From 976f5b99298b5af914c080f625a121d929c20b4b Mon Sep 17 00:00:00 2001
From: Peter Rounce <peter@rounce.me.uk>
Date: Sun, 19 Feb 2023 08:53:15 +0000
Subject: [PATCH 1/5] tidy

---
 createboltcard/main.go    | 2 +-
 lnurlw/lnurlw_callback.go | 6 ++----
 wipeboltcard/main.go      | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/createboltcard/main.go b/createboltcard/main.go
index 7a8612e..8287fcd 100644
--- a/createboltcard/main.go
+++ b/createboltcard/main.go
@@ -81,6 +81,6 @@ func main() {
 	fmt.Println()
 	fmt.Println(url)
 	fmt.Println()
-	q, err := qrcode.New(url, qrcode.Medium)
+	q, _ := qrcode.New(url, qrcode.Medium)
 	fmt.Println(q.ToSmallString(false))
 }
diff --git a/lnurlw/lnurlw_callback.go b/lnurlw/lnurlw_callback.go
index d502290..2578fe6 100644
--- a/lnurlw/lnurlw_callback.go
+++ b/lnurlw/lnurlw_callback.go
@@ -48,8 +48,8 @@ func lndhub_payment(w http.ResponseWriter, p *db.Payment) {
 
 	defer res.Body.Close()
 
-	b, err2 := io.ReadAll(res.Body)
-	if err2 != nil {
+	b, err := io.ReadAll(res.Body)
+	if err != nil {
 		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
 		resp_err.Write(w)
 		return
@@ -57,8 +57,6 @@ func lndhub_payment(w http.ResponseWriter, p *db.Payment) {
 
 	log.Info(string(b))
 
-	//	fmt.Println(string(b))
-
 	//lndhub.payinvoice API call
 }
 
diff --git a/wipeboltcard/main.go b/wipeboltcard/main.go
index bc55461..11858c8 100644
--- a/wipeboltcard/main.go
+++ b/wipeboltcard/main.go
@@ -65,6 +65,6 @@ func main() {
 		`}`
 
 	fmt.Println()
-	q, err := qrcode.New(qr, qrcode.Medium)
+	q, _ := qrcode.New(qr, qrcode.Medium)
 	fmt.Println(q.ToSmallString(false))
 }

From 940fd0f591bf6788904065e9355c2fe2e58ae0fd Mon Sep 17 00:00:00 2001
From: Peter Rounce <peter@rounce.me.uk>
Date: Sun, 19 Feb 2023 17:05:11 +0000
Subject: [PATCH 2/5] lndhub payinvoice works

---
 lnurlw/lnurlw_callback.go | 119 ++++++++++++++++++++++++++++++++++----
 1 file changed, 107 insertions(+), 12 deletions(-)

diff --git a/lnurlw/lnurlw_callback.go b/lnurlw/lnurlw_callback.go
index 2578fe6..9ccd90f 100644
--- a/lnurlw/lnurlw_callback.go
+++ b/lnurlw/lnurlw_callback.go
@@ -2,16 +2,34 @@ package lnurlw
 
 import (
 	"bytes"
+	"encoding/json"
 	"github.com/boltcard/boltcard/db"
 	"github.com/boltcard/boltcard/lnd"
 	"github.com/boltcard/boltcard/resp_err"
 	decodepay "github.com/fiatjaf/ln-decodepay"
 	log "github.com/sirupsen/logrus"
 	"io"
+	"strings"
 	"net/http"
+	"strconv"
 )
 
-func lndhub_payment(w http.ResponseWriter, p *db.Payment) {
+type LndhubAuthRequest struct {
+	Login		string	`json:"login"`
+	Password	string	`json:"password"`
+}
+
+type LndhubAuthResponse struct {
+	RefreshToken	string	`json:"refresh_token"`
+	AccessToken 	string	`json:"access_token"`
+}
+
+type LndhubPayInvoiceRequest	struct {
+	Invoice		string	`json:"invoice"`
+	FreeAmount	string	`json:"freeamount"`
+}
+
+func lndhub_payment(w http.ResponseWriter, p *db.Payment, bolt11 decodepay.Bolt11, param_pr string) {
 
 	//get setting for LNDHUB_URL
 	lndhub_url := "https://" + db.Get_setting("LNDHUB_URL")
@@ -26,41 +44,118 @@ func lndhub_payment(w http.ResponseWriter, p *db.Payment) {
 
 	//lndhub.auth API call
 	//the login JSON is held in the Card_name field
-	body := []byte(c.Card_name)
+	// as "login:password"
+	card_name_parts := strings.Split(c.Card_name, ":")
 
