From 9ceea9e6bf9a63ff48144267da6fa6516762a87a Mon Sep 17 00:00:00 2001 From: yanas Date: Fri, 22 Jul 2022 19:49:58 +0200 Subject: [PATCH] Add configuration property for allowed length of LNURL-pay comments --- README.md | 2 ++ lnme.go | 11 +++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 70e67c2..5755d22 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ LnMe is one [simple executable](https://github.com/bumi/lnme/releases) file that - [x] [JavaScript widget](#javascript-widget-integration) for existing websites - [x] [Invoice API](https://github.com/bumi/lnme/wiki/API) - simple REST API to create LN invoices from existing JS code - [x] [LNURL-pay](https://github.com/fiatjaf/lnurl-rfc/blob/luds/06.md) support +- [x] [LNURL-pay comment](https://github.com/fiatjaf/lnurl-rfc/blob/luds/12.md) support ## Installation @@ -62,6 +63,7 @@ Instead of the path to the macaroon and cert files you can also provide the hex #### Other configuration - `static-path`: Path to a folder that you want to serve with LnMe (e.g. /home/bitcoin/lnme/website). Use this if you want to customize your ⚡website. default: disabled +- `lnurlp-comment-allowed`: Allowed length of LNURL-pay comments, maximum around [~2000 characters](https://stackoverflow.com/a/417184). (default: 210) - `disable-website`: Disable the default LnMe website. Disable the website if you only want to embed the LnMe widget on your existing website. - `disable-cors`: Disable CORS headers. (default: false) - `disable-ln-address`: Disable [Lightning Address](https://lightningaddress.com/) handling. diff --git a/lnme.go b/lnme.go index d975c09..5c81fda 100644 --- a/lnme.go +++ b/lnme.go @@ -163,6 +163,7 @@ func main() { name := c.Param("name") lightningAddress := name + "@" + host lnurlMetadata := "[[\"text/identifier\", \"" + lightningAddress + "\"], [\"text/plain\", \"Sats for " + lightningAddress + "\"]]" + lnurlpCommentAllowed := cfg.Int64("lnurlp-comment-allowed") if amount := c.QueryParam("amount"); amount == "" { lnurlPayResponse1 := lnurl.LNURLPayResponse1{ @@ -171,7 +172,7 @@ func main() { MinSendable: 1000, MaxSendable: 100000000, EncodedMetadata: lnurlMetadata, - CommentAllowed: 0, + CommentAllowed: lnurlpCommentAllowed, Tag: "payRequest", } return c.JSON(http.StatusOK, lnurlPayResponse1) @@ -183,8 +184,13 @@ func main() { return c.JSON(http.StatusOK, lnurl.LNURLErrorResponse{Status: "ERROR", Reason: "Invalid Amount"}) } sats := msats / 1000 // we need sats + comment := c.QueryParam("comment") + if commentLength := int64(len(comment)); commentLength > lnurlpCommentAllowed { + stdOutLogger.Printf("Invalid comment length: %d", commentLength) + return c.JSON(http.StatusOK, lnurl.LNURLErrorResponse{Status: "ERROR", Reason: "Invalid comment length"}) + } metadataHash := sha256.Sum256([]byte(lnurlMetadata)) - invoice, err := lnClient.AddInvoice(sats, lightningAddress, metadataHash[:]) + invoice, err := lnClient.AddInvoice(sats, comment, metadataHash[:]) if err != nil { stdOutLogger.Printf("Error creating invoice: %s", err) return c.JSON(http.StatusOK, lnurl.LNURLErrorResponse{Status: "ERROR", Reason: "Server Error"}) @@ -238,6 +244,7 @@ func LoadConfig() *koanf.Koanf { f.String("lnd-macaroon", "", "HEX string of LND macaroon file.") f.String("lnd-cert-path", "~/.lnd/tls.cert", "Path to the LND tls.cert file.") f.String("lnd-cert", "", "HEX string of LND tls cert file.") + f.Int64("lnurlp-comment-allowed", 210, "Allowed length of LNURL-pay comments.") f.Bool("disable-website", false, "Disable default embedded website.") f.Bool("disable-ln-address", false, "Disable Lightning Address handling") f.Bool("disable-cors", false, "Disable CORS headers.")