From 70b172addca7f76296a7944e8094e3bcacd5ed30 Mon Sep 17 00:00:00 2001 From: Kukks Date: Wed, 11 Mar 2020 18:05:40 +0100 Subject: [PATCH] Make api docs only available after login --- BTCPayServer/Hosting/BTCPayServerServices.cs | 1 - .../Hosting/OpenApi/OpenApiExtensions.cs | 23 +++++++++++++++++-- BTCPayServer/Hosting/Startup.cs | 2 ++ 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/BTCPayServer/Hosting/BTCPayServerServices.cs b/BTCPayServer/Hosting/BTCPayServerServices.cs index d455efd65..602bd5343 100644 --- a/BTCPayServer/Hosting/BTCPayServerServices.cs +++ b/BTCPayServer/Hosting/BTCPayServerServices.cs @@ -292,7 +292,6 @@ namespace BTCPayServer.Hosting public static IApplicationBuilder UsePayServer(this IApplicationBuilder app) { app.UseMiddleware(); - app.UseBTCPayOpenApi(); return app; } public static IApplicationBuilder UseHeadersOverride(this IApplicationBuilder app) diff --git a/BTCPayServer/Hosting/OpenApi/OpenApiExtensions.cs b/BTCPayServer/Hosting/OpenApi/OpenApiExtensions.cs index 60c05330d..ece7bb57d 100644 --- a/BTCPayServer/Hosting/OpenApi/OpenApiExtensions.cs +++ b/BTCPayServer/Hosting/OpenApi/OpenApiExtensions.cs @@ -1,15 +1,20 @@ using System; using System.Collections.Generic; using System.Linq; +using BTCPayServer.Configuration; +using BTCPayServer.Data; using BTCPayServer.Payments; using BTCPayServer.Security; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.DependencyInjection; using NJsonSchema; using NJsonSchema.Generation.TypeMappers; using NSwag; using NSwag.Generation.Processors.Security; +using Org.BouncyCastle.Asn1.Ocsp; namespace BTCPayServer.Hosting.OpenApi { @@ -17,7 +22,6 @@ namespace BTCPayServer.Hosting.OpenApi { public static IServiceCollection AddBTCPayOpenApi(this IServiceCollection serviceCollection) { - return serviceCollection.AddOpenApiDocument(config => { config.PostProcess = document => @@ -67,8 +71,23 @@ namespace BTCPayServer.Hosting.OpenApi public static IApplicationBuilder UseBTCPayOpenApi(this IApplicationBuilder builder) { + var roothPath = builder.ApplicationServices.GetService().RootPath; + var matched = new PathString($"{roothPath}docs"); return builder.UseOpenApi() - .UseReDoc(settings => settings.Path = "/docs"); + .Use(async (context, next) => + { + if (context.Request.Path.StartsWithSegments(matched, StringComparison.InvariantCultureIgnoreCase) && !context.User.Claims.Any()) + { + context.Response.Redirect( $"{context.Request.GetRelativePath(roothPath)}account/login?returnUrl={context.Request.Path}"); + return; + } + + await next.Invoke(); + }) + .UseReDoc(settings => + { + settings.Path = "/docs"; + }); } diff --git a/BTCPayServer/Hosting/Startup.cs b/BTCPayServer/Hosting/Startup.cs index 86eadaa71..61f0cdf06 100644 --- a/BTCPayServer/Hosting/Startup.cs +++ b/BTCPayServer/Hosting/Startup.cs @@ -19,6 +19,7 @@ using Microsoft.Extensions.DependencyInjection.Extensions; using BTCPayServer.Security; using Microsoft.AspNetCore.Server.Kestrel.Core; using System.Net; +using BTCPayServer.Hosting.OpenApi; using BTCPayServer.PaymentRequest; using BTCPayServer.Services.Apps; using BTCPayServer.Storage; @@ -183,6 +184,7 @@ namespace BTCPayServer.Hosting app.UseProviderStorage(options); app.UseAuthentication(); app.UseAuthorization(); + app.UseBTCPayOpenApi(); app.UseSession(); app.UseWebSockets();