Fix search for macaroon

update es-ES
bump
2018-12-20 17:08:32 +09:00 · 2018-12-20 17:00:30 +09:00 · 2018-12-20 16:57:59 +09:00 · 2018-12-20 16:52:04 +09:00 · 2018-12-20 16:24:36 +09:00 · 2018-12-20 14:16:23 +09:00
482 changed files with 52364 additions and 34595 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -0,0 +1,98 @@
+version: 2
+jobs:
+  build:
+    machine: 
+      docker_layer_caching: true
+    steps: 
+      - checkout
+
+  test:
+    machine:
+        docker_layer_caching: true
+    steps:
+      - checkout
+      - run:
+          command: |
+            cd BTCPayServer.Tests
+            docker-compose down --v
+            docker-compose build
+            docker-compose run tests
+
+  # publish jobs require $DOCKERHUB_REPO, $DOCKERHUB_USER, $DOCKERHUB_PASS defined
+  publish_docker_linuxamd64:
+    machine:
+      docker_layer_caching: true
+    steps:
+      - checkout  
+      - run:
+          command: |
+            LATEST_TAG=${CIRCLE_TAG:1} #trim v from tag
+            #
+            sudo docker build --pull -t $DOCKERHUB_REPO:$LATEST_TAG-amd64 -f Dockerfile.linuxamd64 .
+            sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
+            sudo docker push $DOCKERHUB_REPO:$LATEST_TAG-amd64
+
+  publish_docker_linuxarm:
+    machine:
+      docker_layer_caching: true
+    steps:
+      - checkout  
+      - run:
+          command: |
+            sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset
+            LATEST_TAG=${CIRCLE_TAG:1} #trim v from tag
+            #
+            sudo docker build --pull -t $DOCKERHUB_REPO:$LATEST_TAG-arm32v7 -f Dockerfile.linuxarm32v7 .
+            sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
+            sudo docker push $DOCKERHUB_REPO:$LATEST_TAG-arm32v7
+
+  publish_docker_multiarch:
+    machine:
+      enabled: true
+      image: circleci/classic:201808-01
+    steps:
+      - run:
+          command: |
+            # Turn on Experimental features
+            sudo mkdir $HOME/.docker
+            sudo sh -c 'echo "{ \"experimental\": \"enabled\" }" >> $HOME/.docker/config.json'
+            #
+            sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
+            #
+            LATEST_TAG=${CIRCLE_TAG:1} #trim v from tag
+            sudo docker manifest create --amend $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-amd64 $DOCKERHUB_REPO:$LATEST_TAG-arm32v7
+            sudo docker manifest annotate $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-amd64 --os linux --arch amd64
+            sudo docker manifest annotate $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-arm32v7 --os linux --arch arm --variant v7
+            sudo docker manifest push $DOCKERHUB_REPO:$LATEST_TAG -p
+
+workflows:
+  version: 2
+  build_and_test:
+    jobs:
+      - test
+
+  publish:
+    jobs:
+      - publish_docker_linuxamd64:
+          filters:
+            # ignore any commit on any branch by default
+            branches:
+              ignore: /.*/
+            # only act on version tags
+            tags:
+              only: /v[1-9]+(\.[0-9]+)*/
+      - publish_docker_linuxarm:
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /v[1-9]+(\.[0-9]+)*/
+      - publish_docker_multiarch:
+          requires:
+            - publish_docker_linuxamd64
+            - publish_docker_linuxarm
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /v[1-9]+(\.[0-9]+)*/
--- a/.gitignore
+++ b/.gitignore
@ -291,3 +291,5 @@ __pycache__/
 # Bundling JS/CSS
 BTCPayServer/wwwroot/bundles/*
 !BTCPayServer/wwwroot/bundles/.gitignore
+
+.vscode
--- a/BTCPayServer.Tests/BTCPayServer.Tests.csproj
+++ b/BTCPayServer.Tests/BTCPayServer.Tests.csproj
@ -1,20 +1,21 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netcoreapp2.1</TargetFramework>

    <IsPackable>false</IsPackable>
    <NoWarn>NU1701,CA1816,CA1308,CA1810,CA2208</NoWarn>
+    <LangVersion>7.2</LangVersion>
+    <UserSecretsId>AB0AC1DD-9D26-485B-9416-56A33F268117</UserSecretsId>
  </PropertyGroup>

  <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.6.1" />
-    <PackageReference Include="xunit" Version="2.3.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.3.1" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="..\BTCPayServer\BTCPayServer.csproj" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.9.0" />
+    <PackageReference Include="xunit" Version="2.4.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
  </ItemGroup>

  <ItemGroup>
@ -24,6 +25,12 @@
    <None Update="docker-compose.yml">
      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
    </None>
+    <None Update="xunit.runner.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
  </ItemGroup>

+  <ItemGroup>
+    <ProjectReference Include="..\BTCPayServer\BTCPayServer.csproj" />
+  </ItemGroup>
 </Project>
--- a/BTCPayServer.Tests/BTCPayServerTester.cs
+++ b/BTCPayServer.Tests/BTCPayServerTester.cs
@ -1,9 +1,14 @@
 using BTCPayServer.Configuration;
+using System.Linq;
+using BTCPayServer.HostedServices;
 using BTCPayServer.Hosting;
 using BTCPayServer.Payments;
 using BTCPayServer.Payments.Lightning;
+using BTCPayServer.Rating;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Invoices;
 using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
 using BTCPayServer.Tests.Logging;
 using BTCPayServer.Tests.Mocks;
 using Microsoft.AspNetCore.Hosting;
@ -32,6 +37,12 @@ using Xunit;

 namespace BTCPayServer.Tests
 {
+    public enum TestDatabases
+    {
+        Postgres,
+        MySQL,
+    }
+
    public class BTCPayServerTester : IDisposable
    {
        private string _Directory;
@ -47,13 +58,18 @@ namespace BTCPayServer.Tests
        }

        public Uri LTCNBXplorerUri { get; set; }
-        
+
        public Uri ServerUri
        {
            get;
            set;
        }

+        public string MySQL
+        {
+            get; set;
+        }
+
        public string Postgres
        {
            get; set;
@ -65,11 +81,18 @@ namespace BTCPayServer.Tests
            get; set;
        }

+        public TestDatabases TestDatabase
+        {
+            get; set;
+        }
+
+        public bool MockRates { get; set; } = true;
+
        public void Start()
        {
            if (!Directory.Exists(_Directory))
                Directory.CreateDirectory(_Directory);
-            string chain = ChainType.Regtest.ToNetwork().Name;
+            string chain = NBXplorerDefaultSettings.GetFolderName(NetworkType.Regtest);
            string chainDirectory = Path.Combine(_Directory, chain);
            if (!Directory.Exists(chainDirectory))
                Directory.CreateDirectory(chainDirectory);
@ -88,7 +111,9 @@ namespace BTCPayServer.Tests

            config.AppendLine($"btc.lightning={IntegratedLightning.AbsoluteUri}");

