Merge pull request #200 from prusnak/limits

Introduce MaxReceiveAmount, MaxSendAmount, MaxAccountBalance
2026-02-20 20:34:35 +01:00 · 2022-06-30 14:35:52 +02:00
parent fa8a1d6d61 6740e66094
commit 5e31a28fa2
5 changed files with 39 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -48,6 +48,9 @@ vim .env # edit your config
 + `WEBHOOK_URL`: Optional. Callback URL for incoming and outgoing payment events, see below.
 + `FEE_RESERVE`: (default: false) Keep fee reserve for each user
 + `ALLOW_ACCOUNT_CREATION`: (default: true) Enable creation of new accounts
+ `MAX_RECEIVE_AMOUNT`: (default: 0 = no limit) Set maximum amount for which an invoice can be created
+ `MAX_SEND_AMOUNT`: (default: 0 = no limit) Set maximum amount of an invoice that can be paid
+ `MAX_ACCOUNT_BALANCE`: (default: 0 = no limit) Set maximum balance for each account

 ## Developing

--- a/controllers/addinvoice.ctrl.go
+++ b/controllers/addinvoice.ctrl.go
@@ -52,6 +52,25 @@ func AddInvoice(c echo.Context, svc *service.LndhubService, userID int64) error
 	if err != nil || amount < 0 {
 		return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
 	}
+
+	if svc.Config.MaxReceiveAmount > 0 {
+		if amount > svc.Config.MaxReceiveAmount {
+			c.Logger().Errorf("Max receive amount exceeded for user_id:%v (amount:%v)", userID, amount)
+			return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
+		}
+	}
+
+	if svc.Config.MaxAccountBalance > 0 {
+		currentBalance, err := svc.CurrentUserBalance(c.Request().Context(), userID)
+		if err != nil {
+			return c.JSON(http.StatusBadRequest, responses.GeneralServerError)
+		}
+		if currentBalance+amount > svc.Config.MaxAccountBalance {
+			c.Logger().Errorf("Max account balance exceeded for user_id:%v (balance:%v + amount:%v)", userID, currentBalance, amount)
+			return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
+		}
+	}
+
 	c.Logger().Infof("Adding invoice: user_id:%v memo:%s value:%v description_hash:%s", userID, body.Memo, amount, body.DescriptionHash)

 	invoice, err := svc.AddIncomingInvoice(c.Request().Context(), userID, amount, body.Memo, body.DescriptionHash)
--- a/controllers/keysend.ctrl.go
+++ b/controllers/keysend.ctrl.go
@@ -63,6 +63,13 @@ func (controller *KeySendController) KeySend(c echo.Context) error {
 		Keysend: true,
 	}

+	if controller.svc.Config.MaxSendAmount > 0 {
+		if lnPayReq.PayReq.NumSatoshis > controller.svc.Config.MaxSendAmount {
+			c.Logger().Errorf("Max send amount exceeded for user_id:%v (amount:%v)", userID, lnPayReq.PayReq.NumSatoshis)
+			return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
+		}
+	}
+
 	invoice, err := controller.svc.AddOutgoingInvoice(c.Request().Context(), userID, "", lnPayReq)
 	if err != nil {
 		return err
--- a/controllers/payinvoice.ctrl.go
+++ b/controllers/payinvoice.ctrl.go
@@ -73,6 +73,13 @@ func (controller *PayInvoiceController) PayInvoice(c echo.Context) error {
 		lnPayReq.PayReq.NumSatoshis = amt
 	}

+	if controller.svc.Config.MaxSendAmount > 0 {
+		if lnPayReq.PayReq.NumSatoshis > controller.svc.Config.MaxSendAmount {
+			c.Logger().Errorf("Max send amount exceeded for user_id:%v (amount:%v)", userID, lnPayReq.PayReq.NumSatoshis)
+			return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
+		}
+	}
+
 	invoice, err := controller.svc.AddOutgoingInvoice(c.Request().Context(), userID, paymentRequest, lnPayReq)
 	if err != nil {
 		return err
--- a/lib/service/config.go
+++ b/lib/service/config.go
@@ -21,4 +21,7 @@ type Config struct {
 	WebhookUrl            string `envconfig:"WEBHOOK_URL"`
 	FeeReserve            bool   `envconfig:"FEE_RESERVE" default:"false"`
 	AllowAccountCreation  bool   `envconfig:"ALLOW_ACCOUNT_CREATION" default:"true"`
+	MaxReceiveAmount      int64  `envconfig:"MAX_RECEIVE_AMOUNT" default:"0"`
+	MaxSendAmount         int64  `envconfig:"MAX_SEND_AMOUNT" default:"0"`
+	MaxAccountBalance     int64  `envconfig:"MAX_ACCOUNT_BALANCE" default:"0"`
 }