From c1562546000561dbf58354c6db7d51f819984c20 Mon Sep 17 00:00:00 2001
From: Kukks <evilkukka@gmail.com>
Date: Fri, 18 Nov 2022 11:51:33 +0100
Subject: [PATCH] Validate cart cost with explicit amount

---
 .../Controllers/UIPointOfSaleController.cs         | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/BTCPayServer/Plugins/PointOfSale/Controllers/UIPointOfSaleController.cs b/BTCPayServer/Plugins/PointOfSale/Controllers/UIPointOfSaleController.cs
index 0138607a8..808e670ab 100644
--- a/BTCPayServer/Plugins/PointOfSale/Controllers/UIPointOfSaleController.cs
+++ b/BTCPayServer/Plugins/PointOfSale/Controllers/UIPointOfSaleController.cs
@@ -181,6 +181,7 @@ namespace BTCPayServer.Plugins.PointOfSale.Controllers
                     AppService.TryParsePosCartItems(posData, out var cartItems))
                 {
                     var choices = _appService.GetPOSItems(settings.Template, settings.Currency);
+                    var expectedMinimumAmount = 0m;
                     foreach (var cartItem in cartItems)
                     {
                         var itemChoice = choices.FirstOrDefault(c => c.Id == cartItem.Key);
@@ -197,6 +198,19 @@ namespace BTCPayServer.Plugins.PointOfSale.Controllers
                                     return RedirectToAction(nameof(ViewPointOfSale), new { appId });
                             }
                         }
+
+                        decimal expectedCartItemPrice = 0;
+                        if (choice.Price.Type != ViewPointOfSaleViewModel.Item.ItemPrice.ItemPriceType.Topup)
+                        {
+                            expectedCartItemPrice = choice.Price.Value ?? 0;
+                        }
+
+                        expectedMinimumAmount += expectedCartItemPrice * cartItem.Value;
+                    }
+
+                    if (expectedMinimumAmount > amount)
+                    {
+                        return RedirectToAction(nameof(ViewPointOfSale), new { appId });
                     }
                 }
             }