From 2d46eda5f55515dfa9e3682f1848b7d7d9f3227c Mon Sep 17 00:00:00 2001 From: Arc <33088785+arcbtc@users.noreply.github.com> Date: Mon, 25 Jul 2022 15:54:49 +0100 Subject: [PATCH] Revert "Revert "LNURLp: check description hash"" --- lnbits/core/views/api.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/lnbits/core/views/api.py b/lnbits/core/views/api.py index 9fee6063..bc3e759f 100644 --- a/lnbits/core/views/api.py +++ b/lnbits/core/views/api.py @@ -279,7 +279,7 @@ class CreateLNURLData(BaseModel): @core_app.post("/api/v1/payments/lnurl") async def api_payments_pay_lnurl( - data: CreateLNURLData, wallet: WalletTypeInfo = Depends(get_key_type) + data: CreateLNURLData, wallet: WalletTypeInfo = Depends(require_admin_key) ): domain = urlparse(data.callback).netloc @@ -305,6 +305,12 @@ async def api_payments_pay_lnurl( detail=f"{domain} said: '{params.get('reason', '')}'", ) + if not params.get("pr"): + raise HTTPException( + status_code=HTTPStatus.BAD_REQUEST, + detail=f"{domain} did not return a payment request.", + ) + invoice = bolt11.decode(params["pr"]) if invoice.amount_msat != data.amount: raise HTTPException( @@ -312,11 +318,11 @@ async def api_payments_pay_lnurl( detail=f"{domain} returned an invalid invoice. Expected {data.amount} msat, got {invoice.amount_msat}.", ) - # if invoice.description_hash != data.description_hash: - # raise HTTPException( - # status_code=HTTPStatus.BAD_REQUEST, - # detail=f"{domain} returned an invalid invoice. Expected description_hash == {data.description_hash}, got {invoice.description_hash}.", - # ) + if invoice.description_hash != data.description_hash: + raise HTTPException( + status_code=HTTPStatus.BAD_REQUEST, + detail=f"{domain} returned an invalid invoice. Expected description_hash == {data.description_hash}, got {invoice.description_hash}.", + ) extra = {}