feat: merge a link's extra into the payout payment (v1.2.2-aio.2)

Adds an optional `extra` (JSON) field to a withdraw link. When the link
is claimed, that `extra` is merged onto the payout payment's `extra`, so
a caller can tag the resulting payment with metadata an external listener
keys on — the link is the only place to attach it (the customer-facing
LNURL-withdraw payout otherwise carries just `{tag, withdrawal_link_id}`).

Motivating use: bitSpire cash-in settlements. The operator's spirekeeper
listener fires a `cash_in` settlement (fee split to the platform) only on
an outbound payment stamped `source=bitspire`; before this there was no
way to stamp an LNURL-withdraw payout, so cash-ins never settled. bitSpire
now creates the cash-in link for the NET amount with
`extra={source, type:cash_in, principal_sats, fee_sats, ...}` and the
settlement fires on claim.

- models: `extra: dict | None` on CreateWithdrawData + WithdrawLink.
  LNbits' db layer (de)serializes dict columns to/from JSON natively
  (same as Payment.extra) — no per-field validator needed.
- migrations_fork.py: `withdraw_link.extra TEXT` under `withdraw_fork`,
  keeping the upstream-tracked migrations.py byte-identical for clean
  rebases (aiolabs/lnbits#8 pattern).
- views_lnurl: `extra={**(link.extra or {}), "tag": ..., "withdrawal_link_id": ...}`
  — the withdraw extension's own keys are written last so a caller cannot
  clobber them.

Verified end-to-end on the dev stack: a stamped link's payout carries the
merged extra and drives a spirekeeper cash_in settlement + super-fee payout.

__init__.py

@@ -17,4 +17,51 @@ withdraw_ext.include_router(withdraw_ext_generic)
 withdraw_ext.include_router(withdraw_ext_api)
 withdraw_ext.include_router(withdraw_ext_lnurl)
 
-__all__ = ["db", "withdraw_ext", "withdraw_static_files"]
+
+def withdraw_start() -> None:
+    """
+    Register this extension's RPCs with the LNbits nostr transport so an
+    HTTP-allergic client (e.g. lamassu-next ATM) can manage LNURL-withdraw
+    links without touching the HTTP API. Also wires the link-owner
+    resolver so subscribe_payments({tag:"withdraw", link_id:...}) can
+    verify ownership.
+
+    No-op if the core transport module isn't present in the LNbits build.
+    No runtime `if nostr_transport_enabled` guard is needed — when
+    disabled, the relay pool never publishes, so registered RPCs are
+    simply unreachable.
+    """
+    try:
+        from lnbits.core.services.nostr_transport.dispatcher import (
+            AUTH_ACCOUNT,
+            AUTH_WALLET,
+            register_rpc,
+        )
+        from lnbits.core.services.nostr_transport.subscriptions import (
+            register_link_owner_resolver,
+        )
+    except ImportError:
+        return
+
+    from .transport_rpcs import (
+        handle_lnurlw_create_link,
+        handle_lnurlw_delete_link,
+        handle_lnurlw_get_link,
+        handle_lnurlw_list_links,
+        handle_lnurlw_unique_hashes,
+        handle_lnurlw_update_link,
+        resolve_withdraw_owner,
+    )
+
+    register_rpc("lnurlw_create_link", handle_lnurlw_create_link, AUTH_WALLET)
+    register_rpc("lnurlw_get_link", handle_lnurlw_get_link, AUTH_WALLET)
+    register_rpc("lnurlw_list_links", handle_lnurlw_list_links, AUTH_ACCOUNT)
+    register_rpc("lnurlw_unique_hashes", handle_lnurlw_unique_hashes, AUTH_WALLET)
+    register_rpc("lnurlw_update_link", handle_lnurlw_update_link, AUTH_WALLET)
+    register_rpc("lnurlw_delete_link", handle_lnurlw_delete_link, AUTH_WALLET)
+    register_link_owner_resolver(
+        "withdraw", resolve_withdraw_owner, link_extra_key="withdrawal_link_id"
+    )
+
+
+__all__ = ["db", "withdraw_ext", "withdraw_start", "withdraw_static_files"]

