diff --git a/.env.example b/.env.example index 898f90bd..13765574 100644 --- a/.env.example +++ b/.env.example @@ -10,13 +10,19 @@ DEBUG=false LNBITS_ALLOWED_USERS="" LNBITS_ADMIN_USERS="" # Extensions only admin can access -LNBITS_ADMIN_EXTENSIONS="ngrok" +LNBITS_ADMIN_EXTENSIONS="ngrok, admin" +# Enable Admin GUI, available for the first user in LNBITS_ADMIN_USERS if available +LNBITS_ADMIN_UI=false + +# Restricts access, User IDs seperated by comma +LNBITS_ALLOWED_USERS="" + LNBITS_DEFAULT_WALLET_NAME="LNbits wallet" # Ad space description # LNBITS_AD_SPACE_TITLE="Supported by" # csv ad space, format ";;, ;;", extensions can choose to honor -# LNBITS_AD_SPACE="" +# LNBITS_AD_SPACE="https://shop.lnbits.com/;https://raw.githubusercontent.com/lnbits/lnbits/main/lnbits/static/images/lnbits-shop-light.png;https://raw.githubusercontent.com/lnbits/lnbits/main/lnbits/static/images/lnbits-shop-dark.png" # Hides wallet api, extensions can choose to honor LNBITS_HIDE_API=false @@ -105,6 +111,6 @@ LNTIPS_API_KEY=LNTIPS_ADMIN_KEY LNTIPS_API_ENDPOINT=https://ln.tips # Cashu Mint -# Use a long-enough random (!) private key. +# Use a long-enough random (!) private key. # Once set, you cannot change this key as for now. CASHU_PRIVATE_KEY="SuperSecretPrivateKey" diff --git a/Dockerfile b/Dockerfile index f107f68c..a03e1eb2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN mkdir -p lnbits/data COPY . . RUN poetry config virtualenvs.create false -RUN poetry install --no-dev --no-root +RUN poetry install --only main --no-root RUN poetry run python build.py ENV LNBITS_PORT="5000" diff --git a/lnbits/__main__.py b/lnbits/__main__.py index 90cb1997..793f52dc 100644 --- a/lnbits/__main__.py +++ b/lnbits/__main__.py @@ -1,38 +1,3 @@ -import asyncio - -import uvloop -from loguru import logger -from starlette.requests import Request - -from .commands import migrate_databases -from .settings import ( - DEBUG, - HOST, - LNBITS_COMMIT, - LNBITS_DATA_FOLDER, - LNBITS_DATABASE_URL, - LNBITS_SITE_TITLE, - PORT, - WALLET, -) - -uvloop.install() - -asyncio.create_task(migrate_databases()) - from .app import create_app app = create_app() - -logger.info("Starting LNbits") -logger.info(f"Host: {HOST}") -logger.info(f"Port: {PORT}") -logger.info(f"Debug: {DEBUG}") -logger.info(f"Site title: {LNBITS_SITE_TITLE}") -logger.info(f"Funding source: {WALLET.__class__.__name__}") -logger.info( - f"Database: {'PostgreSQL' if LNBITS_DATABASE_URL and LNBITS_DATABASE_URL.startswith('postgres://') else 'CockroachDB' if LNBITS_DATABASE_URL and LNBITS_DATABASE_URL.startswith('cockroachdb://') else 'SQLite'}" -) -logger.info(f"Data folder: {LNBITS_DATA_FOLDER}") -logger.info(f"Git version: {LNBITS_COMMIT}") -# logger.info(f"Service fee: {SERVICE_FEE}") diff --git a/lnbits/app.py b/lnbits/app.py index 075828ef..1b1292ce 100644 --- a/lnbits/app.py +++ b/lnbits/app.py @@ -4,21 +4,22 @@ import logging import signal import sys import traceback -import warnings from http import HTTPStatus from fastapi import FastAPI, Request -from fastapi.exceptions import RequestValidationError +from fastapi.exceptions import HTTPException, RequestValidationError from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.gzip import GZipMiddleware from fastapi.responses import JSONResponse from fastapi.staticfiles import StaticFiles from loguru import logger -import lnbits.settings from lnbits.core.tasks import register_task_listeners +from lnbits.settings import get_wallet_class, set_wallet_class, settings +from .commands import migrate_databases from .core import core_app +from .core.services import check_admin_settings from .core.views.generic import core_html_routes from .helpers import ( get_css_vendored, @@ -28,7 +29,6 @@ from .helpers import ( url_for_vendored, ) from .requestvars import g -from .settings import WALLET from .tasks import ( catch_everything_and_restart, check_pending_payments, @@ -38,10 +38,8 @@ from .tasks import ( ) -def create_app(config_object="lnbits.settings") -> FastAPI: - """Create application factory. - :param config_object: The configuration object to use. - """ +def create_app() -> FastAPI: + configure_logger() app = FastAPI( @@ -49,9 +47,10 @@ def create_app(config_object="lnbits.settings") -> FastAPI: description="API for LNbits, the free and open source bitcoin wallet and accounts system with plugins.", license_info={ "name": "MIT License", - "url": "https://raw.githubusercontent.com/lnbits/lnbits-legend/main/LICENSE", + "url": "https://raw.githubusercontent.com/lnbits/lnbits/main/LICENSE", }, ) + app.mount("/static", StaticFiles(packages=[("lnbits", "static")]), name="static") app.mount( "/core/static", @@ -59,40 +58,15 @@ def create_app(config_object="lnbits.settings") -> FastAPI: name="core_static", ) - origins = ["*"] + g().base_url = f"http://{settings.host}:{settings.port}" app.add_middleware( - CORSMiddleware, allow_origins=origins, allow_methods=["*"], allow_headers=["*"] + CORSMiddleware, allow_origins=["*"], allow_methods=["*"], allow_headers=["*"] ) - g().config = lnbits.settings - g().base_url = f"http://{lnbits.settings.HOST}:{lnbits.settings.PORT}" - - @app.exception_handler(RequestValidationError) - async def validation_exception_handler( - request: Request, exc: RequestValidationError - ): - # Only the browser sends "text/html" request - # not fail proof, but everything else get's a JSON response - - if ( - request.headers - and "accept" in request.headers - and "text/html" in request.headers["accept"] - ): - return template_renderer().TemplateResponse( - "error.html", - {"request": request, "err": f"{exc.errors()} is not a valid UUID."}, - ) - - return JSONResponse( - status_code=HTTPStatus.NO_CONTENT, - content={"detail": exc.errors()}, - ) - app.add_middleware(GZipMiddleware, minimum_size=1000) - check_funding_source(app) + register_startup(app) register_assets(app) register_routes(app) register_async_tasks(app) @@ -101,33 +75,34 @@ def create_app(config_object="lnbits.settings") -> FastAPI: return app -def check_funding_source(app: FastAPI) -> None: - @app.on_event("startup") - async def check_wallet_status(): - original_sigint_handler = signal.getsignal(signal.SIGINT) +async def check_funding_source() -> None: - def signal_handler(signal, frame): - logger.debug(f"SIGINT received, terminating LNbits.") - sys.exit(1) + original_sigint_handler = signal.getsignal(signal.SIGINT) - signal.signal(signal.SIGINT, signal_handler) - while True: - try: - error_message, balance = await WALLET.status() - if not error_message: - break - logger.error( - f"The backend for {WALLET.__class__.__name__} isn't working properly: '{error_message}'", - RuntimeWarning, - ) - except: - pass - logger.info("Retrying connection to backend in 5 seconds...") - await asyncio.sleep(5) - signal.signal(signal.SIGINT, original_sigint_handler) - logger.success( - f"✔️ Backend {WALLET.__class__.__name__} connected and with a balance of {balance} msat." - ) + def signal_handler(signal, frame): + logger.debug(f"SIGINT received, terminating LNbits.") + sys.exit(1) + + signal.signal(signal.SIGINT, signal_handler) + + WALLET = get_wallet_class() + while True: + try: + error_message, balance = await WALLET.status() + if not error_message: + break + logger.error( + f"The backend for {WALLET.__class__.__name__} isn't working properly: '{error_message}'", + RuntimeWarning, + ) + except: + pass + logger.info("Retrying connection to backend in 5 seconds...") + await asyncio.sleep(5) + signal.signal(signal.SIGINT, original_sigint_handler) + logger.info( + f"✔️ Backend {WALLET.__class__.