aiolabs/withdraw
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: aiolabs:v1.0.0
Branches Tags
aiolabs:main
aiolabs:v1.2.2-aio.2
aiolabs:v1.2.2-aio.1
aiolabs:v1.2.2
aiolabs:v1.2.1
aiolabs:v1.2.0
aiolabs:v1.1.0
aiolabs:v1.0.1
aiolabs:v1.0.0
aiolabs:v0.1.13
aiolabs:v0.1.12
aiolabs:v0.1.11
aiolabs:v0.1.10
aiolabs:v0.1.9
aiolabs:v0.1.8
aiolabs:v0.1.7-rc3
aiolabs:v0.1.7-rc2
aiolabs:v0.1.7-rc
aiolabs:v0.1.7
aiolabs:v0.1.6
aiolabs:v0.1.5
aiolabs:v0.1.4
aiolabs:v0.1.3
aiolabs:v0.1.2
aiolabs:0.1.1
aiolabs:0.1
..
compare: aiolabs:main
Branches Tags
aiolabs:main
aiolabs:v1.2.2-aio.2
aiolabs:v1.2.2-aio.1
aiolabs:v1.2.2
aiolabs:v1.2.1
aiolabs:v1.2.0
aiolabs:v1.1.0
aiolabs:v1.0.1
aiolabs:v1.0.0
aiolabs:v0.1.13
aiolabs:v0.1.12
aiolabs:v0.1.11
aiolabs:v0.1.10
aiolabs:v0.1.9
aiolabs:v0.1.8
aiolabs:v0.1.7-rc3
aiolabs:v0.1.7-rc2
aiolabs:v0.1.7-rc
aiolabs:v0.1.7
aiolabs:v0.1.6
aiolabs:v0.1.5
aiolabs:v0.1.4
aiolabs:v0.1.3
aiolabs:v0.1.2
aiolabs:0.1.1
aiolabs:0.1

23 commits
v1.0.0 ... main

Author SHA1 Message Date
Padreug
9c0e58a87c feat: merge a link's extra into the payout payment (v1.2.2-aio.2)
Some checks failed
lint.yml / feat: merge a link's `extra` into the payout payment (v1.2.2-aio.2) (pull_request) Failing after 0s
Details
lint.yml / feat: merge a link's `extra` into the payout payment (v1.2.2-aio.2) (push) Failing after 0s
Details 
Adds an optional `extra` (JSON) field to a withdraw link. When the link
is claimed, that `extra` is merged onto the payout payment's `extra`, so
a caller can tag the resulting payment with metadata an external listener
keys on — the link is the only place to attach it (the customer-facing
LNURL-withdraw payout otherwise carries just `{tag, withdrawal_link_id}`).

Motivating use: bitSpire cash-in settlements. The operator's spirekeeper
listener fires a `cash_in` settlement (fee split to the platform) only on
an outbound payment stamped `source=bitspire`; before this there was no
way to stamp an LNURL-withdraw payout, so cash-ins never settled. bitSpire
now creates the cash-in link for the NET amount with
`extra={source, type:cash_in, principal_sats, fee_sats, ...}` and the
settlement fires on claim.

- models: `extra: dict | None` on CreateWithdrawData + WithdrawLink.
  LNbits' db layer (de)serializes dict columns to/from JSON natively
  (same as Payment.extra) — no per-field validator needed.
- migrations_fork.py: `withdraw_link.extra TEXT` under `withdraw_fork`,
  keeping the upstream-tracked migrations.py byte-identical for clean
  rebases (aiolabs/lnbits#8 pattern).
- views_lnurl: `extra={**(link.extra or {}), "tag": ..., "withdrawal_link_id": ...}`
  — the withdraw extension's own keys are written last so a caller cannot
  clobber them.

Verified end-to-end on the dev stack: a stamped link's payout carries the
merged extra and drives a spirekeeper cash_in settlement + super-fee payout.
 2026-06-21 17:26:14 +02:00
Padreug
2877cf6b20 Revert "fix: allow HTTP LNURL for RFC1918/loopback baseurls (#2)"
Some checks failed
lint.yml / Revert "fix: allow HTTP LNURL for RFC1918/loopback baseurls (#2)" (push) Failing after 0s
Details 
This reverts commit 66026ab.

Closes #2 as resolved by switching the dev LNbits to TLS
(self-signed cert) instead of carving out plain HTTP for
RFC1918 hosts. With HTTPS the producer-side python-lnurl
validation accepts any host, AND the lnbits-core consumer-side
`lnurlscan` accepts it too — the symmetric problem the carve-out
couldn't solve on its own.

`create_lnurl_from_baseurl` (#1, `e9d911e`) is kept — it's
orthogonal to the transport scheme and still wanted for the
nostr-transport `lnurl=null` fix.
 2026-06-01 21:44:57 +02:00
Padreug
0e06ab2087 Revert "fix: extend RFC1918 LNURL carve-out to the HTTP-views path" 
This reverts commit 40dce41.

Going with TLS termination on the dev LNbits instead, so the
RFC1918 carve-out becomes unnecessary. The lnbits-core
`/api/v1/lnurlscan` consumer-side validator applies the same
HTTPS-required rule python-lnurl enforces; carving the producer
side out only got greg's LNURL generated, not redeemed.
 2026-06-01 21:43:37 +02:00
Padreug
40dce4d88c fix: extend RFC1918 LNURL carve-out to the HTTP-views path
Some checks failed
lint.yml / fix: extend RFC1918 LNURL carve-out to the HTTP-views path (push) Failing after 0s
Details 
#2 added the loopback/RFC1918 carve-out to the nostr-transport helper
(`create_lnurl_from_baseurl`) but `views.py` / `views_api.py` still call
`create_lnurl`, which went straight through `lnurl_encode` and got the
same `InvalidUrl` rejection. Visible as a 500 "Error creating LNURL …
check your webserver proxy configuration." on the admin UI when LNbits
itself is on `http://192.168.x.x:port`.

Extract the encode + carve-out logic into `_encode_lnurl(url, hint)` and
route both `create_lnurl` and `create_lnurl_from_baseurl` through it.
Both now return the same `_EncodedLnurl` dataclass (a minimal duck for
`.bech32`/`.url`) — `Lnurl` itself can't be returned in the LAN-local
case because its `__new__` re-runs python-lnurl's host validation on
bech32-decode.

Call sites in views.py / views_api.py unchanged: they already access
`.bech32` and `.url`, which the dataclass exposes. `_populate_lnurl`
back to attribute access too.
 2026-06-01 21:35:04 +02:00
Padreug
66026abe96 fix: allow HTTP LNURL for RFC1918/loopback baseurls (#2)
Some checks failed
lint.yml / fix: allow HTTP LNURL for RFC1918/loopback baseurls (#2) (push) Failing after 0s
Details 
`python-lnurl`'s `lnurl_encode` rejects HTTP URLs whose host isn't
`localhost`/`127.0.0.1`/`.onion`, so a regtest LNbits on a LAN IP
(e.g. `http://192.168.0.32:5001`) made `_populate_lnurl` swallow
`InvalidUrl` and leave `link.lnurl=None` — breaking the LAN-local
cross-device smoke flow.

Extend the existing localhost carve-out to the full RFC1918 set:
loopback, `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`. These are
intrinsically unreachable from the public internet, so producing an
HTTP LNURL pointing at one is unambiguously a dev/internal scenario.
For matching URLs, skip `lnurl_encode`'s host validation by calling
the public `lnurl.helpers.url_encode` directly (which bech32-encodes
without URL validation). Everything else still goes through the
validated path — production with HTTP + public IP/hostname stays
rejected.

`create_lnurl_from_baseurl` now returns `(bech32, url)` directly
rather than a `Lnurl` instance, since the private-network branch
can't construct a real `Lnurl` (its `__new__` re-runs the same host
validation on bech32-decode). The caller `_populate_lnurl` was the
only consumer.

Test coverage on `_is_private_network_http` covers the carve-out
boundary (loopback, RFC1918, the just-outside-RFC1918 ranges, public
hosts, and the `https://` case). The full encode path is exercised
via regtest smoke.

Closes #2.
 2026-06-01 21:14:48 +02:00
Padreug
e9d911e593 fix: populate lnurl/lnurl_url in nostr-transport handlers (#1)
Some checks failed
lint.yml / fix: populate lnurl/lnurl_url in nostr-transport handlers (#1) (push) Failing after 0s
Details 
The HTTP views populate `link.lnurl` and `link.lnurl_url` from
`request.url_for(...)`; the nostr-transport RPC handlers had no
`Request` and so left both fields as `None`. Consumers (ATMs over
nostr) were forced to provision a separate `LNBITS_HTTP_URL` env var
and compose the LNURL callback themselves.