-	r, err := http.NewRequest("POST", lndhub_url+"/auth", bytes.NewBuffer(body))
+	if len(card_name_parts) != 2 {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+		resp_err.Write(w)
+		return
+	}
+
+	if len(card_name_parts[0]) != 20 || len(card_name_parts[1]) != 20 {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+		resp_err.Write(w)
+		return
+	}
+
+	var lhAuthRequest LndhubAuthRequest
+	lhAuthRequest.Login = card_name_parts[0]
+	lhAuthRequest.Password = card_name_parts[1]
+
+	authReq, err := json.Marshal(lhAuthRequest)
+	log.Info(string(authReq))
+
+	req_auth, err := http.NewRequest("POST", lndhub_url+"/auth", bytes.NewBuffer(authReq))
 	if err != nil {
 		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
 		resp_err.Write(w)
 		return
 	}
 
-	r.Header.Add("Access-Control-Allow-Origin", "*")
-	r.Header.Add("Content-Type", "application/json")
+	req_auth.Header.Add("Access-Control-Allow-Origin", "*")
+	req_auth.Header.Add("Content-Type", "application/json")
 
 	client := &http.Client{}
-	res, err := client.Do(r)
+	resp_auth, err := client.Do(req_auth)
 	if err != nil {
 		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
 		resp_err.Write(w)
 		return
 	}
 
-	defer res.Body.Close()
+	defer resp_auth.Body.Close()
 
-	b, err := io.ReadAll(res.Body)
+	resp_auth_bytes, err := io.ReadAll(resp_auth.Body)
 	if err != nil {
 		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
 		resp_err.Write(w)
 		return
 	}
 
-	log.Info(string(b))
+	var auth_keys LndhubAuthResponse
+
+	err = json.Unmarshal([]byte(resp_auth_bytes), &auth_keys)
+	if err != nil {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+		resp_err.Write(w)
+		return
+	}
 
 	//lndhub.payinvoice API call
+	var payInvoiceRequest LndhubPayInvoiceRequest
+	payInvoiceRequest.Invoice = param_pr
+	payInvoiceRequest.FreeAmount = strconv.Itoa(int(bolt11.MSatoshi / 1000))
+
+	req_payinvoice, err := json.Marshal(payInvoiceRequest)
+	log.Info(string(req_payinvoice))
+	if err != nil {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+		resp_err.Write(w)
+		return
+	}
+
+	req, err := http.NewRequest("POST", lndhub_url+"/payinvoice", bytes.NewBuffer(req_payinvoice))
+	if err != nil {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+		resp_err.Write(w)
+		return
+	}
+
+	req.Header.Add("Access-Control-Allow-Origin", "*")
+	req.Header.Add("Content-Type", "application/json")
+	req.Header.Add("Authorization", "Bearer " + auth_keys.AccessToken)
+
+	res2, err := client.Do(req)
+	if err != nil {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+		resp_err.Write(w)
+		return
+	}
+
+	defer res2.Body.Close()
+
+	b2, err := io.ReadAll(res2.Body)
+	if err != nil {
+		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+		resp_err.Write(w)
+		return
+	}
+
+	log.Info(string(b2))
+
+//	var auth_keys LndhubAuthResponse
+
+//	err = json.Unmarshal([]byte(b), &auth_keys)
+//	if err != nil {
+//		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+//		resp_err.Write(w)
+//		return
+//	}
+
 }
 
-func lnd_payment(w http.ResponseWriter, bolt11 decodepay.Bolt11, p *db.Payment, param_pr string) {
+func lnd_payment(w http.ResponseWriter, p *db.Payment, bolt11 decodepay.Bolt11, param_pr string) {
 
 	// check amount limits
 	invoice_sats := int(bolt11.MSatoshi / 1000)
@@ -221,9 +316,9 @@ func Callback(w http.ResponseWriter, req *http.Request) {
 	lndhub := db.Get_setting("FUNCTION_LNDHUB")
 	if lndhub == "ENABLE" {
 		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Info("initiating lndhub payment")
-		lndhub_payment(w, p)
+		lndhub_payment(w, p, bolt11, param_pr)
 	} else {
 		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Info("initiating lnd payment")
-		lnd_payment(w, bolt11, p, param_pr)
+		lnd_payment(w, p, bolt11, param_pr)
 	}
 }

From acebd2c29c9333dd3df0c7db513f11089b8d6dd2 Mon Sep 17 00:00:00 2001
From: Peter Rounce <peter@rounce.me.uk>
Date: Sun, 19 Feb 2023 17:13:38 +0000
Subject: [PATCH 3/5] Create LNDHUB.MD

