Merge branch 'unauthorized-invoice-endpoint'

controllers/addinvoice.ctrl.go

@@ -33,6 +33,10 @@ type AddInvoiceResponseBody struct {
 // AddInvoice : Add invoice Controller
 func (controller *AddInvoiceController) AddInvoice(c echo.Context) error {
 	userID := c.Get("UserID").(int64)
+	return AddInvoice(c, controller.svc, userID)
+}
+
+func AddInvoice(c echo.Context, svc *service.LndhubService, userID int64) error {
 	var body AddInvoiceRequestBody
 
 	if err := c.Bind(&body); err != nil {
@@ -45,13 +49,13 @@ func (controller *AddInvoiceController) AddInvoice(c echo.Context) error {
 		return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
 	}
 
-	amount, err := controller.svc.ParseInt(body.Amount)
+	amount, err := svc.ParseInt(body.Amount)
 	if err != nil {
 		return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
 	}
 	c.Logger().Infof("Adding invoice: user_id=%v memo=%s value=%v description_hash=%s", userID, body.Memo, amount, body.DescriptionHash)
 
-	invoice, err := controller.svc.AddIncomingInvoice(c.Request().Context(), userID, amount, body.Memo, body.DescriptionHash)
+	invoice, err := svc.AddIncomingInvoice(c.Request().Context(), userID, amount, body.Memo, body.DescriptionHash)
 	if err != nil {
 		c.Logger().Errorf("Error creating invoice: %v", err)
 		sentry.CaptureException(err)

controllers/invoice.ctrl.go

@@ -0,0 +1,29 @@
+package controllers
+
+import (
+	"net/http"
+
+	"github.com/getAlby/lndhub.go/lib/responses"
+	"github.com/getAlby/lndhub.go/lib/service"
+	"github.com/labstack/echo/v4"
+)
+
+// InvoiceController : Add invoice controller struct
+type InvoiceController struct {
+	svc *service.LndhubService
+}
+
+func NewInvoiceController(svc *service.LndhubService) *InvoiceController {
+	return &InvoiceController{svc: svc}
+}
+
+// Invoice : Invoice Controller
+func (controller *InvoiceController) Invoice(c echo.Context) error {
+	user, err := controller.svc.FindUserByLogin(c.Request().Context(), c.Param("user_login"))
+	if err != nil {
+		c.Logger().Errorf("Failed to find user by login: login %v error %v", c.Param("user_login"), err)
+		return c.JSON(http.StatusBadRequest, responses.BadArgumentsError)
+	}
+
+	return AddInvoice(c, controller.svc, user.ID)
+}

lib/service/user.go

@@ -65,6 +65,16 @@ func (svc *LndhubService) FindUser(ctx context.Context, userId int64) (*models.U
 	return &user, nil
 }
 
+func (svc *LndhubService) FindUserByLogin(ctx context.Context, login string) (*models.User, error) {
+	var user models.User
+
+	err := svc.DB.NewSelect().Model(&user).Where("login = ?", login).Limit(1).Scan(ctx)
+	if err != nil {
+		return &user, err
+	}
+	return &user, nil
+}
+
 func (svc *LndhubService) CurrentUserBalance(ctx context.Context, userId int64) (int64, error) {
 	var balance int64
 

main.go

@@ -135,6 +135,7 @@ func main() {
 	// Public endpoints for account creation and authentication
 	e.POST("/auth", controllers.NewAuthController(svc).Auth)
 	e.POST("/create", controllers.NewCreateUserController(svc).CreateUser, strictRateLimitMiddleware)
+	e.POST("/invoice/:user_login", controllers.NewInvoiceController(svc).Invoice, middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(rate.Limit(c.DefaultRateLimit))))
 
 	// Secured endpoints which require a Authorization token (JWT)
 	secured := e.Group("", tokens.Middleware(c.JWTSecret), middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(rate.Limit(c.DefaultRateLimit))))