7 +7,6 @@ from quart import g
 from quart_trio import QuartTrio
 from quart_cors import cors  # type: ignore
 from quart_compress import Compress  # type: ignore
-from secure import SecureHeaders  # type: ignore
 
 from .commands import db_migrate, handle_assets
 from .core import core_app
@@ -27,8 +26,6 @@ from .tasks import (
 )
 from .settings import WALLET
 
-secure_headers = SecureHeaders(hsts=False, xfo=False)
-
 
 def create_app(config_object="lnbits.settings") -> QuartTrio:
     """Create application factory.
@@ -46,7 +43,6 @@ def create_app(config_object="lnbits.settings") -> QuartTrio:
     register_blueprints(app)
     register_filters(app)
     register_commands(app)
-    register_request_hooks(app)
     register_async_tasks(app)
     register_exception_handlers(app)
 
@@ -112,15 +108,6 @@ def register_filters(app: QuartTrio):
     app.jinja_env.globals["EXTENSIONS"] = get_valid_extensions()
 
 
-def register_request_hooks(app: QuartTrio):
-    """Open the core db for each request so everything happens in a big transaction"""
-
-    @app.after_request
-    async def set_secure_headers(response):
-        secure_headers.quart(response)
-        return response
-
-
 def register_async_tasks(app):
     @app.route("/wallet/webhook", methods=["GET", "POST", "PUT", "PATCH", "DELETE"])
     async def webhook_listener():
diff --git a/requirements.txt b/requirements.txt
index 703fbbd1..5e10e7cd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -37,7 +37,6 @@ quart-cors==0.4.0
 quart-trio==0.7.0
 represent==1.6.0.post0
 rfc3986==1.4.0
-secure==0.2.1
 shortuuid==1.0.1
 six==1.15.0
 sniffio==1.2.0

From 6f88973f752e73bd5fb96a3ba406dae313d4cb7f Mon Sep 17 00:00:00 2001
From: fiatjaf <fiatjaf@alhur.es>
Date: Wed, 23 Jun 2021 17:00:30 -0300
Subject: [PATCH 2/4] fail longpolling endpoint after 45 seconds.

this should fix a possible bug in which connections are left open forever or worse.
---
 lnbits/core/views/public_api.py | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/lnbits/core/views/public_api.py b/lnbits/core/views/public_api.py
index d25d7852..167352ac 100644
--- a/lnbits/core/views/public_api.py
+++ b/lnbits/core/views/public_api.py
@@ -32,6 +32,24 @@ async def api_public_payment_longpolling(payment_hash):
     print("adding standalone invoice listener", payment_hash, send_payment)
     api_invoice_listeners.append(send_payment)
 
-    async for payment in receive_payment:
-        if payment.payment_hash == payment_hash:
-            return jsonify({"status": "paid"}), HTTPStatus.OK
+    response = None
+
+    async def payment_info_receiver(cancel_scope):
+        async for payment in receive_payment:
+            if payment.payment_hash == payment_hash:
+                nonlocal response
+                response = (jsonify({"status": "paid"}), HTTPStatus.OK)
+                cancel_scope.cancel()
+
+    async def timeouter(cancel_scope):
+        await trio.sleep(45)
+        cancel_scope.cancel()
+
+    async with trio.open_nursery() as nursery:
+        nursery.start_soon(payment_info_receiver, nursery.cancel_scope)
+        nursery.start_soon(timeouter, nursery.cancel_scope)
+
+    if response:
+        return response
+    else:
+        return jsonify({"message": "timeout"}), HTTPStatus.REQUEST_TIMEOUT

From d2cad060fd14834dbd0031695551c7dd2af221f3 Mon Sep 17 00:00:00 2001
From: Ben Arc <ben@arc.wales>
Date: Wed, 23 Jun 2021 21:51:57 +0100
Subject: [PATCH 3/4] fixed tickets not showing

---
 lnbits/extensions/lnticket/templates/lnticket/index.html | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lnbits/extensions/lnticket/templates/lnticket/index.html b/lnbits/extensions/lnticket/templates/lnticket/index.html
index d2ab7801..3b7d3da8 100644
--- a/lnbits/extensions/lnticket/templates/lnticket/index.html
+++ b/lnbits/extensions/lnticket/templates/lnticket/index.html
@@ -317,8 +317,9 @@
           .then(function (response) {
             self.tickets = response.data
               .map(function (obj) {
-                if (!obj?.paid) return
-                return mapLNTicket(obj)
+                if (obj.paid){
+                  return mapLNTicket(obj)
+                }
               })
               .filter(v => v)
           })

From e7824e0e8dbe00e9fb671cf76333bfff82e90c5e Mon Sep 17 00:00:00 2001
From: Ben Arc <ben@arc.wales>
Date: Wed, 23 Jun 2021 22:34:03 +0100
Subject: [PATCH 4/4] prettier

---
 lnbits/extensions/lnticket/templates/lnticket/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lnbits/extensions/lnticket/templates/lnticket/index.html b/lnbits/extensions/lnticket/templates/lnticket/index.html
index 3b7d3da8..affaf7e2 100644
--- a/lnbits/extensions/lnticket/templates/lnticket/index.html
+++ b/lnbits/extensions/lnticket/templates/lnticket/index.html
@@ -317,7 +317,7 @@
           .then(function (response) {
             self.tickets = response.data
               .map(function (obj) {
-                if (obj.paid){
+                if (obj.paid) {
                   return mapLNTicket(obj)
                 }
               })