-            if (Postgres != null)
+            if (TestDatabase == TestDatabases.MySQL && !String.IsNullOrEmpty(MySQL))
+                config.AppendLine($"mysql=" + MySQL);
+            else if (!String.IsNullOrEmpty(Postgres))
                config.AppendLine($"postgres=" + Postgres);
            var confPath = Path.Combine(chainDirectory, "settings.config");
            File.WriteAllText(confPath, config.ToString());
@ -101,12 +126,6 @@ namespace BTCPayServer.Tests
                    .UseConfiguration(conf)
                    .ConfigureServices(s =>
                    {
-                        var mockRates = new MockRateProviderFactory();
-                        var btc = new MockRateProvider("BTC", new Rate("USD", 5000m));
-                        var ltc = new MockRateProvider("LTC", new Rate("USD", 500m));
-                        mockRates.AddMock(btc);
-                        mockRates.AddMock(ltc);
-                        s.AddSingleton<IRateProviderFactory>(mockRates);
                        s.AddLogging(l =>
                        {
                            l.SetMinimumLevel(LogLevel.Information)
@ -120,15 +139,81 @@ namespace BTCPayServer.Tests
                    .Build();
            _Host.Start();
            InvoiceRepository = (InvoiceRepository)_Host.Services.GetService(typeof(InvoiceRepository));
-            ((LightningLikePaymentHandler)_Host.Services.GetService(typeof(IPaymentMethodHandler<LightningSupportedPaymentMethod>))).SkipP2PTest = !InContainer;
+            StoreRepository = (StoreRepository)_Host.Services.GetService(typeof(StoreRepository));
+            var dashBoard = (NBXplorerDashboard)_Host.Services.GetService(typeof(NBXplorerDashboard));
+            while(!dashBoard.IsFullySynched())
+            {
+                Thread.Sleep(10);
+            }
+
+            if (MockRates)
+            {
+                var rateProvider = (RateProviderFactory)_Host.Services.GetService(typeof(RateProviderFactory));
+                rateProvider.Providers.Clear();
+
+                var coinAverageMock = new MockRateProvider();
+                coinAverageMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "coinaverage",
+                    CurrencyPair = CurrencyPair.Parse("BTC_USD"),
+                    BidAsk = new BidAsk(5000m)
+                });
+                coinAverageMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "coinaverage",
+                    CurrencyPair = CurrencyPair.Parse("BTC_CAD"),
+                    BidAsk = new BidAsk(4500m)
+                });
+                coinAverageMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "coinaverage",
+                    CurrencyPair = CurrencyPair.Parse("LTC_BTC"),
+                    BidAsk = new BidAsk(0.001m)
+                });
+                coinAverageMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "coinaverage",
+                    CurrencyPair = CurrencyPair.Parse("LTC_USD"),
+                    BidAsk = new BidAsk(500m)
+                });
+                rateProvider.Providers.Add("coinaverage", coinAverageMock);
+
+                var bitflyerMock = new MockRateProvider();
+                bitflyerMock.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "bitflyer",
+                    CurrencyPair = CurrencyPair.Parse("BTC_JPY"),
+                    BidAsk = new BidAsk(700000m)
+                });
+                rateProvider.Providers.Add("bitflyer", bitflyerMock);
+
+                var quadrigacx = new MockRateProvider();
+                quadrigacx.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "quadrigacx",
+                    CurrencyPair = CurrencyPair.Parse("BTC_CAD"),
+                    BidAsk = new BidAsk(6000m)
+                });
+                rateProvider.Providers.Add("quadrigacx", quadrigacx);
+
+                var bittrex = new MockRateProvider();
+                bittrex.ExchangeRates.Add(new Rating.ExchangeRate()
+                {
+                    Exchange = "bittrex",
+                    CurrencyPair = CurrencyPair.Parse("DOGE_BTC"),
+                    BidAsk = new BidAsk(0.004m)
+                });
+                rateProvider.Providers.Add("bittrex", bittrex);
+            }
        }
-        
+
        public string HostName
        {
            get;
            internal set;
        }
        public InvoiceRepository InvoiceRepository { get; private set; }
+        public StoreRepository StoreRepository { get; private set; }
        public Uri IntegratedLightning { get; internal set; }
        public bool InContainer { get; internal set; }

@ -137,15 +222,23 @@ namespace BTCPayServer.Tests
            return _Host.Services.GetRequiredService<T>();
        }