__name__} connected and with a balance of {balance} msat." + ) def register_routes(app: FastAPI) -> None: @@ -158,12 +133,59 @@ def register_routes(app: FastAPI) -> None: ) +def register_startup(app: FastAPI): + @app.on_event("startup") + async def lnbits_startup(): + + try: + # 1. wait till migration is done + await migrate_databases() + + # 2. setup admin settings + await check_admin_settings() + + log_server_info() + + # 3. initialize WALLET + set_wallet_class() + + # 4. initialize funding source + await check_funding_source() + except Exception as e: + logger.error(str(e)) + raise ImportError("Failed to run 'startup' event.") + + +def log_server_info(): + logger.info("Starting LNbits") + logger.info(f"Host: {settings.host}") + logger.info(f"Port: {settings.port}") + logger.info(f"Debug: {settings.debug}") + logger.info(f"Site title: {settings.lnbits_site_title}") + logger.info(f"Funding source: {settings.lnbits_backend_wallet_class}") + logger.info(f"Data folder: {settings.lnbits_data_folder}") + logger.info(f"Git version: {settings.lnbits_commit}") + logger.info(f"Database: {get_db_vendor_name()}") + logger.info(f"Service fee: {settings.lnbits_service_fee}") + + +def get_db_vendor_name(): + db_url = settings.lnbits_database_url + return ( + "PostgreSQL" + if db_url and db_url.startswith("postgres://") + else "CockroachDB" + if db_url and db_url.startswith("cockroachdb://") + else "SQLite" + ) + + def register_assets(app: FastAPI): """Serve each vendored asset separately or a bundle.""" @app.on_event("startup") async def vendored_assets_variable(): - if g().config.DEBUG: + if settings.debug: g().VENDORED_JS = map(url_for_vendored, get_js_vendored()) g().VENDORED_CSS = map(url_for_vendored, get_css_vendored()) else: @@ -192,12 +214,33 @@ def register_async_tasks(app): def register_exception_handlers(app: FastAPI): @app.exception_handler(Exception) - async def basic_error(request: Request, err): - logger.error("handled error", traceback.format_exc()) - logger.error("ERROR:", err) + async def exception_handler(request: Request, exc: Exception): etype, _, tb = sys.exc_info() - traceback.print_exception(etype, err, tb) - exc = traceback.format_exc() + traceback.print_exception(etype, exc, tb) + logger.error(f"Exception: {str(exc)}") + # Only the browser sends "text/html" request + # not fail proof, but everything else get's a JSON response + if ( + request.headers + and "accept" in request.headers + and "text/html" in request.headers["accept"] + ): + return template_renderer().TemplateResponse( + "error.html", {"request": request, "err": f"Error: {str(exc)}"} + ) + + return JSONResponse( + status_code=HTTPStatus.INTERNAL_SERVER_ERROR, + content={"detail": str(exc)}, + ) + + @app.exception_handler(RequestValidationError) + async def validation_exception_handler( + request: Request, exc: RequestValidationError + ): + logger.error(f"RequestValidationError: {str(exc)}") + # Only the browser sends "text/html" request + # not fail proof, but everything else get's a JSON response if ( request.headers @@ -205,18 +248,43 @@ def register_exception_handlers(app: FastAPI): and "text/html" in request.headers["accept"] ): return template_renderer().TemplateResponse( - "error.html", {"request": request, "err": err} + "error.html", + {"request": request, "err": f"Error: {str(exc)}"}, ) return JSONResponse( - status_code=HTTPStatus.NO_CONTENT, - content={"detail": err}, + status_code=HTTPStatus.BAD_REQUEST, + content={"detail": str(exc)}, + ) + + @app.exception_handler(HTTPException) + async def http_exception_handler(request: Request, exc: HTTPException): + logger.error(f"HTTPException {exc.status_code}: {exc.detail}") + # Only the browser sends "text/html" request + # not fail proof, but everything else get's a JSON response + + if ( + request.headers + and "accept" in request.headers + and "text/html" in request.headers["accept"] + ): + return template_renderer().TemplateResponse( + "error.html", + { + "request": request, + "err": f"HTTP Error {exc.status_code}: {exc.detail}", + }, + ) + + return JSONResponse( + status_code=exc.status_code, + content={"detail": exc.detail}, ) def configure_logger() -> None: logger.remove() - log_level: str = "DEBUG" if lnbits.settings.DEBUG else "INFO" + log_level: str = "DEBUG" if settings.debug else "INFO" formatter = Formatter() logger.add(sys.stderr, level=log_level, format=formatter.format) @@ -228,7 +296,7 @@ class Formatter: def __init__(self): self.padding = 0 self.minimal_fmt: str = "{time:YYYY-MM-DD HH:mm:ss.SS} | {level} | {message}\n" - if lnbits.settings.DEBUG: + if settings.debug: self.fmt: str = "{time:YYYY-MM-DD HH:mm:ss.SS} | {level: <4} | {name}:{function}:{line} | {message}\n" else: self.fmt: str = self.minimal_fmt diff --git a/lnbits/commands.py b/lnbits/commands.py index a519405a..82ea1430 100644 --- a/lnbits/commands.py +++ b/lnbits/commands.py @@ -7,6 +7,8 @@ import warnings import click from loguru import logger +from lnbits.settings import settings + from .core import db as core_db from .core import migrations as core_migrations from .db import COCKROACH, POSTGRES, SQLITE @@ -16,7 +18,6 @@ from .helpers import ( get_valid_extensions, url_for_vendored, ) -from .settings import LNBITS_PATH @click.command("migrate") @@ -35,15 +36,17 @@ def transpile_scss(): warnings.simplefilter("ignore") from scss.compiler import compile_string # type: ignore - with open(os.path.join(LNBITS_PATH, "static/scss/base.scss")) as scss: - with open(os.path.join(LNBITS_PATH, "static/css/base.css"), "w") as css: + with open(os.path.join(settings.lnbits_path, "static/scss/base.scss")) as scss: + with open( + os.path.join(settings.lnbits_path, "static/css/base.css"), "w" + ) as css: css.write(compile_string(scss.read())) def bundle_vendored(): for getfiles, outputpath in [ - (get_js_vendored, os.path.join(LNBITS_PATH, "static/bundle.js")), - (get_css_vendored, os.path.join(LNBITS_PATH, "static/bundle.css")), + (get_js_vendored, os.path.join(settings.lnbits_path, "static/bundle.js")), + (get_css_vendored, os.path.join(settings.lnbits_path, "static/bundle.css")), ]: output = "" for path in getfiles(): diff --git a/lnbits/core/__init__.py b/lnbits/core/__init__.py index 85e72d50..dec15d78 100644 --- a/lnbits/core/__init__.py +++ b/lnbits/core/__init__.py @@ -6,6 +6,7 @@ db = Database("database") core_app: APIRouter = APIRouter() +from .views.admin_api import * # noqa from .views.api import * # noqa from .views.generic import * # noqa from .views.public_api import * # noqa diff --git a/lnbits/core/crud.py b/lnbits/core/crud.py index 2baa0507..f2c7da61 100644 --- a/lnbits/core/crud.py +++ b/lnbits/core/crud.py @@ -4,11 +4,9 @@ from typing import Any, Dict, List, Optional from urllib.parse import urlparse from uuid import uuid4 -from loguru import logger - from lnbits import bolt11 from lnbits.db import COCKROACH, POSTGRES, Connection -from lnbits.settings import DEFAULT_WALLET_NAME, LNBITS_ADMIN_USERS +from lnbits.settings import AdminSettings, EditableSetings, SuperSettings, settings from . import db from .models import BalanceCheck, Payment, User, Wallet @@ -63,9 +61,8 @@ async def get_user(user_id: str, conn: Optional[Connection] = None) -> Optional[ email=user["email"], extensions=[e[0] for e in extensions], wallets=[Wallet(**w) for w in wallets], - admin=user["id"] in [x.strip() for x in LNBITS_ADMIN_USERS] - if LNBITS_ADMIN_USERS - else False, + admin=user["id"] == settings.super_user + or user["id"] in settings.lnbits_admin_users, ) @@ -99,7 +96,7 @@ async def create_wallet( """, ( wallet_id, - wallet_name or DEFAULT_WALLET_NAME, + wallet_name or settings.lnbits_default_wallet_name, user_id, uuid4().hex, uuid4().hex, @@ -232,8 +229,8 @@ async def get_wallet_payment( async def get_latest_payments_by_extension(ext_name: str, ext_id: str, limit: int = 5): rows = await db.fetchall( f""" - SELECT * FROM apipayments - WHERE pending = 'false' + SELECT * FROM apipayments + WHERE pending = 'false' AND extra LIKE ? AND extra LIKE ? ORDER BY time DESC LIMIT {limit} @@ -550,3 +547,48 @@ async def get_balance_notify( (wallet_id,), ) return row[0] if row else None + + +# admin +# -------- + + +async def get_super_settings() -> Optional[SuperSettings]: + row = await db.fetchone("SELECT * FROM settings") + if not row: + return None + editable_settings = json.loads(row["editable_settings"]) + return SuperSettings(**{"super_user": row["super_user"], **editable_settings}) + + +async def get_admin_settings(is_super_user: bool = False) -> Optional[AdminSettings]: + sets = await get_super_settings() + if not sets: + return None + row_dict = dict(sets) + row_dict.pop("super_user") + admin_settings = AdminSettings( + super_user=is_super_user, + lnbits_allowed_funding_sources=settings.lnbits_allowed_funding_sources, + **row_dict, + ) + return admin_settings + + +async def delete_admin_settings(): + await db.execute("DELETE FROM settings") + + +async def update_admin_settings(data: EditableSetings): + await db.execute(f"UPDATE settings SET editable_settings = ?", (json.dumps(data),)) + + +async def update_super_user(super_user: str): + await db.execute("UPDATE