Skip to content

Commit

Permalink
Join mint URL and endpoint in a safe way (#298)
Browse files Browse the repository at this point in the history
* Join mint URL and endpoint in a safe way

* Use posixpath.join for joining URLs
  • Loading branch information
sihamon authored Oct 13, 2023
1 parent c444a06 commit a7cc210
Showing 1 changed file with 12 additions and 11 deletions.
23 changes: 12 additions & 11 deletions cashu/wallet/wallet.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import time
import uuid
from itertools import groupby
from posixpath import join
from typing import Dict, List, Optional, Tuple, Union

import requests
Expand Down Expand Up @@ -275,7 +276,7 @@ async def _get_keys(self, url: str) -> WalletKeyset:
Exception: If no keys are received from the mint
"""
resp = self.s.get(
url + "/keys",
join(url, "keys"),
)
self.raise_on_error(resp)
keys: dict = resp.json()
Expand Down Expand Up @@ -304,7 +305,7 @@ async def _get_keys_of_keyset(self, url: str, keyset_id: str) -> WalletKeyset:
"""
keyset_id_urlsafe = keyset_id.replace("+", "-").replace("/", "_")
resp = self.s.get(
url + f"/keys/{keyset_id_urlsafe}",
join(url, f"keys/{keyset_id_urlsafe}"),
)
self.raise_on_error(resp)
keys = resp.json()
Expand All @@ -330,7 +331,7 @@ async def _get_keyset_ids(self, url: str) -> List[str]:
Exception: If no keysets are received from the mint
"""
resp = self.s.get(
url + "/keysets",
join(url, "keysets"),
)
self.raise_on_error(resp)
keysets_dict = resp.json()
Expand All @@ -352,7 +353,7 @@ async def _get_info(self, url: str) -> GetInfoResponse:
Exception: If the mint info request fails
"""
resp = self.s.get(
url + "/info",
join(url, "info"),
)
self.raise_on_error(resp)
data: dict = resp.json()
Expand All @@ -373,7 +374,7 @@ async def request_mint(self, amount) -> Invoice:
Exception: If the mint request fails
"""
logger.trace("Requesting mint: GET /mint")
resp = self.s.get(self.url + "/mint", params={"amount": amount})
resp = self.s.get(join(self.url, "mint"), params={"amount": amount})
self.raise_on_error(resp)
return_dict = resp.json()
mint_response = GetMintResponse.parse_obj(return_dict)
Expand All @@ -398,7 +399,7 @@ async def mint(
outputs_payload = PostMintRequest(outputs=outputs)
logger.trace("Checking Lightning invoice. POST /mint")
resp = self.s.post(
self.url + "/mint",
join(self.url, "mint"),
json=outputs_payload.dict(),
params={
"hash": hash,
Expand Down Expand Up @@ -437,7 +438,7 @@ def _splitrequest_include_fields(proofs: List[Proof]):
}

resp = self.s.post(
self.url + "/split",
join(self.url, "split"),
json=split_payload.dict(include=_splitrequest_include_fields(proofs)), # type: ignore
)
self.raise_on_error(resp)
Expand All @@ -464,7 +465,7 @@ def _check_proof_state_include_fields(proofs):
}

resp = self.s.post(
self.url + "/check",
join(self.url, "check"),
json=payload.dict(include=_check_proof_state_include_fields(proofs)), # type: ignore
)
self.raise_on_error(resp)
Expand All @@ -478,7 +479,7 @@ async def check_fees(self, payment_request: str):
"""Checks whether the Lightning payment is internal."""
payload = CheckFeesRequest(pr=payment_request)
resp = self.s.post(
self.url + "/checkfees",
join(self.url, "checkfees"),
json=payload.dict(),
)
self.raise_on_error(resp)
Expand Down Expand Up @@ -506,7 +507,7 @@ def _meltrequest_include_fields(proofs: List[Proof]):
}

resp = self.s.post(
self.url + "/melt",
join(self.url, "melt"),
json=payload.dict(include=_meltrequest_include_fields(proofs)), # type: ignore
)
self.raise_on_error(resp)
Expand All @@ -522,7 +523,7 @@ async def restore_promises(
Asks the mint to restore promises corresponding to outputs.
"""
payload = PostMintRequest(outputs=outputs)
resp = self.s.post(self.url + "/restore", json=payload.dict())
resp = self.s.post(join(self.url, "restore"), json=payload.dict())
self.raise_on_error(resp)
response_dict = resp.json()
returnObj = PostRestoreResponse.parse_obj(response_dict)
Expand Down

0 comments on commit a7cc210

Please sign in to comment.