Revoke Legacy Api Keys (#1344)

closes #1333
2025-12-18 06:24:24 +01:00 · 2020-02-21 05:40:00 +01:00
parent b79b310bd5
commit 34702d2633
3 changed files with 46 additions and 5 deletions
--- a/BTCPayServer/Controllers/StoresController.cs
+++ b/BTCPayServer/Controllers/StoresController.cs
@@ -647,6 +647,7 @@ namespace BTCPayServer.Controllers
            return View(model);
        }

+
        [HttpGet]
        [Route("{storeId}/tokens/{tokenId}/revoke")]
        public async Task<IActionResult> RevokeToken(string tokenId)
@@ -780,13 +781,22 @@ namespace BTCPayServer.Controllers

        [HttpPost]
        [Route("{storeId}/tokens/apikey")]
-        public async Task<IActionResult> GenerateAPIKey(string storeId)
+        public async Task<IActionResult> GenerateAPIKey(string storeId, string command="")
        {
            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
+            if (command == "revoke")
+            {
+                await _TokenRepository.RevokeLegacyAPIKeys(CurrentStore.Id);
+                TempData[WellKnownTempData.SuccessMessage] = "API Key revoked";
+            }
+            else
+            {
                await _TokenRepository.GenerateLegacyAPIKey(CurrentStore.Id);
                TempData[WellKnownTempData.SuccessMessage] = "API Key re-generated";
+            }
+            
            return RedirectToAction(nameof(ListTokens), new
            {
                storeId
--- a/BTCPayServer/Security/Bitpay/TokenRepository.cs
+++ b/BTCPayServer/Security/Bitpay/TokenRepository.cs
@@ -76,6 +76,21 @@ namespace BTCPayServer.Security.Bitpay
            }
        }

+        public async Task RevokeLegacyAPIKeys(string storeId)
+        {
+            var keys = await GetLegacyAPIKeys(storeId);
+            if (!keys.Any())
+            {
+                return;
+            }
+
+            using (var ctx = _Factory.CreateContext())
+            {
+                ctx.ApiKeys.RemoveRange(keys.Select(s => new APIKeyData() {Id = s}));
+                await ctx.SaveChangesAsync();
+            }
+        }
+
        public async Task<string[]> GetLegacyAPIKeys(string storeId)
        {
            using (var ctx = _Factory.CreateContext())
--- a/BTCPayServer/Views/Stores/ListTokens.cshtml
+++ b/BTCPayServer/Views/Stores/ListTokens.cshtml
@@ -55,9 +55,25 @@
        <form method="post" asp-action="GenerateAPIKey" asp-route-storeId="@this.Context.GetRouteValue("storeId")">
            <div class="form-group">
                <label asp-for="ApiKey"></label>
+                <div class="input-group">
                    <input asp-for="ApiKey" readonly class="form-control"/>
+                    @if (string.IsNullOrEmpty(Model.ApiKey))
+                    {
+                        <div class="input-group-append">
+                            <button class="btn btn-success" type="submit">Generate</button>
+                        </div>
+                    }
+                    else
+                    {
+                        <div class="input-group-append">
+                            <button class="btn btn-danger" type="submit" name="command" value="revoke">Revoke</button>
+                        </div>
+                        <div class="input-group-append">
+                            <button class="btn btn-success" type="submit">Re-generate</button>
+                        </div>
+                    }
+                </div>               
            </div>
-            <button type="submit" class="btn btn-primary" role="button">Create new API Key</button>
        </form>
    </div>
 </div>