settings SET super_user = ?", (super_user,)) + return await get_super_settings() + + +async def create_admin_settings(super_user: str, new_settings: dict): + sql = f"INSERT INTO settings (super_user, editable_settings) VALUES (?, ?)" + await db.execute(sql, (super_user, json.dumps(new_settings))) + return await get_super_settings() diff --git a/lnbits/core/migrations.py b/lnbits/core/migrations.py index 2bffa5c7..81413246 100644 --- a/lnbits/core/migrations.py +++ b/lnbits/core/migrations.py @@ -258,3 +258,14 @@ async def m007_set_invoice_expiries(db): # catching errors like this won't be necessary in anymore now that we # keep track of db versions so no migration ever runs twice. pass + + +async def m008_create_admin_settings_table(db): + await db.execute( + """ + CREATE TABLE IF NOT EXISTS settings ( + super_user TEXT, + editable_settings TEXT NOT NULL DEFAULT '{}' + ); + """ + ) diff --git a/lnbits/core/models.py b/lnbits/core/models.py index 62f8aa39..65c72b41 100644 --- a/lnbits/core/models.py +++ b/lnbits/core/models.py @@ -7,13 +7,14 @@ from sqlite3 import Row from typing import Dict, List, NamedTuple, Optional from ecdsa import SECP256k1, SigningKey # type: ignore +from fastapi import Query from lnurl import encode as lnurl_encode # type: ignore from loguru import logger -from pydantic import BaseModel +from pydantic import BaseModel, Extra, validator from lnbits.db import Connection from lnbits.helpers import url_for -from lnbits.settings import WALLET +from lnbits.settings import get_wallet_class from lnbits.wallets.base import PaymentStatus @@ -65,6 +66,7 @@ class User(BaseModel): wallets: List[Wallet] = [] password: Optional[str] = None admin: bool = False + super_user: bool = False @property def wallet_ids(self) -> List[str]: @@ -171,6 +173,7 @@ class Payment(BaseModel): f"Checking {'outgoing' if self.is_out else 'incoming'} pending payment {self.checking_id}" ) + WALLET = get_wallet_class() if self.is_out: status = await WALLET.get_payment_status(self.checking_id) else: diff --git a/lnbits/core/services.py b/lnbits/core/services.py index beb0f97a..90910524 100644 --- a/lnbits/core/services.py +++ b/lnbits/core/services.py @@ -6,7 +6,7 @@ from typing import Dict, List, Optional, Tuple from urllib.parse import parse_qs, urlparse import httpx -from fastapi import Depends, WebSocket, WebSocketDisconnect +from fastapi import Depends, WebSocket from lnurl import LnurlErrorResponse from lnurl import decode as decode_lnurl # type: ignore from loguru import logger @@ -21,18 +21,31 @@ from lnbits.decorators import ( ) from lnbits.helpers import url_for, urlsafe_short_hash from lnbits.requestvars import g -from lnbits.settings import FAKE_WALLET, RESERVE_FEE_MIN, RESERVE_FEE_PERCENT, WALLET +from lnbits.settings import ( + FAKE_WALLET, + EditableSetings, + get_wallet_class, + readonly_variables, + send_admin_user_to_saas, + settings, +) from lnbits.wallets.base import PaymentResponse, PaymentStatus from . import db from .crud import ( check_internal, + create_account, + create_admin_settings, create_payment, + create_wallet, delete_wallet_payment, + get_account, + get_super_settings, get_wallet, get_wallet_payment, update_payment_details, update_payment_status, + update_super_user, ) from .models import Payment @@ -65,7 +78,7 @@ async def create_invoice( invoice_memo = None if description_hash else memo # use the fake wallet if the invoice is for internal use only - wallet = FAKE_WALLET if internal else WALLET + wallet = FAKE_WALLET if internal else get_wallet_class() ok, checking_id, payment_request, error_message = await wallet.create_invoice( amount=amount, @@ -193,6 +206,7 @@ async def pay_invoice( else: logger.debug(f"backend: sending payment {temp_id}") # actually pay the external invoice + WALLET = get_wallet_class() payment: PaymentResponse = await WALLET.pay_invoice( payment_request, fee_reserve_msat ) @@ -381,7 +395,88 @@ async def check_transaction_status( # WARN: this same value must be used for balance check and passed to WALLET.pay_invoice(), it may cause a vulnerability if the values differ def fee_reserve(amount_msat: int) -> int: - return max(int(RESERVE_FEE_MIN), int(amount_msat * RESERVE_FEE_PERCENT / 100.0)) + reserve_min = settings.lnbits_reserve_fee_min + reserve_percent = settings.lnbits_reserve_fee_percent + return max(int(reserve_min), int(amount_msat * reserve_percent / 100.0)) + + +async def update_wallet_balance(wallet_id: str, amount: int): + internal_id = f"internal_{urlsafe_short_hash()}" + payment = await create_payment( + wallet_id=wallet_id, + checking_id=internal_id, + payment_request="admin_internal", + payment_hash="admin_internal", + amount=amount * 1000, + memo="Admin top up", + pending=False, + ) + # manually send this for now + from lnbits.tasks import internal_invoice_queue + + await internal_invoice_queue.put(internal_id) + return payment + + +async def check_admin_settings(): + if settings.lnbits_admin_ui: + settings_db = await get_super_settings() + if not settings_db: + # create new settings if table is empty + logger.warning("Settings DB empty. Inserting default settings.") + settings_db = await init_admin_settings(settings.super_user) + logger.warning("Initialized settings from enviroment variables.") + + if settings.super_user and settings.super_user != settings_db.super_user: + # .env super_user overwrites DB super_user + settings_db = await update_super_user(settings.super_user) + + update_cached_settings(settings_db.dict()) + + # printing settings for debugging + logger.debug(f"Admin settings:") + for key, value in settings.dict(exclude_none=True).items(): + logger.debug(f"{key}: {value}") + + http = "https" if settings.lnbits_force_https else "http" + admin_url = ( + f"{http}://{settings.host}:{settings.port}/wallet?usr={settings.super_user}" + ) + logger.success(f"✔️ Access super user account at: {admin_url}") + + # callback for saas + if ( + settings.lnbits_saas_callback + and settings.lnbits_saas_secret + and settings.lnbits_saas_instance_id + ): + send_admin_user_to_saas() + + +def update_cached_settings(sets_dict: dict): + for key, value in sets_dict.items(): + if not key in readonly_variables: + try: + setattr(settings, key, value) + except: + logger.error(f"error overriding setting: {key}, value: {value}") + if "super_user" in sets_dict: + setattr(settings, "super_user", sets_dict["super_user"]) + + +async def init_admin_settings(super_user: str = None): + account = None + if super_user: + account = await get_account(super_user) + if not account: + account = await create_account() + super_user = account.id + if not account.wallets or len(account.wallets) == 0: + await create_wallet(user_id=account.id) + + editable_settings = EditableSetings.from_dict(settings.dict()) + + return await create_admin_settings(account.id, editable_settings.dict()) class WebsocketConnectionManager: diff --git a/lnbits/core/static/js/wallet.js b/lnbits/core/static/js/wallet.js index 66801313..da3cd935 100644 --- a/lnbits/core/static/js/wallet.js +++ b/lnbits/core/static/js/wallet.js @@ -259,25 +259,30 @@ new Vue({ this.parse.camera.show = false }, updateBalance: function (credit) { - if (LNBITS_DENOMINATION != 'sats') { - credit = credit * 100 - } LNbits.api - .request('PUT', '/api/v1/wallet/balance/' + credit, this.g.wallet.inkey) - .catch(err => { - LNbits.utils.notifyApiError(err) - }) - .then(response => { - let data = response.data - if (data.status === 'ERROR') { - this.$q.notify({ - timeout: 5000, - type: 'warning', - message: `Failed to update.` - }) - return + .request( + 'PUT', + '/admin/api/v1/topup/?usr=' + this.g.user.id, + this.g.user.wallets[0].adminkey, + { + amount: credit, + id: this.g.user.wallets[0].id } - this.balance = this.balance + data.balance + ) + .then(response => { + this.$q.notify({ + type: 'positive', + message: + 'Success! Added ' + + credit + + ' sats to ' + + this.g.user.wallets[0].id, + icon: null + }) + this.balance += parseInt(credit) + }) + .catch(function (error) { + LNbits.utils.notifyApiError(error) }) }, closeReceiveDialog: function () { diff --git a/lnbits/core/templates/admin/_tab_funding.html b/lnbits/core/templates/admin/_tab_funding.html new file mode 100644 index 00000000..3887e151 --- /dev/null +++ b/lnbits/core/templates/admin/_tab_funding.html @@ -0,0 +1,95 @@ + + +
Wallets Management
+
+
+
+
+

