btcpayserver/BTCPayServer/Controllers/GreenField/GreenfieldApiKeysController.cs

using System.Linq;
using System.Threading.Tasks;
using BTCPayServer.Abstractions.Constants;
using BTCPayServer.Abstractions.Extensions;
using BTCPayServer.Client;
using BTCPayServer.Client.Models;
using BTCPayServer.Data;
using BTCPayServer.Security;
using BTCPayServer.Security.Greenfield;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using NBitcoin;
using NBitcoin.DataEncoders;

namespace BTCPayServer.Controllers.Greenfield
{
    [ApiController]
    [Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
    [EnableCors(CorsPolicies.All)]
    public class GreenfieldApiKeysController : ControllerBase
    {
        private readonly APIKeyRepository _apiKeyRepository;
        private readonly UserManager<ApplicationUser> _userManager;

        public GreenfieldApiKeysController(APIKeyRepository apiKeyRepository, UserManager<ApplicationUser> userManager)
        {
            _apiKeyRepository = apiKeyRepository;
            _userManager = userManager;
        }

        [HttpGet("~/api/v1/api-keys/current")]
        public async Task<IActionResult> GetKey()
        {
            if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))
            {
                return
                    this.CreateAPIError(404, "api-key-not-found", "The api key was not present.");
            }
            var data = await _apiKeyRepository.GetKey(apiKey);
            return Ok(FromModel(data));
        }

        [HttpPost("~/api/v1/api-keys")]
        [Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        public Task<IActionResult> CreateAPIKey(CreateApiKeyRequest request)
        {
            return CreateUserAPIKey(_userManager.GetUserId(User), request);
        }

        [HttpPost("~/api/v1/users/{idOrEmail}/api-keys")]
        [Authorize(Policy = Policies.CanManageUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        public async Task<IActionResult> CreateUserAPIKey(string idOrEmail, CreateApiKeyRequest request)
        {
            request ??= new CreateApiKeyRequest();
            request.Permissions ??= System.Array.Empty<Permission>();

            var userId = (await _userManager.FindByIdOrEmail(idOrEmail))?.Id;
            if (userId is null)
                return this.UserNotFound();
            var key = new APIKeyData()
            {
                Id = Encoders.Hex.EncodeData(RandomUtils.GetBytes(20)),
                Type = APIKeyType.Permanent,
                UserId = userId,
                Label = request.Label
            };
            key.SetBlob(new APIKeyBlob()
            {
                Permissions = request.Permissions.Select(p => p.ToString()).Distinct().ToArray()
            });
            await _apiKeyRepository.CreateKey(key);
            return Ok(FromModel(key));
        }

        [HttpDelete("~/api/v1/api-keys/current")]
        [Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
        public Task<IActionResult> RevokeCurrentKey()
        {
            if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))
            {
                // Should be impossible (we force apikey auth)
                return Task.FromResult<IActionResult>(BadRequest());
            }
            return RevokeAPIKey(apiKey);
        }
        [HttpDelete("~/api/v1/api-keys/{apikey}", Order = 1)]
        [Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        public Task<IActionResult> RevokeAPIKey(string apikey)
        {
            return RevokeAPIKey(_userManager.GetUserId(User), apikey);
        }

        [HttpDelete("~/api/v1/users/{idOrEmail}/api-keys/{apikey}", Order = 1)]
        [Authorize(Policy = Policies.CanManageUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        public async Task<IActionResult> RevokeAPIKey(string idOrEmail, string apikey)
        {
            var userId = (await _userManager.FindByIdOrEmail(idOrEmail))?.Id;
            if (userId is null)
                return this.UserNotFound();
            if (!string.IsNullOrEmpty(apikey) &&
                await _apiKeyRepository.Remove(apikey, userId))
                return Ok();
            else
                return this.CreateAPIError("apikey-not-found", "This apikey does not exists");
        }


