mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-01-18 13:26:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: If reverse proxy wasn't well configured, and error message should have been displayed (#4322)

Browse Source
This commit is contained in:
Nicolas Dorier 2022-11-22 03:32:19 +09:00 committed by GitHub
parent 20025f254c
commit bf597495ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 35 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
BTCPayServer/Components/MainNav/Default.cshtml
View File

@ -9,6 +9,7 @@
@using BTCPayServer.Client
@using BTCPayServer.Services
@using BTCPayServer.Views.CustodianAccounts
@inject Microsoft.AspNetCore.Http.IHttpContextAccessor HttpContext;
@inject BTCPayServerEnvironment Env
@inject SignInManager<ApplicationUser> SignInManager
@inject PoliciesSettings PoliciesSettings
@ -227,7 +228,7 @@
})()
</script>
}
else if (Env.IsSecure)
else if (Env.IsSecure(HttpContext.HttpContext))
{
<ul class="navbar-nav">
@if (!PoliciesSettings.LockSubscription)

6
BTCPayServer/Controllers/UIAccountController.cs
View File

@ -227,7 +227,7 @@ namespace BTCPayServer.Controllers
private async Task<LoginWithFido2ViewModel> BuildFido2ViewModel(bool rememberMe, ApplicationUser user)
{
if (_btcPayServerEnvironment.IsSecure)
if (_btcPayServerEnvironment.IsSecure(HttpContext))
{
var r = await _fido2Service.RequestLogin(user.Id);
if (r is null)
@ -247,7 +247,7 @@ namespace BTCPayServer.Controllers
private async Task<LoginWithLNURLAuthViewModel> BuildLNURLAuthViewModel(bool rememberMe, ApplicationUser user)
{
if (_btcPayServerEnvironment.IsSecure)
if (_btcPayServerEnvironment.IsSecure(HttpContext))
{
var r = await _lnurlAuthService.RequestLogin(user.Id);
if (r is null)
@ -777,7 +777,7 @@ namespace BTCPayServer.Controllers
private bool CanLoginOrRegister()
{
return _btcPayServerEnvironment.IsDeveloping || _btcPayServerEnvironment.IsSecure;
return _btcPayServerEnvironment.IsDeveloping || _btcPayServerEnvironment.IsSecure(HttpContext);
}
private void SetInsecureFlags()

4
BTCPayServer/Controllers/UIManageController.APIKeys.cs
View File

@ -67,7 +67,7 @@ namespace BTCPayServer.Controllers
[HttpGet]
public async Task<IActionResult> AddApiKey()
{
if (!_btcPayServerEnvironment.IsSecure)
if (!_btcPayServerEnvironment.IsSecure(HttpContext))
{
TempData.SetStatusMessageModel(new StatusMessageModel()
{
@ -84,7 +84,7 @@ namespace BTCPayServer.Controllers
public async Task<IActionResult> AuthorizeAPIKey(string[] permissions, string applicationName = null, Uri redirect = null,
bool strict = true, bool selectiveStores = false, string applicationIdentifier = null)
{
if (!_btcPayServerEnvironment.IsSecure)
if (!_btcPayServerEnvironment.IsSecure(HttpContext))
{
TempData.SetStatusMessageModel(new StatusMessageModel
{

22
BTCPayServer/Services/BTCPayServerEnvironment.cs
View File

@ -14,11 +14,9 @@ namespace BTCPayServer.Services
{
public class BTCPayServerEnvironment
{
readonly IHttpContextAccessor httpContext;
readonly TorServices torServices;
public BTCPayServerEnvironment(IWebHostEnvironment env, BTCPayNetworkProvider provider, IHttpContextAccessor httpContext, TorServices torServices, BTCPayServerOptions opts)
public BTCPayServerEnvironment(IWebHostEnvironment env, BTCPayNetworkProvider provider, TorServices torServices, BTCPayServerOptions opts)
{
this.httpContext = httpContext;
Version = typeof(BTCPayServerEnvironment).GetTypeInfo().Assembly.GetCustomAttribute<AssemblyFileVersionAttribute>().Version;
#if DEBUG
Build = "Debug";
@ -41,9 +39,6 @@ namespace BTCPayServer.Services
get; set;
}
public string ExpectedDomain => httpContext.HttpContext.Request.Host.Host;
public string ExpectedHost => httpContext.HttpContext.Request.Host.Value;
public string ExpectedProtocol => httpContext.HttpContext.Request.Scheme;
public string OnionUrl => this.torServices.Services.Where(s => s.ServiceType == TorServiceType.BTCPayServer)
.Select(s => $"http://{s.OnionHost}").FirstOrDefault();
@ -67,19 +62,14 @@ namespace BTCPayServer.Services
}
}
public bool IsSecure
public bool IsSecure(HttpContext httpContext)
{
get
{
return NetworkType != ChainName.Mainnet ||
httpContext.HttpContext.Request.Scheme == "https" ||
httpContext.HttpContext.Request.Host.Host.EndsWith(".onion", StringComparison.OrdinalIgnoreCase) ||
Extensions.IsLocalNetwork(httpContext.HttpContext.Request.Host.Host);
}
return NetworkType != ChainName.Mainnet ||
httpContext.Request.Scheme == "https" ||
httpContext.Request.Host.Host.EndsWith(".onion", StringComparison.OrdinalIgnoreCase) ||
Extensions.IsLocalNetwork(httpContext.Request.Host.Host);
}
public HttpContext Context => httpContext.HttpContext;
public override string ToString()
{
StringBuilder txt = new StringBuilder();

