Add user whitelisting

Fittiboy · Aug 3, 2021 · 1d7589e · 1d7589e
1 parent 8e30fc7
commit 1d7589e
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -37,7 +37,10 @@ If you want to run it on Windows via WSL, I recommend installing [Ubuntu](https:
    This should bring you to a url that ends in this format : `/wallet?usr=XXXXXXXXXX&wal=YYYYYYYYYYYYY`.  
    Keep the XXXX and YYYY (yours will look like random text and numbers) secret, but copy the **FULL URL** somewhere safe.  
    Visiting this URL is essentially how you log in to LNbits, and so anyone who knows this URL, or the XXXX and YYYY could access your wallet.  
-   For added security, you can move your funds to a different wallet after every stream!     
+   For added security, you can move your funds to a different wallet after every stream!
+1. Right now, anyone with access to the URL could create new wallets and use your LNbits. To prevent this, do the following:
+   copy the XXXXXXXXXX from the url (usr=**XXXXXXXXXX**&wal=YYYYYYYYYYYYY) and run `python whitelist_user.py`. Paste your user ID when prompted.  
+   Now you can restart LNbits (`. ./kill_lnbits.sh ; . ./start_lnbits.sh`), and you should now get an error when trying to create a new login!
 1. Follow the [extension guide](https://github.com/Fittiboy/lnbits/blob/TwitchAlerts/lnbits/extensions/streamalerts/README.md).
 1. When you publicly host this, go ahead and open your wallet through your public URL (for example, the URL shown in the ngrok extension).  
    To access your wallet on this public URL, simply add the `/wallet?usr=XXXXXXXXXX&wal=YYYYYYYYYYYYY` part from the URL you saved.  

diff --git a/initial_setup.py b/initial_setup.py
@@ -1,5 +1,3 @@
-import json
-
 from subprocess import run
 
 if __name__ == "__main__":

diff --git a/whitelist_user.py b/whitelist_user.py
@@ -0,0 +1,18 @@
+if __name__ == "__main__":
+    with open("./lnbits/.env") as env_file:
+        env = {}
+        for line in env_file.readlines():
+            if "=" in line:
+                key, value = line.split("=")
+                env[key] = value
+    user = input("Input your user ID: ")
+    allowed_users = env['LNBITS_ALLOWED_USERS'].strip('"\n')
+    if not allowed_users:
+        env['LNBITS_ALLOWED_USERS'] = f'"{user}"\n'
+    else:
+        env['LNBITS_ALLOWED_USERS'] = f'"{allowed_users},{user}"\n'
+    with open("./lnbits/.env", "w") as env_file:
+        for key, value in env.items():
+            env_file.write(f'{key}={value}')
+
+    print("User added to LNBITS_ALLOWED_USERS!")