Add `helpers.create_lnurl_from_baseurl(link)` that mirrors
`create_lnurl` but composes the callback URL from
`settings.lnbits_baseurl` instead, and thread it through the
create/get/update/list RPC handlers via a `_populate_lnurl` shim
so the response shape matches the HTTP path. Encoding errors are
swallowed (fields stay `None`) so a misconfigured baseurl falls
back to current behavior rather than failing the RPC.

Closes #1.
 2026-06-01 20:01:09 +02:00
Padreug
82a6d4a894 feat: lnurlw_list_links + lnurlw_unique_hashes transport RPCs
Some checks failed
lint.yml / feat: lnurlw_list_links + lnurlw_unique_hashes transport RPCs (push) Failing after 0s
Details 
Two additions surface withdraw-extension capabilities the ATM use
case in aiolabs/lamassu-next (issues #24, #25) needs but couldn't
reach over the nostr transport before:

## lnurlw_list_links (AUTH_ACCOUNT)

Enumerate withdraw links across all wallets owned by the calling
account, with `limit`/`offset` pagination matching the existing
HTTP `/api/v1/links`. Lets an ATM (or any client) re-discover its
links after a reconnect without having to keep its own index.

If `request.wallet_id` is supplied and matches one of the account's
wallets, narrows the listing to just that wallet — mirrors lnurlp's
list semantics.

Returns `{data: [...links], total: <int>}`.

## lnurlw_unique_hashes (AUTH_WALLET)

For an `is_unique=True` link, return the per-use `id_unique_hash`
values derived from each unredeemed slot in `link.usescsv`. Mirrors
the formula in `helpers.py:create_lnurl:13`:

  id_unique_hash = shortuuid.uuid(name=link.id + link.unique_hash + index)

Without this RPC an ATM that wants to generate distinct QR codes
per use (lamassu-next #25) had to reimplement the derivation
client-side — fragile if the extension's hash format ever changes
upstream. With this RPC the ATM asks the server for the canonical
list of unredeemed hashes; each one becomes the trailing path
component of `/withdraw/api/v1/lnurl/<unique_hash>/<id_unique_hash>`.

`is_unique=False` links return an empty `unredeemed_hashes` list;
the base `unique_hash` alone identifies the callback path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-13 09:45:40 +02:00
Padreug
95ed17754d feat: register transport RPCs over LNbits nostr transport
Some checks failed
lint.yml / feat: register transport RPCs over LNbits nostr transport (push) Failing after 0s
Details 
Hooks the existing withdraw CRUD into the LNbits nostr transport layer
so an HTTP-allergic client (e.g. lamassu-next ATM) can manage LNURL-
withdraw links over kind-21000 encrypted events instead of HTTP.

New `withdraw_start()` lifecycle hook (auto-invoked by the LNbits
extension manager) imports the transport's `register_rpc` and registers
four RPCs mirroring the Lightning.Pub `withdraw.*` contract exactly so
lamassu-next's adapter can be a pure name-translation layer:

  lnurlw_create_link   AUTH_WALLET
  lnurlw_get_link      AUTH_WALLET
  lnurlw_update_link   AUTH_WALLET
  lnurlw_delete_link   AUTH_WALLET

All handlers are thin shims around the existing crud.py functions —
no business logic duplication. *_get / *_update / *_delete verify
that the link's stored wallet matches the caller's wallet id.

Also registers a link-owner resolver with the core subscriptions
module (under tag "withdraw", extras-key "withdrawal_link_id" — the
exact field name views_lnurl.py:144 stamps on payment.extra when a
withdraw settles). That lets clients call
`subscribe_payments({tag:"withdraw", link_id:...})` and stream real-
time claim events without polling, with ownership enforced server-side.

The transport import is guarded by try/except ImportError so this
extension still loads cleanly against an LNbits build that doesn't
have nostr_transport.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-13 07:34:25 +02:00
dni ⚡
2e52400f52
 		fix: enforce check minimum (#72)
Some checks failed
lint / lint (push) Has been cancelled
Details
2026-03-31 09:54:41 +01:00
Tiago Vasconcelos
74852e3494
 		feat: add disable option for LNURLw (#70) 2026-03-17 21:41:17 +00:00
dni ⚡
ab96594f70
 		chore: update to 1.2.2
Some checks failed
/ release (push) Has been cancelled
Details
/ pullrequest (push) Has been cancelled
Details
2025-12-27 09:48:17 +01:00
PatMulligan
8a20df70fe
 		FIX: generate LNURL server-side for unique voucher links (#68) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-27 09:45:57 +01:00
dni ⚡
68ff753cfd
 		fix: format function for table column (#67) 2025-12-15 07:41:36 +01:00
dni ⚡
eb7f7fda47
 		chore: update to version 1.2.1 (#66)
Some checks failed
/ release (push) Has been cancelled
Details
/ pullrequest (push) Has been cancelled
Details
2025-10-06 18:47:56 +02:00
dni ⚡
720aa694c1
 		fix: revert withdraw to using bech32 lnurl field (#65) 2025-10-06 18:44:49 +02:00
Arc
d0689b7859
 		fix: timing logic for time between withdraws (#63) 2025-09-15 10:00:40 +02:00
Tiago Vasconcelos
8efacf2d4c
 		fix: print qr code (#62)
Some checks failed
/ release (push) Has been cancelled
Details
/ pullrequest (push) Has been cancelled
Details
2025-09-12 14:26:18 +01:00
dni ⚡
10a4caff7e
 		feat: add lud17 support (#60) 2025-08-25 12:25:20 +02:00
dni ⚡
1bce3bde2d
 		feat: update to uv (#59) 2025-08-24 23:10:31 +02:00
dni ⚡
717d9c88f8
 		feat: new lnurl lib and types on endpoints (#57)
Some checks failed
/ release (push) Has been cancelled
Details
/ pullrequest (push) Has been cancelled
Details
2025-07-21 16:11:10 +02:00
dni ⚡
b42fee99e5
 		fix: lnurl_encoding error was not handled (#56) 2025-07-15 15:11:17 +02:00
Vlad Stan
6b11dec0cc
 		[fix] hash check (#54)
Some checks failed
/ release (push) Has been cancelled
Details
/ pullrequest (push) Has been cancelled
Details
2024-12-11 14:48:15 +02:00
Judy
f05169f994
 		fix: update select query in get_withdraw_links (#52) 2024-11-29 18:46:47 +02:00
22 changed files with 3049 additions and 2990 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/release.yml vendored
View file

@ -7,7 +7,7 @@ jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Create github release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@ -19,7 +19,7 @@ jobs:
needs: [release]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
token: ${{ secrets.EXT_GITHUB }}
repository: lnbits/lnbits-extensions

24
Makefile
View file

@ -5,27 +5,27 @@ format: prettier black ruff
check: mypy pyright checkblack checkruff checkprettier
prettier:
poetry run ./node_modules/.bin/prettier --write .
uv run ./node_modules/.bin/prettier --write .
pyright:
poetry run ./node_modules/.bin/pyright
uv run ./node_modules/.bin/pyright
mypy:
poetry run mypy .
uv run mypy .
black:
poetry run black .
uv run black .
ruff:
poetry run ruff check . --fix
uv run ruff check . --fix
checkruff:
poetry run ruff check .
uv run ruff check .
checkprettier:
poetry run ./node_modules/.bin/prettier --check .
uv run ./node_modules/.bin/prettier --check .
checkblack:
poetry run black --check .
uv run black --check .
checkeditorconfig:
editorconfig-checker
@ -33,14 +33,14 @@ checkeditorconfig:
test:
PYTHONUNBUFFERED=1 \
DEBUG=true \
poetry run pytest
uv run pytest
install-pre-commit-hook:
@echo "Installing pre-commit hook to git"
@echo "Uninstall the hook with poetry run pre-commit uninstall"
poetry run pre-commit install
@echo "Uninstall the hook with uv run pre-commit uninstall"
uv run pre-commit install
pre-commit:
poetry run pre-commit run --all-files
uv run pre-commit run --all-files
checkbundle:

49
__init__.py
View file

@ -17,4 +17,51 @@ withdraw_ext.include_router(withdraw_ext_generic)
withdraw_ext.include_router(withdraw_ext_api)
withdraw_ext.include_router(withdraw_ext_lnurl)
__all__ = ["withdraw_ext", "withdraw_static_files", "db"]
def withdraw_start() -> None:
"""
Register this extension's RPCs with the LNbits nostr transport so an
HTTP-allergic client (e.g. lamassu-next ATM) can manage LNURL-withdraw
links without touching the HTTP API. Also wires the link-owner
resolver so subscribe_payments({tag:"withdraw", link_id:...}) can
verify ownership.
No-op if the core transport module isn't present in the LNbits build.
No runtime `if nostr_transport_enabled` guard is needed when
disabled, the relay pool never publishes, so registered RPCs are
simply unreachable.
"""
try:
from lnbits.core.services.nostr_transport.dispatcher import (
AUTH_ACCOUNT,
AUTH_WALLET,
register_rpc,
)
from lnbits.core.services.nostr_transport.subscriptions import (
register_link_owner_resolver,
)
except ImportError:
return
from .transport_rpcs import (
handle_lnurlw_create_link,
handle_lnurlw_delete_link,
handle_lnurlw_get_link,
handle_lnurlw_list_links,
handle_lnurlw_unique_hashes,
handle_lnurlw_update_link,
resolve_withdraw_owner,
)
register_rpc("lnurlw_create_link", handle_lnurlw_create_link, AUTH_WALLET)
register_rpc("lnurlw_get_link", handle_lnurlw_get_link, AUTH_WALLET)
register_rpc("lnurlw_list_links", handle_lnurlw_list_links, AUTH_ACCOUNT)
register_rpc("lnurlw_unique_hashes", handle_lnurlw_unique_hashes, AUTH_WALLET)
register_rpc("lnurlw_update_link", handle_lnurlw_update_link, AUTH_WALLET)
register_rpc("lnurlw_delete_link", handle_lnurlw_delete_link, AUTH_WALLET)
register_link_owner_resolver(
"withdraw", resolve_withdraw_owner, link_extra_key="withdrawal_link_id"
)
__all__ = ["db", "withdraw_ext", "withdraw_start", "withdraw_static_files"]

3
config.json
View file

@ -2,7 +2,8 @@
"name": "Withdraw Links",
"short_description": "Make LNURL withdraw links",
"tile": "/withdraw/static/image/lnurl-withdraw.png",
"min_lnbits_version": "1.0.0",
"version": "1.2.2-aio.2",
"min_lnbits_version": "1.3.0",
"contributors": [
{
"name": "arcbtc",

49
crud.py
View file

@ -1,11 +1,10 @@
from datetime import datetime
from typing import Optional
import shortuuid
from lnbits.db import Database
from lnbits.helpers import urlsafe_short_hash
from .models import CreateWithdrawData, HashCheck, WithdrawLink
from .models import CreateWithdrawData, HashCheck, PaginatedWithdraws, WithdrawLink
db = Database("ext_withdraw")
@ -33,13 +32,14 @@ async def create_withdraw_link(
webhook_headers=data.webhook_headers,
webhook_body=data.webhook_body,
custom_url=data.custom_url,
extra=data.extra,
number=0,
)
await db.insert("withdraw.withdraw_link", withdraw_link)
return withdraw_link
async def get_withdraw_link(link_id: str, num=0) -> Optional[WithdrawLink]:
async def get_withdraw_link(link_id: str, num=0) -> WithdrawLink | None:
link = await db.fetchone(
"SELECT * FROM withdraw.withdraw_link WHERE id = :id",
{"id": link_id},
@ -52,7 +52,7 @@ async def get_withdraw_link(link_id: str, num=0) -> Optional[WithdrawLink]:
return link
async def get_withdraw_link_by_hash(unique_hash: str, num=0) -> Optional[WithdrawLink]:
async def get_withdraw_link_by_hash(unique_hash: str, num=0) -> WithdrawLink | None:
link = await db.fetchone(
"SELECT * FROM withdraw.withdraw_link WHERE unique_hash = :hash",
{"hash": unique_hash},
@ -67,26 +67,34 @@ async def get_withdraw_link_by_hash(unique_hash: str, num=0) -> Optional[Withdra
async def get_withdraw_links(
wallet_ids: list[str], limit: int, offset: int
) -> tuple[list[WithdrawLink], int]:
) -> PaginatedWithdraws:
q = ",".join([f"'{w}'" for w in wallet_ids])
links = await db.fetchall(
f"""
query_str = f"""
SELECT * FROM withdraw.withdraw_link WHERE wallet IN ({q})
ORDER BY open_time DESC LIMIT :limit OFFSET :offset
""",
{"limit": limit, "offset": offset},
ORDER BY open_time DESC
"""
if limit > 0:
query_str += """ LIMIT :limit OFFSET :offset"""
query_params = {"limit": limit, "offset": offset}
else:
query_params = {}
links = await db.fetchall(
query_str,
query_params,
WithdrawLink,
)
result = await db.execute(
f"""
SELECT COUNT(*) as total FROM withdraw.withdraw_link
WHERE wallet IN ({q})
"""
)
total = result.mappings().first()
result2 = result.mappings().first()
return links, total.total
return PaginatedWithdraws(data=links, total=int(result2.total))
async def remove_unique_withdraw_link(link: WithdrawLink, unique_hash: str) -> None:
@ -101,7 +109,7 @@ async def remove_unique_withdraw_link(link: WithdrawLink, unique_hash: str) -> N
async def increment_withdraw_link(link: WithdrawLink) -> None:
link.used = link.used + 1
link.open_time = int(datetime.now().timestamp()) + link.wait_time
link.open_time = int(datetime.now().timestamp())
await update_withdraw_link(link)
@ -134,11 +142,20 @@ async def create_hash_check(the_hash: str, lnurl_id: str) -> HashCheck:
async def get_hash_check(the_hash: str, lnurl_id: str) -> HashCheck:
hash_check = await db.fetchone(
"SELECT * FROM withdraw.hash_check WHERE id = :id", {"id": the_hash}, HashCheck
"""
SELECT id as hash, lnurl_id as lnurl
FROM withdraw.hash_check WHERE id = :id
""",
{"id": the_hash},
HashCheck,
)
hash_check_lnurl = await db.fetchone(
"SELECT * FROM withdraw.hash_check WHERE lnurl_id = :id",
"""
SELECT id as hash, lnurl_id as lnurl
FROM withdraw.hash_check WHERE lnurl_id = :id
""",
{"id": lnurl_id},
HashCheck,
)

54
helpers.py Normal file
View file

@ -0,0 +1,54 @@
from fastapi import Request
from lnbits.settings import settings
from lnurl import Lnurl
from lnurl import encode as lnurl_encode
from shortuuid import uuid
from .models import WithdrawLink
def create_lnurl(link: WithdrawLink, req: Request) -> Lnurl:
if link.is_unique:
usescssv = link.usescsv.split(",")
tohash = link.id + link.unique_hash + usescssv[link.number]
multihash = uuid(name=tohash)
url = req.url_for(
"withdraw.api_lnurl_multi_response",
unique_hash=link.unique_hash,
id_unique_hash=multihash,
)
else:
url = req.url_for("withdraw.api_lnurl_response", unique_hash=link.unique_hash)
try:
return lnurl_encode(str(url))
except Exception as e:
raise ValueError(
f"Error creating LNURL with url: `{url!s}`, "
"check your webserver proxy configuration."
) from e
def create_lnurl_from_baseurl(link: WithdrawLink) -> Lnurl:
"""
Same shape as `create_lnurl`, but composes the callback URL from
`settings.lnbits_baseurl` instead of a FastAPI `Request`. Used by
the nostr-transport RPC handlers, which have no HTTP request to
derive a base URL from.
"""
base = settings.lnbits_baseurl.rstrip("/")
if link.is_unique:
usescssv = link.usescsv.split(",")
tohash = link.id + link.unique_hash + usescssv[link.number]
multihash = uuid(name=tohash)
url = f"{base}/withdraw/api/v1/lnurl/{link.unique_hash}/{multihash}"
else:
url = f"{base}/withdraw/api/v1/lnurl/{link.unique_hash}"
try:
return lnurl_encode(url)
except Exception as e:
raise ValueError(
f"Error creating LNURL with url: `{url!s}`, "
"check your `LNBITS_BASEURL` configuration."
) from e

6
migrations.py
View file

@ -139,3 +139,9 @@ async def m007_add_created_at_timestamp(db):
"ALTER TABLE withdraw.withdraw_link "
f"ADD COLUMN created_at TIMESTAMP DEFAULT {db.timestamp_column_default}"
)
async def m008_add_enabled_column(db):
await db.execute(
"ALTER TABLE withdraw.withdraw_link ADD COLUMN enabled BOOLEAN DEFAULT true;"
)

