ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow cancel of own invoices without hmac (#1787)

Browse Source
This commit is contained in:
ekzyis 2025-01-02 17:35:54 +01:00 committed by GitHub
parent 0ca9596310
commit 6a02ea8c5c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
api/resolvers/wallet.js
View File

@ -134,11 +134,13 @@ export async function getWithdrawl (parent, { id }, { me, models, lnd }) {
} }
export function createHmac (hash) { export function createHmac (hash) {
if (!hash) throw new GqlInputError('hash required to create hmac')
const key = Buffer.from(process.env.INVOICE_HMAC_KEY, 'hex') const key = Buffer.from(process.env.INVOICE_HMAC_KEY, 'hex')
return crypto.createHmac('sha256', key).update(Buffer.from(hash, 'hex')).digest('hex') return crypto.createHmac('sha256', key).update(Buffer.from(hash, 'hex')).digest('hex')
} }
export function verifyHmac (hash, hmac) { export function verifyHmac (hash, hmac) {
if (!hash || !hmac) throw new GqlInputError('hash or hmac missing')
const hmac2 = createHmac(hash) const hmac2 = createHmac(hash)
if (!timingSafeEqual(Buffer.from(hmac), Buffer.from(hmac2))) { if (!timingSafeEqual(Buffer.from(hmac), Buffer.from(hmac2))) {
throw new GqlAuthorizationError('bad hmac') throw new GqlAuthorizationError('bad hmac')
@ -487,8 +489,15 @@ const resolvers = {
}, },
createWithdrawl: createWithdrawal, createWithdrawl: createWithdrawal,
sendToLnAddr, sendToLnAddr,
cancelInvoice: async (parent, { hash, hmac }, { models, lnd, boss }) => { cancelInvoice: async (parent, { hash, hmac }, { me, models, lnd, boss }) => {
// stackers can cancel their own invoices without hmac
if (me && !hmac) {
const inv = await models.invoice.findUnique({ where: { hash } })
if (!inv) throw new GqlInputError('invoice not found')
if (inv.userId !== me.id) throw new GqlInputError('not ur invoice')
} else {
verifyHmac(hash, hmac) verifyHmac(hash, hmac)
}
await finalizeHodlInvoice({ data: { hash }, lnd, models, boss }) await finalizeHodlInvoice({ data: { hash }, lnd, models, boss })
return await models.invoice.findFirst({ where: { hash } }) return await models.invoice.findFirst({ where: { hash } })
}, },

2
api/typeDefs/wallet.js
View File

@ -78,7 +78,7 @@ const typeDefs = `
createInvoice(amount: Int!): InvoiceOrDirect! createInvoice(amount: Int!): InvoiceOrDirect!
createWithdrawl(invoice: String!, maxFee: Int!): Withdrawl! createWithdrawl(invoice: String!, maxFee: Int!): Withdrawl!
sendToLnAddr(addr: String!, amount: Int!, maxFee: Int!, comment: String, identifier: Boolean, name: String, email: String): Withdrawl! sendToLnAddr(addr: String!, amount: Int!, maxFee: Int!, comment: String, identifier: Boolean, name: String, email: String): Withdrawl!
cancelInvoice(hash: String!, hmac: String!): Invoice! cancelInvoice(hash: String!, hmac: String): Invoice!
dropBolt11(hash: String!): Boolean dropBolt11(hash: String!): Boolean
removeWallet(id: ID!): Boolean removeWallet(id: ID!): Boolean
deleteWalletLogs(wallet: String): Boolean deleteWalletLogs(wallet: String): Boolean

4
components/use-invoice.js
View File

@ -37,10 +37,6 @@ export default function useInvoice () {
}, [client]) }, [client])
const cancel = useCallback(async ({ hash, hmac }) => { const cancel = useCallback(async ({ hash, hmac }) => {
if (!hash || !hmac) {
throw new Error('missing hash or hmac')
}
console.log('canceling invoice:', hash) console.log('canceling invoice:', hash)
const { data } = await cancelInvoice({ variables: { hash, hmac } }) const { data } = await cancelInvoice({ variables: { hash, hmac } })
return data.cancelInvoice return data.cancelInvoice

2
fragments/wallet.js
View File

@ -225,7 +225,7 @@ export const SET_WALLET_PRIORITY = gql`
export const CANCEL_INVOICE = gql` export const CANCEL_INVOICE = gql`
${INVOICE_FIELDS} ${INVOICE_FIELDS}
mutation cancelInvoice($hash: String!, $hmac: String!) { mutation cancelInvoice($hash: String!, $hmac: String) {
cancelInvoice(hash: $hash, hmac: $hmac) { cancelInvoice(hash: $hash, hmac: $hmac) {
...InvoiceFields ...InvoiceFields
} }