config.json

@@ -2,7 +2,7 @@
   "name": "Withdraw Links",
   "short_description": "Make LNURL withdraw links",
   "tile": "/withdraw/static/image/lnurl-withdraw.png",
-  "version": "1.1.0",
+  "version": "1.2.2-aio.2",
   "min_lnbits_version": "1.3.0",
   "contributors": [
     {

crud.py

@@ -32,6 +32,7 @@ async def create_withdraw_link(
         webhook_headers=data.webhook_headers,
         webhook_body=data.webhook_body,
         custom_url=data.custom_url,
+        extra=data.extra,
         number=0,
     )
     await db.insert("withdraw.withdraw_link", withdraw_link)
@@ -108,7 +109,7 @@ async def remove_unique_withdraw_link(link: WithdrawLink, unique_hash: str) -> N
 
 async def increment_withdraw_link(link: WithdrawLink) -> None:
     link.used = link.used + 1
-    link.open_time = int(datetime.now().timestamp()) + link.wait_time
+    link.open_time = int(datetime.now().timestamp())
     await update_withdraw_link(link)
 
 

helpers.py

@@ -1,4 +1,5 @@
 from fastapi import Request
+from lnbits.settings import settings
 from lnurl import Lnurl
 from lnurl import encode as lnurl_encode
 from shortuuid import uuid
@@ -26,3 +27,28 @@ def create_lnurl(link: WithdrawLink, req: Request) -> Lnurl:
             f"Error creating LNURL with url: `{url!s}`, "
             "check your webserver proxy configuration."
         ) from e
+
+
+def create_lnurl_from_baseurl(link: WithdrawLink) -> Lnurl:
+    """
+    Same shape as `create_lnurl`, but composes the callback URL from
+    `settings.lnbits_baseurl` instead of a FastAPI `Request`. Used by
+    the nostr-transport RPC handlers, which have no HTTP request to
+    derive a base URL from.
+    """
+    base = settings.lnbits_baseurl.rstrip("/")
+    if link.is_unique:
+        usescssv = link.usescsv.split(",")
+        tohash = link.id + link.unique_hash + usescssv[link.number]
+        multihash = uuid(name=tohash)
+        url = f"{base}/withdraw/api/v1/lnurl/{link.unique_hash}/{multihash}"
+    else:
+        url = f"{base}/withdraw/api/v1/lnurl/{link.unique_hash}"
+
+    try:
+        return lnurl_encode(url)
+    except Exception as e:
+        raise ValueError(
+            f"Error creating LNURL with url: `{url!s}`, "
+            "check your `LNBITS_BASEURL` configuration."
+        ) from e

migrations.py

@@ -139,3 +139,9 @@ async def m007_add_created_at_timestamp(db):
         "ALTER TABLE withdraw.withdraw_link "
         f"ADD COLUMN created_at TIMESTAMP DEFAULT {db.timestamp_column_default}"
     )
+
+
+async def m008_add_enabled_column(db):
+    await db.execute(
+        "ALTER TABLE withdraw.withdraw_link ADD COLUMN enabled BOOLEAN DEFAULT true;"
+    )

