add policy to restrict generate wallet usage

2025-02-22 14:22:40 +01:00 · 2019-12-16 09:32:43 +01:00 · 2019-12-16 09:32:43 +01:00 · 6706658377
commit 6706658377
parent a75b6201b7
7 changed files with 35 additions and 8 deletions
--- a/BTCPayServer/Controllers/StoresController.BTCLike.cs
+++ b/BTCPayServer/Controllers/StoresController.BTCLike.cs
@ -132,6 +132,7 @@ namespace BTCPayServer.Controllers
                vm.Config = derivation.ToJson();
            }
            vm.Enabled = !store.GetStoreBlob().IsExcluded(new PaymentMethodId(vm.CryptoCode, PaymentTypes.BTCLike));
+            vm.CanUseGenerateWallet = CanUseGenerateWallet();
        }

        private DerivationSchemeSettings GetExistingDerivationStrategy(string cryptoCode, StoreData store)
@ -179,7 +180,7 @@ namespace BTCPayServer.Controllers
                        Message = "Config file was not in the correct format"
                    });
                    vm.Confirmation = false;
-                    return View(vm);
+                    return View("AddDerivationScheme",vm);
                }
            }

@ -325,6 +326,11 @@ namespace BTCPayServer.Controllers
        public async Task<IActionResult> GenerateNBXWallet(string storeId, string cryptoCode,
            GenerateWalletRequest request)
        {
+            if (!CanUseGenerateWallet())
+            {
+                return NotFound();
+            }
+            
            var network = _NetworkProvider.GetNetwork<BTCPayNetwork>(cryptoCode);
            var client = _ExplorerProvider.GetExplorerClient(cryptoCode);
            var response = await client.GenerateWalletAsync(request);
@ -346,6 +352,7 @@ namespace BTCPayServer.Controllers
                    Enabled = !store.GetStoreBlob()
                        .IsExcluded(new PaymentMethodId(cryptoCode, PaymentTypes.BTCLike))
                }, cryptoCode);
+            
            TempData.SetStatusMessageModel(new StatusMessageModel()
            {
                Severity = StatusMessageModel.StatusSeverity.Success,
@ -353,7 +360,6 @@ namespace BTCPayServer.Controllers
                    ? "Your wallet has been imported."
                    : $"Your wallet has been generated. Please store your seed securely! <br/><code>{response.Mnemonic}</code>"
            });
-            ((ViewResult)result).ViewName = nameof(AddDerivationScheme);
            return result;
        }

@ -385,5 +391,10 @@ namespace BTCPayServer.Controllers
            ModelState.Remove(nameof(vm.Config)); // Remove the cached value
            return View(vm);
        }
+        
+        private bool CanUseGenerateWallet()
+        {
+            return (_BTCPayEnv.IsDevelopping || User.IsInRole(Roles.ServerAdmin) || _CssThemeManager.AllowGenerateWalletForAll);
+        }
    }
 }
--- a/BTCPayServer/HostedServices/CssThemeManager.cs
+++ b/BTCPayServer/HostedServices/CssThemeManager.cs
@ -88,8 +88,11 @@ namespace BTCPayServer.HostedServices
            RootAppId = data.RootAppId;
            DomainToAppMapping = data.DomainToAppMapping;
            AllowLightningInternalNodeForAll = data.AllowLightningInternalNodeForAll;
+            AllowGenerateWalletForAll = data.AllowGenerateWalletForAll;
        }

+        public bool AllowGenerateWalletForAll { get; set; }
+
        public bool AllowLightningInternalNodeForAll { get; set; }
    }

--- a/BTCPayServer/Models/StoreViewModels/DerivationSchemeViewModel.cs
+++ b/BTCPayServer/Models/StoreViewModels/DerivationSchemeViewModel.cs
@ -41,6 +41,7 @@ namespace BTCPayServer.Models.StoreViewModels
        public string DerivationSchemeFormat { get; set; }
        public string AccountKey { get; set; }
        public BTCPayNetwork Network { get; set; }
+        public bool CanUseGenerateWallet { get; set; }

        public RootedKeyPath GetAccountKeypath()
        {
--- a/BTCPayServer/Services/PoliciesSettings.cs
+++ b/BTCPayServer/Services/PoliciesSettings.cs
@ -23,7 +23,9 @@ namespace BTCPayServer.Services
        public bool DiscourageSearchEngines { get; set; }
        [Display(Name = "Allow non-admins to use the internal lightning node in their stores")]
        public bool AllowLightningInternalNodeForAll { get; set; }
-
+        [Display(Name = "Allow non-admins to use the NBXplorer wallet generator in their stores")]
+        public bool AllowGenerateWalletForAll { get; set; }
+        
        [Display(Name = "Display app on website root")]
        public string RootAppId { get; set; }
        public AppType? RootAppType { get; set; }
--- a/BTCPayServer/Views/Server/Policies.cshtml
+++ b/BTCPayServer/Views/Server/Policies.cshtml
@ -32,6 +32,11 @@
            <label asp-for="AllowLightningInternalNodeForAll" class="form-check-label"></label>
            <span asp-validation-for="AllowLightningInternalNodeForAll" class="text-danger"></span>
        </div>
+        <div class="form-check">
+            <input asp-for="AllowGenerateWalletForAll" type="checkbox" class="form-check-input"/>
+            <label asp-for="AllowGenerateWalletForAll" class="form-check-label"></label>
+            <span asp-validation-for="AllowGenerateWalletForAll" class="text-danger"></span>
+        </div>
    </div>
    <div class="form-group">
        <label asp-for="RootAppId"></label>
--- a/BTCPayServer/Views/Stores/AddDerivationScheme.cshtml
+++ b/BTCPayServer/Views/Stores/AddDerivationScheme.cshtml
@ -85,8 +85,10 @@
                                {
                                    <button class="dropdown-item check-for-vault" type="button">... the vault (preview)</button>
                                }
-                                <button class="dropdown-item" data-toggle="modal" data-target="#nbxplorergeneratewallet" type="button" id="nbxplorergeneratewalletbtn">... a new/existing seed.</button>
-                                                                 
+                                @if (Model.CanUseGenerateWallet)
+                                {
+                                    <button class="dropdown-item" data-toggle="modal" data-target="#nbxplorergeneratewallet" type="button" id="nbxplorergeneratewalletbtn">... a new/existing seed.</button>
+                                }                                                                                                 
                            </div>
                        </div>
                    </div>
--- a/BTCPayServer/Views/Stores/AddDerivationSchemes_HardwareWalletDialogs.cshtml
+++ b/BTCPayServer/Views/Stores/AddDerivationSchemes_HardwareWalletDialogs.cshtml
@ -1,5 +1,9 @@
-<partial name="AddDerivationSchemes_NBXWalletGenerate"/>@model DerivationSchemeViewModel
-
+@using NBXplorer.Models
+@model DerivationSchemeViewModel
+@if (Model.CanUseGenerateWallet)
+{
+    <partial name="AddDerivationSchemes_NBXWalletGenerate" model="@(new GenerateWalletRequest())"/>
+}
 <div class="modal fade" id="ledgerimport" tabindex="-1" role="dialog" aria-labelledby="ledgerimport" aria-hidden="true">
    <div class="modal-dialog" role="document">
        <div class="modal-content" form method="post">
@ -121,4 +125,3 @@
        </form>
    </div>
 </template>
-<partial name="AddDerivationSchemes_NBXWalletGenerate"/>