Funding Source Info

+
    + {%raw%} +
  • Funding Source: {{settings.lnbits_backend_wallet_class}}
    • +
  • Balance: {{balance / 1000}} sats
    • + {%endraw%} +
+
+
+
+
+
+
+
+

Active Funding (Requires server restart)

+ +
+
+
+
+
+

Fee reserve

+
+
+ + +
+
+ +
+
+
+
+
+
+

+ Funding Sources (Requires server restart) +

+ + + + + + + + + +
+
+ + diff --git a/lnbits/core/templates/admin/_tab_server.html b/lnbits/core/templates/admin/_tab_server.html new file mode 100644 index 00000000..f234f182 --- /dev/null +++ b/lnbits/core/templates/admin/_tab_server.html @@ -0,0 +1,74 @@ + + +
Server Management
+
+
+
+
+

Server Info

+
    + {%raw%} +
  • + SQlite: {{settings.lnbits_data_folder}} +
    • +
  • + Postgres: {{settings.lnbits_database_url}} +
    • + {%endraw%} +
+
+
+
+
+
+

Service Fee

+ +
+
+
+

Miscelaneous

+ + + Force HTTPS + Prefer secure URLs + + + + + + + + Hide API + Hides wallet api, extensions can choose to honor + + + + + +
+
+
+
+ + diff --git a/lnbits/core/templates/admin/_tab_theme.html b/lnbits/core/templates/admin/_tab_theme.html new file mode 100644 index 00000000..8a74cc5a --- /dev/null +++ b/lnbits/core/templates/admin/_tab_theme.html @@ -0,0 +1,117 @@ + + +
UI Management
+
+
+
+
+

Site Title

+ +
+
+
+

Site Tagline

+ +
+
+
+
+

Site Description

+ +
+
+
+
+

Default Wallet Name

+ +
+
+
+

Denomination

+ +
+
+
+
+
+

Themes

+ +
+
+
+

Custom Logo

+ +
+
+
+
+
+

Ad Space Title

+ +
+
+
+

Advertisement Slots

+ + + +
+
+
+
+ + diff --git a/lnbits/core/templates/admin/_tab_users.html b/lnbits/core/templates/admin/_tab_users.html new file mode 100644 index 00000000..c6a4b83e --- /dev/null +++ b/lnbits/core/templates/admin/_tab_users.html @@ -0,0 +1,88 @@ + + +
User Management
+
+
+

Admin Users

+ + + +
+ {%raw%} + + {{ user }} + + {%endraw%} +
+
+
+
+

Allowed Users

+ + + +
+ {% raw %} + + {{ user }} + + {% endraw %} +
+
+
+
+
+

Admin Extensions

+ +
+
+
+

Disabled Extensions

+ +
+
+
+ + diff --git a/lnbits/core/templates/admin/index.html b/lnbits/core/templates/admin/index.html new file mode 100644 index 00000000..81357101 --- /dev/null +++ b/lnbits/core/templates/admin/index.html @@ -0,0 +1,529 @@ +{% extends "base.html" %} {% from "macros.jinja" import window_vars with context +%} {% block page %} +
+
+ + Save your changes + + + + + Restart the server for changes to take effect + + + + + Add funds to a wallet. + + + + Delete all settings and reset to defaults. + +
+
+
+
+ +
+
+ + + + + + +
+
+ + + {% include "admin/_tab_funding.html" %} {% include + "admin/_tab_users.html" %} {% include "admin/_tab_server.html" %} {% + include "admin/_tab_theme.html" %} + + + +
+
+ + + +

TopUp a wallet

+
+
+ +
+
+
+ +
+
+
+ + Cancel +
+ + + + +{% endblock %} {% block scripts %} {{ window_vars(user) }} + +{% endblock %} diff --git a/lnbits/core/templates/core/index.html b/lnbits/core/templates/core/index.html index 5f26cb03..a28030c0 100644 --- a/lnbits/core/templates/core/index.html +++ b/lnbits/core/templates/core/index.html @@ -82,7 +82,7 @@ > -

{{SITE_DESCRIPTION}}

+

{{SITE_DESCRIPTION | safe}}

diff --git a/lnbits/core/templates/core/wallet.html b/lnbits/core/templates/core/wallet.html index 22fbd05d..e2edfdca 100644 --- a/lnbits/core/templates/core/wallet.html +++ b/lnbits/core/templates/core/wallet.html @@ -10,739 +10,791 @@ {% block page %}
-
- - -

- {% raw %}{{ formattedBalance }} {% endraw %} - {{LNBITS_DENOMINATION}} - - - + {% elif HIDE_API %} +
+ {% else %} +
+ {% endif %} + + +

+ {% raw %}{{ formattedBalance }} {% endraw %} + {{LNBITS_DENOMINATION}} + - - - + + + + + + + + +

+ +
+
+ Paste Request - - - - -

- -
-
- Paste Request -
-
- Create Invoice -
-
- scan - Use camera to scan an invoice/QR - -
-
- - - - -
-
-
Transactions
+
+
+ Create Invoice +
+
+ scan + Use camera to scan an invoice/QR + +
-
- Export to CSV - - + Show chart + +
+
+ + + - Show chart - -
- - - - - {% raw %} - - + + {% endraw %} + + + + + + {% if HIDE_API %} +
+ {% else %} +
+ + +
+ {{ SITE_TITLE }} Wallet: + {{ wallet.name }} +
+ + + + + + {% include "core/_api_docs.html" %} + + + {% if wallet.lnurlwithdraw_full %} + + + +

+ This is an LNURL-withdraw QR code for slurping + everything from this wallet. Do not share with anyone. +

+ + + +

+ It is compatible with balanceCheck and + balanceNotify so your wallet may keep + pulling the funds continuously from here after the first + withdraw. +

+ + + + + {% endif %} + + + + +

+ This QR code contains your wallet URL with full access. + You can scan it from your phone to open your wallet from + there. +

+ + + + + + + + +
+ +
Copy invoiceUpdate name - Close + + + + + + +

+ This whole wallet will be deleted, the funds will be + UNRECOVERABLE. +

+ Delete wallet -
-
-
- - Payment Received - -
-
- - Payment Sent - -
-
- - Outgoing payment pending - -
- - - - - {% endraw %} - - - - + + + + + + + {% endif %} {% if AD_SPACE %} {% for ADS in AD_SPACE %} {% set AD = + ADS.split(";") %} + + +
+ {{ AD_SPACE_TITLE }} +
+ + + + + + {% endfor %} {% endif %} + + - {% if HIDE_API %} -
- {% else %} -
- - -
- {{ SITE_TITLE }} Wallet: {{ wallet.name }} -
- - - - - - {% include "core/_api_docs.html" %} - - - {% if wallet.lnurlwithdraw_full %} - - - -

