From ae60b4517ce305d3ccede26c5e06f21ab1ef7056 Mon Sep 17 00:00:00 2001
From: Vlad Stan <stan.v.vlad@gmail.com>
Date: Thu, 23 May 2024 11:16:00 +0300
Subject: [PATCH] [fix] SQL error for `create webpush notification` (#2533)

* fix: replace all SQL `user = ?` with `"user"" = ?`
* fix: surround with try-catch
* fix: bad double quote
---
 lnbits/core/crud.py              |  6 ++--
 lnbits/core/migrations.py        |  3 +-
 lnbits/core/views/webpush_api.py | 50 +++++++++++++++++++++-----------
 3 files changed, 38 insertions(+), 21 deletions(-)

diff --git a/lnbits/core/crud.py b/lnbits/core/crud.py
index 92b40d4f8..6e3df6293 100644
--- a/lnbits/core/crud.py
+++ b/lnbits/core/crud.py
@@ -1263,7 +1263,7 @@ async def get_webpush_subscription(
     endpoint: str, user: str
 ) -> Optional[WebPushSubscription]:
     row = await db.fetchone(
-        "SELECT * FROM webpush_subscriptions WHERE endpoint = ? AND user = ?",
+        """SELECT * FROM webpush_subscriptions WHERE endpoint = ? AND "user" = ?""",
         (
             endpoint,
             user,
@@ -1276,7 +1276,7 @@ async def get_webpush_subscriptions_for_user(
     user: str,
 ) -> List[WebPushSubscription]:
     rows = await db.fetchall(
-        "SELECT * FROM webpush_subscriptions WHERE user = ?",
+        """SELECT * FROM webpush_subscriptions WHERE "user" = ?""",
         (user,),
     )
     return [WebPushSubscription(**dict(row)) for row in rows]
@@ -1304,7 +1304,7 @@ async def create_webpush_subscription(
 
 async def delete_webpush_subscription(endpoint: str, user: str) -> None:
     await db.execute(
-        "DELETE FROM webpush_subscriptions WHERE endpoint = ? AND user = ?",
+        """DELETE FROM webpush_subscriptions WHERE endpoint = ? AND "user" = ?""",
         (
             endpoint,
             user,
diff --git a/lnbits/core/migrations.py b/lnbits/core/migrations.py
index 6dde83f4a..f65f112c8 100644
--- a/lnbits/core/migrations.py
+++ b/lnbits/core/migrations.py
@@ -366,7 +366,8 @@ async def m014_set_deleted_wallets(db):
                 inkey = row[4].split(":")[1]
                 await db.execute(
                     """
-                    UPDATE wallets SET user = ?, adminkey = ?, inkey = ?, deleted = true
+                    UPDATE wallets SET
+                    "user" = ?, adminkey = ?, inkey = ?, deleted = true
                     WHERE id = ?
                     """,
                     (user, adminkey, inkey, row[0]),
diff --git a/lnbits/core/views/webpush_api.py b/lnbits/core/views/webpush_api.py
index 7c8f0d619..26e506fc9 100644
--- a/lnbits/core/views/webpush_api.py
+++ b/lnbits/core/views/webpush_api.py
@@ -6,8 +6,10 @@ from urllib.parse import unquote, urlparse
 from fastapi import (
     APIRouter,
     Depends,
+    HTTPException,
     Request,
 )
+from loguru import logger
 
 from lnbits.core.models import (
     CreateWebPushSubscription,
@@ -33,20 +35,27 @@ async def api_create_webpush_subscription(
     data: CreateWebPushSubscription,
     wallet: WalletTypeInfo = Depends(require_admin_key),
 ) -> WebPushSubscription:
-    subscription = json.loads(data.subscription)
-    endpoint = subscription["endpoint"]
-    host = urlparse(str(request.url)).netloc
+    try:
+        subscription = json.loads(data.subscription)
+        endpoint = subscription["endpoint"]
+        host = urlparse(str(request.url)).netloc
 
-    subscription = await get_webpush_subscription(endpoint, wallet.wallet.user)
-    if subscription:
-        return subscription
-    else:
-        return await create_webpush_subscription(
-            endpoint,
-            wallet.wallet.user,
-            data.subscription,
-            host,
-        )
+        subscription = await get_webpush_subscription(endpoint, wallet.wallet.user)
+        if subscription:
+            return subscription
+        else:
+            return await create_webpush_subscription(
+                endpoint,
+                wallet.wallet.user,
+                data.subscription,
+                host,
+            )
+    except Exception as exc:
+        logger.debug(exc)
+        raise HTTPException(
+            HTTPStatus.INTERNAL_SERVER_ERROR,
+            "Cannot create webpush notification",
+        ) from exc
 
 
 @webpush_router.delete("", status_code=HTTPStatus.OK)
@@ -54,7 +63,14 @@ async def api_delete_webpush_subscription(
     request: Request,
     wallet: WalletTypeInfo = Depends(require_admin_key),
 ):
-    endpoint = unquote(
-        base64.b64decode(str(request.query_params.get("endpoint"))).decode("utf-8")
-    )
-    await delete_webpush_subscription(endpoint, wallet.wallet.user)
+    try:
+        endpoint = unquote(
+            base64.b64decode(str(request.query_params.get("endpoint"))).decode("utf-8")
+        )
+        await delete_webpush_subscription(endpoint, wallet.wallet.user)
+    except Exception as exc:
+        logger.debug(exc)
+        raise HTTPException(
+            HTTPStatus.INTERNAL_SERVER_ERROR,
+            "Cannot delete webpush notification",
+        ) from exc