mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2024-11-19 18:11:36 +01:00
fae1dc8dbb
* Adapt cookie auth to work with same API permission system * Handle unscoped store permission case * Do not consider Unscoped as a valid policy * Add tests * Refactor permissions scopes --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
67 lines
2.7 KiB
C#
67 lines
2.7 KiB
C#
using System;
|
|
using System.Linq;
|
|
using BTCPayServer.Abstractions.Constants;
|
|
using BTCPayServer.Client;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Primitives;
|
|
|
|
namespace BTCPayServer.Security.Greenfield
|
|
{
|
|
public static class APIKeyExtensions
|
|
{
|
|
public static bool GetAPIKey(this HttpContext httpContext, out StringValues apiKey)
|
|
{
|
|
apiKey = default;
|
|
if (httpContext.Request.Headers.TryGetValue("Authorization", out var value) &&
|
|
value.ToString().StartsWith("token ", StringComparison.InvariantCultureIgnoreCase))
|
|
{
|
|
apiKey = value.ToString().Substring("token ".Length);
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public static AuthenticationBuilder AddAPIKeyAuthentication(this AuthenticationBuilder builder)
|
|
{
|
|
builder.AddScheme<GreenfieldAuthenticationOptions, APIKeysAuthenticationHandler>(AuthenticationSchemes.GreenfieldAPIKeys,
|
|
o => { });
|
|
builder.AddScheme<GreenfieldAuthenticationOptions, BasicAuthenticationHandler>(AuthenticationSchemes.GreenfieldBasic,
|
|
o => { });
|
|
return builder;
|
|
}
|
|
|
|
public static IServiceCollection AddAPIKeyAuthentication(this IServiceCollection serviceCollection)
|
|
{
|
|
serviceCollection.AddSingleton<APIKeyRepository>();
|
|
serviceCollection.AddScoped<IAuthorizationHandler, GreenfieldAuthorizationHandler>();
|
|
serviceCollection.AddScoped<IAuthorizationHandler, LocalGreenfieldAuthorizationHandler>();
|
|
return serviceCollection;
|
|
}
|
|
|
|
public static string[] GetPermissions(this AuthorizationHandlerContext context)
|
|
{
|
|
return context.User.Claims.Where(c =>
|
|
c.Type.Equals(GreenfieldConstants.ClaimTypes.Permission, StringComparison.InvariantCultureIgnoreCase))
|
|
.Select(claim => claim.Value).ToArray();
|
|
}
|
|
public static bool HasPermission(this AuthorizationHandlerContext context, Permission permission)
|
|
{
|
|
foreach (var claim in context.User.Claims.Where(c =>
|
|
c.Type.Equals(GreenfieldConstants.ClaimTypes.Permission, StringComparison.InvariantCultureIgnoreCase)))
|
|
{
|
|
if (Permission.TryParse(claim.Value, out var claimPermission))
|
|
{
|
|
if (claimPermission.Contains(permission))
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
}
|