refactor: change the `WITH_ONION` env var and use `FORCE_HTTPS` instead

.env.example

@@ -5,8 +5,8 @@ LNBITS_SITE_TITLE=LNbits
 LNBITS_DEFAULT_WALLET_NAME="LNbits wallet"
 LNBITS_DATA_FOLDER="/your_custom_data_folder"
 LNBITS_DISABLED_EXTENSIONS="amilk,events"
+LNBITS_FORCE_HTTPS=1
 LNBITS_SERVICE_FEE="0.0"
-LNBITS_WITH_ONION=0
 
 # Choose from LNPayWallet, OpenNodeWallet, LntxbotWallet, LndWallet, CLightningWallet, LnbitsWallet
 LNBITS_BACKEND_WALLET_CLASS=LntxbotWallet

lnbits/__init__.py

@@ -9,6 +9,7 @@ from werkzeug.middleware.proxy_fix import ProxyFix
 
 from .core import core_app, migrations as core_migrations
 from .helpers import ExtensionManager
+from .settings import FORCE_HTTPS
 
 
 disabled_extensions = getenv("LNBITS_DISABLED_EXTENSIONS", "").split(",")
@@ -24,7 +25,7 @@ valid_extensions = [ext for ext in ExtensionManager(disabled=disabled_extensions
 Compress(app)
 Talisman(
     app,
-    force_https=getenv("LNBITS_WITH_ONION", 0) == 0,
+    force_https=FORCE_HTTPS,
     content_security_policy={
         "default-src": [
             "'self'",

lnbits/extensions/withdraw/models.py

@@ -1,8 +1,9 @@
 from flask import url_for
 from lnurl import Lnurl, LnurlWithdrawResponse, encode as lnurl_encode
-from os import getenv
 from typing import NamedTuple
 
+from lnbits.settings import FORCE_HTTPS
+
 
 class WithdrawLink(NamedTuple):
     id: str
@@ -22,19 +23,15 @@ class WithdrawLink(NamedTuple):
     def is_spent(self) -> bool:
         return self.used >= self.uses
 
-    @property
-    def is_onion(self) -> bool:
-        return getenv("LNBITS_WITH_ONION", 1) == 1
-
     @property
     def lnurl(self) -> Lnurl:
-        scheme = None if self.is_onion else "https"
+        scheme = "https" if FORCE_HTTPS else None
         url = url_for("withdraw.api_lnurl_response", unique_hash=self.unique_hash, _external=True, _scheme=scheme)
         return lnurl_encode(url)
 
     @property
     def lnurl_response(self) -> LnurlWithdrawResponse:
-        scheme = None if self.is_onion else "https"
+        scheme = "https" if FORCE_HTTPS else None
         url = url_for("withdraw.api_lnurl_callback", unique_hash=self.unique_hash, _external=True, _scheme=scheme)
 
         return LnurlWithdrawResponse(

lnbits/extensions/withdraw/static/js/index.js

@@ -19,6 +19,7 @@ new Vue({
   mixins: [windowMixin],
   data: function () {
     return {
+      checker: null,
       withdrawLinks: [],
       withdrawLinksTable: {
         columns: [
@@ -66,6 +67,9 @@ new Vue({
         self.withdrawLinks = response.data.map(function (obj) {
           return mapWithdrawLink(obj);
         });
+      }).catch(function (error) {
+        clearInterval(self.checker);
+        LNbits.utils.notifyApiError(error);
       });
     },
     closeFormDialog: function () {
@@ -153,7 +157,7 @@ new Vue({
     if (this.g.user.wallets.length) {
       var getWithdrawLinks = this.getWithdrawLinks;
       getWithdrawLinks();
-      setInterval(function () { getWithdrawLinks(); }, 20000);
+      this.checker = setInterval(function () { getWithdrawLinks(); }, 20000);
     }
   }
 });

lnbits/extensions/withdraw/views_api.py

@@ -1,5 +1,6 @@
 from datetime import datetime
 from flask import g, jsonify, request
+from lnurl.exceptions import InvalidUrl as LnurlInvalidUrl
 
 from lnbits.core.crud import get_user, get_wallet
 from lnbits.core.services import pay_invoice
@@ -25,7 +26,16 @@ def api_links():
     if "all_wallets" in request.args:
         wallet_ids = get_user(g.wallet.user).wallet_ids
 
-    return jsonify([{**link._asdict(), **{"lnurl": link.lnurl}} for link in get_withdraw_links(wallet_ids)]), Status.OK
+    try:
+        return (
+            jsonify([{**link._asdict(), **{"lnurl": link.lnurl}} for link in get_withdraw_links(wallet_ids)]),
+            Status.OK,
+        )
+    except LnurlInvalidUrl:
+        return (
+            jsonify({"message": "LNURLs need to be delivered over a publically accessible `https` domain or Tor."}),
+            Status.UPGRADE_REQUIRED,
+        )
 
 
 @withdraw_ext.route("/api/v1/links/<link_id>", methods=["GET"])

lnbits/helpers.py

@@ -49,6 +49,7 @@ class Status:
     FORBIDDEN = 403
     NOT_FOUND = 404
     METHOD_NOT_ALLOWED = 405
+    UPGRADE_REQUIRED = 426
     TOO_MANY_REQUESTS = 429
     INTERNAL_SERVER_ERROR = 500
 

lnbits/settings.py

@@ -12,4 +12,5 @@ LNBITS_DATA_FOLDER = os.getenv("LNBITS_DATA_FOLDER", os.path.join(LNBITS_PATH, "
 
 WALLET = wallet_class()
 DEFAULT_WALLET_NAME = os.getenv("LNBITS_DEFAULT_WALLET_NAME", "LNbits wallet")
+FORCE_HTTPS = os.getenv("LNBITS_FORCE_HTTPS", "1") == "1"
 SERVICE_FEE = Decimal(os.getenv("LNBITS_SERVICE_FEE", "0.0"))