mirrors/lnbits-legend
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits-legend.git synced 2024-11-19 18:11:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix require admin key endpoints

Browse Source
This commit is contained in:
Tiago vasconcelos 2021-10-20 12:03:11 +01:00
parent 39eb9d0d70
commit a840970366
14 changed files with 99 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lnbits/extensions/copilot/views_api.py
View File

@ -5,7 +5,7 @@ from fastapi.param_functions import Query
from fastapi.params import Depends
from starlette.exceptions import HTTPException
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key
from . import copilot_ext
from .crud import (
@ -54,7 +54,7 @@ async def api_copilot_retrieve(
async def api_copilot_create_or_update(
data: CreateCopilotData,
copilot_id: str = Query(None),
wallet: WalletTypeInfo = Depends(get_key_type),
wallet: WalletTypeInfo = Depends(require_admin_key),
):
data.user = wallet.wallet.user
data.wallet = wallet.wallet.id
@ -67,7 +67,7 @@ async def api_copilot_create_or_update(
@copilot_ext.delete("/api/v1/copilot/{copilot_id}")
async def api_copilot_delete(
copilot_id: str = Query(None), wallet: WalletTypeInfo = Depends(get_key_type)
copilot_id: str = Query(None), wallet: WalletTypeInfo = Depends(require_admin_key)
):
copilot = await get_copilot(copilot_id)

1
lnbits/extensions/events/__init__.py
View File

@ -16,4 +16,3 @@ def events_renderer():
from .views import * # noqa
from .views_api import * # noqa

12
lnbits/extensions/jukebox/views_api.py
View File

@ -7,11 +7,11 @@ from fastapi import Request
from fastapi.param_functions import Query
from fastapi.params import Depends
from starlette.exceptions import HTTPException
from starlette.responses import HTMLResponse, JSONResponse # type: ignore
from starlette.responses import HTMLResponse # type: ignore
from lnbits.core.crud import get_wallet
from lnbits.core.services import check_invoice_status, create_invoice
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key
from . import jukebox_ext
from .crud import (
@ -30,7 +30,7 @@ from .models import CreateJukeboxPayment, CreateJukeLinkData
@jukebox_ext.get("/api/v1/jukebox")
async def api_get_jukeboxs(
req: Request,
wallet: WalletTypeInfo = Depends(get_key_type),
wallet: WalletTypeInfo = Depends(require_admin_key),
all_wallets: bool = Query(False),
):
wallet_user = wallet.wallet.user
@ -72,7 +72,7 @@ async def api_check_credentials_callbac(
@jukebox_ext.get("/api/v1/jukebox/{juke_id}")
async def api_check_credentials_check(
juke_id: str = Query(None), wallet: WalletTypeInfo = Depends(get_key_type)
juke_id: str = Query(None), wallet: WalletTypeInfo = Depends(require_admin_key)
):
print(juke_id)
jukebox = await get_jukebox(juke_id)
@ -85,7 +85,7 @@ async def api_check_credentials_check(
async def api_create_update_jukebox(
data: CreateJukeLinkData,
juke_id: str = Query(None),
wallet: WalletTypeInfo = Depends(get_key_type),
wallet: WalletTypeInfo = Depends(require_admin_key),
):
if juke_id:
jukebox = await update_jukebox(data, juke_id=juke_id)
@ -95,7 +95,7 @@ async def api_create_update_jukebox(
@jukebox_ext.delete("/api/v1/jukebox/{juke_id}")
async def api_delete_item(juke_id=None, wallet: WalletTypeInfo = Depends(get_key_type)):
async def api_delete_item(juke_id=None, wallet: WalletTypeInfo = Depends(require_admin_key)):
await delete_jukebox(juke_id)
try:
return [{**jukebox} for jukebox in await get_jukeboxs(wallet.wallet.user)]

9
lnbits/extensions/lnurlp/__init__.py
View File

@ -1,8 +1,7 @@
import asyncio
from fastapi import APIRouter, FastAPI
from fastapi import APIRouter
from fastapi.staticfiles import StaticFiles
from starlette.routing import Mount
from lnbits.db import Database
from lnbits.helpers import template_renderer
@ -29,10 +28,10 @@ def lnurlp_renderer():
return template_renderer(["lnbits/extensions/lnurlp/templates"])
from .views_api import * # noqa
from .views import * # noqa
from .tasks import wait_for_paid_invoices
from .lnurl import * # noqa
from .tasks import wait_for_paid_invoices
from .views import * # noqa
from .views_api import * # noqa
def lnurlp_start():