migrations_fork.py

@@ -0,0 +1,44 @@
+"""
+Fork-specific database migrations for the aiolabs withdraw extension.
+
+These migrations are tracked separately under `withdraw_fork` in the
+`dbversions` table (loaded by `lnbits/core/helpers.py:migrate_extension_database`),
+so they do not collide with upstream's `m{NNN}_*` numbering in
+`migrations.py`. Keeping the upstream-tracked file untouched means
+`git pull upstream` stays rebase-clean for schema changes.
+
+Conventions:
+  - Sequential numbering starting from m001.
+  - Each migration is `async def m{NNN}_<description>(db)`.
+  - DDL must be idempotent: a fresh install runs every migration; an
+    install that already carries the column must not crash. Use
+    `_alter_add_column_safe` so re-runs are no-ops.
+"""
+
+
+async def _alter_add_column_safe(db, sql: str) -> None:
+    """ALTER TABLE ADD COLUMN that swallows duplicate-column errors, so a
+    re-run on a DB that already has the column is a silent no-op."""
+    try:
+        await db.execute(sql)
+    except Exception as exc:
+        msg = str(exc).lower()
+        if "duplicate column" in msg or "already exists" in msg:
+            return
+        raise
+
+
+async def m001_aio_withdraw_schema(db):
+    """
+    Apply every aiolabs schema delta on top of upstream withdraw.
+
+    `withdraw_link.extra` — arbitrary JSON merged into the payout payment's
+    `extra` when the link is claimed (see views_lnurl). Lets a caller tag the
+    resulting payment with settlement/attribution metadata an external listener
+    can key on — e.g. bitSpire stamps {source, type, principal_sats, fee_sats,
+    ...} so the spirekeeper cash-in settlement fires off an LNURL-withdraw
+    payout. Stored as TEXT; (de)serialized to a dict by the WithdrawLink model.
+    """
+    await _alter_add_column_safe(
+        db, "ALTER TABLE withdraw.withdraw_link ADD COLUMN extra TEXT"
+    )

models.py

@@ -15,6 +15,13 @@ class CreateWithdrawData(BaseModel):
     webhook_headers: str = Query(None)
     webhook_body: str = Query(None)
     custom_url: str = Query(None)
+    enabled: bool = Query(True)
+    # Arbitrary JSON merged into the payout payment's `extra` when this link is
+    # claimed (see views_lnurl). Lets a caller tag the resulting payment with
+    # settlement/attribution metadata an external listener can key on — e.g.
+    # bitSpire stamps {source, type, principal_sats, fee_sats, ...} so the
+    # spirekeeper cash-in settlement fires off an LNURL-withdraw payout.
+    extra: dict | None = None
 
 
 class WithdrawLink(BaseModel):
@@ -36,7 +43,27 @@ class WithdrawLink(BaseModel):
     webhook_headers: str = Query(None)
     webhook_body: str = Query(None)
     custom_url: str = Query(None)
+    # Persisted as TEXT (JSON); merged into the payout payment's `extra` on
+    # claim. LNbits' db layer (de)serializes dict-typed columns to/from JSON
+    # natively (same as Payment.extra) — no per-field validator needed.
+    extra: dict | None = None
     created_at: datetime
+    enabled: bool = Query(True)
+    lnurl: str | None = Field(
+        default=None,
+        no_database=True,
+        deprecated=True,
+        description=(
+            "Deprecated: Instead of using this bech32 encoded string, dynamically "
+            "generate your own static link (lud17/bech32) on the client side. "
+            "Example: lnurlw://${window.location.hostname}/lnurlw/${id}"
+        ),
+    )
+    lnurl_url: str | None = Field(
+        default=None,
+        no_database=True,
+        description="The raw LNURL callback URL (use for QR code generation)",
+    )
 
     @property
     def is_spent(self) -> bool:

static/js/index.js

@@ -51,9 +51,7 @@ window.app = Vue.createApp({
             align: 'right',
             label: 'Max (sat)',
             field: 'max_withdrawable',
-            format: v => {
+            format: LNbits.utils.formatSat
-              return new Intl.NumberFormat(LOCALE).format(v)
-            }
           }
         ],
         pagination: {
@@ -70,7 +68,8 @@ window.app = Vue.createApp({
         data: {
           is_unique: false,
           use_custom: false,
-          has_webhook: false
+          has_webhook: false,
+          enabled: true
         }
       },
       simpleformDialog: {
@@ -80,7 +79,8 @@ window.app = Vue.createApp({
           use_custom: false,
           title: 'Vouchers',
           min_withdrawable: 0,
-          wait_time: 1
+          wait_time: 1,
+          enabled: true
         }
       },
       qrCodeDialog: {
@@ -127,20 +127,22 @@ window.app = Vue.createApp({
       this.formDialog.data = {
         is_unique: false,
         use_custom: false,
-        has_webhook: false
+        has_webhook: false,
+        enabled: true
       }
     },
     simplecloseFormDialog() {
       this.simpleformDialog.data = {
         is_unique: false,
-        use_custom: false
+        use_custom: false,
+        enabled: true
       }
     },
     openQrCodeDialog(linkId) {
       const link = _.findWhere(this.withdrawLinks, {id: linkId})
       this.qrCodeDialog.data = _.clone(link)
       this.qrCodeDialog.show = true
-      this.activeUrl = `${window.location.origin}/withdraw/api/v1/lnurl/${link.unique_hash}`
+      this.activeUrl = link.lnurl_url
     },
     openUpdateDialog(linkId) {
       let link = _.findWhere(this.withdrawLinks, {id: linkId})