36
BTCPayServer/Views/Shared/_Layout.cshtml
View File

@ -1,6 +1,7 @@
@using BTCPayServer.Abstractions.Extensions
@using BTCPayServer.Components.StoreSelector
@using BTCPayServer.Components.MainNav
@inject Microsoft.AspNetCore.Http.IHttpContextAccessor _context;
@inject BTCPayServer.Services.BTCPayServerEnvironment _env
@inject SignInManager<ApplicationUser> _signInManager
@inject UserManager<ApplicationUser> _userManager
@ -15,6 +16,8 @@
var user = await _userManager.GetUserAsync(User);
notificationDisabled = user?.DisabledNotifications == "all";
}
var expectedScheme = _context.HttpContext.Request.Scheme;
var expectedHost = _context.HttpContext.Request.Host.ToString();
}
<!DOCTYPE html>
@ -37,21 +40,20 @@
</div>
<vc:main-nav />
</header>
<template id="badUrl">
<div class="alert alert-danger alert-dismissible m-3" role="alert">
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
<vc:icon symbol="close"/>
</button>
<span>
BTCPay is expecting you to access this website from <strong>@(expectedScheme)://@(expectedHost)/</strong>.
If you use a reverse proxy, please set the <strong>X-Forwarded-Proto</strong> header to <strong id="browserScheme">@(expectedScheme)</strong>
(<a href="https://docs.btcpayserver.org/FAQ/Deployment/#cause-3-btcpay-is-expecting-you-to-access-this-website-from" target="_blank" class="alert-link" rel="noreferrer noopener">More information</a>)
</span>
</div>
</template>
<main id="mainContent">
@if (_env.Context.Request.Host.ToString() != _env.ExpectedHost || _env.Context.Request.Scheme != _env.ExpectedProtocol)
{
<div id="badUrl" class="alert alert-danger alert-dismissible m-3" role="alert">
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
<vc:icon symbol="close"/>
</button>
<span>
BTCPay is expecting you to access this website from <strong>@(_env.ExpectedProtocol)://@(_env.ExpectedHost)/</strong>.
If you use a reverse proxy, please set the <strong>X-Forwarded-Proto</strong> header to <strong id="browserScheme">@(_env.ExpectedProtocol)</strong>
(<a href="https://docs.btcpayserver.org/FAQ/Deployment/#cause-3-btcpay-is-expecting-you-to-access-this-website-from" target="_blank" class="alert-link" rel="noreferrer noopener">More information</a>)
</span>
</div>
}
@if (!_env.IsSecure)
@if (!_env.IsSecure(_context.HttpContext))
{
<div id="insecureEnv" class="alert alert-danger alert-dismissible" style="position:absolute; top:75px;" role="alert">
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close">
@ -76,6 +78,12 @@
@if (!notificationDisabled)
{
<script>
var mainContent = document.getElementById("mainContent");
if (window.location.protocol != "@(expectedScheme):" || window.location.host != "@expectedHost")
{
var tmpl = document.getElementById("badUrl");
mainContent.prepend(tmpl.content.cloneNode(true));
}
if ('WebSocket' in window && window.WebSocket.CLOSING === 2) {
const { host, protocol } = window.location;
var wsUri = "@_linkGenerator.GetPathByAction("SubscribeUpdates", "UINotifications", pathBase: Context.Request.PathBase)";