aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 06:24:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

protect contrib endpoint when needed

Browse Source
This commit is contained in:
Kukks
2019-01-02 11:29:47 +01:00
parent 5a3f7b5b70
commit bfec722312
4 changed files with 39 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
BTCPayServer/Controllers/AppsPublicController.cs
View File

@@ -107,14 +107,32 @@ namespace BTCPayServer.Controllers
public async Task<IActionResult> ContributeToCrowdfund(string appId, ContributeToCrowdfund request)
{
var app = await _AppsHelper.GetApp(appId, AppType.Crowdfund, true);
if (app == null ||
(!app.GetSettings<CrowdfundSettings>().Enabled &&
_AppsHelper.GetAppDataIfOwner(GetUserId(), appId, AppType.Crowdfund) == null))
if (app == null)
return NotFound();
var settings = app.GetSettings<CrowdfundSettings>();
var isAdmin = false;
if (!settings.Enabled)
{
isAdmin = await _AppsHelper.GetAppDataIfOwner(GetUserId(), appId, AppType.Crowdfund) == null;
if(!isAdmin)
return NotFound();
}
var info = await _CrowdfundHubStreamer.GetCrowdfundInfo(appId);
if(!isAdmin &&
((settings.StartDate.HasValue && DateTime.Now < settings.StartDate) ||
(settings.EndDate.HasValue && DateTime.Now > settings.EndDate) ||
(settings.EnforceTargetAmount && (info.Info.PendingProgressPercentage.GetValueOrDefault(0) + info.Info.ProgressPercentage.GetValueOrDefault(0)) >= 100)))
{
return NotFound();
}
var store = await _AppsHelper.GetStore(app);
string title = null;
var price = 0.0m;
var title = settings.Title;
var price = request.Amount;
if (!string.IsNullOrEmpty(request.ChoiceKey))
{
var choices = _AppsHelper.Parse(settings.PerksTemplate, settings.TargetCurrency);
@@ -126,12 +144,6 @@ namespace BTCPayServer.Controllers
if (request.Amount > price)
price = request.Amount;
}
else
{
price = request.Amount;
title = settings.Title;
}
store.AdditionalClaims.Add(new Claim(Policies.CanCreateInvoice.Key, store.Id));
var invoice = await _InvoiceController.CreateInvoiceCore(new Invoice()

25
BTCPayServer/Crowdfund/CrowdfundHubStreamer.cs
View File

@@ -28,8 +28,6 @@ namespace BTCPayServer.Hubs
private readonly RateFetcher _RateFetcher;
private readonly BTCPayNetworkProvider _BtcPayNetworkProvider;
private readonly InvoiceRepository _InvoiceRepository;
private Dictionary<string, CancellationTokenSource> _CacheTokens = new Dictionary<string, CancellationTokenSource>();
public CrowdfundHubStreamer(EventAggregator eventAggregator,
IHubContext<CrowdfundHub> hubContext,
IMemoryCache memoryCache,
@@ -50,20 +48,12 @@ namespace BTCPayServer.Hubs
public Task<ViewCrowdfundViewModel> GetCrowdfundInfo(string appId)
{
var key = GetCacheKey(appId);
return _MemoryCache.GetOrCreateAsync(key, async entry =>
return _MemoryCache.GetOrCreateAsync(GetCacheKey(appId), async entry =>
{
if (_CacheTokens.ContainsKey(key))
{
_CacheTokens.Remove(key);
}
var app = await _AppsHelper.GetApp(appId, AppType.Crowdfund, true);
var result = await GetInfo(app);
entry.SetValue(result);
var token = new CancellationTokenSource();
_CacheTokens.Add(key, token);
entry.AddExpirationToken(new CancellationChangeToken(token.Token));
TimeSpan? expire = null;
if (result.StartDate.HasValue && result.StartDate < DateTime.Now)
@@ -87,7 +77,7 @@ namespace BTCPayServer.Hubs
private void SubscribeToEvents()
{
_EventAggregator.Subscribe<InvoiceEvent>(Subscription);
_EventAggregator.Subscribe<InvoiceEvent>(OnInvoiceEvent);
_EventAggregator.Subscribe<AppsController.CrowdfundAppUpdated>(updated =>
{
InvalidateCacheForApp(updated.AppId);
@@ -99,7 +89,7 @@ namespace BTCPayServer.Hubs
return $"{CrowdfundInvoiceOrderIdPrefix}:{appId}";
}
private void Subscription(InvoiceEvent invoiceEvent)
private void OnInvoiceEvent(InvoiceEvent invoiceEvent)
{
if (!invoiceEvent.Invoice.OrderId.StartsWith(CrowdfundInvoiceOrderIdPrefix, StringComparison.InvariantCultureIgnoreCase))
{
@@ -128,10 +118,7 @@ namespace BTCPayServer.Hubs
private void InvalidateCacheForApp(string appId)
{
if (_CacheTokens.ContainsKey(appId))
{
_CacheTokens[appId].Cancel();
}
_MemoryCache.Remove(GetCacheKey(appId));
GetCrowdfundInfo(appId).ContinueWith(task =>
{
@@ -210,8 +197,8 @@ namespace BTCPayServer.Hubs
EmbeddedCSS = settings.EmbeddedCSS,
StoreId = appData.StoreDataId,
AppId = appData.Id,
StartDate = settings.StartDate,
EndDate = settings.EndDate,
StartDate = settings.StartDate?.ToUniversalTime(),
EndDate = settings.EndDate?.ToUniversalTime(),
TargetAmount = settings.TargetAmount,
TargetCurrency = settings.TargetCurrency,
EnforceTargetAmount = settings.EnforceTargetAmount,

5
BTCPayServer/Views/AppsPublic/Crowdfund/VueCrowdfund.cshtml
View File

@@ -197,8 +197,8 @@
</script>
<script type="text/x-template" id="perk-template">
<div class="card mb-4 perk" v-bind:class="{ 'expanded': expanded, 'unexpanded': !expanded }" v-on:click="expand">
<div class="perk-zoom " v-if="!expanded && active">
<div class="card mb-4 perk" v-bind:class="{ 'expanded': expanded, 'unexpanded': !expanded }" v-on:click="expand" :id="perk.id">
<div class="perk-zoom " v-if="canExpand">
<div class="perk-zoom-bg bg-primary"> </div>
<div class="perk-zoom-text w-100 text-center text-white font-weight-bold">
Select this contribution perk
@@ -218,6 +218,7 @@
<template v-else-if="!perk.price.value && perk.custom">
Any amount
</template>
</span>
</div>
<p class="card-text" v-if="perk.description" v-html="perk.description"></p>

7
BTCPayServer/wwwroot/crowdfund/app.js
View File

@@ -36,6 +36,11 @@ addLoadEvent(function (ev) {
expanded: false
}
},
computed: {
canExpand: function(){
return !this.expanded && this.active && (this.perk.price.value || this.perk.custom)
}
},
methods: {
onContributeFormSubmit: function (e) {
if (e) {
@@ -47,7 +52,7 @@ addLoadEvent(function (ev) {
eventAggregator.$emit("contribute", {amount: this.amount, choiceKey: this.choiceKey});
},
expand: function(){
if(this.active){
if(this.canExpand){
this.expanded = true;
}
}