44
migrations_fork.py Normal file
View file

@ -0,0 +1,44 @@
"""
Fork-specific database migrations for the aiolabs withdraw extension.
These migrations are tracked separately under `withdraw_fork` in the
`dbversions` table (loaded by `lnbits/core/helpers.py:migrate_extension_database`),
so they do not collide with upstream's `m{NNN}_*` numbering in
`migrations.py`. Keeping the upstream-tracked file untouched means
`git pull upstream` stays rebase-clean for schema changes.
Conventions:
- Sequential numbering starting from m001.
- Each migration is `async def m{NNN}_<description>(db)`.
- DDL must be idempotent: a fresh install runs every migration; an
install that already carries the column must not crash. Use
`_alter_add_column_safe` so re-runs are no-ops.
"""
async def _alter_add_column_safe(db, sql: str) -> None:
"""ALTER TABLE ADD COLUMN that swallows duplicate-column errors, so a
re-run on a DB that already has the column is a silent no-op."""
try:
await db.execute(sql)
except Exception as exc:
msg = str(exc).lower()
if "duplicate column" in msg or "already exists" in msg:
return
raise
async def m001_aio_withdraw_schema(db):
"""
Apply every aiolabs schema delta on top of upstream withdraw.
`withdraw_link.extra` arbitrary JSON merged into the payout payment's
`extra` when the link is claimed (see views_lnurl). Lets a caller tag the
resulting payment with settlement/attribution metadata an external listener
can key on e.g. bitSpire stamps {source, type, principal_sats, fee_sats,
...} so the spirekeeper cash-in settlement fires off an LNURL-withdraw
payout. Stored as TEXT; (de)serialized to a dict by the WithdrawLink model.
"""
await _alter_add_column_safe(
db, "ALTER TABLE withdraw.withdraw_link ADD COLUMN extra TEXT"
)

71
models.py
View file

@ -1,14 +1,6 @@
from datetime import datetime
import shortuuid
from fastapi import Query, Request
from lnurl import (
ClearnetUrl,
Lnurl,
LnurlWithdrawResponse,
MilliSatoshi,
)
from lnurl import encode as lnurl_encode
from fastapi import Query
from pydantic import BaseModel, Field
@ -23,6 +15,13 @@ class CreateWithdrawData(BaseModel):
webhook_headers: str = Query(None)
webhook_body: str = Query(None)
custom_url: str = Query(None)
enabled: bool = Query(True)
# Arbitrary JSON merged into the payout payment's `extra` when this link is
# claimed (see views_lnurl). Lets a caller tag the resulting payment with
# settlement/attribution metadata an external listener can key on — e.g.
# bitSpire stamps {source, type, principal_sats, fee_sats, ...} so the
# spirekeeper cash-in settlement fires off an LNURL-withdraw payout.
extra: dict | None = None
class WithdrawLink(BaseModel):
@ -44,42 +43,38 @@ class WithdrawLink(BaseModel):
webhook_headers: str = Query(None)
webhook_body: str = Query(None)
custom_url: str = Query(None)
# Persisted as TEXT (JSON); merged into the payout payment's `extra` on
# claim. LNbits' db layer (de)serializes dict-typed columns to/from JSON
# natively (same as Payment.extra) — no per-field validator needed.
extra: dict | None = None
created_at: datetime
enabled: bool = Query(True)
lnurl: str | None = Field(
default=None,
no_database=True,
deprecated=True,
description=(
"Deprecated: Instead of using this bech32 encoded string, dynamically "
"generate your own static link (lud17/bech32) on the client side. "
"Example: lnurlw://${window.location.hostname}/lnurlw/${id}"
),
)
lnurl_url: str | None = Field(
default=None,
no_database=True,
description="The raw LNURL callback URL (use for QR code generation)",
)
@property
def is_spent(self) -> bool:
return self.used >= self.uses
def lnurl(self, req: Request) -> Lnurl:
if self.is_unique:
usescssv = self.usescsv.split(",")
tohash = self.id + self.unique_hash + usescssv[self.number]
multihash = shortuuid.uuid(name=tohash)
url = str(
req.url_for(
"withdraw.api_lnurl_multi_response",
unique_hash=self.unique_hash,
id_unique_hash=multihash,
)
)
else:
url = str(
req.url_for("withdraw.api_lnurl_response", unique_hash=self.unique_hash)
)
return lnurl_encode(url)
def lnurl_response(self, req: Request) -> LnurlWithdrawResponse:
url = req.url_for("withdraw.api_lnurl_callback", unique_hash=self.unique_hash)
return LnurlWithdrawResponse(
callback=ClearnetUrl(url, scheme="https"), # type: ignore
k1=self.k1,
minWithdrawable=MilliSatoshi(self.min_withdrawable * 1000),
maxWithdrawable=MilliSatoshi(self.max_withdrawable * 1000),
defaultDescription=self.title,
)
class HashCheck(BaseModel):
hash: bool
lnurl: bool
class PaginatedWithdraws(BaseModel):
data: list[WithdrawLink]
total: int

2616
poetry.lock generated
View file

File diff suppressed because it is too large Load diff

53
pyproject.toml
View file

@ -1,37 +1,34 @@
[tool.poetry]
[project]
name = "lnbits-withdraw"
version = "0.0.0"
requires-python = ">=3.10,<3.13"
description = "LNbits, free and open-source Lightning wallet and accounts system."
authors = ["Alan Bits <alan@lnbits.com>"]
authors = [{ name = "Alan Bits", email = "alan@lnbits.com" }]
urls = { Homepage = "https://lnbits.com", Repository = "https://github.com/lnbits/bitcoinswitch_extension" }
dependencies = [ "lnbits>1" ]
[tool.poetry.dependencies]
python = "^3.10 | ^3.9"
lnbits = {version = "*", allow-prereleases = true}
[tool.poetry]
package-mode = false
[tool.poetry.group.dev.dependencies]
black = "^24.3.0"
pytest-asyncio = "^0.21.0"
pytest = "^7.3.2"
mypy = "^1.5.1"
pre-commit = "^3.2.2"
ruff = "^0.3.2"
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"
[[tool.mypy.overrides]]
module = [
"lnbits.*",
"lnurl.*",
"loguru.*",
"fastapi.*",
"pydantic.*",
"pyqrcode.*",
"shortuuid.*",
"httpx.*",
[tool.uv]
dev-dependencies = [
"black",
"pytest-asyncio",
"pytest",
"mypy",
"pre-commit",
"ruff",
"pytest-md",
]
ignore_missing_imports = "True"
[tool.mypy]
plugins = ["pydantic.mypy"]
[tool.pydantic-mypy]
init_forbid_extra = true
init_typed = true
warn_required_dynamic_aliases = true
warn_untyped_fields = true
[tool.pytest.ini_options]
log_cli = false

43
static/js/index.js
View file

@ -1,17 +1,6 @@
const locationPath = [
window.location.protocol,
'//',
window.location.host,
window.location.pathname
].join('')
const mapWithdrawLink = function (obj) {
obj._data = _.clone(obj)
obj.min_fsat = new Intl.NumberFormat(LOCALE).format(obj.min_withdrawable)
obj.max_fsat = new Intl.NumberFormat(LOCALE).format(obj.max_withdrawable)
obj.uses_left = obj.uses - obj.used
obj.print_url = [locationPath, 'print/', obj.id].join('')
obj.withdraw_url = [locationPath, obj.id].join('')
obj._data.use_custom = Boolean(obj.custom_url)
return obj
}
@ -25,6 +14,7 @@ window.app = Vue.createApp({
return {
checker: null,
withdrawLinks: [],
lnurl: '',
withdrawLinksTable: {
columns: [
{name: 'title', align: 'left', label: 'Title', field: 'title'},
@ -34,7 +24,7 @@ window.app = Vue.createApp({
label: 'Created At',
field: 'created_at',
sortable: true,
format: function (val, row) {
format: function (val) {
return new Date(val).toLocaleString()
}
},
@ -47,7 +37,7 @@ window.app = Vue.createApp({
{
name: 'uses',
align: 'right',
label: 'Created',
label: 'Uses',
field: 'uses'
},
{
@ -56,8 +46,13 @@ window.app = Vue.createApp({
label: 'Uses left',
field: 'uses_left'
},
{name: 'min', align: 'right', label: 'Min (sat)', field: 'min_fsat'},
{name: 'max', align: 'right', label: 'Max (sat)', field: 'max_fsat'}
{
name: 'max_withdrawable',
align: 'right',
label: 'Max (sat)',
field: 'max_withdrawable',
format: LNbits.utils.formatSat
}
],
pagination: {
page: 1,
@ -73,7 +68,8 @@ window.app = Vue.createApp({
data: {
is_unique: false,
use_custom: false,
has_webhook: false
has_webhook: false,
enabled: true
}
},
simpleformDialog: {
@ -83,7 +79,8 @@ window.app = Vue.createApp({
use_custom: false,
title: 'Vouchers',
min_withdrawable: 0,
wait_time: 1
wait_time: 1,
enabled: true
}
},
qrCodeDialog: {
@ -130,22 +127,22 @@ window.app = Vue.createApp({
this.formDialog.data = {
is_unique: false,
use_custom: false,
has_webhook: false
has_webhook: false,
enabled: true
}
},
simplecloseFormDialog() {
this.simpleformDialog.data = {
is_unique: false,
use_custom: false
use_custom: false,
enabled: true
}
},
openQrCodeDialog(linkId) {
const link = _.findWhere(this.withdrawLinks, {id: linkId})
this.qrCodeDialog.data = _.clone(link)
this.qrCodeDialog.data.url =
window.location.protocol + '//' + window.location.host
this.qrCodeDialog.show = true
this.activeUrl = link.lnurl_url
},
openUpdateDialog(linkId) {
let link = _.findWhere(this.withdrawLinks, {id: linkId})
@ -258,7 +255,7 @@ window.app = Vue.createApp({
'/withdraw/api/v1/links/' + linkId,
_.findWhere(this.g.user.wallets, {id: link.wallet}).adminkey
)
.then(response => {
.then(() => {
this.withdrawLinks = _.reject(this.withdrawLinks, function (obj) {
return obj.id === linkId
})

