aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 06:24:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

A api key can always revoke itself, add a route to delete any api key

Browse Source
This commit is contained in:
nicolas.dorier
2020-03-27 14:46:51 +09:00
parent 39a8c3fe47
commit 6d7b57ea3b
5 changed files with 69 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
BTCPayServer/Controllers/GreenField/ApiKeysController.cs
View File

@@ -56,17 +56,28 @@ namespace BTCPayServer.Controllers.GreenField
}
[HttpDelete("~/api/v1/api-keys/current")]
[Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
public async Task<IActionResult> RevokeKey()
[Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
public Task<IActionResult> RevokeCurrentKey()
{
if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))
{
return NotFound();
// Should be impossible (we force apikey auth)
return Task.FromResult<IActionResult>(BadRequest());
}
await _apiKeyRepository.Remove(apiKey, _userManager.GetUserId(User));
return Ok();
return RevokeKey(apiKey);
}
[HttpDelete("~/api/v1/api-keys/{apikey}", Order = 1)]
[Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
public async Task<IActionResult> RevokeKey(string apikey)
{
if (string.IsNullOrEmpty(apikey))
return BadRequest();
if (await _apiKeyRepository.Remove(apikey, _userManager.GetUserId(User)))
return Ok();
else
return NotFound();
}
private static ApiKeyData FromModel(APIKeyData data)
{
return new ApiKeyData()