-        public T GetController<T>(string userId = null) where T : Controller
+        public T GetController<T>(string userId = null, string storeId = null, Claim[] additionalClaims = null) where T : Controller
        {
            var context = new DefaultHttpContext();
-            context.Request.Host = new HostString("127.0.0.1");
+            context.Request.Host = new HostString("127.0.0.1", Port);
            context.Request.Scheme = "http";
            context.Request.Protocol = "http";
            if (userId != null)
            {
-                context.User = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, userId) }));
+                List<Claim> claims = new List<Claim>();
+                claims.Add(new Claim(ClaimTypes.NameIdentifier, userId));
+                if (additionalClaims != null)
+                    claims.AddRange(additionalClaims);
+                context.User = new ClaimsPrincipal(new ClaimsIdentity(claims.ToArray(), Policies.CookieAuthentication));
+            }
+            if (storeId != null)
+            {
+                context.SetStoreData(GetService<StoreRepository>().FindStore(storeId, userId).GetAwaiter().GetResult());
            }
            var scope = (IServiceScopeFactory)_Host.Services.GetService(typeof(IServiceScopeFactory));
            var provider = scope.CreateScope().ServiceProvider;
--- a/BTCPayServer.Tests/ChangellyTests.cs
+++ b/BTCPayServer.Tests/ChangellyTests.cs
@ -0,0 +1,253 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Threading.Tasks;
+using BTCPayServer.Controllers;
+using BTCPayServer.Data;
+using BTCPayServer.Models;
+using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Payments.Changelly.Models;
+using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
+using BTCPayServer.Tests.Logging;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace BTCPayServer.Tests
+{
+    public class ChangellyTests
+    {
+        public ChangellyTests(ITestOutputHelper helper)
+        {
+            Logs.Tester = new XUnitLog(helper) {Name = "Tests"};
+            Logs.LogProvider = new XUnitLogProvider(helper);
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CanSetChangellyPaymentMethod()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                var controller = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+
+
+                var storeBlob = controller.StoreData.GetStoreBlob();
+                Assert.Null(storeBlob.ChangellySettings);
+
+                var updateModel = new UpdateChangellySettingsViewModel()
+                {
+                    ApiSecret = "secret",
+                    ApiKey = "key",
+                    ApiUrl = "http://gozo.com",
+                    ChangellyMerchantId = "aaa",
+                };
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await controller.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+                var store = await tester.PayTester.StoreRepository.FindStore(user.StoreId);
+                storeBlob = controller.StoreData.GetStoreBlob();
+                Assert.NotNull(storeBlob.ChangellySettings);
+                Assert.NotNull(storeBlob.ChangellySettings);
+                Assert.IsType<ChangellySettings>(storeBlob.ChangellySettings);
+                Assert.Equal(storeBlob.ChangellySettings.ApiKey, updateModel.ApiKey);
+                Assert.Equal(storeBlob.ChangellySettings.ApiSecret,
+                    updateModel.ApiSecret);
+                Assert.Equal(storeBlob.ChangellySettings.ApiUrl, updateModel.ApiUrl);
+                Assert.Equal(storeBlob.ChangellySettings.ChangellyMerchantId,
+                    updateModel.ChangellyMerchantId);
+            }
+        }
+
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CanToggleChangellyPaymentMethod()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                var controller = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+
+                var updateModel = new UpdateChangellySettingsViewModel()
+                {
+                    ApiSecret = "secret",
+                    ApiKey = "key",
+                    ApiUrl = "http://gozo.com",
+                    ChangellyMerchantId = "aaa",
+                    Enabled = true
+                };
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await controller.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+
+                var store = await tester.PayTester.StoreRepository.FindStore(user.StoreId);
+
+                Assert.True(store.GetStoreBlob().ChangellySettings.Enabled);
+
+                updateModel.Enabled = false;
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await controller.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+                store = await tester.PayTester.StoreRepository.FindStore(user.StoreId);
+
+                Assert.False(store.GetStoreBlob().ChangellySettings.Enabled);
+            }
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CannotUseChangellyApiWithoutChangellyPaymentMethodSet()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+                var changellyController =
+                    tester.PayTester.GetController<ChangellyController>(user.UserId, user.StoreId);
+                changellyController.IsTest = true;
+
+                //test non existing payment method
+                Assert.IsType<BitpayErrorModel>(Assert
+                    .IsType<BadRequestObjectResult>(await changellyController.GetCurrencyList(user.StoreId))
+                    .Value);
+
+                var updateModel = CreateDefaultChangellyParams(false);
+                var storesController = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+                //set payment method but disabled
+
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await storesController.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+
+                Assert.IsType<BitpayErrorModel>(Assert
+                    .IsType<BadRequestObjectResult>(await changellyController.GetCurrencyList(user.StoreId))
+                    .Value);
+
+                updateModel.Enabled = true;
+                //test with enabled method
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await storesController.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+
+                Assert.IsNotType<BitpayErrorModel>(Assert
+                    .IsType<OkObjectResult>(await changellyController.GetCurrencyList(user.StoreId))
+                    .Value);
+            }
+        }
+
+        UpdateChangellySettingsViewModel CreateDefaultChangellyParams(bool enabled)
+        {
+            return new UpdateChangellySettingsViewModel()
+            {
+                ApiKey = "6ed02cdf1b614d89a8c0ceb170eebb61",
+                ApiSecret = "8fbd66a2af5fd15a6b5f8ed0159c5842e32a18538521ffa145bd6c9e124d3483",
+                ChangellyMerchantId = "804298eb5753",
+                Enabled = enabled
+            };
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CanGetCurrencyListFromChangelly()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+
+                //save changelly settings
+                var updateModel = CreateDefaultChangellyParams(true);
+                var storesController = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+
+                //confirm saved
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await storesController.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+                var factory = UnitTest1.CreateBTCPayRateFactory();
+                var fetcher = new RateFetcher(factory);
+                var httpClientFactory = new MockHttpClientFactory();
+                var changellyController = new ChangellyController(
+                    new ChangellyClientProvider(tester.PayTester.StoreRepository, httpClientFactory),
+                    tester.NetworkProvider, fetcher);
+                changellyController.IsTest = true;
+                var result = Assert
+                    .IsType<OkObjectResult>(await changellyController.GetCurrencyList(user.StoreId))
+                    .Value as IEnumerable<CurrencyFull>;
+                Assert.True(result.Any());
+            }
+        }
+
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public async void CanCalculateToAmountForChangelly()
+        {
+            using (var tester = ServerTester.Create())
+            {
+                tester.Start();
+                var user = tester.NewAccount();
+                user.GrantAccess();
+
+                var updateModel = CreateDefaultChangellyParams(true);
+                var storesController = tester.PayTester.GetController<StoresController>(user.UserId, user.StoreId);
+
+                Assert.Equal("UpdateStore", Assert.IsType<RedirectToActionResult>(
+                    await storesController.UpdateChangellySettings(user.StoreId, updateModel, "save")).ActionName);
+
+                var factory = UnitTest1.CreateBTCPayRateFactory();
+                var fetcher = new RateFetcher(factory);
+                var httpClientFactory = new MockHttpClientFactory();
+                var changellyController = new ChangellyController(
+                    new ChangellyClientProvider(tester.PayTester.StoreRepository, httpClientFactory),
+                    tester.NetworkProvider, fetcher);
+                changellyController.IsTest = true;
+                Assert.IsType<decimal>(Assert
+                    .IsType<OkObjectResult>(await changellyController.CalculateAmount(user.StoreId, "ltc", "btc", 1.0m))
+                    .Value);
+            }
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public void CanComputeBaseAmount()
+        {
+            Assert.Equal(1, ChangellyCalculationHelper.ComputeBaseAmount(1, 1));
+            Assert.Equal(0.5m, ChangellyCalculationHelper.ComputeBaseAmount(1, 0.5m));
+            Assert.Equal(2, ChangellyCalculationHelper.ComputeBaseAmount(0.5m, 1));
+            Assert.Equal(4m, ChangellyCalculationHelper.ComputeBaseAmount(1, 4));
+        }
+
+        [Fact]
+        [Trait("Integration", "Integration")]
+        public void CanComputeCorrectAmount()
+        {
+            Assert.Equal(1, ChangellyCalculationHelper.ComputeCorrectAmount(0.5m, 1, 2));
+            Assert.Equal(0.25m, ChangellyCalculationHelper.ComputeCorrectAmount(0.5m, 1, 0.5m));
+            Assert.Equal(20, ChangellyCalculationHelper.ComputeCorrectAmount(10, 1, 2));
+        }
+    }
+
+    public class MockHttpClientFactory : IHttpClientFactory
+    {
+        public HttpClient CreateClient(string name)
+        {
+            return new HttpClient();
+        }
+    }
+}
--- a/BTCPayServer.Tests/ChargeTester.cs
+++ b/BTCPayServer.Tests/ChargeTester.cs
@ -1,8 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
-using BTCPayServer.Payments.Lightning.Charge;
-using BTCPayServer.Payments.Lightning.CLightning;
+using BTCPayServer.Lightning;
+using BTCPayServer.Lightning.Charge;
+using BTCPayServer.Payments.Lightning;
 using NBitcoin;