13
lnbits/extensions/lnurlp/lnurl.py
View File

@ -1,13 +1,14 @@
import hashlib
import math
from http import HTTPStatus
from fastapi import FastAPI, Request
from starlette.exceptions import HTTPException
from lnurl import (
LnurlPayResponse,
LnurlPayActionResponse,
from fastapi import Request
from lnurl import ( # type: ignore
LnurlErrorResponse,
) # type: ignore
LnurlPayActionResponse,
LnurlPayResponse,
)
from starlette.exceptions import HTTPException
from lnbits.core.services import create_invoice
from lnbits.utils.exchange_rates import get_fiat_rate_satoshis

18
lnbits/extensions/lnurlp/views.py
View File

@ -1,23 +1,21 @@
from http import HTTPStatus
from fastapi import Request
from fastapi.params import Depends
from fastapi.templating import Jinja2Templates
from starlette.exceptions import HTTPException
from starlette.responses import HTMLResponse
from lnbits.core.models import User
from lnbits.decorators import check_user_exists
from . import lnurlp_ext, lnurlp_renderer
from .crud import get_pay_link
from fastapi import FastAPI, Request
from fastapi.params import Depends
from fastapi.templating import Jinja2Templates
from starlette.exceptions import HTTPException
from starlette.responses import HTMLResponse
from lnbits.core.models import User
templates = Jinja2Templates(directory="templates")
@lnurlp_ext.get("/", response_class=HTMLResponse)
# @validate_uuids(["usr"], required=True)
# @check_user_exists()
async def index(request: Request, user: User = Depends(check_user_exists)):
return lnurlp_renderer().TemplateResponse(
"lnurlp/index.html", {"request": request, "user": user.dict()}
@ -31,7 +29,6 @@ async def display(request: Request, link_id):
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Pay link does not exist."
)
# abort(HTTPStatus.NOT_FOUND, "Pay link does not exist.")
ctx = {"request": request, "lnurl": link.lnurl(req=request)}
return lnurlp_renderer().TemplateResponse("lnurlp/display.html", ctx)
@ -43,6 +40,5 @@ async def print_qr(request: Request, link_id):
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Pay link does not exist."
)
# abort(HTTPStatus.NOT_FOUND, "Pay link does not exist.")
ctx = {"request": request, "lnurl": link.lnurl(req=request)}
return lnurlp_renderer().TemplateResponse("lnurlp/print_qr.html", ctx)

15
lnbits/extensions/lnurlp/views_api.py
View File

@ -1,27 +1,24 @@
from typing import Optional
from fastapi.params import Depends
from fastapi.param_functions import Query
from pydantic.main import BaseModel
from http import HTTPStatus
from fastapi import Request
from fastapi.param_functions import Query
from fastapi.params import Depends
from lnurl.exceptions import InvalidUrl as LnurlInvalidUrl # type: ignore
from starlette.exceptions import HTTPException
from fastapi import Request
from starlette.responses import HTMLResponse, JSONResponse # type: ignore
from lnbits.core.crud import get_user
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.utils.exchange_rates import currencies, get_fiat_rate_satoshis
from .models import CreatePayLinkData
from . import lnurlp_ext
from .crud import (
create_pay_link,
delete_pay_link,
get_pay_link,
get_pay_links,
update_pay_link,
delete_pay_link,
)
from .models import CreatePayLinkData
@lnurlp_ext.get("/api/v1/currencies")

31
lnbits/extensions/lnurlpos/views_api.py
View File

@ -1,26 +1,23 @@
import hashlib
from fastapi import FastAPI, Request
from fastapi.params import Depends
from http import HTTPStatus
from fastapi.templating import Jinja2Templates
from starlette.exceptions import HTTPException
from starlette.responses import HTMLResponse
from fastapi.params import Depends
from fastapi.param_functions import Query
from lnbits.decorators import check_user_exists, WalletTypeInfo, get_key_type
from lnbits.core.crud import get_user
from lnbits.core.models import User, Payment
from . import lnurlpos_ext
from fastapi import Request
from fastapi.param_functions import Query
from fastapi.params import Depends
from starlette.exceptions import HTTPException
from lnbits.core.crud import get_user
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key
from lnbits.extensions.lnurlpos import lnurlpos_ext
from lnbits.utils.exchange_rates import currencies
from . import lnurlpos_ext
from .crud import (
create_lnurlpos,
update_lnurlpos,
delete_lnurlpos,
get_lnurlpos,
get_lnurlposs,
delete_lnurlpos,
update_lnurlpos,
)
from lnbits.utils.exchange_rates import currencies
from .models import createLnurlpos
@ -37,7 +34,7 @@ async def api_list_currencies_available():
async def api_lnurlpos_create_or_update(
request: Request,
data: createLnurlpos,
wallet: WalletTypeInfo = Depends(get_key_type),
wallet: WalletTypeInfo = Depends(require_admin_key),
lnurlpos_id: str = Query(None),
):
if not lnurlpos_id:
@ -79,7 +76,7 @@ async def api_lnurlpos_retrieve(
@lnurlpos_ext.delete("/api/v1/lnurlpos/{lnurlpos_id}")
async def api_lnurlpos_delete(
request: Request,
wallet: WalletTypeInfo = Depends(get_key_type),
wallet: WalletTypeInfo = Depends(require_admin_key),
lnurlpos_id: str = Query(None),
):
lnurlpos = await get_lnurlpos(lnurlpos_id)

