fix(lndhub): require admin key for sending funds

2021-10-17 10:30:59 +02:00 · 2021-10-17 10:30:59 +02:00 · 70facdaa93
commit 70facdaa93
parent 2282e79f4d
2 changed files with 18 additions and 11 deletions
--- a/lnbits/extensions/lndhub/decorators.py
+++ b/lnbits/extensions/lndhub/decorators.py
@ -15,10 +15,25 @@ from lnbits.decorators import WalletTypeInfo, get_key_type  # type: ignore
 api_key_header_auth = APIKeyHeader(name="AUTHORIZATION", auto_error=False, description="Admin or Invoice key for LNDHub API's")
 async def check_wallet(r: Request, api_key_header_auth: str = Security(api_key_header_auth)) -> WalletTypeInfo:    
    if not api_key_header_auth:
-        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, 
+            detail="Invalid auth key"
+        )

    t = api_key_header_auth.split(" ")[1]
    _, token = b64decode(t).decode("utf-8").split(":")

    return await get_key_type(r, api_key_header=token)

+
+async def require_admin_key(r: Request,  api_key_header_auth: str = Security(api_key_header_auth)):
+    wallet = await check_wallet(r, api_key_header_auth)
+    if wallet.wallet_type != 0:
+        # If wallet type is not admin then return the unauthorized status
+        # This also covers when the user passes an invalid key type
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Admin key required.",
+        )
+    else: 
+        return wallet
--- a/lnbits/extensions/lndhub/views_api.py
+++ b/lnbits/extensions/lndhub/views_api.py
@ -9,7 +9,7 @@ from lnbits.settings import WALLET
 from lnbits import bolt11

 from . import lndhub_ext
-from .decorators import check_wallet
+from .decorators import check_wallet, require_admin_key
 from .utils import to_buffer, decoded_as_lndhub
 from http import HTTPStatus
 from starlette.exceptions import HTTPException
@ -83,16 +83,8 @@ class Invoice(BaseModel):

@lndhub_ext.post("/ext/payinvoice")
 async def lndhub_payinvoice(
-    r_invoice: Invoice, wallet: WalletTypeInfo = Depends(check_wallet)
+    r_invoice: Invoice, wallet: WalletTypeInfo = Depends(require_admin_key)
 ):
-    # DIRTY HACK NEEDS TO BE ADDRESSED
-    if wallet.wallet_type == 1:
-        print("Not enough permission!")
-        raise HTTPException(
-            status_code=HTTPStatus.BAD_REQUEST,
-            detail="Not enough permission!",
-        )
-        return
    try:
        await pay_invoice(
            wallet_id=wallet.wallet.id,