heierbtc/lnbits
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "API key check: assert that wallet exists (#961)" (#962)

Browse Source 
This reverts commit 0930fca7ec.
This commit is contained in:
calle 2022-09-12 18:41:27 +03:00 committed by GitHub
parent 0930fca7ec
commit 57fffa0c7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lnbits/core/views/api.py
View File

@ -402,6 +402,10 @@ async def subscribe(request: Request, wallet: Wallet):
async def api_payments_sse( async def api_payments_sse(
request: Request, wallet: WalletTypeInfo = Depends(get_key_type) request: Request, wallet: WalletTypeInfo = Depends(get_key_type)
): ):
if wallet is None or wallet.wallet is None:
raise HTTPException(
status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist."
)
return EventSourceResponse( return EventSourceResponse(
subscribe(request, wallet.wallet), ping=20, media_type="text/event-stream" subscribe(request, wallet.wallet), ping=20, media_type="text/event-stream"
) )

64
lnbits/decorators.py
View File

@ -138,34 +138,44 @@ async def get_key_type(
detail="Invoice (or Admin) key required.", detail="Invoice (or Admin) key required.",
) )
for typenr, WalletChecker in zip( try:
[0, 1], [WalletAdminKeyChecker, WalletInvoiceKeyChecker] admin_checker = WalletAdminKeyChecker(api_key=token)
): await admin_checker.__call__(r)
try: wallet = WalletTypeInfo(0, admin_checker.wallet) # type: ignore
checker = WalletChecker(api_key=token) if (LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS) and (
await checker.__call__(r) LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS
wallet = WalletTypeInfo(typenr, checker.wallet) # type: ignore ):
if wallet is None or wallet.wallet is None: raise HTTPException(
raise HTTPException( status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized."
status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist." )
) return wallet
if ( except HTTPException as e:
LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS if e.status_code == HTTPStatus.BAD_REQUEST:
) and (LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS):
raise HTTPException(
status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized."
)
return wallet
except HTTPException as e:
if e.status_code == HTTPStatus.BAD_REQUEST:
raise
if e.status_code == HTTPStatus.UNAUTHORIZED:
pass
except:
raise raise
raise HTTPException( if e.status_code == HTTPStatus.UNAUTHORIZED:
status_code=HTTPStatus.NOT_FOUND, detail="Wallet does not exist." pass
) except:
raise
try:
invoice_checker = WalletInvoiceKeyChecker(api_key=token)
await invoice_checker.__call__(r)
wallet = WalletTypeInfo(1, invoice_checker.wallet) # type: ignore
if (LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS) and (
LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS
):
raise HTTPException(
status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized."
)
return wallet
except HTTPException as e:
if e.status_code == HTTPStatus.BAD_REQUEST:
raise
if e.status_code == HTTPStatus.UNAUTHORIZED:
return WalletTypeInfo(2, None) # type: ignore
except:
raise
return wallet
async def require_admin_key( async def require_admin_key(