- This is an LNURL-withdraw QR code for slurping everything - from this wallet. Do not share with anyone. -

- - - -

- It is compatible with balanceCheck and - balanceNotify so your wallet may keep pulling - the funds continuously from here after the first withdraw. -

- - - - + + {% raw %} + + +

+ {{receive.lnurl.domain}} is requesting an invoice: +

+ {% endraw %} {% if LNBITS_DENOMINATION != 'sats' %} + + {% else %} + + {% endif %} - - - -

- This QR code contains your wallet URL with full access. You - can scan it from your phone to open your wallet from there. -

- - - - - - - - -
- -
- Update name - - - - - - - -

- This whole wallet will be deleted, the funds will be - UNRECOVERABLE. -

- Delete wallet - - - - - - - {% endif %} {% if AD_SPACE %} {% for ADS in AD_SPACE %} {% set AD = - ADS.split(';') %} - - -
{{ AD_TITLE }}
- - - - - - {% endfor %} {% endif %} -
-
- - - {% raw %} - - -

- {{receive.lnurl.domain}} is requesting an invoice: -

- {% endraw %} {% if LNBITS_DENOMINATION != 'sats' %} - - {% else %} - - - {% endif %} - - - {% raw %} -
- - - Withdraw from {{receive.lnurl.domain}} - - Create invoice - - Cancel -
- - - - -
- - - - - -
-
- Copy invoice - Close -
- - {% endraw %} - - - - -
-
- {% raw %} {{ parseFloat(String(parse.invoice.fsat).replaceAll(",", - "")) / 100 }} {% endraw %} {{LNBITS_DENOMINATION}} {% raw %} -
-
- {{ parse.invoice.fsat }}{% endraw %} {{LNBITS_DENOMINATION}} {% raw %} -
- -

- Description: {{ parse.invoice.description }}
- Expire date: {{ parse.invoice.expireDate }}
- Hash: {{ parse.invoice.hash }} -

- {% endraw %} -
- Pay - Cancel -
-
- Not enough funds! - Cancel -
-
-
- {% raw %} - -

- Authenticate with {{ parse.lnurlauth.domain }}? -

- -

- For every website and for every LNbits wallet, a new keypair will be - deterministically generated so your identity can't be tied to your - LNbits wallet or linked across websites. No other data will be - shared with {{ parse.lnurlauth.domain }}. -

-

Your public key for {{ parse.lnurlauth.domain }} is:

-

- {{ parse.lnurlauth.pubkey }} -

-
- Login - Cancel -
- - {% endraw %} -
-
- {% raw %} - -

- {{ parse.lnurlpay.domain }} is requesting {{ - parse.lnurlpay.maxSendable | msatoshiFormat }} - {{LNBITS_DENOMINATION}} - -
- and a {{parse.lnurlpay.commentAllowed}}-char comment - -

-

- {{ parse.lnurlpay.targetUser || parse.lnurlpay.domain }} is - requesting
- between {{ parse.lnurlpay.minSendable | msatoshiFormat }} and - {{ parse.lnurlpay.maxSendable | msatoshiFormat }} - {% endraw %} {{LNBITS_DENOMINATION}} {% raw %} - -
- and a {{parse.lnurlpay.commentAllowed}}-char comment - -

- -
-

- {{ parse.lnurlpay.description }} -

-

- -

-
-
-
- {% endraw %} - - {% raw %} + + {% raw %} +
+ + + Withdraw from {{receive.lnurl.domain}} + + Create invoice + + Cancel
-
- -
-
-
- Send {{LNBITS_DENOMINATION}} - Cancel -
- - {% endraw %} -
-
- - - -
- Read + + + +
+ + + + + +
+
+ Copy invoice CancelClose
- -
- + + {% endraw %} + + + + +
+
+ {% raw %} {{ parseFloat(String(parse.invoice.fsat).replaceAll(",", + "")) / 100 }} {% endraw %} {{LNBITS_DENOMINATION}} {% raw %} +
+
+ {{ parse.invoice.fsat }}{% endraw %} {{LNBITS_DENOMINATION}} {% + raw %} +
+ +

+ Description: {{ parse.invoice.description }}
+ Expire date: {{ parse.invoice.expireDate }}
+ Hash: {{ parse.invoice.hash }} +

+ {% endraw %} +
+ Pay + Cancel +
+
+ Not enough funds! + Cancel +
+
+
+ {% raw %} + +

+ Authenticate with {{ parse.lnurlauth.domain }}? +

+ +

+ For every website and for every LNbits wallet, a new keypair + will be deterministically generated so your identity can't be + tied to your LNbits wallet or linked across websites. No other + data will be shared with {{ parse.lnurlauth.domain }}. +

+

Your public key for {{ parse.lnurlauth.domain }} is:

+

+ {{ parse.lnurlauth.pubkey }} +

+
+ Login + Cancel +
+ + {% endraw %} +
+
+ {% raw %} + +

+ {{ parse.lnurlpay.domain }} is requesting {{ + parse.lnurlpay.maxSendable | msatoshiFormat }} + {{LNBITS_DENOMINATION}} + +
+ and a {{parse.lnurlpay.commentAllowed}}-char comment + +

+

+ {{ parse.lnurlpay.targetUser || parse.lnurlpay.domain }} + is requesting
+ between + {{ parse.lnurlpay.minSendable | msatoshiFormat }} and + {{ parse.lnurlpay.maxSendable | msatoshiFormat }} + {% endraw %} {{LNBITS_DENOMINATION}} {% raw %} + +
+ and a {{parse.lnurlpay.commentAllowed}}-char comment + +

+ +
+

+ {{ parse.lnurlpay.description }} +

+

+ +

+
+
+
+ {% endraw %} + + {% raw %} +
+
+ +
+
+
+ Send {{LNBITS_DENOMINATION}} + Cancel +
+ + {% endraw %} +
+
+ + + +
+ Read + Cancel +
+ +
+ + + +
+ + Cancel + +
+
+
+ + + + + +
- -
- - Cancel -
-
-
- - +
+ Cancel +
+ + - - -
- -
-
- Cancel + + + + + + + + -
- - + + + + + - - - - - - - - - - - - - + + - - - - - -
Warning
-

- Login functionality to be released in a future update, for now, - make sure you bookmark this page for future access to your - wallet! -

-

- This service is in BETA, and we hold no responsibility for people losing - access to funds. {% if service_fee > 0 %} To encourage you to run your - own LNbits installation, any balance on {% raw %}{{ - disclaimerDialog.location.host }}{% endraw %} will incur a charge of - {{ service_fee }}% service fee per week. {% endif %} -

-
- Copy wallet URL - I understand -
- - - {% endblock %} + + +
Warning
+

+ Login functionality to be released in a future update, for now, + make sure you bookmark this page for future access to your + wallet! +

+

+ This service is in BETA, and we hold no responsibility for people + losing access to funds. {% if service_fee > 0 %} To encourage you to + run your own LNbits installation, any balance on {% raw %}{{ + disclaimerDialog.location.host }}{% endraw %} will incur a charge of + {{ service_fee }}% service fee per week. {% endif + %} +