templates/withdraw/display.html

@@ -7,6 +7,12 @@
           <q-badge v-if="spent" color="red" class="q-mb-md"
             >Withdraw is spent.</q-badge
           >
+          <q-badge v-if="spent" color="red" class="q-mb-md"
+            >Withdraw is spent.</q-badge
+          >
+          <q-badge v-else-if="!enabled" color="grey" class="q-mb-md"
+            >Withdraw is disabled.</q-badge
+          >
           <a v-else class="text-secondary" :href="link">
             <lnbits-qrcode-lnurl
               prefix="lnurlw"
@@ -55,9 +61,10 @@
     data() {
       return {
         spent: {{ 'true' if spent else 'false' }},
-        url: `${window.location.origin}/withdraw/api/v1/lnurl/{{ unique_hash }}`,
+        url: '{{ lnurl_url }}',
         lnurl: '',
-        nfcTagWriting: false
+        nfcTagWriting: false,
+        enabled: {{ 'true' if enabled else 'false' }}
       }
     }
   })

templates/withdraw/index.html

@@ -38,6 +38,7 @@
         >
           <template v-slot:header="props">
             <q-tr :props="props">
+              <q-th auto-width></q-th>
               <q-th auto-width></q-th>
               <q-th auto-width></q-th>
               <q-th
@@ -51,6 +52,19 @@
           </template>
           <template v-slot:body="props">
             <q-tr :props="props">
+              <q-td auto-width>
+                <q-icon
+                  name="power_settings_new"
+                  :color="props.row.enabled ? 'green' : 'red'"
+                  size="xs"
+                >
+                  <q-tooltip>
+                    <span
+                      v-text="props.row.enabled ? 'Withdraw link is enabled' : 'Withdraw link is disabled'"
+                    ></span>
+                  </q-tooltip>
+                </q-icon>
+              </q-td>
               <q-td auto-width>
                 <q-btn
                   unelevated
@@ -238,6 +252,20 @@
           hint="Custom data as JSON string, will get posted along with webhook 'body' field."
         ></q-input>
         <q-list>
+          <q-item tag="label" class="rounded-borders">
+            <q-item-section avatar>
+              <q-checkbox
+                v-model="formDialog.data.enabled"
+                color="primary"
+              ></q-checkbox>
+            </q-item-section>
+            <q-item-section>
+              <q-item-label>Enable / Disable </q-item-label>
+              <q-item-label caption
+                >You can enable or disable these vouchers</q-item-label
+              >
+            </q-item-section>
+          </q-item>
           <q-item tag="label" class="rounded-borders">
             <q-item-section avatar>
               <q-checkbox
@@ -350,6 +378,20 @@
           label="Number of vouchers"
         ></q-input>
         <q-list>
+          <q-item tag="label" class="rounded-borders">
+            <q-item-section avatar>
+              <q-checkbox
+                v-model="simpleformDialog.data.enabled"
+                color="primary"
+              ></q-checkbox>
+            </q-item-section>
+            <q-item-section>
+              <q-item-label>Enable / Disable </q-item-label>
+              <q-item-label caption
+                >You can enable or disable these vouchers</q-item-label
+              >
+            </q-item-section>
+          </q-item>
           <q-item tag="label" class="rounded-borders">
             <q-item-section avatar>
               <q-checkbox

