aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2026-02-03 05:14:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

BTCPayServer.Client library + Revoke API Key

Browse Source
This commit is contained in:
Kukks
2020-03-02 16:50:28 +01:00
parent c74f52a61c
commit 233fa8a4a1
18 changed files with 285 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
BTCPayServer/Security/APIKeys/APIKeyAuthorizationHandler.cs
View File

@@ -1,5 +1,6 @@
using System.Linq;
using System.Threading.Tasks;
using BTCPayServer.Client;
using BTCPayServer.Data;
using BTCPayServer.Services.Stores;
using Microsoft.AspNetCore.Authorization;
@@ -35,14 +36,14 @@ namespace BTCPayServer.Security.APIKeys
{
case Policies.CanListStoreSettings.Key:
var selectiveStorePermissions =
APIKeyConstants.Permissions.ExtractStorePermissionsIds(context.GetPermissions());
success = context.HasPermissions(APIKeyConstants.Permissions.StoreManagement) ||
Permissions.ExtractStorePermissionsIds(context.GetPermissions());
success = context.HasPermissions(Permissions.StoreManagement) ||
selectiveStorePermissions.Any();
break;
case Policies.CanModifyStoreSettings.Key:
string storeId = _HttpContext.GetImplicitStoreId();
if (!context.HasPermissions(APIKeyConstants.Permissions.StoreManagement) &&
!context.HasPermissions(APIKeyConstants.Permissions.GetStorePermission(storeId)))
if (!context.HasPermissions(Permissions.StoreManagement) &&
!context.HasPermissions(Permissions.GetStorePermission(storeId)))
break;
if (storeId == null)
@@ -63,7 +64,7 @@ namespace BTCPayServer.Security.APIKeys
break;
case Policies.CanModifyServerSettings.Key:
if (!context.HasPermissions(APIKeyConstants.Permissions.ServerManagement))
if (!context.HasPermissions(Permissions.ServerManagement))
break;
// For this authorization, we stil check in database because it is super sensitive.
var user = await _userManager.GetUserAsync(context.User);