---
 docs/LNDHUB.MD | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 docs/LNDHUB.MD

diff --git a/docs/LNDHUB.MD b/docs/LNDHUB.MD
new file mode 100644
index 0000000..42a29c2
--- /dev/null
+++ b/docs/LNDHUB.MD
@@ -0,0 +1,13 @@
+## lndhub
+
+### in the `settings` table
+- set 'LNDHUB_URL' to 'lndhub.yourdomain.com'
+- set 'FUNCTION_LNDHUB' to 'ENABLE'
+
+### create card
+- set the card_name to the 'login:password' for the lndhub account  
+e.g. '11111111111111111111:22222222222222222222'
+
+### limits
+- there are currently no payment rules in this code, only the lndhub account limit  
+i.e. tx_limit_sats & day_limit_sats are not enforced

From 54f1274fa6bc9ce2d475a33f79acca1a4f02135f Mon Sep 17 00:00:00 2001
From: Peter Rounce <peter@rounce.me.uk>
Date: Sun, 19 Feb 2023 17:14:06 +0000
Subject: [PATCH 4/5] Rename LNDHUB.MD to LNDHUB.md

---
 docs/{LNDHUB.MD => LNDHUB.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/{LNDHUB.MD => LNDHUB.md} (100%)

diff --git a/docs/LNDHUB.MD b/docs/LNDHUB.md
similarity index 100%
rename from docs/LNDHUB.MD
rename to docs/LNDHUB.md

From 0170019feeb9f8914bdcd7d716bd9082fe2cfe37 Mon Sep 17 00:00:00 2001
From: Peter Rounce <peter@rounce.me.uk>
Date: Sun, 19 Feb 2023 17:19:28 +0000
Subject: [PATCH 5/5] update formatting

---
 lnurlw/lnurlw_callback.go | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/lnurlw/lnurlw_callback.go b/lnurlw/lnurlw_callback.go
index 9ccd90f..1d2e8fe 100644
--- a/lnurlw/lnurlw_callback.go
+++ b/lnurlw/lnurlw_callback.go
@@ -9,24 +9,24 @@ import (
 	decodepay "github.com/fiatjaf/ln-decodepay"
 	log "github.com/sirupsen/logrus"
 	"io"
-	"strings"
 	"net/http"
 	"strconv"
+	"strings"
 )
 
 type LndhubAuthRequest struct {
-	Login		string	`json:"login"`
-	Password	string	`json:"password"`
+	Login    string `json:"login"`
+	Password string `json:"password"`
 }
 
 type LndhubAuthResponse struct {
-	RefreshToken	string	`json:"refresh_token"`
-	AccessToken 	string	`json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	AccessToken  string `json:"access_token"`
 }
 
-type LndhubPayInvoiceRequest	struct {
-	Invoice		string	`json:"invoice"`
-	FreeAmount	string	`json:"freeamount"`
+type LndhubPayInvoiceRequest struct {
+	Invoice    string `json:"invoice"`
+	FreeAmount string `json:"freeamount"`
 }
 
 func lndhub_payment(w http.ResponseWriter, p *db.Payment, bolt11 decodepay.Bolt11, param_pr string) {
@@ -124,7 +124,7 @@ func lndhub_payment(w http.ResponseWriter, p *db.Payment, bolt11 decodepay.Bolt1
 
 	req.Header.Add("Access-Control-Allow-Origin", "*")
 	req.Header.Add("Content-Type", "application/json")
-	req.Header.Add("Authorization", "Bearer " + auth_keys.AccessToken)
+	req.Header.Add("Authorization", "Bearer "+auth_keys.AccessToken)
 
 	res2, err := client.Do(req)
 	if err != nil {
@@ -144,14 +144,14 @@ func lndhub_payment(w http.ResponseWriter, p *db.Payment, bolt11 decodepay.Bolt1
 
 	log.Info(string(b2))
 
-//	var auth_keys LndhubAuthResponse
+	//	var auth_keys LndhubAuthResponse
 
-//	err = json.Unmarshal([]byte(b), &auth_keys)
-//	if err != nil {
-//		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
-//		resp_err.Write(w)
-//		return
-//	}
+	//	err = json.Unmarshal([]byte(b), &auth_keys)
+	//	if err != nil {
+	//		log.WithFields(log.Fields{"card_payment_id": p.Card_payment_id}).Warn(err)
+	//		resp_err.Write(w)
+	//		return
+	//	}
 
 }