+
+ Copy wallet URL + I understand +
+ + + {% endblock %} +
+
diff --git a/lnbits/core/views/admin_api.py b/lnbits/core/views/admin_api.py new file mode 100644 index 00000000..7c057adc --- /dev/null +++ b/lnbits/core/views/admin_api.py @@ -0,0 +1,74 @@ +from http import HTTPStatus +from typing import Optional + +from fastapi import Body, Depends +from starlette.exceptions import HTTPException + +from lnbits.core.crud import get_wallet +from lnbits.core.models import User +from lnbits.core.services import update_cached_settings, update_wallet_balance +from lnbits.decorators import check_admin, check_super_user +from lnbits.server import server_restart +from lnbits.settings import AdminSettings, EditableSetings + +from .. import core_app +from ..crud import delete_admin_settings, get_admin_settings, update_admin_settings + + +@core_app.get("/admin/api/v1/settings/") +async def api_get_settings( + user: User = Depends(check_admin), # type: ignore +) -> Optional[AdminSettings]: + admin_settings = await get_admin_settings(user.super_user) + return admin_settings + + +@core_app.put( + "/admin/api/v1/settings/", + status_code=HTTPStatus.OK, + dependencies=[Depends(check_admin)], +) +async def api_update_settings(data: EditableSetings): + await update_admin_settings(data) + update_cached_settings(dict(data)) + return {"status": "Success"} + + +@core_app.delete( + "/admin/api/v1/settings/", + status_code=HTTPStatus.OK, + dependencies=[Depends(check_super_user)], +) +async def api_delete_settings() -> None: + await delete_admin_settings() + server_restart.set() + + +@core_app.get( + "/admin/api/v1/restart/", + status_code=HTTPStatus.OK, + dependencies=[Depends(check_super_user)], +) +async def api_restart_server() -> dict[str, str]: + server_restart.set() + return {"status": "Success"} + + +@core_app.put( + "/admin/api/v1/topup/", + status_code=HTTPStatus.OK, + dependencies=[Depends(check_super_user)], +) +async def api_topup_balance( + id: str = Body(...), amount: int = Body(...) +) -> dict[str, str]: + try: + await get_wallet(id) + except: + raise HTTPException( + status_code=HTTPStatus.FORBIDDEN, detail="wallet does not exist." + ) + + await update_wallet_balance(wallet_id=id, amount=int(amount)) + + return {"status": "Success"} diff --git a/lnbits/core/views/api.py b/lnbits/core/views/api.py index 21342d68..ebce4b85 100644 --- a/lnbits/core/views/api.py +++ b/lnbits/core/views/api.py @@ -6,7 +6,7 @@ import time import uuid from http import HTTPStatus from io import BytesIO -from typing import Dict, List, Optional, Tuple, Union +from typing import Dict, Optional, Tuple, Union from urllib.parse import ParseResult, parse_qs, urlencode, urlparse, urlunparse import async_timeout @@ -26,19 +26,20 @@ from fastapi.params import Body from loguru import logger from pydantic import BaseModel from pydantic.fields import Field -from sse_starlette.sse import EventSourceResponse, ServerSentEvent -from starlette.responses import HTMLResponse, StreamingResponse +from sse_starlette.sse import EventSourceResponse +from starlette.responses import StreamingResponse from lnbits import bolt11, lnurl from lnbits.core.models import Payment, Wallet from lnbits.decorators import ( WalletTypeInfo, + check_admin, get_key_type, require_admin_key, require_invoice_key, ) from lnbits.helpers import url_for, urlsafe_short_hash -from lnbits.settings import LNBITS_ADMIN_USERS, LNBITS_SITE_TITLE, WALLET +from lnbits.settings import get_wallet_class, settings from lnbits.utils.exchange_rates import ( currencies, fiat_amount_as_satoshis, @@ -82,35 +83,6 @@ async def api_wallet(wallet: WalletTypeInfo = Depends(get_key_type)): return {"name": wallet.wallet.name, "balance": wallet.wallet.balance_msat} -@core_app.put("/api/v1/wallet/balance/{amount}") -async def api_update_balance( - amount: int, wallet: WalletTypeInfo = Depends(get_key_type) -): - if wallet.wallet.user not in LNBITS_ADMIN_USERS: - raise HTTPException( - status_code=HTTPStatus.FORBIDDEN, detail="Not an admin user" - ) - - payHash = urlsafe_short_hash() - await create_payment( - wallet_id=wallet.wallet.id, - checking_id=payHash, - payment_request="selfPay", - payment_hash=payHash, - amount=amount * 1000, - memo="selfPay", - fee=0, - ) - await update_payment_status(checking_id=payHash, pending=False) - updatedWallet = await get_wallet(wallet.wallet.id) - - return { - "id": wallet.wallet.id, - "name": wallet.wallet.name, - "balance": amount, - } - - @core_app.put("/api/v1/wallet/{new_name}") async def api_update_wallet( new_name: str, wallet: WalletTypeInfo = Depends(require_admin_key) @@ -186,7 +158,7 @@ async def api_payments_create_invoice(data: CreateInvoiceData, wallet: Wallet): else: description_hash = b"" unhashed_description = b"" - memo = data.memo or LNBITS_SITE_TITLE + memo = data.memo or settings.lnbits_site_title if data.unit == "sat": amount = int(data.amount) @@ -416,7 +388,7 @@ async def subscribe_wallet_invoices(request: Request, wallet: Wallet): yield dict(data=jdata, event=typ) except asyncio.CancelledError as e: - logger.debug(f"CancelledError on listener {uid}: {e}") + logger.debug(f"removing listener for wallet {uid}") api_invoice_listeners.pop(uid) task.cancel() return @@ -686,13 +658,9 @@ async def img(request: Request, data): ) -@core_app.get("/api/v1/audit") -async def api_auditor(wallet: WalletTypeInfo = Depends(get_key_type)): - if wallet.wallet.user not in LNBITS_ADMIN_USERS: - raise HTTPException( - status_code=HTTPStatus.FORBIDDEN, detail="Not an admin user" - ) - +@core_app.get("/api/v1/audit/", dependencies=[Depends(check_admin)]) +async def api_auditor(): + WALLET = get_wallet_class() total_balance = await get_total_balance() error_message, node_balance = await WALLET.status() diff --git a/lnbits/core/views/generic.py b/lnbits/core/views/generic.py index 31a7b030..9df133b2 100644 --- a/lnbits/core/views/generic.py +++ b/lnbits/core/views/generic.py @@ -13,15 +13,9 @@ from starlette.responses import HTMLResponse, JSONResponse from lnbits.core import db from lnbits.core.models import User -from lnbits.decorators import check_user_exists +from lnbits.decorators import check_admin, check_user_exists from lnbits.helpers import template_renderer, url_for -from lnbits.settings import ( - LNBITS_ADMIN_USERS, - LNBITS_ALLOWED_USERS, - LNBITS_CUSTOM_LOGO, - LNBITS_SITE_TITLE, - SERVICE_FEE, -) +from lnbits.settings import get_wallet_class, settings from ...helpers import get_valid_extensions from ..crud import ( @@ -117,7 +111,6 @@ async def wallet( user_id = usr.hex if usr else None wallet_id = wal.hex if wal else None wallet_name = nme - service_fee = int(SERVICE_FEE) if int(SERVICE_FEE) == SERVICE_FEE else SERVICE_FEE if not user_id: user = await get_user((await create_account()).id) @@ -128,11 +121,14 @@ async def wallet( return template_renderer().TemplateResponse( "error.html", {"request": request, "err": "User does not exist."} ) - if LNBITS_ALLOWED_USERS and user_id not in LNBITS_ALLOWED_USERS: + if ( + len(settings.lnbits_allowed_users) > 0 + and user_id not in settings.lnbits_allowed_users + ): return template_renderer().TemplateResponse( "error.html", {"request": request, "err": "User not authorized."