mirror of
https://github.com/aljazceru/btcpayserver.git
synced 2025-12-18 06:24:24 +01:00
e2d0b7c5f7
* Set store context in cookie * Fix page id usages in view * Move Pay Button to nav * Move integrations to plugins nav * Store switch links to wallet if present * Test fixes * Nav fixes * Fix altcoin view * Main nav updates * Wallet setttings nav update * Move storeId cookie fallback to cookie auth handler * View fixes * Test fixes * Fix profile check * Rename integrations nav extension point to store-integrations-nav-list * Allow strings for Active page/category for plugins * Make invoice list filter based on store context * Do not set context if we are running authorizer through tag helper * Fix test and unfiltered invoices * Add permission helper for wallet links * Add sanity checks for payment requests and invoices * Store context in home controller * Fix PayjoinViaUI test * Store context for notifications * Minor UI improvements * Store context for userstores and vault controller * Bring back integrations page * Rename notifications nav pages file * Fix user stores controller policies * Controller policy fixes from code review * CookieAuthHandler: Simplify CanViewInvoices case * Revert "Controller policy fixes from code review" This reverts commit 97e8b8379c2f2f373bac15a96632d2c8913ef4bd. * Simplify LayoutSimple * Fix CanViewInvoices condition Co-authored-by: Kukks <evilkukka@gmail.com>
60 lines
1.9 KiB
C#
60 lines
1.9 KiB
C#
using System;
|
|
using System.Linq;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Routing;
|
|
|
|
namespace BTCPayServer.Security
|
|
{
|
|
public static class SecurityExtensions
|
|
{
|
|
public static bool HasScopes(this AuthorizationHandlerContext context, params string[] scopes)
|
|
{
|
|
return scopes.All(s => context.User.HasClaim(c => c.Type.Equals("scope", StringComparison.InvariantCultureIgnoreCase) && c.Value.Split(' ').Contains(s)));
|
|
}
|
|
|
|
public static string GetImplicitStoreId(this HttpContext httpContext)
|
|
{
|
|
// 1. Check in the routeData
|
|
var routeData = httpContext.GetRouteData();
|
|
string storeId = null;
|
|
if (routeData != null)
|
|
{
|
|
if (routeData.Values.TryGetValue("storeId", out var v))
|
|
storeId = v as string;
|
|
}
|
|
|
|
if (storeId == null)
|
|
{
|
|
if (httpContext.Request.Query.TryGetValue("storeId", out var sv))
|
|
{
|
|
storeId = sv.FirstOrDefault();
|
|
}
|
|
}
|
|
|
|
// 2. Check in forms
|
|
if (storeId == null)
|
|
{
|
|
if (httpContext.Request.HasFormContentType &&
|
|
httpContext.Request.Form != null &&
|
|
httpContext.Request.Form.TryGetValue("storeId", out var sv))
|
|
{
|
|
storeId = sv.FirstOrDefault();
|
|
}
|
|
}
|
|
|
|
// 3. Checks in walletId
|
|
if (storeId == null && routeData != null)
|
|
{
|
|
if (routeData.Values.TryGetValue("walletId", out var walletId) &&
|
|
WalletId.TryParse((string)walletId, out var w))
|
|
{
|
|
storeId = w.StoreId;
|
|
}
|
|
}
|
|
|
|
return storeId;
|
|
}
|
|
}
|
|
}
|