transport_rpcs.py

@@ -0,0 +1,225 @@
+"""
+Nostr-transport RPC handlers for the withdraw (LNURL-withdraw) extension.
+
+Names mirror the Lightning.Pub `withdraw.*` contract that the lamassu-next
+ATM consumes (see ~/dev/shocknet/lamassu-next/packages/lightning/src/client.ts
+lines ~301–351). That keeps the lamassu-next-side adapter a pure name
+translation — no semantic reshaping.
+
+Auth model (set in `__init__.py:withdraw_start`):
+- create / get / update / delete  → AUTH_WALLET; the calling pubkey must
+  own the wallet the link is scoped to. *_get / *_update / *_delete also
+  verify the link's stored `wallet` matches the caller's wallet id.
+
+`resolve_withdraw_owner` is registered with the core subscription module
+under tag `"withdraw"` and extras-key `"withdrawal_link_id"` (matching
+where the extension stamps the link id on settlement — see
+`views_lnurl.py:144`). That lets `subscribe_payments({tag:"withdraw",
+link_id:...})` enforce ownership without core importing this module.
+"""
+
+from __future__ import annotations
+
+from lnbits.core.crud.wallets import get_wallets
+from lnbits.core.models import Account
+from lnbits.core.models.wallets import WalletTypeInfo
+from lnbits.core.services.nostr_transport.models import NostrRpcRequest
+from shortuuid import uuid
+
+from .crud import (
+    create_withdraw_link,
+    delete_withdraw_link,
+    get_withdraw_link,
+    get_withdraw_links,
+    update_withdraw_link,
+)
+from .helpers import create_lnurl_from_baseurl
+from .models import CreateWithdrawData, WithdrawLink
+
+
+async def handle_lnurlw_create_link(
+    auth: WalletTypeInfo, request: NostrRpcRequest
+) -> dict:
+    body = request.body or {}
+    data = CreateWithdrawData(**body)
+    link = await create_withdraw_link(data, auth.wallet.id)
+    return _to_dict(_populate_lnurl(link))
+
+
+async def handle_lnurlw_get_link(
+    auth: WalletTypeInfo, request: NostrRpcRequest
+) -> dict:
+    link_id = _require_id(request)
+    link = await _require_owned_link(link_id, auth.wallet.id)
+    return _to_dict(_populate_lnurl(link))
+
+
+async def handle_lnurlw_update_link(
+    auth: WalletTypeInfo, request: NostrRpcRequest
+) -> dict:
+    link_id = _require_id(request)
+    link = await _require_owned_link(link_id, auth.wallet.id)
+    body = request.body or {}
+    _MUTABLE = {
+        "title",
+        "min_withdrawable",
+        "max_withdrawable",
+        "uses",
+        "wait_time",
+        "is_unique",
+        "webhook_url",
+        "webhook_headers",
+        "webhook_body",
+        "custom_url",
+        "enabled",
+    }
+    for k, v in body.items():
+        if k in _MUTABLE:
+            setattr(link, k, v)
+    updated = await update_withdraw_link(link)
+    return _to_dict(_populate_lnurl(updated))
+
+
+async def handle_lnurlw_delete_link(
+    auth: WalletTypeInfo, request: NostrRpcRequest
+) -> dict:
+    link_id = _require_id(request)
+    await _require_owned_link(link_id, auth.wallet.id)
+    await delete_withdraw_link(link_id)
+    return {"ok": True}
+
+
+async def handle_lnurlw_list_links(auth: Account, request: NostrRpcRequest) -> dict:
+    """List withdraw links across all wallets owned by the calling account.
+    Useful for ATMs to re-discover their links after a reconnect.
+
+    Body fields:
+      - limit: int (0 means no limit; default 0)
+      - offset: int (default 0)
+    If `request.wallet_id` is set and is one of the caller's wallets,
+    narrow to just that wallet.
+    """
+    body = request.body or {}
+    limit = int(body.get("limit") or 0)
+    offset = int(body.get("offset") or 0)
+
+    wallets = await get_wallets(auth.id)
+    wallet_ids = [w.id for w in wallets]
+    if not wallet_ids:
+        return {"data": [], "total": 0}
+    if request.wallet_id and request.wallet_id in wallet_ids:
+        wallet_ids = [request.wallet_id]
+
+    page = await get_withdraw_links(wallet_ids, limit, offset)
+    return {
+        "data": [_to_dict(_populate_lnurl(link)) for link in page.data],