        private static ApiKeyData FromModel(APIKeyData data)
        {
            return new ApiKeyData()
            {
                Permissions = Permission.ToPermissions(data.GetBlob().Permissions).ToArray(),
                ApiKey = data.Id,
                Label = data.Label ?? string.Empty
            };
        }
    }
}
Refactor permissions of GreenField 2020-03-19 19:11:15 +09:00			`using System.Linq;`
Run dotnet format 2020-06-28 17:55:27 +09:00			`using System.Threading.Tasks;`
Plugins: Allow creation of independent DbContexts This allows plugins to create custom dbcontexts, which would be namespaced in the scheme with a prefix. Migrations are supported too and the table would be prefixed too 2020-11-17 13:46:23 +01:00			`using BTCPayServer.Abstractions.Constants;`
Refactoring: Allow GreenfieldExtensions to be used by plugins 2022-02-24 09:00:44 +01:00			`using BTCPayServer.Abstractions.Extensions;`
Refactor permissions of GreenField 2020-03-19 19:11:15 +09:00			`using BTCPayServer.Client;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`using BTCPayServer.Client.Models;`
			`using BTCPayServer.Data;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`using BTCPayServer.Security;`
Rename GreenField -> Greenfield 2022-01-14 13:05:23 +09:00			`using BTCPayServer.Security.Greenfield;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`using Microsoft.AspNetCore.Authorization;`
Enable CORS and fix small doc error 2020-06-30 08:26:19 +02:00			`using Microsoft.AspNetCore.Cors;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`using Microsoft.AspNetCore.Identity;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`using Microsoft.AspNetCore.Mvc;`
Do not create if create API key is called on a non-existant user (Fix #4731) 2023-03-03 20:30:54 +09:00			`using Microsoft.EntityFrameworkCore;`
GreenField: Create API Key 2020-03-27 14:17:31 +09:00			`using NBitcoin;`
Run dotnet format 2020-06-28 17:55:27 +09:00			`using NBitcoin.DataEncoders;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00
Rename GreenField -> Greenfield 2022-01-14 13:05:23 +09:00			`namespace BTCPayServer.Controllers.Greenfield`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`{`
			`[ApiController]`
Restrict authentication to the APIController to GreenFieldAPIKeys 2020-03-27 13:13:40 +09:00			`[Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]`
Enable CORS and fix small doc error 2020-06-30 08:26:19 +02:00			`[EnableCors(CorsPolicies.All)]`
Rename greenfield controllers 2022-01-07 12:17:59 +09:00			`public class GreenfieldApiKeysController : ControllerBase`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`{`
			`private readonly APIKeyRepository _apiKeyRepository;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`private readonly UserManager<ApplicationUser> _userManager;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00
Rename greenfield controllers 2022-01-07 12:17:59 +09:00			`public GreenfieldApiKeysController(APIKeyRepository apiKeyRepository, UserManager<ApplicationUser> userManager)`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`{`
			`_apiKeyRepository = apiKeyRepository;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`_userManager = userManager;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`}`
Run dotnet format 2020-06-28 17:55:27 +09:00
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`[HttpGet("~/api/v1/api-keys/current")]`
Normalize greenfield responses for 404s (#3220) 2021-12-23 05:32:08 +01:00			`public async Task<IActionResult> GetKey()`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`{`
fix test 2020-03-23 21:18:02 +01:00			`if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))`
			`{`
Normalize greenfield responses for 404s (#3220) 2021-12-23 05:32:08 +01:00			`return`
			`this.CreateAPIError(404, "api-key-not-found", "The api key was not present.");`
fix test 2020-03-23 21:18:02 +01:00			`}`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`var data = await _apiKeyRepository.GetKey(apiKey);`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`return Ok(FromModel(data));`
			`}`
Remove dependency on NSwag 2020-03-18 20:08:09 +09:00
GreenField: Create API Key 2020-03-27 14:17:31 +09:00			`[HttpPost("~/api/v1/api-keys")]`
			`[Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]`
Greenfield: Admins can create/delete API keys of any user (#4680) * Greenfield: Admins can create/delete API keys of any user * Greenfield: Improve doc for scoped apikey (Close #4673) * Fix permissions hierarchy * Update BTCPayServer.Client/Permissions.cs * Fix tests --------- Co-authored-by: Andrew Camilleri <evilkukka@gmail.com> 2023-02-24 16:19:03 +09:00			`public Task<IActionResult> CreateAPIKey(CreateApiKeyRequest request)`
			`{`
			`return CreateUserAPIKey(_userManager.GetUserId(User), request);`
			`}`

