mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-21 22:11:48 +01:00
Code Issues Projects Releases Packages Wiki Activity

Policies: Add warnings for certain options (#5554)

Browse source
This commit is contained in:
d11n 2023-12-13 10:53:37 +01:00 committed by GitHub
parent 6324a1a1e8
commit 26374ef476
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 85 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
BTCPayServer/Views/Shared/ListRoles.cshtml
View file

@ -96,7 +96,10 @@
<td>
@if (!role.Permissions.Any())
{
<span class="text-warning">No policies</span>
<span class="info-note text-warning">
<vc:icon symbol="warning"/>
No policies
</span>
}
else
{

2
BTCPayServer/Views/UIHome/RecoverySeedBackup.cshtml
View file

@ -70,7 +70,7 @@
<span>Do not photograph the recovery phrase, and do not store it digitally.</span>
</p>
<br />
<p class="text-warning">
<p class="text-warning">
<strong>The recovery phrase will be permanently erased from the server.</strong>
</p>
}

2
BTCPayServer/Views/UIInvoice/ListInvoicesPaymentsPartial.cshtml
View file

@ -9,7 +9,7 @@
@if (invoice.Overpaid)
{
var usedPaymentMethods = invoice.CryptoPayments.Count(p => p.Paid != null);
<p class="d-flex align-items-center gap-2 mb-3 text-warning">
<p class="info-note text-warning">
<vc:icon symbol="warning"/>
This invoice got overpaid.
@if (usedPaymentMethods > 1)

5
BTCPayServer/Views/UIManage/APIKeys.cshtml
View file

@ -56,7 +56,10 @@
}
@if (!permissions.Any())
{
<span class="text-warning">No permissions</span>
<span class="info-note text-warning">
<vc:icon symbol="warning"/>
No permissions
</span>
}
else
{

3
BTCPayServer/Views/UIManage/AddApiKey.cshtml
View file

@ -84,7 +84,8 @@
@if (!Model.Stores.Any())
{
<p class="text-warning mt-2 mb-0">
<p class="info-note text-warning mt-2 mb-0">
<vc:icon symbol="warning"/>
You currently have no stores configured.
</p>
}

10
BTCPayServer/Views/UIPaymentRequest/EditPaymentRequest.cshtml
View file

@ -54,7 +54,10 @@
<span asp-validation-for="Amount" class="text-danger"></span>
@if (!Model.AmountAndCurrencyEditable)
{
<p class="text-warning mb-0 mt-2">Amount and currency are not editable once payment request has invoices</p>
<p class="info-note text-warning mb-0 mt-2">
<vc:icon symbol="warning"/>
Amount and currency are not editable once payment request has invoices
</p>
}
</div>
<div class="form-group">
@ -89,7 +92,10 @@
<a asp-action="StoreEmails" asp-controller="UIStores" asp-route-storeId="@Model.StoreId">email rules</a>.
@if (Model.HasEmailRules is not true)
{
<div class="text-warning">No payment request related email rules have been configured for this store.</div>
<div class="info-note mt-1 text-warning" role="alert">
<vc:icon symbol="warning"/>
No payment request related email rules have been configured for this store.
</div>
}
</div>
</div>

34
BTCPayServer/Views/UIServer/Policies.cshtml
View file

@ -9,6 +9,20 @@
var linkProviders = TransactionLinkProviders.ToArray();
}
@section PageHeadContent {
<style>
#AllowLightningInternalNodeForAll ~ .info-note,
#AllowHotWalletRPCImportForAll ~ .info-note,
#AllowHotWalletForAll ~ .info-note,
#DisableNonAdminCreateUserApi:checked ~ .info-note,
#LockSubscription:checked ~ .info-note { display: none; }
#AllowLightningInternalNodeForAll:checked ~ .info-note,
#AllowHotWalletRPCImportForAll:checked ~ .info-note,
#AllowHotWalletForAll:checked ~ .info-note { display: inline-flex; }
</style>
}
<h3 class="mb-4">@ViewData["Title"]</h3>
@if (!ViewContext.ModelState.IsValid)
@ -28,6 +42,10 @@
<vc:icon symbol="info" />
</a>
<span asp-validation-for="AllowLightningInternalNodeForAll" class="text-danger"></span>
<div class="info-note mt-2 text-warning" role="alert">
<vc:icon symbol="warning"/>
Caution: Enabling this option, may simplify the onboarding for third-parties but carries liabilities and security risks associated with sharing the lightning node with other users.
</div>
</div>
<div class="form-check my-3">
<input asp-for="AllowHotWalletForAll" type="checkbox" class="form-check-input"/>
@ -36,11 +54,19 @@
<vc:icon symbol="info" />
</a>
<span asp-validation-for="AllowHotWalletForAll" class="text-danger"></span>
<div class="info-note mt-2 text-warning" role="alert">
<vc:icon symbol="warning"/>
Caution: Enabling this option, may simplify the onboarding and spending for third-parties but carries liabilities and security risks associated to storing private keys of third parties on a server.
</div>
</div>
<div class="form-check my-3">
<input asp-for="AllowHotWalletRPCImportForAll" type="checkbox" class="form-check-input"/>
<label asp-for="AllowHotWalletRPCImportForAll" class="form-check-label"></label>
<span asp-validation-for="AllowHotWalletRPCImportForAll" class="text-danger"></span>
<div class="info-note mt-2 text-warning" role="alert">
<vc:icon symbol="warning"/>
Caution: Enabling this option, may simplify the onboarding and spending for third-parties but carries liabilities and security risks associated to storing private keys of third parties on a server.
</div>
</div>
</div>
@ -70,12 +96,20 @@
<input asp-for="LockSubscription" type="checkbox" class="form-check-input"/>
<label asp-for="LockSubscription" class="form-check-label"></label>
<span asp-validation-for="LockSubscription" class="text-danger"></span>
<div class="info-note mt-2 text-warning" role="alert">
<vc:icon symbol="warning"/>
Caution: Enabling public user registration means anyone can register to your server and may expose your BTCPay Server instance to potential security risks from unknown users.
</div>
</div>
<div class="form-check my-3">
<input asp-for="DisableNonAdminCreateUserApi" type="checkbox" class="form-check-input"/>
<label asp-for="DisableNonAdminCreateUserApi" class="form-check-label"></label>
<span asp-validation-for="DisableNonAdminCreateUserApi" class="text-danger"></span>
<div class="info-note mt-2 text-warning" role="alert">
<vc:icon symbol="warning"/>
Caution: Allowing non-admins to have access to API endpoints may expose your BTCPay Server instance to potential security risks from unknown users.
</div>
</div>
</div>