12
templates/withdraw/csv.html
View file

@ -1,12 +0,0 @@
{% extends "print.html" %} {% block page %} {% for page in link %} {% for threes
in page %} {% for one in threes %} {{one}}, {% endfor %} {% endfor %} {% endfor
%} {% endblock %} {% block scripts %}
<script>
window.app = Vue.createApp({
el: '#vue',
data: function () {
return {}
}
})
</script>
{% endblock %}

33
templates/withdraw/display.html
View file

@ -4,24 +4,32 @@
<q-card class="q-pa-lg">
<q-card-section class="q-pa-none">
<div class="text-center">
{% if link.is_spent %}
<q-badge color="red" class="q-mb-md">Withdraw is spent.</q-badge>
{% endif %}
<a class="text-secondary" href="lightning:{{ lnurl }}">
<lnbits-qrcode
:value="this.here + '/?lightning={{lnurl }}'"
></lnbits-qrcode>
<q-badge v-if="spent" color="red" class="q-mb-md"
>Withdraw is spent.</q-badge
>
<q-badge v-if="spent" color="red" class="q-mb-md"
>Withdraw is spent.</q-badge
>
<q-badge v-else-if="!enabled" color="grey" class="q-mb-md"
>Withdraw is disabled.</q-badge
>
<a v-else class="text-secondary" :href="link">
<lnbits-qrcode-lnurl
prefix="lnurlw"
:url="url"
@update:lnurl="v => lnurl = v"
></lnbits-qrcode-lnurl>
</a>
</div>
<div class="row q-mt-lg q-gutter-sm">
<q-btn outline color="grey" @click="copyText('{{ lnurl }}')"
<q-btn outline color="grey" @click="copyText(lnurl)"
>Copy LNURL</q-btn
>
<q-btn
outline
color="grey"
icon="nfc"
@click="writeNfcTag(' {{ lnurl }} ')"
@click="writeNfcTag(lnurl)"
:disable="nfcTagWriting"
></q-btn>
</div>
@ -52,8 +60,11 @@
mixins: [window.windowMixin],
data() {
return {
here: location.protocol + '//' + location.host,
nfcTagWriting: false
spent: {{ 'true' if spent else 'false' }},
url: '{{ lnurl_url }}',
lnurl: '',
nfcTagWriting: false,
enabled: {{ 'true' if enabled else 'false' }}
}
}
})

95
templates/withdraw/index.html
View file

@ -38,6 +38,7 @@
>
<template v-slot:header="props">
<q-tr :props="props">
<q-th auto-width></q-th>
<q-th auto-width></q-th>
<q-th auto-width></q-th>
<q-th
@ -51,49 +52,48 @@
</template>
<template v-slot:body="props">
<q-tr :props="props">
<q-td auto-width>
<q-icon
name="power_settings_new"
:color="props.row.enabled ? 'green' : 'red'"
size="xs"
>
<q-tooltip>
<span
v-text="props.row.enabled ? 'Withdraw link is enabled' : 'Withdraw link is disabled'"
></span>
</q-tooltip>
</q-icon>
</q-td>
<q-td auto-width>
<q-btn
unelevated
dense
size="xs"
icon="launch"
:color="($q.dark.isActive) ? 'grey-7' : 'grey-5'"
type="a"
:href="props.row.withdraw_url"
:href="'/withdraw/' + props.row.id"
target="_blank"
>
<q-tooltip> shareable link </q-tooltip></q-btn
>
<q-btn
unelevated
dense
size="xs"
icon="web_asset"
:color="($q.dark.isActive) ? 'grey-7' : 'grey-5'"
type="a"
:href="'/withdraw/img/' + props.row.id"
target="_blank"
><q-tooltip> embeddable image </q-tooltip></q-btn
<q-tooltip>Shareable link</q-tooltip></q-btn
>
<q-btn
unelevated
dense
size="xs"
icon="reorder"
:color="($q.dark.isActive) ? 'grey-7' : 'grey-5'"
type="a"
:href="'/withdraw/csv/' + props.row.id"
target="_blank"
><q-tooltip> csv list </q-tooltip></q-btn
><q-tooltip>CSV download</q-tooltip></q-btn
>
<q-btn
unelevated
dense
size="xs"
icon="visibility"
:color="($q.dark.isActive) ? 'grey-7' : 'grey-5'"
@click="openQrCodeDialog(props.row.id)"
><q-tooltip> view LNURL </q-tooltip></q-btn
><q-tooltip>view LNURL</q-tooltip></q-btn
>
</q-td>
<q-td auto-width>
@ -139,7 +139,7 @@
<q-card>
<q-card-section>
<h6 class="text-subtitle1 q-my-none">
{{SITE_TITLE}} LNURL-withdraw extension
LNbits LNURL withdraw extension
</h6>
</q-card-section>
<q-card-section class="q-pa-none">
@ -252,6 +252,20 @@
hint="Custom data as JSON string, will get posted along with webhook 'body' field."
></q-input>
<q-list>
<q-item tag="label" class="rounded-borders">
<q-item-section avatar>
<q-checkbox
v-model="formDialog.data.enabled"
color="primary"
></q-checkbox>
</q-item-section>
<q-item-section>
<q-item-label>Enable / Disable </q-item-label>
<q-item-label caption
>You can enable or disable these vouchers</q-item-label
>
</q-item-section>
</q-item>
<q-item tag="label" class="rounded-borders">
<q-item-section avatar>
<q-checkbox
@ -364,6 +378,20 @@
label="Number of vouchers"
></q-input>
<q-list>
<q-item tag="label" class="rounded-borders">
<q-item-section avatar>
<q-checkbox
v-model="simpleformDialog.data.enabled"
color="primary"
></q-checkbox>
</q-item-section>
<q-item-section>
<q-item-label>Enable / Disable </q-item-label>
<q-item-label caption
>You can enable or disable these vouchers</q-item-label
>
</q-item-section>
</q-item>
<q-item tag="label" class="rounded-borders">
<q-item-section avatar>
<q-checkbox
@ -413,9 +441,11 @@
<q-dialog v-model="qrCodeDialog.show" position="top">
<q-card v-if="qrCodeDialog.data" class="q-pa-lg lnbits__dialog-card">
<lnbits-qrcode
:value="qrCodeDialog.data.url + '/?lightning=' + qrCodeDialog.data.lnurl"
></lnbits-qrcode>
<lnbits-qrcode-lnurl
:url="activeUrl"
@update:lnurl="v => lnurl = v"
prefix="lnurlw"
></lnbits-qrcode-lnurl>
<p style="word-break: break-all">
<strong>ID:</strong> <span v-text="qrCodeDialog.data.id"></span><br />
<strong>Unique:</strong>
@ -440,31 +470,32 @@
<q-btn
outline
color="grey"
@click="copyText(qrCodeDialog.data.lnurl, 'LNURL copied to clipboard!')"
@click="copyText(lnurl, 'LNURL copied to clipboard!')"
class="q-ml-sm"
>Copy LNURL</q-btn
>
<q-btn
outline
color="grey"
icon="link"
@click="copyText(qrCodeDialog.data.withdraw_url, 'Link copied to clipboard!')"
><q-tooltip>Copy sharable link</q-tooltip>
</q-btn>
<q-btn
outline
color="grey"
icon="nfc"
@click="writeNfcTag(qrCodeDialog.data.lnurl)"
@click="writeNfcTag(lnurl)"
:disable="nfcTagWriting"
><q-tooltip>Write to NFC</q-tooltip></q-btn
>
<q-btn
outline
color="grey"
icon="link"
:href="'/withdraw/' + qrCodeDialog.data.id"
target="_blank"
><q-tooltip>Open sharable link</q-tooltip>
</q-btn>
<q-btn
outline
color="grey"
icon="print"
type="a"
:href="qrCodeDialog.data.print_url"
:href="'/withdraw/print/' + qrCodeDialog.data.id"
target="_blank"
><q-tooltip>Print</q-tooltip></q-btn
>

