db commits at the right places when sending payments.

fixing vulnerabilities introduced in https://github.com/lnbits/lnbits/pull/90
This commit is contained in:
fiatjaf 2020-09-11 21:24:41 -03:00
parent 4855e2cd3d
commit 5ac91ee2cf

View file

@ -44,6 +44,7 @@ def create_invoice(
extra=extra, extra=extra,
) )
g.db.commit()
return invoice.payment_hash, payment_request return invoice.payment_hash, payment_request
@ -97,6 +98,8 @@ def pay_invoice(
if wallet.balance_msat < 0: if wallet.balance_msat < 0:
g.db.rollback() g.db.rollback()
raise PermissionError("Insufficient balance.") raise PermissionError("Insufficient balance.")
else:
g.db.commit()
if internal: if internal:
# mark the invoice from the other side as not pending anymore # mark the invoice from the other side as not pending anymore
@ -112,6 +115,7 @@ def pay_invoice(
else: else:
raise Exception(error_message or "Failed to pay_invoice on backend.") raise Exception(error_message or "Failed to pay_invoice on backend.")
g.db.commit()
return invoice.payment_hash return invoice.payment_hash