diff --git a/README.md b/README.md index 50f83e9..e020497 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,9 @@ vim .env # edit your config + `WEBHOOK_URL`: Optional. Callback URL for incoming and outgoing payment events, see below. + `FEE_RESERVE`: (default: false) Keep fee reserve for each user + `ALLOW_ACCOUNT_CREATION`: (default: true) Enable creation of new accounts ++ `MAX_RECEIVE_AMOUNT`: (default: 0 = no limit) Set maximum amount for which an invoice can be created ++ `MAX_SEND_AMOUNT`: (default: 0 = no limit) Set maximum amount of an invoice that can be paid ++ `MAX_ACCOUNT_BALANCE`: (default: 0 = no limit) Set maximum balance for each account ## Developing diff --git a/controllers/addinvoice.ctrl.go b/controllers/addinvoice.ctrl.go index 7969a88..287227f 100644 --- a/controllers/addinvoice.ctrl.go +++ b/controllers/addinvoice.ctrl.go @@ -52,6 +52,25 @@ func AddInvoice(c echo.Context, svc *service.LndhubService, userID int64) error if err != nil || amount < 0 { return c.JSON(http.StatusBadRequest, responses.BadArgumentsError) } + + if svc.Config.MaxReceiveAmount > 0 { + if amount > svc.Config.MaxReceiveAmount { + c.Logger().Errorf("Max receive amount exceeded for user_id:%v (amount:%v)", userID, amount) + return c.JSON(http.StatusBadRequest, responses.BadArgumentsError) + } + } + + if svc.Config.MaxAccountBalance > 0 { + currentBalance, err := svc.CurrentUserBalance(c.Request().Context(), userID) + if err != nil { + return c.JSON(http.StatusBadRequest, responses.GeneralServerError) + } + if currentBalance+amount > svc.Config.MaxAccountBalance { + c.Logger().Errorf("Max account balance exceeded for user_id:%v (balance:%v + amount:%v)", userID, currentBalance, amount) + return c.JSON(http.StatusBadRequest, responses.BadArgumentsError) + } + } + c.Logger().Infof("Adding invoice: user_id:%v memo:%s value:%v description_hash:%s", userID, body.Memo, amount, body.DescriptionHash) invoice, err := svc.AddIncomingInvoice(c.Request().Context(), userID, amount, body.Memo, body.DescriptionHash) diff --git a/controllers/keysend.ctrl.go b/controllers/keysend.ctrl.go index b35e65e..08dcea3 100644 --- a/controllers/keysend.ctrl.go +++ b/controllers/keysend.ctrl.go @@ -63,6 +63,13 @@ func (controller *KeySendController) KeySend(c echo.Context) error { Keysend: true, } + if controller.svc.Config.MaxSendAmount > 0 { + if lnPayReq.PayReq.NumSatoshis > controller.svc.Config.MaxSendAmount { + c.Logger().Errorf("Max send amount exceeded for user_id:%v (amount:%v)", userID, lnPayReq.PayReq.NumSatoshis) + return c.JSON(http.StatusBadRequest, responses.BadArgumentsError) + } + } + invoice, err := controller.svc.AddOutgoingInvoice(c.Request().Context(), userID, "", lnPayReq) if err != nil { return err diff --git a/controllers/payinvoice.ctrl.go b/controllers/payinvoice.ctrl.go index 3916f61..c8a9a8e 100644 --- a/controllers/payinvoice.ctrl.go +++ b/controllers/payinvoice.ctrl.go @@ -73,6 +73,13 @@ func (controller *PayInvoiceController) PayInvoice(c echo.Context) error { lnPayReq.PayReq.NumSatoshis = amt } + if controller.svc.Config.MaxSendAmount > 0 { + if lnPayReq.PayReq.NumSatoshis > controller.svc.Config.MaxSendAmount { + c.Logger().Errorf("Max send amount exceeded for user_id:%v (amount:%v)", userID, lnPayReq.PayReq.NumSatoshis) + return c.JSON(http.StatusBadRequest, responses.BadArgumentsError) + } + } + invoice, err := controller.svc.AddOutgoingInvoice(c.Request().Context(), userID, paymentRequest, lnPayReq) if err != nil { return err diff --git a/lib/service/config.go b/lib/service/config.go index 5956a4a..9fdbb5a 100644 --- a/lib/service/config.go +++ b/lib/service/config.go @@ -21,4 +21,7 @@ type Config struct { WebhookUrl string `envconfig:"WEBHOOK_URL"` FeeReserve bool `envconfig:"FEE_RESERVE" default:"false"` AllowAccountCreation bool `envconfig:"ALLOW_ACCOUNT_CREATION" default:"true"` + MaxReceiveAmount int64 `envconfig:"MAX_RECEIVE_AMOUNT" default:"0"` + MaxSendAmount int64 `envconfig:"MAX_SEND_AMOUNT" default:"0"` + MaxAccountBalance int64 `envconfig:"MAX_ACCOUNT_BALANCE" default:"0"` }