2020-06-28 10:55:27 +02:00
|
|
|
|
using System;
|
2017-09-13 08:47:34 +02:00
|
|
|
|
using System.Collections.Generic;
|
2020-06-28 10:55:27 +02:00
|
|
|
|
using System.IO;
|
2017-09-13 08:47:34 +02:00
|
|
|
|
using System.Linq;
|
2020-06-28 10:55:27 +02:00
|
|
|
|
using System.Net.WebSockets;
|
|
|
|
|
|
using System.Text;
|
2017-09-13 08:47:34 +02:00
|
|
|
|
using System.Threading.Tasks;
|
2020-06-28 10:55:27 +02:00
|
|
|
|
using BTCPayServer.Configuration;
|
2017-09-13 08:47:34 +02:00
|
|
|
|
using BTCPayServer.Logging;
|
|
|
|
|
|
using BTCPayServer.Models;
|
2020-06-04 08:53:55 +02:00
|
|
|
|
using BTCPayServer.Services;
|
2018-04-29 13:32:43 +02:00
|
|
|
|
using BTCPayServer.Services.Stores;
|
2020-06-28 10:55:27 +02:00
|
|
|
|
using Microsoft.AspNetCore.Http;
|
|
|
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
|
|
using Microsoft.Extensions.Primitives;
|
|
|
|
|
|
using Newtonsoft.Json;
|
2017-09-13 08:47:34 +02:00
|
|
|
|
|
|
|
|
|
|
namespace BTCPayServer.Hosting
|
|
|
|
|
|
{
|
2017-10-27 10:53:04 +02:00
|
|
|
|
public class BTCPayMiddleware
|
|
|
|
|
|
{
|
|
|
|
|
|
RequestDelegate _Next;
|
2017-12-02 15:22:23 +01:00
|
|
|
|
BTCPayServerOptions _Options;
|
2020-06-04 08:53:55 +02:00
|
|
|
|
BTCPayServerEnvironment _Env;
|
2017-12-16 17:04:20 +01:00
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
public BTCPayMiddleware(RequestDelegate next,
|
2020-06-04 08:53:55 +02:00
|
|
|
|
BTCPayServerOptions options,
|
|
|
|
|
|
BTCPayServerEnvironment env)
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
2020-06-04 08:53:55 +02:00
|
|
|
|
_Env = env ?? throw new ArgumentNullException(nameof(env));
|
2017-10-27 10:53:04 +02:00
|
|
|
|
_Next = next ?? throw new ArgumentNullException(nameof(next));
|
2017-12-02 15:22:23 +01:00
|
|
|
|
_Options = options ?? throw new ArgumentNullException(nameof(options));
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
2017-09-13 08:47:34 +02:00
|
|
|
|
|
2017-10-12 09:33:53 +02:00
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
public async Task Invoke(HttpContext httpContext)
|
|
|
|
|
|
{
|
2018-04-27 19:51:20 +02:00
|
|
|
|
try
|
2017-10-27 10:53:04 +02:00
|
|
|
|
{
|
2018-04-29 13:32:43 +02:00
|
|
|
|
var bitpayAuth = GetBitpayAuth(httpContext, out bool isBitpayAuth);
|
|
|
|
|
|
var isBitpayAPI = IsBitpayAPI(httpContext, isBitpayAuth);
|
2019-02-02 07:19:22 +01:00
|
|
|
|
if (isBitpayAPI && httpContext.Request.Method == "OPTIONS")
|
|
|
|
|
|
{
|
|
|
|
|
|
httpContext.Response.StatusCode = 200;
|
2019-02-02 07:22:00 +01:00
|
|
|
|
httpContext.Response.SetHeader("Access-Control-Allow-Origin", "*");
|
2019-02-02 07:51:38 +01:00
|
|
|
|
if (httpContext.Request.Headers.ContainsKey("Access-Control-Request-Headers"))
|
|
|
|
|
|
{
|
|
|
|
|
|
httpContext.Response.SetHeader("Access-Control-Allow-Headers", httpContext.Request.Headers["Access-Control-Request-Headers"].FirstOrDefault());
|
|
|
|
|
|
}
|
2019-02-02 07:19:22 +01:00
|
|
|
|
return; // We bypass MVC completely
|
|
|
|
|
|
}
|
2018-04-29 13:32:43 +02:00
|
|
|
|
httpContext.SetIsBitpayAPI(isBitpayAPI);
|
|
|
|
|
|
if (isBitpayAPI)
|
2018-04-29 11:28:04 +02:00
|
|
|
|
{
|
2019-02-02 08:12:51 +01:00
|
|
|
|
httpContext.Response.SetHeader("Access-Control-Allow-Origin", "*");
|
2018-04-30 15:28:00 +02:00
|
|
|
|
httpContext.SetBitpayAuth(bitpayAuth);
|
2018-04-29 13:32:43 +02:00
|
|
|
|
}
|
2019-10-07 05:43:17 +02:00
|
|
|
|
if (isBitpayAPI)
|
|
|
|
|
|
{
|
|
|
|
|
|
await _Next(httpContext);
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2020-06-04 08:53:55 +02:00
|
|
|
|
|
|
|
|
|
|
if (!httpContext.Request.IsOnion() && (httpContext.Request.Headers["Accept"].ToString().StartsWith("text/html", StringComparison.InvariantCulture)))
|
|
|
|
|
|
{
|
|
|
|
|
|
var onionLocation = _Env.OnionUrl + httpContext.Request.Path;
|
|
|
|
|
|
httpContext.Response.SetHeader("Onion-Location", onionLocation);
|
|
|
|
|
|
}
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
2018-02-15 08:17:27 +01:00
|
|
|
|
catch (WebSocketException)
|
|
|
|
|
|
{ }
|
2017-10-27 10:53:04 +02:00
|
|
|
|
catch (UnauthorizedAccessException ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
await HandleBitpayHttpException(httpContext, new BitpayHttpException(401, ex.Message));
