btcpayserver/BTCPayServer/Controllers/GreenField/ApiKeysController.cs

using System.Linq;
using System.Threading.Tasks;
using BTCPayServer.Client;
using BTCPayServer.Client.Models;
using BTCPayServer.Data;
using BTCPayServer.Security;
using BTCPayServer.Security.GreenField;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using NBitcoin;
using NBitcoin.DataEncoders;

namespace BTCPayServer.Controllers.GreenField
{
    [ApiController]
    [Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
    [EnableCors(CorsPolicies.All)]
    public class ApiKeysController : ControllerBase
    {
        private readonly APIKeyRepository _apiKeyRepository;
        private readonly UserManager<ApplicationUser> _userManager;

        public ApiKeysController(APIKeyRepository apiKeyRepository, UserManager<ApplicationUser> userManager)
        {
            _apiKeyRepository = apiKeyRepository;
            _userManager = userManager;
        }

        [HttpGet("~/api/v1/api-keys/current")]
        public async Task<ActionResult<ApiKeyData>> GetKey()
        {
            if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))
            {
                return NotFound();
            }
            var data = await _apiKeyRepository.GetKey(apiKey);
            return Ok(FromModel(data));
        }

        [HttpPost("~/api/v1/api-keys")]
        [Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        public async Task<IActionResult> CreateKey(CreateApiKeyRequest request)
        {
            if (request is null)
                return NotFound();
            request.Permissions ??= System.Array.Empty<Permission>();
            var key = new APIKeyData()
            {
                Id = Encoders.Hex.EncodeData(RandomUtils.GetBytes(20)),
                Type = APIKeyType.Permanent,
                UserId = _userManager.GetUserId(User),
                Label = request.Label
            };
            key.SetBlob(new APIKeyBlob()
            {
                Permissions = request.Permissions.Select(p => p.ToString()).Distinct().ToArray()
            });
            await _apiKeyRepository.CreateKey(key);
            return Ok(FromModel(key));
        }

        [HttpDelete("~/api/v1/api-keys/current")]
        [Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
        public Task<IActionResult> RevokeCurrentKey()
        {
            if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))
            {
                // Should be impossible (we force apikey auth)
                return Task.FromResult<IActionResult>(BadRequest());
            }
            return RevokeKey(apiKey);
        }
        [HttpDelete("~/api/v1/api-keys/{apikey}", Order = 1)]
        [Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        public async Task<IActionResult> RevokeKey(string apikey)
        {
            if (string.IsNullOrEmpty(apikey))
                return NotFound();
            if (await _apiKeyRepository.Remove(apikey, _userManager.GetUserId(User)))
                return Ok();
            else
                return NotFound();
        }