 namespace BTCPayServer.Tests
@ -15,7 +16,7 @@ namespace BTCPayServer.Tests
        {
            this._Parent = serverTester;
            var url = serverTester.GetEnvironment(environmentName, defaultValue);
-            Client = new ChargeClient(new Uri(url), network);
+            Client = (ChargeClient)LightningClientFactory.CreateClient(url, network);
            P2PHost = _Parent.GetEnvironment(environmentName + "_HOST", defaultHost);
        }        
        public ChargeClient Client { get; set; }
--- a/BTCPayServer.Tests/Dockerfile
+++ b/BTCPayServer.Tests/Dockerfile
@ -1,12 +1,17 @@
-FROM microsoft/dotnet:2.0.5-sdk-2.1.4
-WORKDIR /app
- # caches restore result by copying csproj file separately
-COPY BTCPayServer.Tests/BTCPayServer.Tests.csproj BTCPayServer.Tests/BTCPayServer.Tests.csproj
+FROM microsoft/dotnet:2.1.500-sdk-alpine3.7 AS builder
+ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT false
+RUN apk add --no-cache icu-libs
+ENV LC_ALL en_US.UTF-8
+ENV LANG en_US.UTF-8
+
+# This should be removed soon https://github.com/dotnet/corefx/issues/30003
+RUN apk add --no-cache curl 
+
+WORKDIR /source
 COPY BTCPayServer/BTCPayServer.csproj BTCPayServer/BTCPayServer.csproj
-
-WORKDIR /app/BTCPayServer.Tests
-RUN dotnet restore
-# copies the rest of your code
-COPY . ../.
-
-ENTRYPOINT ["dotnet", "test"]
+COPY BTCPayServer.Tests/BTCPayServer.Tests.csproj BTCPayServer.Tests/BTCPayServer.Tests.csproj
+RUN dotnet restore BTCPayServer.Tests/BTCPayServer.Tests.csproj
+COPY . .
+RUN dotnet build
+WORKDIR /source/BTCPayServer.Tests
+ENTRYPOINT ["./docker-entrypoint.sh"]
--- a/BTCPayServer.Tests/LightningDTester.cs
+++ b/BTCPayServer.Tests/LightningDTester.cs
@ -2,7 +2,7 @@
 using System.Collections.Generic;
 using System.Text;
 using System.Threading.Tasks;
-using BTCPayServer.Payments.Lightning.CLightning;
+using BTCPayServer.Lightning.CLightning;
 using NBitcoin;

 namespace BTCPayServer.Tests
@ -13,10 +13,10 @@ namespace BTCPayServer.Tests
        public LightningDTester(ServerTester parent, string environmentName, string defaultRPC, string defaultHost, Network network)
        {
            this.parent = parent;
-            RPC = new CLightningRPCClient(new Uri(parent.GetEnvironment(environmentName, defaultRPC)), network);
+            RPC = new CLightningClient(new Uri(parent.GetEnvironment(environmentName, defaultRPC)), network);
        }

-        public CLightningRPCClient RPC { get; }
+        public CLightningClient RPC { get; }
        public string P2PHost { get; }
        
