fix(activities): route ticket scanner through HTTP, not nostr-transport RPC #87

Merged

padreug merged 1 commit from fix/scanner-via-http into dev 2026-06-03 16:34:01 +00:00

Conversation 0 Commits 1 Files changed 2 +101 -34

padreug commented 2026-06-03 14:17:24 +00:00

Owner

Copy link

Summary

• Scanner was hitting Sign-in with a Nostr key required to call RPC post-aiolabs/lnbits#9 — the webapp no longer holds a raw user prvkey, so NostrTransportService.call() fails closed at its first guard.
• Reroute through the events extension's admin_key-gated HTTP endpoints (PUT /tickets/register/{id}, new GET /tickets/event/{id}/stats) — the Bucket A pattern the rest of the prvkey-removal migration already follows.
• Defers the kind-21000 nostr-transport bunker-mediation refactor (Bucket C) until the team commits to that direction.

Companion change

Pairs with a new HTTP endpoint on the events extension (signer-abstraction branch, uncommitted locally) that mirrors the events_list_event_tickets RPC shape. PUT /tickets/register/{id} was already hardened in v1.6.1-aio.3.

Test plan

• Local smoke: organizer scans a paid ticket on a non-prvkey account, ticket registers, counts refresh.
• Negative paths surface the existing banner shape: "Ticket not paid for", "Ticket already registered", "You do not own this event.", "Ticket does not exist."
• aio-demo: pull the new events ext build, redeploy webapp from dev, re-run the cross-user scenario that originally failed.

🤖 Generated with Claude Code

## Summary - Scanner was hitting `Sign-in with a Nostr key required to call RPC` post-`aiolabs/lnbits#9` — the webapp no longer holds a raw user prvkey, so `NostrTransportService.call()` fails closed at its first guard. - Reroute through the events extension's admin_key-gated HTTP endpoints (`PUT /tickets/register/{id}`, new `GET /tickets/event/{id}/stats`) — the Bucket A pattern the rest of the prvkey-removal migration already follows. - Defers the kind-21000 nostr-transport bunker-mediation refactor (Bucket C) until the team commits to that direction. ## Companion change Pairs with a new HTTP endpoint on the events extension (`signer-abstraction` branch, uncommitted locally) that mirrors the `events_list_event_tickets` RPC shape. `PUT /tickets/register/{id}` was already hardened in `v1.6.1-aio.3`. ## Test plan - [ ] Local smoke: organizer scans a paid ticket on a non-prvkey account, ticket registers, counts refresh. - [ ] Negative paths surface the existing banner shape: "Ticket not paid for", "Ticket already registered", "You do not own this event.", "Ticket does not exist." - [ ] aio-demo: pull the new events ext build, redeploy webapp from `dev`, re-run the cross-user scenario that originally failed. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

padreug added 1 commit 2026-06-03 14:17:24 +00:00

fix(activities): route ticket scanner through HTTP, not nostr-transport RPC ... 7ef3cb33cc

Post-aiolabs/lnbits#9 the webapp no longer holds a raw user prvkey,
so the kind-21000 nostr-transport RPC layer fails closed for every
caller at the "Sign-in with a Nostr key required to call RPC" guard
in NostrTransportService.call. The ticket scanner was the only
remaining user of that transport on the organizer side.

Route the door scanner through the events extension's existing
admin_key-gated HTTP endpoints instead, matching the Bucket A
pattern the team converged on for the rest of the prvkey-removal
migration (operator-class events route through extension HTTP,
not webapp-side signing).

Pairs with a new GET /tickets/event/{id}/stats endpoint on the
events extension (admin_key + owner check, mirroring the
events_list_event_tickets RPC shape). PUT /tickets/register/{id}
was already hardened in v1.6.1-aio.3.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

padreug added the

app:activities

bug

labels 2026-06-03 14:19:12 +00:00

padreug merged commit 9048248353 into dev 2026-06-03 16:34:01 +00:00

padreug deleted branch fix/scanner-via-http 2026-06-03 16:34:02 +00:00

padreug referenced this pull request from a commit 2026-06-03 16:34:02 +00:00

Merge pull request 'fix(activities): route ticket scanner through HTTP, not nostr-transport RPC' (#87) from fix/scanner-via-http into dev

padreug referenced this pull request 2026-06-03 16:49:19 +00:00

feat(base): phase-2 bucket-B migration via signEventViaLnbits #88

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

app:activities

Standalone Sortir activities app

  

app:chat

Standalone chat app

  

app:events

  

app:forum

  

app:libra

  

app:market

Standalone marketplace app

  

app:restaurant

  

app:tasks

  

app:wallet

Standalone wallet app

  

app:webapp

Main webapp (all modules)

  

bug

Something is not working

  

enhancement

New feature or improvement

No labels

app:activities

app:chat

app:events

app:forum

app:libra

app:market

app:restaurant

app:tasks

app:wallet

app:webapp

bug

enhancement

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

aiolabs/webapp!87

No description provided.