        private static ApiKeyData FromModel(APIKeyData data)
        {
            return new ApiKeyData()
            {
                Permissions = Permission.ToPermissions(data.GetBlob().Permissions).ToArray(),
                ApiKey = data.Id,
                Label = data.Label ?? string.Empty
            };
        }
    }
}
Refactor permissions of GreenField 2020-03-19 11:11:15 +01:00			`using System.Linq;`
Run dotnet format 2020-06-28 10:55:27 +02:00			`using System.Threading.Tasks;`
Refactor permissions of GreenField 2020-03-19 11:11:15 +01:00			`using BTCPayServer.Client;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`using BTCPayServer.Client.Models;`
			`using BTCPayServer.Data;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`using BTCPayServer.Security;`
Run dotnet format 2020-06-28 10:55:27 +02:00			`using BTCPayServer.Security.GreenField;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`using Microsoft.AspNetCore.Authorization;`
Enable CORS and fix small doc error 2020-06-30 08:26:19 +02:00			`using Microsoft.AspNetCore.Cors;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`using Microsoft.AspNetCore.Identity;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`using Microsoft.AspNetCore.Mvc;`
GreenField: Create API Key 2020-03-27 06:17:31 +01:00			`using NBitcoin;`
Run dotnet format 2020-06-28 10:55:27 +02:00			`using NBitcoin.DataEncoders;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00
Move directories, rename controllers 2020-03-27 04:58:45 +01:00			`namespace BTCPayServer.Controllers.GreenField`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`{`
			`[ApiController]`
Restrict authentication to the APIController to GreenFieldAPIKeys 2020-03-27 05:13:40 +01:00			`[Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]`
Enable CORS and fix small doc error 2020-06-30 08:26:19 +02:00			`[EnableCors(CorsPolicies.All)]`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`public class ApiKeysController : ControllerBase`
			`{`
			`private readonly APIKeyRepository _apiKeyRepository;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`private readonly UserManager<ApplicationUser> _userManager;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`public ApiKeysController(APIKeyRepository apiKeyRepository, UserManager<ApplicationUser> userManager)`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`{`
			`_apiKeyRepository = apiKeyRepository;`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`_userManager = userManager;`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`}`
Run dotnet format 2020-06-28 10:55:27 +02:00
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`[HttpGet("~/api/v1/api-keys/current")]`
			`public async Task<ActionResult<ApiKeyData>> GetKey()`
			`{`
fix test 2020-03-23 21:18:02 +01:00			`if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))`
			`{`
			`return NotFound();`
			`}`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`var data = await _apiKeyRepository.GetKey(apiKey);`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`return Ok(FromModel(data));`
			`}`
Remove dependency on NSwag 2020-03-18 12:08:09 +01:00
GreenField: Create API Key 2020-03-27 06:17:31 +01:00			`[HttpPost("~/api/v1/api-keys")]`
			`[Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]`
Better error message if permission missing 2020-06-27 07:05:56 +02:00			`public async Task<IActionResult> CreateKey(CreateApiKeyRequest request)`
GreenField: Create API Key 2020-03-27 06:17:31 +01:00			`{`
			`if (request is null)`
Fix lightning implementation, docs and tests 2020-06-08 16:40:58 +02:00			`return NotFound();`
GreenField: Remove requirement for permissions >= 1 when creating key Sometimes you just want to have an api key to verify a user still exists periodically on a server and do not need any permissions 2020-07-16 10:26:04 +02:00			`request.Permissions ??= System.Array.Empty<Permission>();`
GreenField: Create API Key 2020-03-27 06:17:31 +01:00			`var key = new APIKeyData()`
			`{`
			`Id = Encoders.Hex.EncodeData(RandomUtils.GetBytes(20)),`
			`Type = APIKeyType.Permanent,`
			`UserId = _userManager.GetUserId(User),`
			`Label = request.Label`
			`};`
GreenField: Switch to Blob for API Keys 2020-04-02 08:59:20 +02:00			`key.SetBlob(new APIKeyBlob()`
			`{`
			`Permissions = request.Permissions.Select(p => p.ToString()).Distinct().ToArray()`
			`});`
GreenField: Create API Key 2020-03-27 06:17:31 +01:00			`await _apiKeyRepository.CreateKey(key);`
			`return Ok(FromModel(key));`
			`}`

BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`[HttpDelete("~/api/v1/api-keys/current")]`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 06:46:51 +01:00			`[Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]`
			`public Task<IActionResult> RevokeCurrentKey()`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`{`
fix test 2020-03-23 21:18:02 +01:00			`if (!ControllerContext.HttpContext.GetAPIKey(out var apiKey))`
			`{`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 06:46:51 +01:00			`// Should be impossible (we force apikey auth)`
			`return Task.FromResult<IActionResult>(BadRequest());`
fix test 2020-03-23 21:18:02 +01:00			`}`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 06:46:51 +01:00			`return RevokeKey(apiKey);`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`}`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 06:46:51 +01:00			`[HttpDelete("~/api/v1/api-keys/{apikey}", Order = 1)]`
			`[Authorize(Policy = Policies.Unrestricted, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]`
			`public async Task<IActionResult> RevokeKey(string apikey)`
			`{`
			`if (string.IsNullOrEmpty(apikey))`
Fix lightning implementation, docs and tests 2020-06-08 16:40:58 +02:00			`return NotFound();`
A api key can always revoke itself, add a route to delete any api key 2020-03-27 06:46:51 +01:00			`if (await _apiKeyRepository.Remove(apikey, _userManager.GetUserId(User)))`
			`return Ok();`
			`else`
			`return NotFound();`
			`}`

BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`private static ApiKeyData FromModel(APIKeyData data)`
			`{`
			`return new ApiKeyData()`
			`{`
GreenField: Switch to Blob for API Keys 2020-04-02 08:59:20 +02:00			`Permissions = Permission.ToPermissions(data.GetBlob().Permissions).ToArray(),`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`ApiKey = data.Id,`
Make sure ApiKeyData set all the fields, remove UserId 2020-03-20 12:00:05 +01:00			`Label = data.Label ?? string.Empty`
BTCPayServer.Client library + Revoke API Key 2020-03-02 16:50:28 +01:00			`};`
GreenField API #1: Get current API Key info 2020-02-24 18:43:28 +01:00			`}`
			`}`
			`}`