    }
--- a/BTCPayServer.Tests/Lnd/LndMockTester.cs
+++ b/BTCPayServer.Tests/Lnd/LndMockTester.cs
@ -0,0 +1,27 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using BTCPayServer.Lightning.LND;
+using NBitcoin;
+
+namespace BTCPayServer.Tests.Lnd
+{
+    public class LndMockTester
+    {
+        private ServerTester _Parent;
+
+        public LndMockTester(ServerTester serverTester, string environmentName, string defaultValue, string defaultHost, Network network)
+        {
+            this._Parent = serverTester;
+            var url = serverTester.GetEnvironment(environmentName, defaultValue);
+
+            Swagger = new LndSwaggerClient(new LndRestSettings(new Uri(url)) { AllowInsecure = true });
+            Client = new LndClient(Swagger, network);
+            P2PHost = _Parent.GetEnvironment(environmentName + "_HOST", defaultHost);
+        }
+
+        public LndSwaggerClient Swagger { get; set; }
+        public LndClient Client { get; set; }
+        public string P2PHost { get; }
+    }
+}
--- a/BTCPayServer.Tests/Mocks/MockRateProvider.cs
+++ b/BTCPayServer.Tests/Mocks/MockRateProvider.cs
@ -0,0 +1,18 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+using BTCPayServer.Rating;
+using BTCPayServer.Services.Rates;
+
+namespace BTCPayServer.Tests.Mocks
+{
+    public class MockRateProvider : IRateProvider
+    {
+        public ExchangeRates ExchangeRates { get; set; } = new ExchangeRates();
+        public Task<ExchangeRates> GetRatesAsync()
+        {
+            return Task.FromResult(ExchangeRates);
+        }
+    }
+}
--- a/BTCPayServer.Tests/README.md
+++ b/BTCPayServer.Tests/README.md
@ -29,11 +29,7 @@ If you want to stop, and remove all existing data
 docker-compose down --v
 ```

-You can run the tests inside a container by running
-
-```
-docker-compose run --rm tests
-```
+You can run tests on `MySql` database instead of `Postgres` by setting environnement variable `TESTS_DB` equals to `MySql`.

 ## How to manually test payments

--- a/BTCPayServer.Tests/RateRulesTest.cs
+++ b/BTCPayServer.Tests/RateRulesTest.cs
@ -0,0 +1,194 @@
+using System;
+using System.Linq;
+using System.Collections.Generic;
+using System.Text;
+using BTCPayServer.Rating;
+using Xunit;
+using System.Globalization;
+
+namespace BTCPayServer.Tests
+{
+    public class RateRulesTest
+    {
+        [Fact]
+        [Trait("Fast", "Fast")]
+        public void SecondDuplicatedRuleIsIgnored()
+        {
+            StringBuilder builder = new StringBuilder();
+            builder.AppendLine("DOGE_X = 1.1");
+            builder.AppendLine("DOGE_X = 1.2");
+            Assert.True(RateRules.TryParse(builder.ToString(), out var rules));
+            var rule = rules.GetRuleFor(new CurrencyPair("DOGE", "BTC"));
+            rule.Reevaluate();
+            Assert.True(!rule.HasError);
+            Assert.Equal(1.1m, rule.BidAsk.Ask);
+        }
+
+        [Fact]
+        [Trait("Fast", "Fast")]
+        public void CanParseRateRules()
+        {
+            // Check happy path
+            StringBuilder builder = new StringBuilder();
+            builder.AppendLine("// Some cool comments");
+            builder.AppendLine("DOGE_X = DOGE_BTC * BTC_X * 1.1");
+            builder.AppendLine("DOGE_BTC = Bittrex(DOGE_BTC)");
+            builder.AppendLine("// Some other cool comments");
+            builder.AppendLine("BTC_usd = GDax(BTC_USD)");
+            builder.AppendLine("BTC_X = Coinbase(BTC_X);");
+            builder.AppendLine("X_X = CoinAverage(X_X) * 1.02");
+
+            Assert.False(RateRules.TryParse("DPW*&W&#hdi&#&3JJD", out var rules));
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            Assert.Equal(
+                "// Some cool comments\n" +
+                "DOGE_X = DOGE_BTC * BTC_X * 1.1;\n" +
+                "DOGE_BTC = bittrex(DOGE_BTC);\n" +
+                "// Some other cool comments\n" +
+                "BTC_USD = gdax(BTC_USD);\n" +
+                "BTC_X = coinbase(BTC_X);\n" +
+                "X_X = coinaverage(X_X) * 1.02;",
+                rules.ToString());
+            var tests = new[]
+            {
+                (Pair: "DOGE_USD", Expected: "bittrex(DOGE_BTC) * gdax(BTC_USD) * 1.1"),
+                (Pair: "BTC_USD", Expected: "gdax(BTC_USD)"),
+                (Pair: "BTC_CAD", Expected: "coinbase(BTC_CAD)"),
+                (Pair: "DOGE_CAD", Expected: "bittrex(DOGE_BTC) * coinbase(BTC_CAD) * 1.1"),
+                (Pair: "LTC_CAD", Expected: "coinaverage(LTC_CAD) * 1.02"),
+            };
+            foreach (var test in tests)
+            {
+                Assert.Equal(test.Expected, rules.GetRuleFor(CurrencyPair.Parse(test.Pair)).ToString());
+            }
+            rules.Spread = 0.2m;
+            Assert.Equal("(bittrex(DOGE_BTC) * gdax(BTC_USD) * 1.1) * (0.8, 1.2)", rules.GetRuleFor(CurrencyPair.Parse("DOGE_USD")).ToString());
+            ////////////////
+
+            // Check errors conditions
+            builder = new StringBuilder();
+            builder.AppendLine("DOGE_X = LTC_CAD * BTC_X * 1.1");
+            builder.AppendLine("DOGE_BTC = Bittrex(DOGE_BTC)");
+            builder.AppendLine("BTC_usd = GDax(BTC_USD)");
+            builder.AppendLine("LTC_CHF = LTC_CHF * 1.01");
+            builder.AppendLine("BTC_X = Coinbase(BTC_X)");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+
+            tests = new[]
+            {
+                (Pair: "LTC_CAD", Expected: "ERR_NO_RULE_MATCH(LTC_CAD)"),
+                (Pair: "DOGE_USD", Expected: "ERR_NO_RULE_MATCH(LTC_CAD) * gdax(BTC_USD) * 1.1"),
+                (Pair: "LTC_CHF", Expected: "ERR_TOO_MUCH_NESTED_CALLS(LTC_CHF) * 1.01"),
+            };
+            foreach (var test in tests)
+            {
+                Assert.Equal(test.Expected, rules.GetRuleFor(CurrencyPair.Parse(test.Pair)).ToString());
+            }
+            //////////////////
+
+            // Check if we can resolve exchange rates
+            builder = new StringBuilder();
+            builder.AppendLine("DOGE_X = DOGE_BTC * BTC_X * 1.1");
+            builder.AppendLine("DOGE_BTC = Bittrex(DOGE_BTC)");
+            builder.AppendLine("BTC_usd = GDax(BTC_USD)");
+            builder.AppendLine("BTC_X = Coinbase(BTC_X)");
+            builder.AppendLine("X_X = CoinAverage(X_X) * 1.02");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+
+            var tests2 = new[]
+            {
+                (Pair: "DOGE_USD", Expected: "bittrex(DOGE_BTC) * gdax(BTC_USD) * 1.1", ExpectedExchangeRates: "bittrex(DOGE_BTC),gdax(BTC_USD)"),
+                (Pair: "BTC_USD", Expected: "gdax(BTC_USD)", ExpectedExchangeRates: "gdax(BTC_USD)"),
+                (Pair: "BTC_CAD", Expected: "coinbase(BTC_CAD)", ExpectedExchangeRates: "coinbase(BTC_CAD)"),
+                (Pair: "DOGE_CAD", Expected: "bittrex(DOGE_BTC) * coinbase(BTC_CAD) * 1.1", ExpectedExchangeRates: "bittrex(DOGE_BTC),coinbase(BTC_CAD)"),
+                (Pair: "LTC_CAD", Expected: "coinaverage(LTC_CAD) * 1.02", ExpectedExchangeRates: "coinaverage(LTC_CAD)"),
+            };
+            foreach (var test in tests2)
+            {
+                var rule = rules.GetRuleFor(CurrencyPair.Parse(test.Pair));
+                Assert.Equal(test.Expected, rule.ToString());
+                Assert.Equal(test.ExpectedExchangeRates, string.Join(',', rule.ExchangeRates.OfType<object>().ToArray()));
+            }
+            var rule2 = rules.GetRuleFor(CurrencyPair.Parse("DOGE_CAD"));
+            rule2.ExchangeRates.SetRate("bittrex", CurrencyPair.Parse("DOGE_BTC"), new BidAsk(5000m));
+            rule2.Reevaluate();
+            Assert.True(rule2.HasError);
+            Assert.Equal("5000 * ERR_RATE_UNAVAILABLE(coinbase, BTC_CAD) * 1.1", rule2.ToString(true));
