db commits at the right places when sending payments.

fixing vulnerabilities introduced in https://github.com/lnbits/lnbits/pull/90
2025-02-22 14:22:55 +01:00 · 2020-09-11 21:24:41 -03:00 · 2020-09-11 21:24:41 -03:00 · 5ac91ee2cf
commit 5ac91ee2cf
parent 4855e2cd3d
1 changed files with 4 additions and 0 deletions
--- a/lnbits/core/services.py
+++ b/lnbits/core/services.py
@ -44,6 +44,7 @@ def create_invoice(
        extra=extra,
    )

+    g.db.commit()
    return invoice.payment_hash, payment_request


@ -97,6 +98,8 @@ def pay_invoice(
    if wallet.balance_msat < 0:
        g.db.rollback()
        raise PermissionError("Insufficient balance.")
+    else:
+        g.db.commit()

    if internal:
        # mark the invoice from the other side as not pending anymore
@ -112,6 +115,7 @@ def pay_invoice(
        else:
            raise Exception(error_message or "Failed to pay_invoice on backend.")

+    g.db.commit()
    return invoice.payment_hash