Api keys with openiddict (#1262)

* Remove OpenIddict * Add API Key system * Revert removing OpenIddict * fix rebase * fix tests * pr changes * fix tests * fix apikey test * pr change * fix db * add migration attrs * fix migration error * PR Changes * Fix sqlite migration * change api key to use Authorization Header * add supportAddForeignKey * use tempdata status message * fix add api key css * remove redirect url + app identifier feature :(
2025-12-25 09:54:21 +01:00 · 2020-02-24 14:36:15 +01:00
parent a3e7729c52
commit fa51180dfa
29 changed files with 1502 additions and 44 deletions
--- a/BTCPayServer/Security/APIKeys/APIKeyAuthenticationHandler.cs
+++ b/BTCPayServer/Security/APIKeys/APIKeyAuthenticationHandler.cs
@@ -0,0 +1,56 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Security.Bitpay;
+using BTCPayServer.Services.Stores;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace BTCPayServer.Security.APIKeys
+{
+    public class APIKeyAuthenticationHandler : AuthenticationHandler<APIKeyAuthenticationOptions>
+    {
+        private readonly APIKeyRepository _apiKeyRepository;
+        private readonly IOptionsMonitor<IdentityOptions> _identityOptions;
+
+        public APIKeyAuthenticationHandler(
+            APIKeyRepository apiKeyRepository,
+            IOptionsMonitor<IdentityOptions> identityOptions,
+            IOptionsMonitor<APIKeyAuthenticationOptions> options,
+            ILoggerFactory logger,
+            UrlEncoder encoder,
+            ISystemClock clock) : base(options, logger, encoder, clock)
+        {
+            _apiKeyRepository = apiKeyRepository;
+            _identityOptions = identityOptions;
+        }
+
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            if (!Context.Request.HttpContext.GetAPIKey(out var apiKey) || string.IsNullOrEmpty(apiKey))
+                return AuthenticateResult.NoResult();
+
+            var key = await _apiKeyRepository.GetKey(apiKey);
+
+            if (key == null)
+            {
+                return AuthenticateResult.Fail("ApiKey authentication failed");
+            }
+
+            List<Claim> claims = new List<Claim>();
+            
+            claims.Add(new Claim(_identityOptions.CurrentValue.ClaimsIdentity.UserIdClaimType, key.UserId));
+            claims.AddRange(key.GetPermissions()
+                .Select(permission => new Claim(APIKeyConstants.ClaimTypes.Permissions, permission)));
+
+            return AuthenticateResult.Success(new AuthenticationTicket(
+                new ClaimsPrincipal(new ClaimsIdentity(claims, APIKeyConstants.AuthenticationType)), APIKeyConstants.AuthenticationType));
+        }
+    }
+}