Revert "Revert "API key check: assert that wallet exists (#961)" (#962)" (#963)

This reverts commit 57fffa0c7f.
2022-09-12 18:49:57 +03:00 · 2022-09-12 18:49:57 +03:00 · 1660b9dcf1
commit 1660b9dcf1
parent 57fffa0c7f
2 changed files with 27 additions and 41 deletions
--- a/lnbits/core/views/api.py
+++ b/lnbits/core/views/api.py
@ -402,10 +402,6 @@ async def subscribe(request: Request, wallet: Wallet):
 async def api_payments_sse(
    request: Request, wallet: WalletTypeInfo = Depends(get_key_type)
 ):
-    if wallet is None or wallet.wallet is None:
-        raise HTTPException(
-            status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist."
-        )
    return EventSourceResponse(
        subscribe(request, wallet.wallet), ping=20, media_type="text/event-stream"
    )
--- a/lnbits/decorators.py
+++ b/lnbits/decorators.py
@ -138,44 +138,34 @@ async def get_key_type(
            detail="Invoice (or Admin) key required.",
        )

-    try:
-        admin_checker = WalletAdminKeyChecker(api_key=token)
-        await admin_checker.__call__(r)
-        wallet = WalletTypeInfo(0, admin_checker.wallet)  # type: ignore
-        if (LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS) and (
-            LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS
-        ):
-            raise HTTPException(
-                status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized."
-            )
-        return wallet
-    except HTTPException as e:
-        if e.status_code == HTTPStatus.BAD_REQUEST:
+    for typenr, WalletChecker in zip(
+        [0, 1], [WalletAdminKeyChecker, WalletInvoiceKeyChecker]
+    ):
+        try:
+            checker = WalletChecker(api_key=token)
+            await checker.__call__(r)
+            wallet = WalletTypeInfo(typenr, checker.wallet)  # type: ignore
+            if wallet is None or wallet.wallet is None:
+                raise HTTPException(
+                    status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist."
+                )
+            if (
+                LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS
+            ) and (LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS):
+                raise HTTPException(
+                    status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized."
+                )
+            return wallet
+        except HTTPException as e:
+            if e.status_code == HTTPStatus.BAD_REQUEST:
+                raise
+            if e.status_code == HTTPStatus.UNAUTHORIZED:
+                pass
+        except:
            raise
-        if e.status_code == HTTPStatus.UNAUTHORIZED:
-            pass
-    except:
-        raise
-
-    try:
-        invoice_checker = WalletInvoiceKeyChecker(api_key=token)
-        await invoice_checker.__call__(r)
-        wallet = WalletTypeInfo(1, invoice_checker.wallet)  # type: ignore
-        if (LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS) and (
-            LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS
-        ):
-            raise HTTPException(
-                status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized."
-            )
-        return wallet
-    except HTTPException as e:
-        if e.status_code == HTTPStatus.BAD_REQUEST:
-            raise
-        if e.status_code == HTTPStatus.UNAUTHORIZED:
-            return WalletTypeInfo(2, None)  # type: ignore
-    except:
-        raise
-    return wallet
+    raise HTTPException(
+        status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist."
+    )


 async def require_admin_key(