} ) - if LNBITS_ADMIN_USERS and user_id in LNBITS_ADMIN_USERS: + if user_id == settings.super_user or user_id in settings.lnbits_admin_users: user.admin = True if not wallet_id: if user.wallets and not wallet_name: # type: ignore @@ -163,7 +159,7 @@ async def wallet( "request": request, "user": user.dict(), # type: ignore "wallet": userwallet.dict(), - "service_fee": service_fee, + "service_fee": settings.lnbits_service_fee, "web_manifest": f"/manifest/{user.id}.webmanifest", # type: ignore }, ) @@ -185,7 +181,7 @@ async def lnurl_full_withdraw(request: Request): "k1": "0", "minWithdrawable": 1000 if wallet.withdrawable_balance else 0, "maxWithdrawable": wallet.withdrawable_balance, - "defaultDescription": f"{LNBITS_SITE_TITLE} balance withdraw from {wallet.id[0:5]}", + "defaultDescription": f"{settings.lnbits_site_title} balance withdraw from {wallet.id[0:5]}", "balanceCheck": url_for("/withdraw", external=True, usr=user.id, wal=wallet.id), } @@ -284,12 +280,12 @@ async def manifest(usr: str): raise HTTPException(status_code=HTTPStatus.NOT_FOUND) return { - "short_name": LNBITS_SITE_TITLE, - "name": LNBITS_SITE_TITLE + " Wallet", + "short_name": settings.lnbits_site_title, + "name": settings.lnbits_site_title + " Wallet", "icons": [ { - "src": LNBITS_CUSTOM_LOGO - if LNBITS_CUSTOM_LOGO + "src": settings.lnbits_custom_logo + if settings.lnbits_custom_logo else "https://cdn.jsdelivr.net/gh/lnbits/lnbits@0.3.0/docs/logos/lnbits.png", "type": "image/png", "sizes": "900x900", @@ -311,3 +307,19 @@ async def manifest(usr: str): for wallet in user.wallets ], } + + +@core_html_routes.get("/admin", response_class=HTMLResponse) +async def index(request: Request, user: User = Depends(check_admin)): # type: ignore + WALLET = get_wallet_class() + _, balance = await WALLET.status() + + return template_renderer().TemplateResponse( + "admin/index.html", + { + "request": request, + "user": user.dict(), + "settings": settings.dict(), + "balance": balance, + }, + ) diff --git a/lnbits/db.py b/lnbits/db.py index 7d294197..1bef7bf2 100644 --- a/lnbits/db.py +++ b/lnbits/db.py @@ -11,7 +11,7 @@ from sqlalchemy import create_engine from sqlalchemy_aio.base import AsyncConnection from sqlalchemy_aio.strategy import ASYNCIO_STRATEGY # type: ignore -from .settings import LNBITS_DATA_FOLDER, LNBITS_DATABASE_URL +from lnbits.settings import settings POSTGRES = "POSTGRES" COCKROACH = "COCKROACH" @@ -121,8 +121,8 @@ class Database(Compat): def __init__(self, db_name: str): self.name = db_name - if LNBITS_DATABASE_URL: - database_uri = LNBITS_DATABASE_URL + if settings.lnbits_database_url: + database_uri = settings.lnbits_database_url if database_uri.startswith("cockroachdb://"): self.type = COCKROACH @@ -162,14 +162,16 @@ class Database(Compat): ) ) else: - if os.path.isdir(LNBITS_DATA_FOLDER): - self.path = os.path.join(LNBITS_DATA_FOLDER, f"{self.name}.sqlite3") + if os.path.isdir(settings.lnbits_data_folder): + self.path = os.path.join( + settings.lnbits_data_folder, f"{self.name}.sqlite3" + ) database_uri = f"sqlite:///{self.path}" self.type = SQLITE else: raise NotADirectoryError( - f"LNBITS_DATA_FOLDER named {LNBITS_DATA_FOLDER} was not created" - f" - please 'mkdir {LNBITS_DATA_FOLDER}' and try again" + f"LNBITS_DATA_FOLDER named {settings.lnbits_data_folder} was not created" + f" - please 'mkdir {settings.lnbits_data_folder}' and try again" ) logger.trace(f"database {self.type} added for {self.name}") self.schema = self.name diff --git a/lnbits/decorators.py b/lnbits/decorators.py index d4aa63ae..e5bc1399 100644 --- a/lnbits/decorators.py +++ b/lnbits/decorators.py @@ -14,11 +14,7 @@ from starlette.requests import Request from lnbits.core.crud import get_user, get_wallet_for_key from lnbits.core.models import User, Wallet from lnbits.requestvars import g -from lnbits.settings import ( - LNBITS_ADMIN_EXTENSIONS, - LNBITS_ADMIN_USERS, - LNBITS_ALLOWED_USERS, -) +from lnbits.settings import settings class KeyChecker(SecurityBase): @@ -150,8 +146,12 @@ async def get_key_type( status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist." ) if ( - LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS - ) and (LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS): + wallet.wallet.user != settings.super_user + and wallet.wallet.user not in settings.lnbits_admin_users + ) and ( + settings.lnbits_admin_extensions + and pathname in settings.lnbits_admin_extensions + ): raise HTTPException( status_code=HTTPStatus.FORBIDDEN, detail="User not authorized for this extension.", @@ -227,17 +227,45 @@ async def require_invoice_key( async def check_user_exists(usr: UUID4) -> User: g().user = await get_user(usr.hex) + if not g().user: raise HTTPException( - status_code=HTTPStatus.NOT_FOUND, detail="User does not exist." + status_code=HTTPStatus.NOT_FOUND, detail="User does not exist." ) - if LNBITS_ALLOWED_USERS and g().user.id not in LNBITS_ALLOWED_USERS: + if ( + len(settings.lnbits_allowed_users) > 0 + and g().user.id not in settings.lnbits_allowed_users + and g().user.id != settings.super_user + and g().user.id not in settings.lnbits_admin_users + ): raise HTTPException( status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized." ) - if LNBITS_ADMIN_USERS and g().user.id in LNBITS_ADMIN_USERS: - g().user.admin = True - return g().user + + +async def check_admin(usr: UUID4) -> User: + user = await check_user_exists(usr) + if user.id != settings.super_user and not user.id in settings.lnbits_admin_users: + raise HTTPException( + status_code=HTTPStatus.UNAUTHORIZED, + detail="User not authorized. No admin privileges.", + ) + user.admin = True + user.super_user = False + if user.id == settings.super_user: + user.super_user = True + + return user + + +async def check_super_user(usr: UUID4) -> User: + user = await check_admin(usr) + if user.id != settings.super_user: + raise HTTPException( + status_code=HTTPStatus.UNAUTHORIZED, + detail="User not authorized. No super user privileges.", + ) + return user diff --git a/lnbits/extensions/boltcards/README.md b/lnbits/extensions/boltcards/README.md index b86de62c..34a1c05c 100644 --- a/lnbits/extensions/boltcards/README.md +++ b/lnbits/extensions/boltcards/README.md @@ -6,26 +6,24 @@ This extension allows you to link your Bolt Card (or other compatible NXP NTAG d **Disclaimer:** ***Use this only if you either know what you are doing or are a reckless lightning pioneer. Only you are responsible for all your sats, cards and other devices. Always backup all your card keys!*** -***In order to use this extension you need to be able to setup your own card.*** That means writing a URL template pointing to your LNbits instance, configuring some SUN (SDM) settings and optionally changing the card's keys. There's a [guide](https://www.whitewolftech.com/articles/payment-card/) to set it up with a card reader connected to your computer. It can be done (without setting the keys) with [TagWriter app by NXP](https://play.google.com/store/apps/details?id=com.nxp.nfc.tagwriter) Android app. Last but not least, an OSS android app by name [bolt-nfc-android-app](https://github.com/boltcard/bolt-nfc-android-app) is being developed for these purposes. It's available from Google Play [here](https://play.google.com/store/apps/details?id=com.lightningnfcapp). + +***In order to use this extension you need to be able to setup your own card.*** That means writing a URL template pointing to your LNbits instance, configuring some SUN (SDM) settings and optionally changing the card's keys. There's a [guide](https://www.whitewolftech.com/articles/payment-card/) to set it up with a card reader connected to your computer. It can be done (without setting the keys) with [TagWriter app by NXP](https://play.google.com/store/apps/details?id=com.nxp.nfc.tagwriter) Android app. Last but not least, an OSS android app by name [Boltcard NFC Card Creator](https://github.com/boltcard/bolt-nfc-android-app) is being developed for these purposes. It's available from Google Play [here](https://play.google.com/store/apps/details?id=com.lightningnfcapp). ## About the keys -Up to five 16-byte keys can be stored on the card, numbered from 00 to 04. In the empty state they all should be set to zeros (00000000000000000000000000000000). For this extension only two keys need to be set: +Up to five 16-byte keys can be stored on the card, numbered from 00 to 04. In the empty state they all should be set to zeros (00000000000000000000000000000000). For this extension only two keys need to be set, but for the security reasons all five keys should be changed from default (empty) state. The keys directly needed by this extension are: -One for encrypting the card UID and the counter (p parameter), let's called it meta key, key #01 or K1. +- One for encrypting the card UID and the counter (p parameter), let's called it meta key, key #01 or K1. -One for calculating CMAC (c parameter), let's called it file key, key #02 or K2. +- One for calculating CMAC (c parameter), let's called it file key, key #02 or K2. -The key #00, K0 (also know as auth key) is skipped to be use as authentification key. Is not needed by this extension, but can be filled in order to write the keys in cooperation with bolt-nfc-android-app. +The key #00, K0 (also know as auth key) is used as authentification key. It is not directly needed by this extension, but should be filled in order to write the keys in cooperation with Boltcard NFC Card Creator. In this case also K3 is set to same value as K1 and K4 as K2, so all keys are changed from default values. Keep that in your mind in case you ever need to reset the keys manually. ***Always backup all keys that you're trying to write on the card. Without them you may not be able to change them in the future!