+            Assert.Equal("bittrex(DOGE_BTC) * coinbase(BTC_CAD) * 1.1", rule2.ToString(false));
+            rule2.ExchangeRates.SetRate("coinbase", CurrencyPair.Parse("BTC_CAD"), new BidAsk(2000.4m));
+            rule2.Reevaluate();
+            Assert.False(rule2.HasError);
+            Assert.Equal("5000 * 2000.4 * 1.1", rule2.ToString(true));
+            Assert.Equal(rule2.BidAsk.Bid, 5000m * 2000.4m * 1.1m);
+            ////////
+
+            // Make sure parenthesis are correctly calculated
+            builder = new StringBuilder();
+            builder.AppendLine("DOGE_X = DOGE_BTC * BTC_X");
+            builder.AppendLine("BTC_USD = -3 + coinbase(BTC_CAD) + 50 - 5");
+            builder.AppendLine("DOGE_BTC = 2000");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rules.Spread = 0.1m;
+
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("DOGE_USD"));
+            Assert.Equal("(2000 * (-3 + coinbase(BTC_CAD) + 50 - 5)) * (0.9, 1.1)", rule2.ToString());
+            rule2.ExchangeRates.SetRate("coinbase", CurrencyPair.Parse("BTC_CAD"), new BidAsk(1000m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("(2000 * (-3 + 1000 + 50 - 5)) * (0.9, 1.1)", rule2.ToString(true));
+            Assert.Equal((2000m * (-3m + 1000m + 50m - 5m)) * 0.9m, rule2.BidAsk.Bid);
+
+            // Test inverse
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("USD_DOGE"));
+            Assert.Equal("(1 / (2000 * (-3 + coinbase(BTC_CAD) + 50 - 5))) * (0.9, 1.1)", rule2.ToString());
+            rule2.ExchangeRates.SetRate("coinbase", CurrencyPair.Parse("BTC_CAD"), new BidAsk(1000m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("(1 / (2000 * (-3 + 1000 + 50 - 5))) * (0.9, 1.1)", rule2.ToString(true));
+            Assert.Equal((1.0m / (2000m * (-3m + 1000m + 50m - 5m))) * 0.9m, rule2.BidAsk.Bid);
+            ////////
+
+            // Make sure kraken is not converted to CurrencyPair
+            builder = new StringBuilder();
+            builder.AppendLine("BTC_USD = kraken(BTC_USD)");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("BTC_USD"));
+            rule2.ExchangeRates.SetRate("kraken", CurrencyPair.Parse("BTC_USD"), new BidAsk(1000m));
+            Assert.True(rule2.Reevaluate());
+
+            // Make sure can handle pairs
+            builder = new StringBuilder();
+            builder.AppendLine("BTC_USD = kraken(BTC_USD)");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("BTC_USD"));
+            rule2.ExchangeRates.SetRate("kraken", CurrencyPair.Parse("BTC_USD"), new BidAsk(6000m, 6100m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("(6000, 6100)", rule2.ToString(true));
+            Assert.Equal(6000m, rule2.BidAsk.Bid);
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("USD_BTC"));
+            rule2.ExchangeRates.SetRate("kraken", CurrencyPair.Parse("BTC_USD"), new BidAsk(6000m, 6100m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("1 / (6000, 6100)", rule2.ToString(true));
+            Assert.Equal(1m / 6100m, rule2.BidAsk.Bid);
+
+            // Make sure the inverse has more priority than X_X or CDNT_X
+            builder = new StringBuilder();
+            builder.AppendLine("EUR_CDNT = 10");
+            builder.AppendLine("CDNT_BTC = CDNT_EUR * EUR_BTC;");
+            builder.AppendLine("CDNT_X = CDNT_BTC * BTC_X;");
+            builder.AppendLine("X_X = coinaverage(X_X);");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("CDNT_EUR"));
+            rule2.ExchangeRates.SetRate("coinaverage", CurrencyPair.Parse("BTC_USD"), new BidAsk(6000m, 6100m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal("1 / 10", rule2.ToString(false));
+
+            // Make sure an inverse can be solved on an exchange
+            builder = new StringBuilder();
+            builder.AppendLine("X_X = coinaverage(X_X);");
+            Assert.True(RateRules.TryParse(builder.ToString(), out rules));
+            rule2 = rules.GetRuleFor(CurrencyPair.Parse("USD_BTC"));
+            rule2.ExchangeRates.SetRate("coinaverage", CurrencyPair.Parse("BTC_USD"), new BidAsk(6000m, 6100m));
+            Assert.True(rule2.Reevaluate());
+            Assert.Equal($"({(1m / 6100m).ToString(CultureInfo.InvariantCulture)}, {(1m / 6000m).ToString(CultureInfo.InvariantCulture)})", rule2.ToString(true));
+        }
+    }
+}
--- a/BTCPayServer.Tests/ServerTester.cs
+++ b/BTCPayServer.Tests/ServerTester.cs
@ -18,8 +18,10 @@ using System.Text;
 using System.Threading.Tasks;
 using System.Threading;
 using System.Globalization;
-using BTCPayServer.Payments.Lightning.CLightning;
-using BTCPayServer.Payments.Lightning.Charge;
+using BTCPayServer.Tests.Lnd;
+using BTCPayServer.Payments.Lightning;
+using BTCPayServer.Lightning.CLightning;
+using BTCPayServer.Lightning;

 namespace BTCPayServer.Tests
 {
@ -34,6 +36,38 @@ namespace BTCPayServer.Tests
        public ServerTester(string scope)
        {
            _Directory = scope;
+            if (Directory.Exists(_Directory))
+                Utils.DeleteDirectory(_Directory);
+            if (!Directory.Exists(_Directory))
+                Directory.CreateDirectory(_Directory);
+
+            NetworkProvider = new BTCPayNetworkProvider(NetworkType.Regtest);
+            ExplorerNode = new RPCClient(RPCCredentialString.Parse(GetEnvironment("TESTS_BTCRPCCONNECTION", "server=http://127.0.0.1:43782;ceiwHEbqWI83:DwubwWsoo3")), NetworkProvider.GetNetwork("BTC").NBitcoinNetwork);
+            LTCExplorerNode = new RPCClient(RPCCredentialString.Parse(GetEnvironment("TESTS_LTCRPCCONNECTION", "server=http://127.0.0.1:43783;ceiwHEbqWI83:DwubwWsoo3")), NetworkProvider.GetNetwork("LTC").NBitcoinNetwork);
+
+            ExplorerClient = new ExplorerClient(NetworkProvider.GetNetwork("BTC").NBXplorerNetwork, new Uri(GetEnvironment("TESTS_BTCNBXPLORERURL", "http://127.0.0.1:32838/")));
+            LTCExplorerClient = new ExplorerClient(NetworkProvider.GetNetwork("LTC").NBXplorerNetwork, new Uri(GetEnvironment("TESTS_LTCNBXPLORERURL", "http://127.0.0.1:32838/")));
+
+            var btc = NetworkProvider.GetNetwork("BTC").NBitcoinNetwork;
+            CustomerLightningD = LightningClientFactory.CreateClient(GetEnvironment("TEST_CUSTOMERLIGHTNINGD", "type=clightning;server=tcp://127.0.0.1:30992/"), btc);
+            MerchantLightningD = LightningClientFactory.CreateClient(GetEnvironment("TEST_MERCHANTLIGHTNINGD", "type=clightning;server=tcp://127.0.0.1:30993/"), btc);
+
+            MerchantCharge = new ChargeTester(this, "TEST_MERCHANTCHARGE", "type=charge;server=http://127.0.0.1:54938/;api-token=foiewnccewuify", "merchant_lightningd", btc);
+
+            MerchantLnd = new LndMockTester(this, "TEST_MERCHANTLND", "https://lnd:lnd@127.0.0.1:53280/", "merchant_lnd", btc);
+
+            PayTester = new BTCPayServerTester(Path.Combine(_Directory, "pay"))
+            {
+                NBXplorerUri = ExplorerClient.Address,
+                LTCNBXplorerUri = LTCExplorerClient.Address,
+                TestDatabase = Enum.Parse<TestDatabases>(GetEnvironment("TESTS_DB", TestDatabases.Postgres.ToString()), true),
+                Postgres = GetEnvironment("TESTS_POSTGRES", "User ID=postgres;Host=127.0.0.1;Port=39372;Database=btcpayserver"),
+                MySQL = GetEnvironment("TESTS_MYSQL", "User ID=root;Host=127.0.0.1;Port=33036;Database=btcpayserver"),
+                IntegratedLightning = MerchantCharge.Client.Uri
+            };
+            PayTester.Port = int.Parse(GetEnvironment("TESTS_PORT", Utils.FreeTcpPort().ToString(CultureInfo.InvariantCulture)), CultureInfo.InvariantCulture);
+            PayTester.HostName = GetEnvironment("TESTS_HOSTNAME", "127.0.0.1");
+            PayTester.InContainer = bool.Parse(GetEnvironment("TESTS_INCONTAINER", "false"));
        }

        public bool Dockerized
@ -43,101 +77,27 @@ namespace BTCPayServer.Tests