19
lnbits/extensions/offlineshop/views_api.py
View File

@ -1,27 +1,26 @@
import json
from typing import List, Optional
from fastapi.params import Depends
from pydantic.main import BaseModel
from http import HTTPStatus
from typing import Optional
from fastapi.params import Depends
from lnurl.exceptions import InvalidUrl as LnurlInvalidUrl
from pydantic.main import BaseModel
from starlette.exceptions import HTTPException
from starlette.requests import Request
from starlette.responses import HTMLResponse, JSONResponse # type: ignore
from starlette.responses import HTMLResponse # type: ignore
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.utils.exchange_rates import currencies
from lnbits.requestvars import g
from lnbits.utils.exchange_rates import currencies
from . import offlineshop_ext
from .crud import (
add_item,
delete_item_from_shop,
get_items,
get_or_create_shop_by_wallet,
set_method,
add_item,
update_item,
get_items,
delete_item_from_shop,
)
from .models import ShopCounter

15
lnbits/extensions/satsdice/views_api.py
View File

@ -7,7 +7,7 @@ from lnurl.exceptions import InvalidUrl as LnurlInvalidUrl # type: ignore
from starlette.exceptions import HTTPException
from lnbits.core.crud import get_user
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key
from . import satsdice_ext
from .crud import (
@ -134,15 +134,10 @@ async def api_withdraws(
if all_wallets:
wallet_ids = (await get_user(wallet.wallet.user)).wallet_ids
try:
return (
jsonify(
[
{**withdraw._asdict(), **{"lnurl": withdraw.lnurl}}
return [
{**withdraw.dict(), **{"lnurl": withdraw.lnurl}}
for withdraw in await get_satsdice_withdraws(wallet_ids)
]
),
HTTPStatus.OK,
)
except LnurlInvalidUrl:
raise HTTPException(
status_code=HTTPStatus.UPGRADE_REQUIRED,
@ -173,7 +168,7 @@ async def api_withdraw_retrieve(
@satsdice_ext.put("/api/v1/withdraws/{withdraw_id}", status_code=HTTPStatus.OK)
async def api_withdraw_create_or_update(
data: CreateSatsDiceWithdraws,
wallet: WalletTypeInfo = Depends(get_key_type),
wallet: WalletTypeInfo = Depends(require_admin_key),
withdraw_id: str = Query(None),
):
if data.max_satsdiceable < data.min_satsdiceable:
@ -216,7 +211,7 @@ async def api_withdraw_create_or_update(
@satsdice_ext.delete("/api/v1/withdraws/{withdraw_id}")
async def api_withdraw_delete(
data: CreateSatsDiceWithdraws,
wallet: WalletTypeInfo = Depends(get_key_type),
wallet: WalletTypeInfo = Depends(require_admin_key),
withdraw_id: str = Query(None),
):
withdraw = await get_satsdice_withdraw(withdraw_id)

23
lnbits/extensions/satspay/views_api.py
View File

@ -1,29 +1,22 @@
import hashlib
from http import HTTPStatus
import httpx
import httpx
from fastapi import Query
from fastapi.params import Depends
from starlette.exceptions import HTTPException
from starlette.requests import Request
from starlette.responses import HTMLResponse, JSONResponse # type: ignore
from lnbits.core.crud import get_user
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key
from lnbits.extensions.satspay import satspay_ext
from .models import CreateCharge
from .crud import (
check_address_balance,
create_charge,
update_charge,
delete_charge,
get_charge,
get_charges,
delete_charge,
check_address_balance,
update_charge,
)
from .models import CreateCharge
#############################CHARGES##########################
@ -31,7 +24,7 @@ from .crud import (
@satspay_ext.post("/api/v1/charge")
@satspay_ext.put("/api/v1/charge/{charge_id}")
async def api_charge_create_or_update(
data: CreateCharge, wallet: WalletTypeInfo = Depends(get_key_type), charge_id=None
data: CreateCharge, wallet: WalletTypeInfo = Depends(require_admin_key), charge_id=None
):
if not charge_id:
charge = await create_charge(user=wallet.wallet.user, data=data)