*** -## Setting the card - bolt-nfc-android-app (easy way) -So far, regarding the keys, the app can only write a new key set on an empty card (with zero keys). **When you write non zero (and 'non debug') keys, they can't be rewrite with this app.** You have to do it on your computer. -- Read the card with the app. Note UID so you can fill it in the extension later. -- Write the link on the card. It shoud be like `YOUR_LNBITS_DOMAIN/boltcards/api/v1/scan/{external_id}` - - `{external_id}` should be replaced with the External ID found in the LNbits dialog. +## Setting the card - Boltcard NFC Card Creator (easy way) +Updated for v0.1.3 - Add new card in the extension. - Set a max sats per transaction. Any transaction greater than this amount will be rejected. @@ -33,14 +31,29 @@ So far, regarding the keys, the app can only write a new key set on an empty car - Set a card name. This is just for your reference inside LNbits. - Set the card UID. This is the unique identifier on your NFC card and is 7 bytes. - If on an Android device with a newish version of Chrome, you can click the icon next to the input and tap your card to autofill this field. + - Otherwise read it with the Android app (Advanced -> Read NFC) and paste it to the field. - Advanced Options - Card Keys (k0, k1, k2) will be automatically generated if not explicitly set. - - Set to 16 bytes of 0s (00000000000000000000000000000000) to leave the keys in debug mode. - - GENERATE KEY button fill the keys randomly. If there is "debug" in the card name, a debug set of keys is filled instead. + - Set to 16 bytes of 0s (00000000000000000000000000000000) to leave the keys in default (empty) state (this is unsecure). + - GENERATE KEY button fill the keys randomly. - Click CREATE CARD button -- Click the QR code button next to a card to view its details. You can scan the QR code with the Android app to import the keys. -- Click the "KEYS / AUTH LINK" button to copy the auth URL to the clipboard. You can then paste this into the Android app to import the keys. -- Tap the NFC card to write the keys to the card. +- Click the QR code button next to a card to view its details. Backup the keys now! They'll be comfortable in your password manager. + - Now you can scan the QR code with the Android app (Create Bolt Card -> SCAN QR CODE). + - Or you can Click the "KEYS / AUTH LINK" button to copy the auth URL to the clipboard. Then paste it into the Android app (Create Bolt Card -> PASTE AUTH URL). +- Click WRITE CARD NOW and approach the NFC card to set it up. DO NOT REMOVE THE CARD PREMATURELY! + +## Erasing the card - Boltcard NFC Card Creator +Updated for v0.1.3 + +Since v0.1.2 of Boltcard NFC Card Creator it is possible not only reset the keys but also disable the SUN function and do the complete erase so the card can be use again as a static tag (or set as a new Bolt Card, ofc). + +- Click the QR code button next to a card to view its details and select WIPE +- OR click the red cross icon on the right side to reach the same +- In the android app (Advanced -> Reset Keys) + - Click SCAN QR CODE to scan the QR + - Or click WIPE DATA in LNbits to copy and paste in to the app (PASTE KEY JSON) +- Click RESET CARD NOW and approach the NFC card to erase it. DO NOT REMOVE THE CARD PREMATURELY! +- Now if there is all success the card can be safely delete from LNbits (but keep the keys backuped anyway; batter safe than brick). ## Setting the card - computer (hard way) @@ -48,7 +61,7 @@ Follow the guide. The URI should be `lnurlw://YOUR-DOMAIN.COM/boltcards/api/v1/scan/{YOUR_card_external_id}?p=00000000000000000000000000000000&c=0000000000000000` -Then fill up the card parameters in the extension. Card Auth key (K0) can be omitted. Initical counter can be 0. +Then fill up the card parameters in the extension. Card Auth key (K0) can be filled in the extension just for the record. Initical counter can be 0. ## Setting the card - android NXP app (hard way) - If you don't know the card ID, use NXP TagInfo app to find it out. @@ -70,4 +83,4 @@ Then fill up the card parameters in the extension. Card Auth key (K0) can be omi - Save & Write - Scan with compatible Wallet -This app afaik cannot change the keys. If you cannot change them any other way, leave them empty in the extension dialog and remember you're not secure. Card Auth key (K0) can be omitted anyway. Initical counter can be 0. +This app afaik cannot change the keys. If you cannot change them any other way, leave them empty in the extension dialog and remember you're not secured. Card Auth key (K0) can be omitted anyway. Initical counter can be 0. diff --git a/lnbits/extensions/boltcards/lnurl.py b/lnbits/extensions/boltcards/lnurl.py index 3974e529..43d64eee 100644 --- a/lnbits/extensions/boltcards/lnurl.py +++ b/lnbits/extensions/boltcards/lnurl.py @@ -1,21 +1,13 @@ -import base64 -import hashlib -import hmac import json import secrets from http import HTTPStatus -from io import BytesIO -from typing import Optional from urllib.parse import urlparse -from embit import bech32, compact from fastapi import Request from fastapi.param_functions import Query from fastapi.params import Depends, Query -from lnurl import Lnurl, LnurlWithdrawResponse from lnurl import encode as lnurl_encode # type: ignore from lnurl.types import LnurlPayMetadata # type: ignore -from loguru import logger from starlette.exceptions import HTTPException from starlette.requests import Request from starlette.responses import HTMLResponse @@ -33,7 +25,6 @@ from .crud import ( get_hit, get_hits_today, spend_hit, - update_card, update_card_counter, update_card_otp, ) @@ -138,8 +129,8 @@ async def lnurl_callback( extra={"tag": "boltcard", "tag": hit.id}, ) return {"status": "OK"} - except: - return {"status": "ERROR", "reason": f"Payment failed"} + except Exception as exc: + return {"status": "ERROR", "reason": f"Payment failed - {exc}"} # /boltcards/api/v1/auth?a=00000000000000000000000000000000 diff --git a/lnbits/extensions/boltcards/static/js/index.js b/lnbits/extensions/boltcards/static/js/index.js index 11df222a..880a555e 100644 --- a/lnbits/extensions/boltcards/static/js/index.js +++ b/lnbits/extensions/boltcards/static/js/index.js @@ -149,6 +149,7 @@ new Vue({ }, qrCodeDialog: { show: false, + wipe: false, data: null } } @@ -259,9 +260,10 @@ new Vue({ }) }) }, - openQrCodeDialog(cardId) { + openQrCodeDialog(cardId, wipe) { var card = _.findWhere(this.cards, {id: cardId}) this.qrCodeDialog.data = { + id: card.id, link: window.location.origin + '/boltcards/api/v1/auth?a=' + card.otp, name: card.card_name, uid: card.uid, @@ -272,6 +274,17 @@ new Vue({ k3: card.k1, k4: card.k2 } + this.qrCodeDialog.data_wipe = JSON.stringify({ + action: 'wipe', + k0: card.k0, + k1: card.k1, + k2: card.k2, + k3: card.k1, + k4: card.k2, + uid: card.uid, + version: 1 + }) + this.qrCodeDialog.wipe = wipe this.qrCodeDialog.show = true }, addCardOpen: function () { @@ -397,8 +410,16 @@ new Vue({ let self = this let cards = _.findWhere(this.cards, {id: cardId}) + Quasar.utils.exportFile( + cards.card_name + '.json', + this.qrCodeDialog.data_wipe, + 'application/json' + ) + LNbits.utils - .confirmDialog('Are you sure you want to delete this card') + .confirmDialog( + "Are you sure you want to delete this card? Without access to the card keys you won't be able to reset them in the future!" + ) .onOk(function () { LNbits.api .request( diff --git a/lnbits/extensions/boltcards/templates/boltcards/index.html b/lnbits/extensions/boltcards/templates/boltcards/index.html index 6398c20e..f401112b 100644 --- a/lnbits/extensions/boltcards/templates/boltcards/index.html +++ b/lnbits/extensions/boltcards/templates/boltcards/index.html @@ -48,6 +48,7 @@ +