+        "total": page.total,
+    }
+
+
+async def handle_lnurlw_unique_hashes(
+    auth: WalletTypeInfo, request: NostrRpcRequest
+) -> dict:
+    """
+    For a `is_unique=True` link, return the per-use `id_unique_hash`
+    values that the ATM uses to generate distinct QR codes — one per
+    unredeemed slot. Mirrors the formula in `helpers.py:create_lnurl`
+    exactly so an ATM never has to re-implement the derivation:
+
+        id_unique_hash = shortuuid.uuid(name=link.id + link.unique_hash + index)
+
+    `link.usescsv` is the canonical list of *unredeemed* slot indexes;
+    after a customer claims a slot it gets removed there (see
+    `crud.remove_unique_withdraw_link`). The hashes returned here are
+    therefore exactly the ones still claimable.
+
+    Response:
+      {
+        "link_id": str,
+        "unique_hash": str,            # base hash
+        "is_unique": bool,
+        "unredeemed_hashes": [         # one entry per remaining slot
+          {"index": str, "id_unique_hash": str}, ...
+        ]
+      }
+
+    For `is_unique=False` links the list is empty and `unique_hash`
+    alone identifies the callback path
+    (`/withdraw/api/v1/lnurl/<unique_hash>`). For `is_unique=True`
+    each callback path is
+    `/withdraw/api/v1/lnurl/<unique_hash>/<id_unique_hash>`.
+    """
+    link_id = _require_id(request)
+    link = await _require_owned_link(link_id, auth.wallet.id)
+
+    unredeemed = []
+    if link.is_unique:
+        # usescsv is comma-separated; split and skip empties (after the
+        # last slot is consumed it becomes the empty string).
+        for index_str in [s for s in link.usescsv.split(",") if s.strip()]:
+            tohash = link.id + link.unique_hash + index_str
+            unredeemed.append(
+                {
+                    "index": index_str.strip(),
+                    "id_unique_hash": uuid(name=tohash),
+                }
+            )
+
+    return {
+        "link_id": link.id,
+        "unique_hash": link.unique_hash,
+        "is_unique": link.is_unique,
+        "unredeemed_hashes": unredeemed,
+    }
+
+
+async def resolve_withdraw_owner(link_id: str) -> str | None:
+    """For the core subscription module: link_id -> wallet_id (or None)."""
+    link = await get_withdraw_link(link_id)
+    return link.wallet if link else None
+
+
+# ---------------------------------------------------------------------------
+# helpers
+# ---------------------------------------------------------------------------
+
+
+def _require_id(request: NostrRpcRequest) -> str:
+    body = request.body or {}
+    link_id = body.get("id")
+    if not link_id:
+        raise ValueError("withdraw: body.id is required")
+    return str(link_id)
+
+
+async def _require_owned_link(link_id: str, wallet_id: str):
+    link = await get_withdraw_link(link_id)
+    if link is None:
+        raise ValueError(f"withdraw: link not found: {link_id}")
+    if link.wallet != wallet_id:
+        raise PermissionError("withdraw: link does not belong to caller's wallet")
+    return link
+
+
+def _populate_lnurl(link: WithdrawLink) -> WithdrawLink:
+    """
+    Compose `lnurl` / `lnurl_url` from `settings.lnbits_baseurl` so
+    nostr-transport responses match the HTTP `views_api` shape, where
+    these fields are populated from `request.url_for(...)`. Without
+    this, consumers (ATMs, etc.) would have to re-derive the callback
+    URL themselves from a separately-provisioned LNbits HTTPS URL —
+    duplicating state LNbits already knows. See aiolabs/withdraw#1.
+    """
+    try:
+        encoded = create_lnurl_from_baseurl(link)
+        link.lnurl = str(encoded.bech32)
+        link.lnurl_url = str(encoded.url)
+    except ValueError:
+        pass
+    return link
+
+
+def _to_dict(link) -> dict:
+    import json
+
+    return json.loads(link.json())

views.py

@@ -33,12 +33,21 @@ async def display(request: Request, link_id):
             status_code=HTTPStatus.NOT_FOUND, detail="Withdraw link does not exist."
         )
 
