Server side validation of PayButton POST

BTCPayServer/BTCPayServer.csproj

@@ -119,6 +119,9 @@
 	  <Content Update="Views\Apps\PayButton.cshtml">
 	    <Pack>$(IncludeRazorContentInPack)</Pack>
 	  </Content>
+	  <Content Update="Views\Apps\PayButtonHandle.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
 	  <Content Update="Views\Apps\PayButtonTest.cshtml">
 	    <Pack>$(IncludeRazorContentInPack)</Pack>
 	  </Content>

BTCPayServer/Controllers/AppsController.PointOfSale.cs

@@ -291,12 +291,7 @@ namespace BTCPayServer.Controllers
             var settings = app.GetSettings<PointOfSaleSettings>();
 
             var store = await GetStore(app);
-            var paymentMethods = store.GetSupportedPaymentMethods(_NetworkProvider)
+            List<string> currencyDropdown = supportedCurrencies(settings, store);
-                .Select(a=>a.PaymentId.ToString()).ToList();
-
-            var currencyDropdown = new List<string>();
-            currencyDropdown.Add(settings.Currency);
-            currencyDropdown.AddRange(paymentMethods);
 
             var model = new PayButtonViewModel
             {
@@ -309,6 +304,15 @@ namespace BTCPayServer.Controllers
             return View(model);
         }
 
+        private List<string> supportedCurrencies(PointOfSaleSettings settings, StoreData store)
+        {
+            var paymentMethods = store.GetSupportedPaymentMethods(_NetworkProvider)
+                            .Select(a => a.PaymentId.ToString()).ToList();
+            var currencyDropdown = new List<string>();
+            currencyDropdown.Add(settings.Currency);
+            currencyDropdown.AddRange(paymentMethods);
+            return currencyDropdown;
+        }
 
         [HttpPost]
         [Route("{appId}/pay")]
@@ -318,8 +322,20 @@ namespace BTCPayServer.Controllers
         {
             var app = await GetApp(appId, AppType.PointOfSale);
             var settings = app.GetSettings<PointOfSaleSettings>();
-            
             var store = await GetStore(app);
+
+            // TODO: extract validation to model
+            if (model.Price <= 0)
+                ModelState.AddModelError("Price", "Price must be greater than 0");
+
+            var curr = supportedCurrencies(settings, store);
+            if (!curr.Contains(model.Currency))
+                ModelState.AddModelError("Currency", $"Selected currency {model.Currency} is not supported in this store");
+            //
+
+            if (!ModelState.IsValid)
+                return View();
+
             var invoice = await _InvoiceController.CreateInvoiceCore(new NBitpayClient.Invoice()
             {
                 Price = model.Price,

BTCPayServer/Models/AppViewModels/PayButtonViewModel.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading.Tasks;
 
@@ -8,6 +9,7 @@ namespace BTCPayServer.Models.AppViewModels
     public class PayButtonViewModel
     {
         public decimal Price { get; set; }
+        [Required]
         public string Currency { get; set; }
         public string CheckoutDesc { get; set; }
         public string OrderId { get; set; }

BTCPayServer/Views/Apps/PayButtonHandle.cshtml

@@ -0,0 +1,20 @@
+@{ 
+    var allErrors = ViewData.ModelState.Values.SelectMany(v => v.Errors.Select(b => b.ErrorMessage));
+}
+
+<section>
+    <div class="container">
+        <div class="row">
+            <div class="col-lg-12">
+                <h2>Pay Button request failed</h2>
+                Please fix following errors:
+                <ul>
+                    @foreach (var error in allErrors)
+                    {
+                        <li>@error</li>
+                    }
+                </ul>
+            </div>
+        </div>
+    </div>
+</section>