|
2020-02-03 09:18:36 +01:00
|
|
|
|
return;
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
catch (BitpayHttpException ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
await HandleBitpayHttpException(httpContext, ex);
|
2020-02-03 09:18:36 +01:00
|
|
|
|
return;
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
Logs.PayServer.LogCritical(new EventId(), ex, "Unhandled exception in BTCPayMiddleware");
|
|
|
|
|
|
throw;
|
|
|
|
|
|
}
|
2019-10-07 05:43:17 +02:00
|
|
|
|
await _Next(httpContext);
|
2018-04-29 11:28:04 +02:00
|
|
|
|
}
|
2017-09-13 08:47:34 +02:00
|
|
|
|
|
2018-04-29 13:32:43 +02:00
|
|
|
|
private static (string Signature, String Id, String Authorization) GetBitpayAuth(HttpContext httpContext, out bool hasBitpayAuth)
|
|
|
|
|
|
{
|
|
|
|
|
|
httpContext.Request.Headers.TryGetValue("x-signature", out StringValues values);
|
|
|
|
|
|
var sig = values.FirstOrDefault();
|
|
|
|
|
|
httpContext.Request.Headers.TryGetValue("x-identity", out values);
|
|
|
|
|
|
var id = values.FirstOrDefault();
|
|
|
|
|
|
httpContext.Request.Headers.TryGetValue("Authorization", out values);
|
|
|
|
|
|
var auth = values.FirstOrDefault();
|
|
|
|
|
|
hasBitpayAuth = auth != null || (sig != null && id != null);
|
|
|
|
|
|
return (sig, id, auth);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private bool IsBitpayAPI(HttpContext httpContext, bool bitpayAuth)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!httpContext.Request.Path.HasValue)
|
|
|
|
|
|
return false;
|
|
|
|
|
|
|
2019-03-25 04:59:42 +01:00
|
|
|
|
// In case of anyone can create invoice, the storeId can be set explicitely
|
|
|
|
|
|
bitpayAuth |= httpContext.Request.Query.ContainsKey("storeid");
|
|
|
|
|
|
|
2018-05-11 15:38:31 +02:00
|
|
|
|
var isJson = (httpContext.Request.ContentType ?? string.Empty).StartsWith("application/json", StringComparison.OrdinalIgnoreCase);
|
2018-04-29 13:32:43 +02:00
|
|
|
|
var path = httpContext.Request.Path.Value;
|
2019-01-30 06:36:26 +01:00
|
|
|
|
var method = httpContext.Request.Method;
|
2019-02-02 05:57:17 +01:00
|
|
|
|
var isCors = method == "OPTIONS";
|
2019-01-30 06:57:10 +01:00
|
|
|
|
|
2018-04-29 13:32:43 +02:00
|
|
|
|
if (
|
2019-02-02 05:57:17 +01:00
|
|
|
|
(isCors || bitpayAuth) &&
|
2019-03-25 04:59:42 +01:00
|
|
|
|
(path == "/invoices" || path == "/invoices/") &&
|
2019-02-02 05:57:17 +01:00
|
|
|
|
(isCors || (method == "POST" && isJson)))
|
2018-04-29 13:32:43 +02:00
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
|
|
if (
|
2019-02-02 05:57:17 +01:00
|
|
|
|
(isCors || bitpayAuth) &&
|
2018-10-11 16:50:28 +02:00
|
|
|
|
(path == "/invoices" || path == "/invoices/") &&
|
2019-02-02 05:57:17 +01:00
|
|
|
|
(isCors || method == "GET"))
|
2018-04-29 13:32:43 +02:00
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
|
|
if (
|
2019-02-02 05:57:17 +01:00
|
|
|
|
path.StartsWith("/invoices/", StringComparison.OrdinalIgnoreCase) &&
|
|
|
|
|
|
(isCors || method == "GET") &&
|
|
|
|
|
|
(isCors || isJson || httpContext.Request.Query.ContainsKey("token")))
|
2018-04-29 13:32:43 +02:00
|
|
|
|
return true;
|
|
|
|
|
|
|
2018-07-27 07:55:42 +02:00
|
|
|
|
if (path.StartsWith("/rates", StringComparison.OrdinalIgnoreCase) &&
|
2019-02-02 05:57:17 +01:00
|
|
|
|
(isCors || method == "GET"))
|
2018-04-29 13:32:43 +02:00
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
|
|
if (
|
2018-10-06 16:20:01 +02:00
|
|
|
|
path.Equals("/tokens", StringComparison.Ordinal) &&
|
2019-02-02 05:57:17 +01:00
|
|
|
|
(isCors || method == "GET" || method == "POST"))
|
2018-04-29 13:32:43 +02:00
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2017-10-27 10:53:04 +02:00
|
|
|
|
private static async Task HandleBitpayHttpException(HttpContext httpContext, BitpayHttpException ex)
|
|
|
|
|
|
{
|
|
|
|
|
|
httpContext.Response.StatusCode = ex.StatusCode;
|
2020-02-03 09:18:36 +01:00
|
|
|
|
httpContext.Response.ContentType = "application/json";
|
|
|
|
|
|
var result = JsonConvert.SerializeObject(new BitpayErrorsModel(ex));
|
|
|
|
|
|
await httpContext.Response.WriteAsync(result);
|
2017-10-27 10:53:04 +02:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2017-09-13 08:47:34 +02:00
|
|
|
|
}
|