28
templates/withdraw/print_qr.html
View file

@ -4,23 +4,21 @@
<div class="" id="vue">
{% for page in link %}
<page size="A4" id="pdfprint">
<table style="width: 100%">
{% for threes in page %}
<tr style="height: 59.4mm">
{% for one in threes %}
<td style="width: 105mm">
<center>
<lnbits-qrcode
style="width: fit-content"
:value="theurl + '/?lightning={{one}}'"
:options="{width: 150}"
></lnbits-qrcode>
</center>
</td>
<div class="full-height content-center">
{% for row in page %}
<div class="row" style="max-height: 54mm">
{% for one in row %}
<div class="col-6">
<lnbits-qrcode
style="width: 50mm"
:value="theurl + '/?lightning={{one}}'"
:show-buttons="false"
></lnbits-qrcode>
</div>
{% endfor %}
</tr>
</div>
{% endfor %}
</table>
</div>
</page>
{% endfor %}
</div>

12
templates/withdraw/print_qr_custom.html
View file

@ -11,7 +11,8 @@
<div class="lnurlw">
<lnbits-qrcode
:value="theurl + '/?lightning={{one}}'"
:options="{width: 98, margin: 2, logo: false}"
:show-buttons="false"
:options="{width: 150}"
></lnbits-qrcode>
</div>
</div>
@ -61,9 +62,10 @@
.wrapper .lnurlw {
display: block;
position: absolute;
top: calc(7.3mm + 1rem);
left: calc(7.5mm + 1rem);
top: calc(3mm + 1rem);
left: calc(6mm + 1rem);
transform: rotate(45deg);
width: 27mm;
}
@media print {
@ -83,8 +85,8 @@
.wrapper .lnurlw {
display: block;
position: absolute;
top: 7.3mm;
left: 7.5mm;
top: 3mm;
left: 6mm;
transform: rotate(45deg);
}
}

225
transport_rpcs.py Normal file
View file

@ -0,0 +1,225 @@
"""
Nostr-transport RPC handlers for the withdraw (LNURL-withdraw) extension.
Names mirror the Lightning.Pub `withdraw.*` contract that the lamassu-next
ATM consumes (see ~/dev/shocknet/lamassu-next/packages/lightning/src/client.ts
lines ~301351). That keeps the lamassu-next-side adapter a pure name
translation no semantic reshaping.
Auth model (set in `__init__.py:withdraw_start`):
- create / get / update / delete AUTH_WALLET; the calling pubkey must
own the wallet the link is scoped to. *_get / *_update / *_delete also
verify the link's stored `wallet` matches the caller's wallet id.
`resolve_withdraw_owner` is registered with the core subscription module
under tag `"withdraw"` and extras-key `"withdrawal_link_id"` (matching
where the extension stamps the link id on settlement see
`views_lnurl.py:144`). That lets `subscribe_payments({tag:"withdraw",
link_id:...})` enforce ownership without core importing this module.
"""
from __future__ import annotations
from lnbits.core.crud.wallets import get_wallets
from lnbits.core.models import Account
from lnbits.core.models.wallets import WalletTypeInfo
from lnbits.core.services.nostr_transport.models import NostrRpcRequest
from shortuuid import uuid
from .crud import (
create_withdraw_link,
delete_withdraw_link,
get_withdraw_link,
get_withdraw_links,
update_withdraw_link,
)
from .helpers import create_lnurl_from_baseurl
from .models import CreateWithdrawData, WithdrawLink
async def handle_lnurlw_create_link(
auth: WalletTypeInfo, request: NostrRpcRequest
) -> dict:
body = request.body or {}
data = CreateWithdrawData(**body)
link = await create_withdraw_link(data, auth.wallet.id)
return _to_dict(_populate_lnurl(link))
async def handle_lnurlw_get_link(
auth: WalletTypeInfo, request: NostrRpcRequest
) -> dict:
link_id = _require_id(request)
link = await _require_owned_link(link_id, auth.wallet.id)
return _to_dict(_populate_lnurl(link))
async def handle_lnurlw_update_link(
auth: WalletTypeInfo, request: NostrRpcRequest
) -> dict:
link_id = _require_id(request)
link = await _require_owned_link(link_id, auth.wallet.id)
body = request.body or {}
_MUTABLE = {
"title",
"min_withdrawable",
"max_withdrawable",
"uses",
"wait_time",
"is_unique",
"webhook_url",
"webhook_headers",
"webhook_body",
"custom_url",
"enabled",
}
for k, v in body.items():
if k in _MUTABLE:
setattr(link, k, v)
updated = await update_withdraw_link(link)
return _to_dict(_populate_lnurl(updated))
async def handle_lnurlw_delete_link(
auth: WalletTypeInfo, request: NostrRpcRequest
) -> dict:
link_id = _require_id(request)
await _require_owned_link(link_id, auth.wallet.id)
await delete_withdraw_link(link_id)
return {"ok": True}
async def handle_lnurlw_list_links(auth: Account, request: NostrRpcRequest) -> dict:
"""List withdraw links across all wallets owned by the calling account.
Useful for ATMs to re-discover their links after a reconnect.
Body fields:
- limit: int (0 means no limit; default 0)
- offset: int (default 0)
If `request.wallet_id` is set and is one of the caller's wallets,
narrow to just that wallet.
"""
body = request.body or {}
limit = int(body.get("limit") or 0)
offset = int(body.get("offset") or 0)
wallets = await get_wallets(auth.id)
wallet_ids = [w.id for w in wallets]
if not wallet_ids:
return {"data": [], "total": 0}
if request.wallet_id and request.wallet_id in wallet_ids:
wallet_ids = [request.wallet_id]
page = await get_withdraw_links(wallet_ids, limit, offset)
return {
"data": [_to_dict(_populate_lnurl(link)) for link in page.data],
"total": page.total,
}
async def handle_lnurlw_unique_hashes(
auth: WalletTypeInfo, request: NostrRpcRequest
) -> dict:
"""
For a `is_unique=True` link, return the per-use `id_unique_hash`
values that the ATM uses to generate distinct QR codes one per
unredeemed slot. Mirrors the formula in `helpers.py:create_lnurl`
exactly so an ATM never has to re-implement the derivation:
id_unique_hash = shortuuid.uuid(name=link.id + link.unique_hash + index)
`link.usescsv` is the canonical list of *unredeemed* slot indexes;
after a customer claims a slot it gets removed there (see
`crud.remove_unique_withdraw_link`). The hashes returned here are
therefore exactly the ones still claimable.
Response:
{
"link_id": str,
"unique_hash": str, # base hash
"is_unique": bool,
"unredeemed_hashes": [ # one entry per remaining slot
{"index": str, "id_unique_hash": str}, ...
]
}
For `is_unique=False` links the list is empty and `unique_hash`
alone identifies the callback path
(`/withdraw/api/v1/lnurl/<unique_hash>`). For `is_unique=True`
each callback path is
`/withdraw/api/v1/lnurl/<unique_hash>/<id_unique_hash>`.
"""
link_id = _require_id(request)
link = await _require_owned_link(link_id, auth.wallet.id)
unredeemed = []
if link.is_unique:
# usescsv is comma-separated; split and skip empties (after the
# last slot is consumed it becomes the empty string).
for index_str in [s for s in link.usescsv.split(",") if s.strip()]:
tohash = link.id + link.unique_hash + index_str
unredeemed.append(
{
"index": index_str.strip(),
"id_unique_hash": uuid(name=tohash),
}
)
return {
"link_id": link.id,
"unique_hash": link.unique_hash,
"is_unique": link.is_unique,
"unredeemed_hashes": unredeemed,
}
async def resolve_withdraw_owner(link_id: str) -> str | None:
"""For the core subscription module: link_id -> wallet_id (or None)."""
link = await get_withdraw_link(link_id)
return link.wallet if link else None
# ---------------------------------------------------------------------------
# helpers
# ---------------------------------------------------------------------------
def _require_id(request: NostrRpcRequest) -> str:
body = request.body or {}
link_id = body.get("id")
if not link_id:
raise ValueError("withdraw: body.id is required")
return str(link_id)
async def _require_owned_link(link_id: str, wallet_id: str):
link = await get_withdraw_link(link_id)
if link is None:
raise ValueError(f"withdraw: link not found: {link_id}")
if link.wallet != wallet_id:
raise PermissionError("withdraw: link does not belong to caller's wallet")
return link
def _populate_lnurl(link: WithdrawLink) -> WithdrawLink:
"""
Compose `lnurl` / `lnurl_url` from `settings.lnbits_baseurl` so
nostr-transport responses match the HTTP `views_api` shape, where
these fields are populated from `request.url_for(...)`. Without
this, consumers (ATMs, etc.) would have to re-derive the callback
URL themselves from a separately-provisioned LNbits HTTPS URL
duplicating state LNbits already knows. See aiolabs/withdraw#1.
"""
try:
encoded = create_lnurl_from_baseurl(link)
link.lnurl = str(encoded.bech32)
link.lnurl_url = str(encoded.url)
except ValueError:
pass
return link
def _to_dict(link) -> dict:
import json
return json.loads(link.json())