+    try:
+        lnurl = create_lnurl(link, request)
+    except ValueError as exc:
+        raise HTTPException(
+            status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
+            detail=str(exc),
+        ) from exc
+
     return withdraw_renderer().TemplateResponse(
         "withdraw/display.html",
         {
             "request": request,
             "spent": link.is_spent,
-            "unique_hash": link.unique_hash,
+            "lnurl_url": str(lnurl.url),
+            "enabled": link.enabled,
         },
     )
 
@@ -52,7 +61,6 @@ async def print_qr(request: Request, link_id):
         )
 
     if link.uses == 0:
-
         return withdraw_renderer().TemplateResponse(
             "withdraw/print_qr.html",
             {"request": request, "link": link.json(), "unique": False},

views_api.py

@@ -1,7 +1,7 @@
 import json
 from http import HTTPStatus
 
-from fastapi import APIRouter, Depends, HTTPException, Query
+from fastapi import APIRouter, Depends, HTTPException, Query, Request
 from lnbits.core.crud import get_user
 from lnbits.core.models import SimpleStatus, WalletTypeInfo
 from lnbits.decorators import require_admin_key, require_invoice_key
@@ -14,6 +14,7 @@ from .crud import (
     get_withdraw_links,
     update_withdraw_link,
 )
+from .helpers import create_lnurl
 from .models import CreateWithdrawData, HashCheck, PaginatedWithdraws, WithdrawLink
 
 withdraw_ext_api = APIRouter(prefix="/api/v1")
@@ -21,6 +22,7 @@ withdraw_ext_api = APIRouter(prefix="/api/v1")
 
 @withdraw_ext_api.get("/links", status_code=HTTPStatus.OK)
 async def api_links(
+    request: Request,
     key_info: WalletTypeInfo = Depends(require_invoice_key),
     all_wallets: bool = Query(False),
     offset: int = Query(0),
@@ -32,12 +34,27 @@ async def api_links(
         user = await get_user(key_info.wallet.user)
         wallet_ids = user.wallet_ids if user else []
 
-    return await get_withdraw_links(wallet_ids, limit, offset)
+    links = await get_withdraw_links(wallet_ids, limit, offset)
+
+    for linkk in links.data:
+        try:
+            lnurl = create_lnurl(linkk, request)
+        except ValueError as exc:
+            raise HTTPException(
+                status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
+                detail=str(exc),
+            ) from exc
+        linkk.lnurl = str(lnurl.bech32)
+        linkk.lnurl_url = str(lnurl.url)
+
+    return links
 
 
 @withdraw_ext_api.get("/links/{link_id}", status_code=HTTPStatus.OK)
 async def api_link_retrieve(
-    link_id: str, key_info: WalletTypeInfo = Depends(require_invoice_key)
+    request: Request,
+    link_id: str,
+    key_info: WalletTypeInfo = Depends(require_invoice_key),
 ) -> WithdrawLink:
     link = await get_withdraw_link(link_id, 0)
 
@@ -50,12 +67,23 @@ async def api_link_retrieve(
         raise HTTPException(
             detail="Not your withdraw link.", status_code=HTTPStatus.FORBIDDEN
         )
+
+    try:
+        lnurl = create_lnurl(link, request)
+    except ValueError as exc:
+        raise HTTPException(
+            status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
+            detail=str(exc),
+        ) from exc
+    link.lnurl = str(lnurl.bech32)
+    link.lnurl_url = str(lnurl.url)
     return link
 
