aiolabs/lnbits
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1

disabling card with just otp which is also part of notify

Browse source
This commit is contained in:
Gene Takavic 2022-09-26 11:47:00 +02:00
parent 0bede387f5
commit 5c6cd70d3b
3 changed files with 29 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lnbits/extensions/boltcards/crud.py
View file

@ -114,8 +114,14 @@ async def get_card_by_external_id(external_id: str) -> Optional[Card]:
return Card.parse_obj(card) return Card.parse_obj(card)
async def get_card_by_otp(otp: str) -> Optional[Card]: async def get_card_by_otp(otp: str, half: bool = False) -> Optional[Card]:
row = await db.fetchone("SELECT * FROM boltcards.cards WHERE otp = ?", (otp,)) if half and len(otp) == 16:
otp = "%" + otp
row = await db.fetchone(
"SELECT * FROM boltcards.cards WHERE otp LIKE ?", (otp,)
)
else:
row = await db.fetchone("SELECT * FROM boltcards.cards WHERE otp = ?", (otp,))
if not row: if not row:
return None return None

3
lnbits/extensions/boltcards/lnurl.py
View file

@ -119,6 +119,9 @@ async def lnurl_callback(
"notification": "card_payment", "notification": "card_payment",
"card_external_id": card.external_id, "card_external_id": card.external_id,
"card_name": card.card_name, "card_name": card.card_name,
"card_otp": card.otp[
-16:
], # actually only half of the OTP is sent (full otp reveals the keys)
}, },
) )
if card.webhook_url if card.webhook_url

18
lnbits/extensions/boltcards/views_api.py
View file

@ -15,11 +15,13 @@ from .crud import (
delete_card, delete_card,
enable_disable_card, enable_disable_card,
get_card, get_card,
get_card_by_otp,
get_card_by_uid, get_card_by_uid,
get_cards, get_cards,
get_hits, get_hits,
get_refunds, get_refunds,
update_card, update_card,
update_card_otp,
) )
from .models import CreateCardData from .models import CreateCardData
@ -111,6 +113,22 @@ async def enable_card(
return card.dict() return card.dict()
@boltcards_ext.post("/api/v1/disablecard")
async def disble_card_with_otp(a):
if len(a) < 16:
raise HTTPException(detail="Invalid OTP.", status_code=HTTPStatus.BAD_REQUEST)
card = await get_card_by_otp(a, half=True)
if not card:
raise HTTPException(detail="No card found.", status_code=HTTPStatus.NOT_FOUND)
new_otp = secrets.token_hex(16)
await update_card_otp(new_otp, card.id)
card = await enable_disable_card(enable=False, id=card.id)
return {"status": "OK"}
@boltcards_ext.delete("/api/v1/cards/{card_id}") @boltcards_ext.delete("/api/v1/cards/{card_id}")
async def api_card_delete(card_id, wallet: WalletTypeInfo = Depends(require_admin_key)): async def api_card_delete(card_id, wallet: WalletTypeInfo = Depends(require_admin_key)):
card = await get_card(card_id) card = await get_card(card_id)