4
lnbits/extensions/tpos/views_api.py
View File

@ -6,7 +6,7 @@ from starlette.exceptions import HTTPException
from lnbits.core.crud import get_user, get_wallet
from lnbits.core.services import check_invoice_status, create_invoice
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key
from . import tpos_ext
from .crud import create_tpos, delete_tpos, get_tpos, get_tposs
@ -33,7 +33,7 @@ async def api_tpos_create(
@tpos_ext.delete("/api/v1/tposs/{tpos_id}")
async def api_tpos_delete(tpos_id: str, wallet: WalletTypeInfo = Depends(get_key_type)):
async def api_tpos_delete(tpos_id: str, wallet: WalletTypeInfo = Depends(require_admin_key)):
tpos = await get_tpos(tpos_id)
if not tpos:

25
lnbits/extensions/watchonly/views_api.py
View File

@ -4,13 +4,20 @@ from fastapi import Query
from fastapi.params import Depends
from starlette.exceptions import HTTPException
from lnbits.core.crud import get_user
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key
from lnbits.extensions.watchonly import watchonly_ext
from .crud import (create_mempool, create_watch_wallet, delete_watch_wallet,
get_addresses, get_fresh_address, get_mempool,
get_watch_wallet, get_watch_wallets, update_mempool)
from .crud import (
create_mempool,
create_watch_wallet,
delete_watch_wallet,
get_addresses,
get_fresh_address,
get_mempool,
get_watch_wallet,
get_watch_wallets,
update_mempool,
)
from .models import CreateWallet
###################WALLETS#############################
@ -41,7 +48,7 @@ async def api_wallet_retrieve(
@watchonly_ext.post("/api/v1/wallet")
async def api_wallet_create_or_update(
data: CreateWallet, wallet_id=None, w: WalletTypeInfo = Depends(get_key_type)
data: CreateWallet, wallet_id=None, w: WalletTypeInfo = Depends(require_admin_key)
):
try:
wallet = await create_watch_wallet(
@ -57,7 +64,7 @@ async def api_wallet_create_or_update(
@watchonly_ext.delete("/api/v1/wallet/{wallet_id}")
async def api_wallet_delete(wallet_id, w: WalletTypeInfo = Depends(get_key_type)):
async def api_wallet_delete(wallet_id, w: WalletTypeInfo = Depends(require_admin_key)):
wallet = await get_watch_wallet(wallet_id)
if not wallet:
@ -105,14 +112,14 @@ async def api_get_addresses(wallet_id, w: WalletTypeInfo = Depends(get_key_type)
@watchonly_ext.put("/api/v1/mempool")
async def api_update_mempool(
endpoint: str = Query(...), w: WalletTypeInfo = Depends(get_key_type)
endpoint: str = Query(...), w: WalletTypeInfo = Depends(require_admin_key)
):
mempool = await update_mempool(endpoint, user=w.wallet.user)
return mempool.dict()
@watchonly_ext.get("/api/v1/mempool")
async def api_get_mempool(w: WalletTypeInfo = Depends(get_key_type)):
async def api_get_mempool(w: WalletTypeInfo = Depends(require_admin_key)):
mempool = await get_mempool(w.wallet.user)
if not mempool:
mempool = await create_mempool(user=w.wallet.user)