[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 21:24:27 +09:00			`[HttpPost("~/api/v1/users/{idOrEmail}/api-keys")]`
Greenfield: Admins can create/delete API keys of any user (#4680) * Greenfield: Admins can create/delete API keys of any user * Greenfield: Improve doc for scoped apikey (Close #4673) * Fix permissions hierarchy * Update BTCPayServer.Client/Permissions.cs * Fix tests --------- Co-authored-by: Andrew Camilleri <evilkukka@gmail.com> 2023-02-24 16:19:03 +09:00			`[Authorize(Policy = Policies.CanManageUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 21:24:27 +09:00			`public async Task<IActionResult> CreateUserAPIKey(string idOrEmail, CreateApiKeyRequest request)`
GreenField: Create API Key 2020-03-27 14:17:31 +09:00			`{`
Normalize greenfield responses for 404s (#3220) 2021-12-23 05:32:08 +01:00			`request ??= new CreateApiKeyRequest();`
GreenField: Remove requirement for permissions >= 1 when creating key Sometimes you just want to have an api key to verify a user still exists periodically on a server and do not need any permissions 2020-07-16 10:26:04 +02:00			`request.Permissions ??= System.Array.Empty<Permission>();`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 21:24:27 +09:00
			`var userId = (await _userManager.FindByIdOrEmail(idOrEmail))?.Id;`
			`if (userId is null)`
			`return this.UserNotFound();`
GreenField: Create API Key 2020-03-27 14:17:31 +09:00			`var key = new APIKeyData()`
			`{`
			`Id = Encoders.Hex.EncodeData(RandomUtils.GetBytes(20)),`
			`Type = APIKeyType.Permanent,`
Greenfield: Admins can create/delete API keys of any user (#4680) * Greenfield: Admins can create/delete API keys of any user * Greenfield: Improve doc for scoped apikey (Close #4673) * Fix permissions hierarchy * Update BTCPayServer.Client/Permissions.cs * Fix tests --------- Co-authored-by: Andrew Camilleri <evilkukka@gmail.com> 2023-02-24 16:19:03 +09:00			`UserId = userId,`
GreenField: Create API Key 2020-03-27 14:17:31 +09:00			`Label = request.Label`
			`};`
GreenField: Switch to Blob for API Keys 2020-04-02 08:59:20 +02:00			`key.SetBlob(new APIKeyBlob()`
			`{`
			`Permissions = request.Permissions.Select(p => p.ToString()).Distinct().ToArray()`
			`});`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 21:24:27 +09:00			`await _apiKeyRepository.CreateKey(key);`
GreenField: Create API Key 2020-03-27 14:17:31 +09:00			`return Ok(FromModel(key));`
			`}`

BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`[HttpDelete("~/api/v1/api-keys/current")]`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 14:46:51 +09:00			`[Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]`
			`public Task<IActionResult> RevokeCurrentKey()`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`{`
fix test 2020-03-23 21:18:02 +01:00			`if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))`
			`{`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 14:46:51 +09:00			`// Should be impossible (we force apikey auth)`
			`return Task.FromResult<IActionResult>(BadRequest());`
fix test 2020-03-23 21:18:02 +01:00			`}`
Greenfield: Admins can create/delete API keys of any user (#4680) * Greenfield: Admins can create/delete API keys of any user * Greenfield: Improve doc for scoped apikey (Close #4673) * Fix permissions hierarchy * Update BTCPayServer.Client/Permissions.cs * Fix tests --------- Co-authored-by: Andrew Camilleri <evilkukka@gmail.com> 2023-02-24 16:19:03 +09:00			`return RevokeAPIKey(apiKey);`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`}`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 14:46:51 +09:00			`[HttpDelete("~/api/v1/api-keys/{apikey}", Order = 1)]`
			`[Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]`
Greenfield: Admins can create/delete API keys of any user (#4680) * Greenfield: Admins can create/delete API keys of any user * Greenfield: Improve doc for scoped apikey (Close #4673) * Fix permissions hierarchy * Update BTCPayServer.Client/Permissions.cs * Fix tests --------- Co-authored-by: Andrew Camilleri <evilkukka@gmail.com> 2023-02-24 16:19:03 +09:00			`public Task<IActionResult> RevokeAPIKey(string apikey)`
			`{`
			`return RevokeAPIKey(_userManager.GetUserId(User), apikey);`
			`}`