7
BTCPayServer/Views/UIStores/WalletSettings.cshtml
View file

@ -176,15 +176,16 @@
<a href="https://docs.btcpayserver.org/FAQ/Stores/#consider-the-invoice-confirmed-when-the-payment-transaction" target="_blank" rel="noreferrer noopener" title="More information...">
<vc:icon symbol="info"/>
</a>
<select asp-for="SpeedPolicy" class="form-select w-auto" onchange="document.getElementById('unconfirmed-warning').hidden = this.value !== '0';">
<select asp-for="SpeedPolicy" class="form-select w-auto" onchange="document.getElementById('unconfirmed-warning').hidden = this.value !== '0'">
<option value="0">Is unconfirmed</option>
<option value="1">Has at least 1 confirmation</option>
<option value="3">Has at least 2 confirmations</option>
<option value="2">Has at least 6 confirmations</option>
</select>
<div class="alert alert-warning my-2" hidden="@(Model.SpeedPolicy != 0)" id="unconfirmed-warning" role="alert">
<p class="info-note my-3 text-warning" id="unconfirmed-warning" role="alert" hidden="@(Model.SpeedPolicy != 0)">
<vc:icon symbol="warning"/>
Choosing to accept an unconfirmed invoice can lead to double-spending and is strongly discouraged.
</div>
</p>
<span asp-validation-for="SpeedPolicy" class="text-danger"></span>
</div>
<div class="form-check my-1">

8
BTCPayServer/Views/UIWallets/WalletSend.cshtml
View file

@ -116,7 +116,13 @@
<button type="button" class="crypto-balance-link btn btn-link p-0 align-baseline">@Model.CurrentBalance</button> <span>@Model.CryptoCode</span>.
@if (Model.ImmatureBalance > 0)
{
<span><br><span class="text-warning">⚠</span> @Model.ImmatureBalance @Model.CryptoCode are still immature and require additional confirmations.</span>
<span>
<br>
<span class="info-note text-warning">
<vc:icon symbol="warning"/>
@Model.ImmatureBalance @Model.CryptoCode are still immature and require additional confirmations.
</span>
</span>
}
</div>
</div>

4
BTCPayServer/wwwroot/main/bootstrap/bootstrap.css vendored
View file

@ -12255,6 +12255,10 @@ ul:not([class]) li {
color: var(--btcpay-body-text-muted) !important;
}
.text-warning {
color: rgba(var(--btcpay-body-text-warning-rgb), var(--btcpay-text-opacity)) !important;
}
/* Modals */
.modal-content {
box-shadow: 0 20px 20px rgba(0, 0, 0, 0.15);

12
BTCPayServer/wwwroot/main/site.css
View file

@ -97,6 +97,18 @@ a.unobtrusive-link {
transform: rotate(-180deg);
}
/* Icon and text, used for warnings of additional info text. Adjust spacing and color via utility classes. */
.info-note {
display: inline-flex;
align-items: baseline;
gap: var(--btcpay-space-s);
}
.info-note .icon {
position: relative;
top: var(--btcpay-space-xs);
}
/* Badges */
.badge-new,
.badge-pending {

1
BTCPayServer/wwwroot/main/themes/default-dark.css
View file

@ -16,6 +16,7 @@
--btcpay-body-bg-rgb: 22, 27, 34;
--btcpay-body-text: var(--btcpay-white);
--btcpay-body-text-muted: var(--btcpay-neutral-600);
--btcpay-body-text-warning-rgb: 255, 192, 67;
--btcpay-body-text-rgb: 255, 255, 255;
--btcpay-body-link-accent: var(--btcpay-primary-accent);
--btcpay-body-link-accent-rgb: var(--btcpay-primary-accent-rgb);

5
BTCPayServer/wwwroot/main/themes/default.css
View file

@ -119,8 +119,8 @@
--btcpay-yellow-400-rgb: 255,207,112;
--btcpay-yellow-500: #FFC043;
--btcpay-yellow-500-rgb: 255,192,67;
--btcpay-yellow-600: #BC8B2C;
--btcpay-yellow-600-rgb: 188,139,44;
--btcpay-yellow-600: #B57E12;
--btcpay-yellow-600-rgb: 181,126,18;
--btcpay-yellow-700: #997328;
--btcpay-yellow-700-rgb: 153,115,40;
--btcpay-yellow-800: #674D1B;
@ -193,6 +193,7 @@
--btcpay-body-text-hover: var(--btcpay-body-text);
--btcpay-body-text-active: var(--btcpay-primary-text-active);
--btcpay-body-text-muted: var(--btcpay-neutral-500);
--btcpay-body-text-warning-rgb: 181, 126, 18;
--btcpay-body-text-rgb: 41, 41, 41;
--btcpay-body-link: var(--btcpay-primary);
--btcpay-body-link-rgb: var(--btcpay-primary-rgb);