        public void Start()
        {
-            if (Directory.Exists(_Directory))
-                Utils.DeleteDirectory(_Directory);
-            if (!Directory.Exists(_Directory))
-                Directory.CreateDirectory(_Directory);
-
-
-            NetworkProvider = new BTCPayNetworkProvider(ChainType.Regtest);
-            ExplorerNode = new RPCClient(RPCCredentialString.Parse(GetEnvironment("TESTS_BTCRPCCONNECTION", "server=http://127.0.0.1:43782;ceiwHEbqWI83:DwubwWsoo3")), NetworkProvider.GetNetwork("BTC").NBitcoinNetwork);
-            LTCExplorerNode = new RPCClient(RPCCredentialString.Parse(GetEnvironment("TESTS_LTCRPCCONNECTION", "server=http://127.0.0.1:43783;ceiwHEbqWI83:DwubwWsoo3")), NetworkProvider.GetNetwork("LTC").NBitcoinNetwork);
-
-            ExplorerClient = new ExplorerClient(NetworkProvider.GetNetwork("BTC").NBXplorerNetwork, new Uri(GetEnvironment("TESTS_BTCNBXPLORERURL", "http://127.0.0.1:32838/")));
-            LTCExplorerClient = new ExplorerClient(NetworkProvider.GetNetwork("LTC").NBXplorerNetwork, new Uri(GetEnvironment("TESTS_LTCNBXPLORERURL", "http://127.0.0.1:32838/")));
-
-            var btc = NetworkProvider.GetNetwork("BTC").NBitcoinNetwork;
-            CustomerLightningD = new CLightningRPCClient(new Uri(GetEnvironment("TEST_CUSTOMERLIGHTNINGD", "tcp://127.0.0.1:30992/")), btc);
-            MerchantLightningD = new CLightningRPCClient(new Uri(GetEnvironment("TEST_MERCHANTLIGHTNINGD", "tcp://127.0.0.1:30993/")), btc);
-
-            MerchantCharge = new ChargeTester(this, "TEST_MERCHANTCHARGE", "http://api-token:foiewnccewuify@127.0.0.1:54938/", "merchant_lightningd", btc);
-
-            PayTester = new BTCPayServerTester(Path.Combine(_Directory, "pay"))
-            {
-                NBXplorerUri = ExplorerClient.Address,
-                LTCNBXplorerUri = LTCExplorerClient.Address,
-                Postgres = GetEnvironment("TESTS_POSTGRES", "User ID=postgres;Host=127.0.0.1;Port=39372;Database=btcpayserver"),
-                IntegratedLightning = MerchantCharge.Client.Uri
-            };
-            PayTester.Port = int.Parse(GetEnvironment("TESTS_PORT", Utils.FreeTcpPort().ToString(CultureInfo.InvariantCulture)), CultureInfo.InvariantCulture);
-            PayTester.HostName = GetEnvironment("TESTS_HOSTNAME", "127.0.0.1");
-            PayTester.InContainer = bool.Parse(GetEnvironment("TESTS_INCONTAINER", "false"));
            PayTester.Start();
        }

-
-        /// <summary>
-        /// Connect a customer LN node to the merchant LN node
-        /// </summary>
-        public void PrepareLightning()
-        {
-            PrepareLightningAsync().GetAwaiter().GetResult();
-        }
-
-
        /// <summary>
        /// Connect a customer LN node to the merchant LN node
        /// </summary>
        /// <returns></returns>
-        public async Task PrepareLightningAsync()
+        public Task EnsureChannelsSetup()
        {
-            while (true)
-            {
-                var skippedStates = new[] { "ONCHAIN", "CHANNELD_SHUTTING_DOWN", "CLOSINGD_SIGEXCHANGE", "CLOSINGD_COMPLETE", "FUNDING_SPEND_SEEN" };
-                var channel = (await CustomerLightningD.ListPeersAsync())
-                            .SelectMany(p => p.Channels)
-                            .Where(c => !skippedStates.Contains(c.State ?? ""))
-                            .FirstOrDefault();
-                switch (channel?.State)
-                {
-                    case null:
-                        var merchantInfo = await WaitLNSynched();
-                        var clightning = new NodeInfo(merchantInfo.Id, MerchantCharge.P2PHost, merchantInfo.Port);
-                        await CustomerLightningD.ConnectAsync(clightning);
-                        var address = await CustomerLightningD.NewAddressAsync();
-                        await ExplorerNode.SendToAddressAsync(address, Money.Coins(0.2m));
-                        ExplorerNode.Generate(1);
-                        await WaitLNSynched();
-                        await Task.Delay(1000);
-                        await CustomerLightningD.FundChannelAsync(clightning, Money.Satoshis(16777215));
-                        break;
-                    case "CHANNELD_AWAITING_LOCKIN":
-                        ExplorerNode.Generate(1);
-                        await WaitLNSynched();
-                        break;
-                    case "CHANNELD_NORMAL":
-                        return;
-                    default:
-                        throw new NotSupportedException(channel?.State ?? "");
-                }
-            }
+            return BTCPayServer.Lightning.Tests.ConnectChannels.ConnectAll(ExplorerNode, GetLightningSenderClients(), GetLightningDestClients());
        }

-        private async Task<GetInfoResponse> WaitLNSynched()
+        private IEnumerable<ILightningClient> GetLightningSenderClients()
        {
-            while (true)
-            {
-                var merchantInfo = await MerchantCharge.Client.GetInfoAsync();
-                var blockCount = await ExplorerNode.GetBlockCountAsync();
-                if (merchantInfo.BlockHeight != blockCount)
-                {
-                    await Task.Delay(1000);
-                }
-                else
-                {
-                    return merchantInfo;
-                }
-            }
+            yield return CustomerLightningD;
+        }
+
+        private IEnumerable<ILightningClient> GetLightningDestClients()
+        {
+            yield return MerchantLightningD;
+            yield return MerchantLnd.Client;
        }

        public void SendLightningPayment(Invoice invoice)
@ -149,12 +109,14 @@ namespace BTCPayServer.Tests
        {
            var bolt11 = invoice.CryptoInfo.Where(o => o.PaymentUrls.BOLT11 != null).First().PaymentUrls.BOLT11;
            bolt11 = bolt11.Replace("lightning:", "", StringComparison.OrdinalIgnoreCase);
-            await CustomerLightningD.SendAsync(bolt11);
+            await CustomerLightningD.Pay(bolt11);
        }

-        public CLightningRPCClient CustomerLightningD { get; set; }
-        public CLightningRPCClient MerchantLightningD { get; private set; }
+        public ILightningClient CustomerLightningD { get; set; }
+
+        public ILightningClient MerchantLightningD { get; private set; }
        public ChargeTester MerchantCharge { get; private set; }
+        public LndMockTester MerchantLnd { get; set; }

        internal string GetEnvironment(string variable, string defaultValue)
        {
@ -186,106 +148,18 @@ namespace BTCPayServer.Tests

        HttpClient _Http = new HttpClient();

-        class MockHttpRequest : HttpRequest
-        {
-            Uri serverUri;
-            public MockHttpRequest(Uri serverUri)
-            {
-                this.serverUri = serverUri;
-            }
-            public override HttpContext HttpContext => throw new NotImplementedException();
-
-            public override string Method
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override string Scheme
-            {
-                get => serverUri.Scheme;
-                set => throw new NotImplementedException();
-            }
-            public override bool IsHttps
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override HostString Host
-            {
-                get => new HostString(serverUri.Host, serverUri.Port);
-                set => throw new NotImplementedException();
-            }
-            public override PathString PathBase
-            {
-                get => "";
-                set => throw new NotImplementedException();
-            }
-            public override PathString Path
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override QueryString QueryString