[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 21:24:27 +09:00			`[HttpDelete("~/api/v1/users/{idOrEmail}/api-keys/{apikey}", Order = 1)]`
Greenfield: Admins can create/delete API keys of any user (#4680) * Greenfield: Admins can create/delete API keys of any user * Greenfield: Improve doc for scoped apikey (Close #4673) * Fix permissions hierarchy * Update BTCPayServer.Client/Permissions.cs * Fix tests --------- Co-authored-by: Andrew Camilleri <evilkukka@gmail.com> 2023-02-24 16:19:03 +09:00			`[Authorize(Policy = Policies.CanManageUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 21:24:27 +09:00			`public async Task<IActionResult> RevokeAPIKey(string idOrEmail, string apikey)`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 14:46:51 +09:00			`{`
[Greenfield] Allow passing email instead of user id in API (#4732) 2023-03-03 21:24:27 +09:00			`var userId = (await _userManager.FindByIdOrEmail(idOrEmail))?.Id;`
			`if (userId is null)`
			`return this.UserNotFound();`
Mention the missing API permission in the response of a Greenfield request (#3195) * Mention the missing API permission in the response header or body * Fixes + Added a unit test. 1 TODO remains. * Added MissingPermissionDescription to the error * Update BTCPayServer.Tests/GreenfieldAPITests.cs Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com> * Fix tests * [GreenField]: Make sure we are sending fully typed errors Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com> 2021-12-16 15:04:06 +01:00			`if (!string.IsNullOrEmpty(apikey) &&`
Greenfield: Admins can create/delete API keys of any user (#4680) * Greenfield: Admins can create/delete API keys of any user * Greenfield: Improve doc for scoped apikey (Close #4673) * Fix permissions hierarchy * Update BTCPayServer.Client/Permissions.cs * Fix tests --------- Co-authored-by: Andrew Camilleri <evilkukka@gmail.com> 2023-02-24 16:19:03 +09:00			`await _apiKeyRepository.Remove(apikey, userId))`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 14:46:51 +09:00			`return Ok();`
			`else`
Mention the missing API permission in the response of a Greenfield request (#3195) * Mention the missing API permission in the response header or body * Fixes + Added a unit test. 1 TODO remains. * Added MissingPermissionDescription to the error * Update BTCPayServer.Tests/GreenfieldAPITests.cs Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com> * Fix tests * [GreenField]: Make sure we are sending fully typed errors Co-authored-by: Nicolas Dorier <nicolas.dorier@gmail.com> 2021-12-16 15:04:06 +01:00			`return this.CreateAPIError("apikey-not-found", "This apikey does not exists");`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 14:46:51 +09:00			`}`

Greenfield: Admins can create/delete API keys of any user (#4680) * Greenfield: Admins can create/delete API keys of any user * Greenfield: Improve doc for scoped apikey (Close #4673) * Fix permissions hierarchy * Update BTCPayServer.Client/Permissions.cs * Fix tests --------- Co-authored-by: Andrew Camilleri <evilkukka@gmail.com> 2023-02-24 16:19:03 +09:00
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`private static ApiKeyData FromModel(APIKeyData data)`
			`{`
			`return new ApiKeyData()`
			`{`
GreenField: Switch to Blob for API Keys 2020-04-02 08:59:20 +02:00			`Permissions = Permission.ToPermissions(data.GetBlob().Permissions).ToArray(),`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`ApiKey = data.Id,`
Make sure ApiKeyData set all the fields, remove UserId 2020-03-20 20:00:05 +09:00			`Label = data.Label ?? string.Empty`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`};`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`}`
			`}`
			`}`