2267
uv.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

93
views.py
View file

@ -1,7 +1,6 @@
import io
from http import HTTPStatus
from io import BytesIO
import pyqrcode
from fastapi import APIRouter, Depends, HTTPException, Request
from fastapi.responses import HTMLResponse, StreamingResponse
from lnbits.core.models import User
@ -9,6 +8,7 @@ from lnbits.decorators import check_user_exists
from lnbits.helpers import template_renderer
from .crud import chunks, get_withdraw_link
from .helpers import create_lnurl
withdraw_ext_generic = APIRouter()
@ -32,39 +32,22 @@ async def display(request: Request, link_id):
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw link does not exist."
)
try:
lnurl = create_lnurl(link, request)
except ValueError as exc:
raise HTTPException(
status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
detail=str(exc),
) from exc
return withdraw_renderer().TemplateResponse(
"withdraw/display.html",
{
"request": request,
"link": link.json(),
"lnurl": link.lnurl(req=request),
"unique": True,
},
)
@withdraw_ext_generic.get("/img/{link_id}", response_class=StreamingResponse)
async def img(request: Request, link_id):
link = await get_withdraw_link(link_id, 0)
if not link:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw link does not exist."
)
qr = pyqrcode.create(link.lnurl(request))
stream = BytesIO()
qr.svg(stream, scale=3)
stream.seek(0)
async def _generator(stream: BytesIO):
yield stream.getvalue()
return StreamingResponse(
_generator(stream),
headers={
"Content-Type": "image/svg+xml",
"Cache-Control": "no-cache, no-store, must-revalidate",
"Pragma": "no-cache",
"Expires": "0",
"spent": link.is_spent,
"lnurl_url": str(lnurl.url),
"enabled": link.enabled,
},
)
@ -76,11 +59,8 @@ async def print_qr(request: Request, link_id):
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw link does not exist."
)
# response.status_code = HTTPStatus.NOT_FOUND
# return "Withdraw link does not exist."
if link.uses == 0:
return withdraw_renderer().TemplateResponse(
"withdraw/print_qr.html",
{"request": request, "link": link.json(), "unique": False},
@ -94,7 +74,14 @@ async def print_qr(request: Request, link_id):
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw link does not exist."
)
links.append(str(linkk.lnurl(request)))
try:
lnurl = create_lnurl(linkk, request)
except ValueError as exc:
raise HTTPException(
status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
detail=str(exc),
) from exc
links.append(str(lnurl.bech32))
count = count + 1
page_link = list(chunks(links, 2))
linked = list(chunks(page_link, 5))
@ -123,29 +110,37 @@ async def csv(request: Request, link_id):
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw link does not exist."
)
# response.status_code = HTTPStatus.NOT_FOUND
# return "Withdraw link does not exist."
if link.uses == 0:
return withdraw_renderer().TemplateResponse(
"withdraw/csv.html",
{"request": request, "link": link.json(), "unique": False},
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST, detail="Withdraw is spent."
)
links = []
count = 0
buffer = io.StringIO()
count = 0
for _ in link.usescsv.split(","):
linkk = await get_withdraw_link(link_id, count)
if not linkk:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw link does not exist."
)
links.append(str(linkk.lnurl(request)))
count = count + 1
page_link = list(chunks(links, 2))
linked = list(chunks(page_link, 5))
try:
lnurl = create_lnurl(linkk, request)
except ValueError as exc:
raise HTTPException(
status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
detail=str(exc),
) from exc
buffer.write(f"{lnurl.bech32!s}\n")
count += 1
return withdraw_renderer().TemplateResponse(
"withdraw/csv.html", {"request": request, "link": linked, "unique": True}
# Move buffer cursor to the beginning
buffer.seek(0)
return StreamingResponse(
buffer,
media_type="text/csv",
headers={
"Content-Disposition": f"attachment; filename=withdraw-links-{link_id}.csv"
},
)

71
views_api.py
View file

@ -1,10 +1,9 @@
import json
from http import HTTPStatus
from typing import Optional
from fastapi import APIRouter, Depends, HTTPException, Query, Request
from lnbits.core.crud import get_user
from lnbits.core.models import WalletTypeInfo
from lnbits.core.models import SimpleStatus, WalletTypeInfo
from lnbits.decorators import require_admin_key, require_invoice_key
from .crud import (
@ -15,38 +14,48 @@ from .crud import (
get_withdraw_links,
update_withdraw_link,
)
from .models import CreateWithdrawData, HashCheck
from .helpers import create_lnurl
from .models import CreateWithdrawData, HashCheck, PaginatedWithdraws, WithdrawLink
withdraw_ext_api = APIRouter(prefix="/api/v1")
@withdraw_ext_api.get("/links", status_code=HTTPStatus.OK)
async def api_links(
req: Request,
request: Request,
key_info: WalletTypeInfo = Depends(require_invoice_key),
all_wallets: bool = Query(False),
offset: int = Query(0),
limit: int = Query(0),
):
) -> PaginatedWithdraws:
wallet_ids = [key_info.wallet.id]
if all_wallets:
user = await get_user(key_info.wallet.user)
wallet_ids = user.wallet_ids if user else []
links, total = await get_withdraw_links(wallet_ids, limit, offset)
return {
"data": [{**link.dict(), **{"lnurl": link.lnurl(req)}} for link in links],
"total": total,
}
links = await get_withdraw_links(wallet_ids, limit, offset)
for linkk in links.data:
try:
lnurl = create_lnurl(linkk, request)
except ValueError as exc:
raise HTTPException(
status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
detail=str(exc),
) from exc
linkk.lnurl = str(lnurl.bech32)
linkk.lnurl_url = str(lnurl.url)
return links
@withdraw_ext_api.get("/links/{link_id}", status_code=HTTPStatus.OK)
async def api_link_retrieve(
link_id: str,
request: Request,
link_id: str,
key_info: WalletTypeInfo = Depends(require_invoice_key),
):
) -> WithdrawLink:
link = await get_withdraw_link(link_id, 0)
if not link:
@ -58,17 +67,27 @@ async def api_link_retrieve(
raise HTTPException(
detail="Not your withdraw link.", status_code=HTTPStatus.FORBIDDEN
)
return {**link.dict(), **{"lnurl": link.lnurl(request)}}
try:
lnurl = create_lnurl(link, request)
except ValueError as exc:
raise HTTPException(
status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
detail=str(exc),
) from exc
link.lnurl = str(lnurl.bech32)
link.lnurl_url = str(lnurl.url)
return link
@withdraw_ext_api.post("/links", status_code=HTTPStatus.CREATED)
@withdraw_ext_api.put("/links/{link_id}", status_code=HTTPStatus.OK)
@withdraw_ext_api.put("/links/{link_id}")
async def api_link_create_or_update(
req: Request,
request: Request,
data: CreateWithdrawData,
link_id: Optional[str] = None,
link_id: str | None = None,
key_info: WalletTypeInfo = Depends(require_admin_key),
):
) -> WithdrawLink:
if data.uses > 250:
raise HTTPException(detail="250 uses max.", status_code=HTTPStatus.BAD_REQUEST)
@ -140,14 +159,24 @@ async def api_link_create_or_update(
link = await update_withdraw_link(link)
else:
link = await create_withdraw_link(wallet_id=key_info.wallet.id, data=data)
try:
lnurl = create_lnurl(link, request)
except ValueError as exc:
raise HTTPException(
status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
detail=str(exc),
) from exc
return {**link.dict(), **{"lnurl": link.lnurl(req)}}
link.lnurl = str(lnurl.bech32)
link.lnurl_url = str(lnurl.url)
return link
@withdraw_ext_api.delete("/links/{link_id}", status_code=HTTPStatus.OK)
@withdraw_ext_api.delete("/links/{link_id}")
async def api_link_delete(
link_id: str, key_info: WalletTypeInfo = Depends(require_admin_key)
):
) -> SimpleStatus:
link = await get_withdraw_link(link_id)
if not link:
@ -161,7 +190,7 @@ async def api_link_delete(
)
await delete_withdraw_link(link_id)
return {"success": True}
return SimpleStatus(success=True, message="Withdraw link deleted.")
@withdraw_ext_api.get(

