mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-03-03 17:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity

Support relative path for Spark and RTL external url, check in server settings if we are using a secure protocol

Browse source
This commit is contained in:
nicolas.dorier 2019-02-28 22:20:14 +09:00
parent 2c1f159d72
commit ebef085a9c
2 changed files with 26 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
BTCPayServer/Configuration/SparkConnectionString.cs
View file

@ -29,17 +29,12 @@ namespace BTCPayServer.Configuration
error = "Duplicated server attribute"; error = "Duplicated server attribute";
return false; return false;
} }
if (!Uri.IsWellFormedUriString(kv[1], UriKind.Absolute)) if (!Uri.IsWellFormedUriString(kv[1], UriKind.RelativeOrAbsolute))
{ {
error = "Invalid URI"; error = "Invalid URI";
return false; return false;
} }
resultTemp.Server = new Uri(kv[1], UriKind.Absolute); resultTemp.Server = new Uri(kv[1], UriKind.RelativeOrAbsolute);
if(resultTemp.Server.Scheme == "http")
{
error = "Insecure transport protocol (http)";
return false;
}
break; break;
case "cookiefile": case "cookiefile":
case "cookiefilepath": case "cookiefilepath":

25
BTCPayServer/Controllers/ServerController.cs
View file

@ -586,7 +586,19 @@ namespace BTCPayServer.Controllers
vm.WalletName = walletName; vm.WalletName = walletName;
try try
{ {
vm.ServiceLink = $"{external.ConnectionString.Server.AbsoluteUri}?access-key={await external.ExtractAccessKey()}"; string serviceUri = null;
if (external.ConnectionString.Server.IsAbsoluteUri)
{
serviceUri = external.ConnectionString.Server.AbsoluteUri;
AssertSecure(serviceUri);
}
else
{
AssertSecure(this.Request.GetCurrentUrl());
serviceUri = this.Request.GetRelativePathOrAbsolute(external.ConnectionString.Server.ToString());
}
vm.ServiceLink = $"{serviceUri}?access-key={await external.ExtractAccessKey()}";
} }
catch (Exception ex) catch (Exception ex)
{ {
@ -596,6 +608,17 @@ namespace BTCPayServer.Controllers
return View("LightningWalletServices", vm); return View("LightningWalletServices", vm);
} }
private void AssertSecure(string serviceUri)
{
if (!Uri.TryCreate(serviceUri, UriKind.Absolute, out var uri))
throw new System.Security.SecurityException("Invalid serviceUri");
if(!uri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase) &&
!uri.DnsSafeHost.EndsWith(".onion", StringComparison.OrdinalIgnoreCase))
{
throw new System.Security.SecurityException("You can only access this service through https or Tor");
}
}
[Route("server/services/lnd/{cryptoCode}/{index}")] [Route("server/services/lnd/{cryptoCode}/{index}")]
public async Task<IActionResult> LndServices(string cryptoCode, int index, uint? nonce) public async Task<IActionResult> LndServices(string cryptoCode, int index, uint? nonce)
{ {