57
lnbits/extensions/withdraw/views_api.py
View File

@ -7,20 +7,21 @@ from starlette.exceptions import HTTPException
from starlette.requests import Request
from lnbits.core.crud import get_user
from lnbits.decorators import WalletTypeInfo, get_key_type
from lnbits.decorators import WalletTypeInfo, get_key_type, require_admin_key
from . import withdraw_ext
from .crud import (create_withdraw_link,
delete_withdraw_link, get_hash_check, get_withdraw_link,
get_withdraw_links, update_withdraw_link)
from .crud import (
create_withdraw_link,
delete_withdraw_link,
get_hash_check,
get_withdraw_link,
get_withdraw_links,
update_withdraw_link,
)
from .models import CreateWithdrawData
# from fastapi import FastAPI, Query, Response
@withdraw_ext.get("/api/v1/links", status_code=HTTPStatus.OK)
# @api_check_wallet_key("invoice")
async def api_links(
req: Request,
wallet: WalletTypeInfo = Depends(get_key_type),
@ -42,58 +43,37 @@ async def api_links(
status_code=HTTPStatus.UPGRADE_REQUIRED,
detail="LNURLs need to be delivered over a publically accessible `https` domain or Tor.",
)
# response.status_code = HTTPStatus.UPGRADE_REQUIRED
# return { "message": "LNURLs need to be delivered over a publically accessible `https` domain or Tor." }
@withdraw_ext.get("/api/v1/links/{link_id}", status_code=HTTPStatus.OK)
# @api_check_wallet_key("invoice")
async def api_link_retrieve(link_id, wallet: WalletTypeInfo = Depends(get_key_type)):
async def api_link_retrieve(link_id, request: Request, wallet: WalletTypeInfo = Depends(get_key_type)):
link = await get_withdraw_link(link_id, 0)
if not link:
raise HTTPException(
detail="Withdraw link does not exist.", status_code=HTTPStatus.NOT_FOUND
)
# response.status_code = HTTPStatus.NOT_FOUND
# return {"message": "Withdraw link does not exist."}
if link.wallet != wallet.wallet.id:
raise HTTPException(
detail="Not your withdraw link.", status_code=HTTPStatus.FORBIDDEN
)
# response.status_code = HTTPStatus.FORBIDDEN
# return {"message": "Not your withdraw link."}
return {**link, **{"lnurl": link.lnurl(request)}}
# class CreateData(BaseModel):
# title: str = Query(...)
# min_withdrawable: int = Query(..., ge=1)
# max_withdrawable: int = Query(..., ge=1)
# uses: int = Query(..., ge=1)
# wait_time: int = Query(..., ge=1)
# is_unique: bool
@withdraw_ext.post("/api/v1/links", status_code=HTTPStatus.CREATED)
@withdraw_ext.put("/api/v1/links/{link_id}", status_code=HTTPStatus.OK)
# @api_check_wallet_key("admin")
async def api_link_create_or_update(
req: Request,
data: CreateWithdrawData,
link_id: str = None,
wallet: WalletTypeInfo = Depends(get_key_type),
wallet: WalletTypeInfo = Depends(require_admin_key),
):
if data.max_withdrawable < data.min_withdrawable:
raise HTTPException(
detail="`max_withdrawable` needs to be at least `min_withdrawable`.",
status_code=HTTPStatus.BAD_REQUEST,
)
# response.status_code = HTTPStatus.BAD_REQUEST
# return {
# "message": "`max_withdrawable` needs to be at least `min_withdrawable`."
# }
usescsv = ""
for i in range(data.uses):
@ -109,50 +89,37 @@ async def api_link_create_or_update(
raise HTTPException(
detail="Withdraw link does not exist.", status_code=HTTPStatus.NOT_FOUND
)
# response.status_code = HTTPStatus.NOT_FOUND
# return {"message": "Withdraw link does not exist."}
if link.wallet != wallet.wallet.id:
raise HTTPException(
detail="Not your withdraw link.", status_code=HTTPStatus.FORBIDDEN
)
# response.status_code = HTTPStatus.FORBIDDEN
# return {"message": "Not your withdraw link."}
link = await update_withdraw_link(link_id, data=data, usescsv=usescsv, used=0)
else:
link = await create_withdraw_link(
wallet_id=wallet.wallet.id, data=data, usescsv=usescsv
)
# if link_id:
# response.status_code = HTTPStatus.OK
return {**link.dict(), **{"lnurl": link.lnurl(req)}}
@withdraw_ext.delete("/api/v1/links/{link_id}")
# @api_check_wallet_key("admin")
async def api_link_delete(link_id, wallet: WalletTypeInfo = Depends(get_key_type)):
async def api_link_delete(link_id, wallet: WalletTypeInfo = Depends(require_admin_key)):
link = await get_withdraw_link(link_id)
if not link:
raise HTTPException(
detail="Withdraw link does not exist.", status_code=HTTPStatus.NOT_FOUND
)
# response.status_code = HTTPStatus.NOT_FOUND
# return {"message": "Withdraw link does not exist."}
if link.wallet != wallet.wallet.id:
raise HTTPException(
detail="Not your withdraw link.", status_code=HTTPStatus.FORBIDDEN
)
# response.status_code = HTTPStatus.FORBIDDEN
# return {"message": "Not your withdraw link."}
await delete_withdraw_link(link_id)
raise HTTPException(status_code=HTTPStatus.NO_CONTENT)
# return ""
@withdraw_ext.get("/api/v1/links/{the_hash}/{lnurl_id}", status_code=HTTPStatus.OK)
# @api_check_wallet_key("invoice")
async def api_hash_retrieve(
the_hash, lnurl_id, wallet: WalletTypeInfo = Depends(get_key_type)
):