BTCPayServer.Client library + Revoke API Key

2025-12-19 06:54:19 +01:00 · 2020-03-02 16:50:28 +01:00
parent c74f52a61c
commit 233fa8a4a1
18 changed files with 285 additions and 136 deletions
--- a/BTCPayServer/Controllers/RestApi/ApiKeys/ApiKeysController.cs
+++ b/BTCPayServer/Controllers/RestApi/ApiKeys/ApiKeysController.cs
@@ -1,9 +1,12 @@
 using System.Threading.Tasks;
+using BTCPayServer.Client.Models;
+using BTCPayServer.Data;
 using BTCPayServer.Hosting.OpenApi;
 using BTCPayServer.Security;
 using BTCPayServer.Security.APIKeys;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using NSwag.Annotations;

@@ -16,10 +19,12 @@ namespace BTCPayServer.Controllers.RestApi.ApiKeys
    public class ApiKeysController : ControllerBase
    {
        private readonly APIKeyRepository _apiKeyRepository;
+        private readonly UserManager<ApplicationUser> _userManager;

-        public ApiKeysController(APIKeyRepository apiKeyRepository)
+        public ApiKeysController(APIKeyRepository apiKeyRepository, UserManager<ApplicationUser> userManager)
        {
            _apiKeyRepository = apiKeyRepository;
+            _userManager = userManager;
        }
    
        [OpenApiOperation("Get current API Key information", "View information about the current API key")]
@@ -31,7 +36,30 @@ namespace BTCPayServer.Controllers.RestApi.ApiKeys
        {
            ControllerContext.HttpContext.GetAPIKey(out var apiKey);
            var data = await _apiKeyRepository.GetKey(apiKey);
-            return Ok(ApiKeyData.FromModel(data));
+            return Ok(FromModel(data));
+        }
+        
+        [OpenApiOperation("Revoke the current API Key", "Revoke the current API key so that it cannot be used anymore")]
+        [SwaggerResponse(StatusCodes.Status200OK, typeof(ApiKeyData),
+            Description = "The key was revoked and is no longer usable")]
+        [HttpDelete("~/api/v1/api-keys/current")]
+        [HttpDelete("~/api/v1/users/me/api-keys/current")]
+        public async Task<ActionResult<ApiKeyData>> RevokeKey()
+        {
+            ControllerContext.HttpContext.GetAPIKey(out var apiKey);
+            await _apiKeyRepository.Remove(apiKey, _userManager.GetUserId(User));
+            return Ok();
+        }
+        
+        private static ApiKeyData FromModel(APIKeyData data)
+        {
+            return new ApiKeyData()
+            {
+                Permissions = data.GetPermissions(),
+                ApiKey = data.Id,
+                UserId = data.UserId,
+                Label = data.Label
+            };
        }
    }
 }