mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2024-11-20 18:51:18 +01:00
82 lines
4.4 KiB
Plaintext
82 lines
4.4 KiB
Plaintext
@model UpdatePointOfSaleViewModel
|
|
@{
|
|
ViewData["Title"] = "Update Point of Sale";
|
|
}
|
|
<section>
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-12 text-center">
|
|
<h2 class="section-heading">@ViewData["Title"]</h2>
|
|
<hr class="primary">
|
|
</div>
|
|
</div>
|
|
<div class="row">
|
|
<div class="col-lg-12 text-center">
|
|
<partial name="_StatusMessage" for="@TempData["TempDataProperty-StatusMessage"]" />
|
|
</div>
|
|
</div>
|
|
<div class="row">
|
|
<div class="col-lg-12">
|
|
<form method="post">
|
|
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
|
|
<div class="form-group">
|
|
<label asp-for="Title" class="control-label"></label>*
|
|
<input asp-for="Title" class="form-control" />
|
|
<span asp-validation-for="Title" class="text-danger"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label asp-for="Currency" class="control-label"></label>*
|
|
<input asp-for="Currency" class="form-control" />
|
|
<span asp-validation-for="Currency" class="text-danger"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label asp-for="ShowCustomAmount"></label>
|
|
<input asp-for="ShowCustomAmount" type="checkbox" class="form-check" />
|
|
</div>
|
|
<div class="form-group">
|
|
<label asp-for="Template" class="control-label"></label>*
|
|
<textarea asp-for="Template" rows="20" cols="40" class="form-control"></textarea>
|
|
<span asp-validation-for="Template" class="text-danger"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<h5>Host button externally</h5>
|
|
<p>You can host point of sale buttons in an external website with the following code.</p>
|
|
@if(Model.Example1 != null)
|
|
{
|
|
<span>For anything with a custom amount</span>
|
|
<pre><code class="html">@Model.Example1</code></pre>
|
|
}
|
|
@if(Model.Example2 != null)
|
|
{
|
|
<span>For a specific item of your template</span>
|
|
<pre><code class="html">@Model.Example2</code></pre>
|
|
}
|
|
<p>A <code>POST</code> callback will be sent to notification with the following form will be sent to <code>notificationUrl</code>:</p>
|
|
<pre><code class="json">@Model.ExampleCallback</code></pre>
|
|
<p><strong>Never</strong> trust anything but <code>id</code>, <strong>ignore</strong> the other fields completely, an attacker can spoof those, they are present only for backward compatibility reason:</p>
|
|
<p>
|
|
<ul>
|
|
<li><strong>Build the invoice's url by yourself</strong> do not trust the <code>url</code> field, this can be spoofed to use attacker's server.</li>
|
|
<li>Send a the <code>GET</code> request to the invoice's url with <code>Content-Type: application/json</code></li>
|
|
<li>Verify that the <code>orderId</code> is from your backend, that the <code>price</code> is correct and that <code>status</code> is either <code>confirmed</code> or <code>complete</code></li>
|
|
<li>You can then ship your order</li>
|
|
</ul>
|
|
</p>
|
|
</div>
|
|
<div class="form-group">
|
|
<input type="submit" class="btn btn-primary" />
|
|
</div>
|
|
</form>
|
|
<a asp-action="ListApps">Back to the app list</a>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</section>
|
|
|
|
@section Scripts {
|
|
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css">
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
|
|
<script>hljs.initHighlightingOnLoad();</script>
|
|
}
|
|
|