aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2026-01-01 05:04:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

App: Authentication updates (#6536)

Browse Source 
- Updates API key extraction to also accept "Bearer" auth header. This is necessary for non-cookie based SignalR connections.
- Adds authentication related models to the client lib
- Succeeds and replaces #6484.
This commit is contained in:
d11n
2025-01-16 06:34:57 +01:00
committed by GitHub
parent 1c25d793c7
commit 2e458af4fb
4 changed files with 30 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
BTCPayServer/Security/GreenField/APIKeyExtensions.cs
View File

@@ -1,5 +1,6 @@
using System;
using System.Linq;
using System.Text.RegularExpressions;
using BTCPayServer.Abstractions.Constants;
using BTCPayServer.Client;
using Microsoft.AspNetCore.Authentication;
@@ -15,10 +16,11 @@ namespace BTCPayServer.Security.Greenfield
public static bool GetAPIKey(this HttpContext httpContext, out StringValues apiKey)
{
apiKey = default;
if (httpContext.Request.Headers.TryGetValue("Authorization", out var value) &&
value.ToString().StartsWith("token ", StringComparison.InvariantCultureIgnoreCase))
if (httpContext.Request.Headers.TryGetValue("Authorization", out var value))
{
apiKey = value.ToString().Substring("token ".Length);
var match = Regex.Match(value.ToString(), @"^(token|bearer)\s+(\S+)", RegexOptions.IgnoreCase);
if (!match.Success) return false;
apiKey = match.Groups[2].Value;
return true;
}
return false;