Fix LNURL pay amount validation

We allow receiving of more than 100 sats and less than 1M sats

app/controllers/lnurlpay_controller.rb

@@ -1,26 +1,32 @@
 class LnurlpayController < ApplicationController
   before_action :find_user_by_address
 
+  MIN_SATS = 100
+  MAX_SATS = 1_000_000
+
   def index
     render json: {
       status: "OK",
       callback: "https://accounts.kosmos.org/lnurlpay/#{@user.address}/invoice",
       tag: "payRequest",
-      maxSendable: 1000000 * 1000, # msat
-      minSendable: 100 * 1000, # msat
+      maxSendable: MAX_SATS * 1000, # msat
+      minSendable: MIN_SATS * 1000, # msat
       metadata: metadata(@user.address),
       commentAllowed: 0
     }
   end
 
   def invoice
-    amount = params[:amount].to_i # msats
+    amount = params[:amount].to_i / 1000 # msats
     address = params[:address]
 
-    validate_amount(amount)
+    if !valid_amount?(amount)
+      render json: { status: "ERROR", reason: "Invalid amount" }
+      return
+    end
 
     payment_request = @user.ln_create_invoice({
-      amount: amount / 1000, # we create invoices in sats
+      amount: amount, # we create invoices in sats
       description_hash: Digest::SHA2.hexdigest(metadata(address))
     })
 
@@ -47,11 +53,8 @@ class LnurlpayController < ApplicationController
     "[[\"text/identifier\", \"#{address}\"], [\"text/plain\", \"Send sats, receive thanks.\"]]"
   end
 
-  def validate_amount(amount)
-    if amount > 1000000 || amount < 1000
-      render json: { status: "ERROR", reason: "Invalid amount" }
-      return
-    end
+  def valid_amount?(amount_in_sats)
+    amount_sats <= MAX_SATS && amount_in_sats >= MIN_SATS
   end
 
 end