diff --git a/lnbits/extensions/boltcards/crud.py b/lnbits/extensions/boltcards/crud.py index c541346e..4fae31f9 100644 --- a/lnbits/extensions/boltcards/crud.py +++ b/lnbits/extensions/boltcards/crud.py @@ -171,6 +171,9 @@ async def get_hit(hit_id: str) -> Optional[Hit]: async def get_hits(cards_ids: Union[str, List[str]]) -> List[Hit]: + if len(cards_ids) == 0: + return [] + q = ",".join(["?"] * len(cards_ids)) rows = await db.fetchall( f"SELECT * FROM boltcards.hits WHERE card_id IN ({q})", (*cards_ids,) @@ -265,6 +268,9 @@ async def get_refund(refund_id: str) -> Optional[Refund]: async def get_refunds(hits_ids: Union[str, List[str]]) -> List[Refund]: + if len(hits_ids) == 0: + return [] + q = ",".join(["?"] * len(hits_ids)) rows = await db.fetchall( f"SELECT * FROM boltcards.refunds WHERE hit_id IN ({q})", (*hits_ids,) diff --git a/lnbits/extensions/boltcards/lnurl.py b/lnbits/extensions/boltcards/lnurl.py index 8128cb9e..43d64eee 100644 --- a/lnbits/extensions/boltcards/lnurl.py +++ b/lnbits/extensions/boltcards/lnurl.py @@ -99,15 +99,27 @@ async def lnurl_callback( pr: str = Query(None), k1: str = Query(None), ): + if not k1: + return {"status": "ERROR", "reason": "Missing K1 token"} + hit = await get_hit(k1) - card = await get_card(hit.card_id) + if not hit: - return {"status": "ERROR", "reason": f"LNURL-pay record not found."} - if hit.id != k1: - return {"status": "ERROR", "reason": "Bad K1"} + return { + "status": "ERROR", + "reason": "Record not found for this charge (bad k1)", + } if hit.spent: - return {"status": "ERROR", "reason": f"Payment already claimed"} - invoice = bolt11.decode(pr) + return {"status": "ERROR", "reason": "Payment already claimed"} + if not pr: + return {"status": "ERROR", "reason": "Missing payment request"} + + try: + invoice = bolt11.decode(pr) + except: + return {"status": "ERROR", "reason": "Failed to decode payment request"} + + card = await get_card(hit.card_id) hit = await spend_hit(id=hit.id, amount=int(invoice.amount_msat / 1000)) try: await pay_invoice(