189
views_lnurl.py
View file

@ -1,18 +1,23 @@
import json
from datetime import datetime
from http import HTTPStatus
from typing import Callable, Optional
from urllib.parse import urlparse
import httpx
import shortuuid
from fastapi import APIRouter, HTTPException, Request, Response
from bolt11 import decode as decode_bolt11
from fastapi import APIRouter, Request
from fastapi.responses import JSONResponse
from fastapi.routing import APIRoute
from lnbits.core.crud import update_payment
from lnbits.core.models import Payment
from lnbits.core.services import pay_invoice
from lnurl import (
CallbackUrl,
LnurlErrorResponse,
LnurlSuccessResponse,
LnurlWithdrawResponse,
MilliSatoshi,
)
from loguru import logger
from pydantic import parse_obj_as
from .crud import (
create_hash_check,
@ -23,28 +28,7 @@ from .crud import (
)
from .models import WithdrawLink
class LNURLErrorResponseHandler(APIRoute):
def get_route_handler(self) -> Callable:
original_route_handler = super().get_route_handler()
async def custom_route_handler(request: Request) -> Response:
try:
response = await original_route_handler(request)
return response
except HTTPException as exc:
logger.debug(f"HTTPException: {exc}")
response = JSONResponse(
status_code=200,
content={"status": "ERROR", "reason": f"{exc.detail}"},
)
return response
return custom_route_handler
withdraw_ext_lnurl = APIRouter(prefix="/api/v1/lnurl")
withdraw_ext_lnurl.route_class = LNURLErrorResponseHandler
@withdraw_ext_lnurl.get(
@ -52,45 +36,35 @@ withdraw_ext_lnurl.route_class = LNURLErrorResponseHandler
response_class=JSONResponse,
name="withdraw.api_lnurl_response",
)
async def api_lnurl_response(request: Request, unique_hash: str):
async def api_lnurl_response(
request: Request, unique_hash: str
) -> LnurlWithdrawResponse | LnurlErrorResponse:
link = await get_withdraw_link_by_hash(unique_hash)
if not link:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw link does not exist."
)
return LnurlErrorResponse(reason="Withdraw link does not exist.")
if not link.enabled:
return LnurlErrorResponse(reason="Withdraw link is disabled.")
if link.is_spent:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw is spent."
)
return LnurlErrorResponse(reason="Withdraw is spent.")
if link.is_unique:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND,
detail="This link requires an id_unique_hash.",
)
return LnurlErrorResponse(reason="This link requires an id_unique_hash.")
url = str(
request.url_for("withdraw.api_lnurl_callback", unique_hash=link.unique_hash)
)
# Check if url is .onion and change to http
if urlparse(url).netloc.endswith(".onion"):
# change url string scheme to http
url = url.replace("https://", "http://")
return {
"tag": "withdrawRequest",
"callback": url,
"k1": link.k1,
"minWithdrawable": link.min_withdrawable * 1000,
"maxWithdrawable": link.max_withdrawable * 1000,
"defaultDescription": link.title,
"webhook_url": link.webhook_url,
"webhook_headers": link.webhook_headers,
"webhook_body": link.webhook_body,
}
callback_url = parse_obj_as(CallbackUrl, url)
return LnurlWithdrawResponse(
callback=callback_url,
k1=link.k1,
minWithdrawable=MilliSatoshi(link.min_withdrawable * 1000),
maxWithdrawable=MilliSatoshi(link.max_withdrawable * 1000),
defaultDescription=link.title,
)
@withdraw_ext_lnurl.get(
@ -114,60 +88,69 @@ async def api_lnurl_callback(
unique_hash: str,
k1: str,
pr: str,
id_unique_hash: Optional[str] = None,
):
id_unique_hash: str | None = None,
) -> LnurlErrorResponse | LnurlSuccessResponse:
link = await get_withdraw_link_by_hash(unique_hash)
if not link:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="withdraw not found."
)
return LnurlErrorResponse(reason="withdraw link not found.")
if not link.enabled:
return LnurlErrorResponse(reason="Withdraw link is disabled.")
bolt11 = decode_bolt11(pr)
if not bolt11.amount_msat:
return LnurlErrorResponse(reason="0 amount invoices are not supported.")
if (
link.min_withdrawable * 1000 > bolt11.amount_msat
or bolt11.amount_msat > link.max_withdrawable * 1000
):
return LnurlErrorResponse(reason="Amount not within limits.")
if link.is_spent:
raise HTTPException(
status_code=HTTPStatus.METHOD_NOT_ALLOWED, detail="withdraw is spent."
)
return LnurlErrorResponse(reason="withdraw is spent.")
if link.k1 != k1:
raise HTTPException(status_code=HTTPStatus.BAD_REQUEST, detail="k1 is wrong.")
return LnurlErrorResponse(reason="k1 is wrong.")
now = int(datetime.now().timestamp())
if now < link.open_time:
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST,
detail=f"wait link open_time {link.open_time - now} seconds.",
if now < link.open_time + link.wait_time:
return LnurlErrorResponse(
reason=f"Wait {link.open_time + link.wait_time - now} seconds."
)
if not id_unique_hash and link.is_unique:
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST,
detail="id_unique_hash is required for this link.",
)
return LnurlErrorResponse(reason="id_unique_hash is required for this link.")
if id_unique_hash:
if check_unique_link(link, id_unique_hash):
await remove_unique_withdraw_link(link, id_unique_hash)
else:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="withdraw not found."
)
return LnurlErrorResponse(reason="id_unique_hash not found.")
# Create a record with the id_unique_hash or unique_hash, if it already exists,
# raise an exception thus preventing the same LNURL from being processed twice.
try:
await create_hash_check(id_unique_hash or unique_hash, k1)
except Exception as exc:
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST, detail="LNURL already being processed."
) from exc
except Exception:
return LnurlErrorResponse(reason="LNURL already being processed.")
try:
payment = await pay_invoice(
wallet_id=link.wallet,
payment_request=pr,
max_sat=link.max_withdrawable,
extra={"tag": "withdraw", "withdrawal_link_id": link.id},
# Merge the link's caller-supplied `extra` onto the payout so an
# external listener can key on it (e.g. bitSpire cash-in
# settlements via spirekeeper). The withdraw extension's own
# `tag`/`withdrawal_link_id` are written last so a caller cannot
# clobber them.
extra={
**(link.extra or {}),
"tag": "withdraw",
"withdrawal_link_id": link.id,
},
)
await increment_withdraw_link(link)
# If the payment succeeds, delete the record with the unique_hash.
@ -177,13 +160,11 @@ async def api_lnurl_callback(
if link.webhook_url:
await dispatch_webhook(link, payment, pr)
return {"status": "OK"}
return LnurlSuccessResponse()
except Exception as exc:
# If payment fails, delete the hash stored so another attempt can be made.
await delete_hash_check(id_unique_hash or unique_hash)
raise HTTPException(
status_code=HTTPStatus.BAD_REQUEST, detail=f"withdraw not working. {exc!s}"
) from exc
return LnurlErrorResponse(reason=f"withdraw not working. {exc!s}")
def check_unique_link(link: WithdrawLink, unique_hash: str) -> bool:
@ -232,38 +213,28 @@ async def dispatch_webhook(
)
async def api_lnurl_multi_response(
request: Request, unique_hash: str, id_unique_hash: str
):
) -> LnurlWithdrawResponse | LnurlErrorResponse:
link = await get_withdraw_link_by_hash(unique_hash)
if not link:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="LNURL-withdraw not found."
)
return LnurlErrorResponse(reason="Withdraw link does not exist.")
if not link.enabled:
return LnurlErrorResponse(reason="Withdraw link is disabled.")
if link.is_spent:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Withdraw is spent."
)
return LnurlErrorResponse(reason="Withdraw is spent.")
if not check_unique_link(link, id_unique_hash):
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="LNURL-withdraw not found."
)
return LnurlErrorResponse(reason="id_unique_hash not found for this link.")
url = str(
request.url_for("withdraw.api_lnurl_callback", unique_hash=link.unique_hash)
url = request.url_for("withdraw.api_lnurl_callback", unique_hash=link.unique_hash)
callback_url = parse_obj_as(CallbackUrl, f"{url!s}?id_unique_hash={id_unique_hash}")
return LnurlWithdrawResponse(
callback=callback_url,
k1=link.k1,
minWithdrawable=MilliSatoshi(link.min_withdrawable * 1000),
maxWithdrawable=MilliSatoshi(link.max_withdrawable * 1000),
defaultDescription=link.title,
)
# Check if url is .onion and change to http
if urlparse(url).netloc.endswith(".onion"):
# change url string scheme to http
url = url.replace("https://", "http://")
return {
"tag": "withdrawRequest",
"callback": f"{url}?id_unique_hash={id_unique_hash}",
"k1": link.k1,
"minWithdrawable": link.min_withdrawable * 1000,
"maxWithdrawable": link.max_withdrawable * 1000,
"defaultDescription": link.title,
}