aiolabs/lnbits
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

db commits at the right places when sending payments.

Browse source 
fixing vulnerabilities introduced in https://github.com/lnbits/lnbits/pull/90
This commit is contained in:
fiatjaf 2020-09-11 21:24:41 -03:00
parent 4855e2cd3d
commit 5ac91ee2cf
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lnbits/core/services.py
View file

@ -44,6 +44,7 @@ def create_invoice(
extra=extra, extra=extra,
) )
g.db.commit()
return invoice.payment_hash, payment_request return invoice.payment_hash, payment_request
@ -97,6 +98,8 @@ def pay_invoice(
if wallet.balance_msat < 0: if wallet.balance_msat < 0:
g.db.rollback() g.db.rollback()
raise PermissionError("Insufficient balance.") raise PermissionError("Insufficient balance.")
else:
g.db.commit()
if internal: if internal:
# mark the invoice from the other side as not pending anymore # mark the invoice from the other side as not pending anymore
@ -112,6 +115,7 @@ def pay_invoice(
else: else:
raise Exception(error_message or "Failed to pay_invoice on backend.") raise Exception(error_message or "Failed to pay_invoice on backend.")
g.db.commit()
return invoice.payment_hash return invoice.payment_hash