 
 @withdraw_ext_api.post("/links", status_code=HTTPStatus.CREATED)
 @withdraw_ext_api.put("/links/{link_id}")
 async def api_link_create_or_update(
+    request: Request,
     data: CreateWithdrawData,
     link_id: str | None = None,
     key_info: WalletTypeInfo = Depends(require_admin_key),
@@ -131,6 +159,16 @@ async def api_link_create_or_update(
         link = await update_withdraw_link(link)
     else:
         link = await create_withdraw_link(wallet_id=key_info.wallet.id, data=data)
+    try:
+        lnurl = create_lnurl(link, request)
+    except ValueError as exc:
+        raise HTTPException(
+            status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
+            detail=str(exc),
+        ) from exc
+
+    link.lnurl = str(lnurl.bech32)
+    link.lnurl_url = str(lnurl.url)
 
     return link
 

views_lnurl.py

@@ -3,6 +3,7 @@ from datetime import datetime
 
 import httpx
 import shortuuid
+from bolt11 import decode as decode_bolt11
 from fastapi import APIRouter, Request
 from fastapi.responses import JSONResponse
 from lnbits.core.crud import update_payment
@@ -43,6 +44,9 @@ async def api_lnurl_response(
     if not link:
         return LnurlErrorResponse(reason="Withdraw link does not exist.")
 
+    if not link.enabled:
+        return LnurlErrorResponse(reason="Withdraw link is disabled.")
+
     if link.is_spent:
         return LnurlErrorResponse(reason="Withdraw is spent.")
 
@@ -86,11 +90,23 @@ async def api_lnurl_callback(
     pr: str,
     id_unique_hash: str | None = None,
 ) -> LnurlErrorResponse | LnurlSuccessResponse:
-
     link = await get_withdraw_link_by_hash(unique_hash)
     if not link:
         return LnurlErrorResponse(reason="withdraw link not found.")
 
+    if not link.enabled:
+        return LnurlErrorResponse(reason="Withdraw link is disabled.")
+
+    bolt11 = decode_bolt11(pr)
+    if not bolt11.amount_msat:
+        return LnurlErrorResponse(reason="0 amount invoices are not supported.")
+
+    if (
+        link.min_withdrawable * 1000 > bolt11.amount_msat
+        or bolt11.amount_msat > link.max_withdrawable * 1000
+    ):
+        return LnurlErrorResponse(reason="Amount not within limits.")
+
     if link.is_spent:
         return LnurlErrorResponse(reason="withdraw is spent.")
 
@@ -99,9 +115,9 @@ async def api_lnurl_callback(
 
     now = int(datetime.now().timestamp())
 
-    if now < link.open_time:
+    if now < link.open_time + link.wait_time:
         return LnurlErrorResponse(
-            reason=f"wait link open_time {link.open_time - now} seconds."
+            reason=f"Wait {link.open_time + link.wait_time - now} seconds."
         )
 
     if not id_unique_hash and link.is_unique:
@@ -125,7 +141,16 @@ async def api_lnurl_callback(
             wallet_id=link.wallet,
             payment_request=pr,
             max_sat=link.max_withdrawable,
-            extra={"tag": "withdraw", "withdrawal_link_id": link.id},
+            # Merge the link's caller-supplied `extra` onto the payout so an
+            # external listener can key on it (e.g. bitSpire cash-in
+            # settlements via spirekeeper). The withdraw extension's own
+            # `tag`/`withdrawal_link_id` are written last so a caller cannot
+            # clobber them.
+            extra={
+                **(link.extra or {}),
+                "tag": "withdraw",
+                "withdrawal_link_id": link.id,
+            },
         )
         await increment_withdraw_link(link)
         # If the payment succeeds, delete the record with the unique_hash.
@@ -194,6 +219,9 @@ async def api_lnurl_multi_response(
     if not link:
         return LnurlErrorResponse(reason="Withdraw link does not exist.")
 
+    if not link.enabled:
+        return LnurlErrorResponse(reason="Withdraw link is disabled.")
+
     if link.is_spent:
         return LnurlErrorResponse(reason="Withdraw is spent.")