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override IQueryCollection Query
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override string Protocol
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-
-            public override IHeaderDictionary Headers => throw new NotImplementedException();
-
-            public override IRequestCookieCollection Cookies
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override long? ContentLength
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override string ContentType
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-            public override Stream Body
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-
-            public override bool HasFormContentType => throw new NotImplementedException();
-
-            public override IFormCollection Form
-            {
-                get => throw new NotImplementedException();
-                set => throw new NotImplementedException();
-            }
-
-            public override Task<IFormCollection> ReadFormAsync(CancellationToken cancellationToken = default(CancellationToken))
-            {
-                throw new NotImplementedException();
-            }
-        }
-
-
        public BTCPayServerTester PayTester
        {
            get; set;
        }
+        public List<string> Stores { get; internal set; } = new List<string>();

        public void Dispose()
        {
+            foreach (var store in Stores)
+            {
+                Xunit.Assert.True(PayTester.StoreRepository.DeleteStore(store).GetAwaiter().GetResult());
+            }
            if (PayTester != null)
                PayTester.Dispose();
        }
--- a/BTCPayServer.Tests/TestAccount.cs
+++ b/BTCPayServer.Tests/TestAccount.cs
@ -14,6 +14,9 @@ using Xunit;
 using NBXplorer.DerivationStrategy;
 using BTCPayServer.Payments;
 using BTCPayServer.Payments.Lightning;
+using BTCPayServer.Tests.Logging;
+using BTCPayServer.Lightning;
+using BTCPayServer.Lightning.CLightning;

 namespace BTCPayServer.Tests
 {
@ -44,47 +47,53 @@ namespace BTCPayServer.Tests
        public async Task GrantAccessAsync()
        {
            await RegisterAsync();
-            var store = await CreateStoreAsync();
+            await CreateStoreAsync();
+            var store = this.GetController<StoresController>();
            var pairingCode = BitPay.RequestClientAuthorization("test", Facade.Merchant);
            Assert.IsType<ViewResult>(await store.RequestPairing(pairingCode.ToString()));
            await store.Pair(pairingCode.ToString(), StoreId);
        }
-        public StoresController CreateStore()
+        public void CreateStore()
        {
-            return CreateStoreAsync().GetAwaiter().GetResult();
+            CreateStoreAsync().GetAwaiter().GetResult();
        }

-        public async Task<StoresController> CreateStoreAsync()
+        public T GetController<T>(bool setImplicitStore = true) where T : Controller
        {
-            var store = parent.PayTester.GetController<UserStoresController>(UserId);
+            return parent.PayTester.GetController<T>(UserId, setImplicitStore ? StoreId : null);
+        }
+
+        public async Task CreateStoreAsync()
+        {
+            var store = this.GetController<UserStoresController>();
            await store.CreateStore(new CreateStoreViewModel() { Name = "Test Store" });
            StoreId = store.CreatedStoreId;
-            var store2 = parent.PayTester.GetController<StoresController>(UserId);
-            store2.CreatedStoreId = store.CreatedStoreId;
-            return store2;
+            parent.Stores.Add(StoreId);
        }

        public BTCPayNetwork SupportedNetwork { get; set; }

-        public void RegisterDerivationScheme(string crytoCode)
+        public WalletId RegisterDerivationScheme(string crytoCode, bool segwit = false)
        {
-            RegisterDerivationSchemeAsync(crytoCode).GetAwaiter().GetResult();
+            return RegisterDerivationSchemeAsync(crytoCode, segwit).GetAwaiter().GetResult();
        }
-        public async Task RegisterDerivationSchemeAsync(string cryptoCode)
+        public async Task<WalletId> RegisterDerivationSchemeAsync(string cryptoCode, bool segwit = false)
        {
            SupportedNetwork = parent.NetworkProvider.GetNetwork(cryptoCode);
-            var store = parent.PayTester.GetController<StoresController>(UserId);
+            var store = parent.PayTester.GetController<StoresController>(UserId, StoreId);
            ExtKey = new ExtKey().GetWif(SupportedNetwork.NBitcoinNetwork);
-            DerivationScheme = new DerivationStrategyFactory(SupportedNetwork.NBitcoinNetwork).Parse(ExtKey.Neuter().ToString() + "-[legacy]");
-            var vm = (StoreViewModel)((ViewResult)await store.UpdateStore(StoreId)).Model;
+            DerivationScheme = new DerivationStrategyFactory(SupportedNetwork.NBitcoinNetwork).Parse(ExtKey.Neuter().ToString() + (segwit ? "" : "-[legacy]"));
+            var vm = (StoreViewModel)((ViewResult)store.UpdateStore()).Model;
            vm.SpeedPolicy = SpeedPolicy.MediumSpeed;
-            await store.UpdateStore(StoreId, vm);
+            await store.UpdateStore(vm);

            await store.AddDerivationScheme(StoreId, new DerivationSchemeViewModel()
            {
                DerivationScheme = DerivationScheme.ToString(),
                Confirmation = true
            }, cryptoCode);
+
+            return new WalletId(StoreId, cryptoCode);
        }

        public DerivationStrategyBase DerivationScheme { get; set; }
@ -114,7 +123,7 @@ namespace BTCPayServer.Tests
        {
            get; set;
        }
-        
+
        public void RegisterLightningNode(string cryptoCode, LightningConnectionType connectionType)
        {
            RegisterLightningNodeAsync(cryptoCode, connectionType).GetAwaiter().GetResult();
@ -122,15 +131,25 @@ namespace BTCPayServer.Tests

        public async Task RegisterLightningNodeAsync(string cryptoCode, LightningConnectionType connectionType)
        {
-            var storeController = parent.PayTester.GetController<StoresController>(UserId);
+            var storeController = this.GetController<StoresController>();
+
+            string connectionString = null;
+            if (connectionType == LightningConnectionType.Charge)
+                connectionString = "type=charge;server=" + parent.MerchantCharge.Client.Uri.AbsoluteUri;
+            else if (connectionType == LightningConnectionType.CLightning)
+                connectionString = "type=clightning;server=" + ((CLightningClient)parent.MerchantLightningD).Address.AbsoluteUri;
+            else if (connectionType == LightningConnectionType.LndREST)
+                connectionString = $"type=lnd-rest;server={parent.MerchantLnd.Swagger.BaseUrl};allowinsecure=true";
+            else
+                throw new NotSupportedException(connectionType.ToString());
+
            await storeController.AddLightningNode(StoreId, new LightningNodeViewModel()
            {
-                Url = connectionType == LightningConnectionType.Charge ? parent.MerchantCharge.Client.Uri.AbsoluteUri :
-                      connectionType == LightningConnectionType.CLightning ? parent.MerchantLightningD.Address.AbsoluteUri
-                      : throw new NotSupportedException(connectionType.ToString())
+                ConnectionString = connectionString,
+                SkipPortTest = true
            }, "save", "BTC");
            if (storeController.ModelState.ErrorCount != 0)
                Assert.False(true, storeController.ModelState.FirstOrDefault().Value.Errors[0].ErrorMessage);
        }
-}
+    }
 }
--- a/BTCPayServer.Tests/UnitTest1.cs
+++ b/BTCPayServer.Tests/UnitTest1.cs
--- a/BTCPayServer.Tests/UnitTestPeusa.cs
+++ b/BTCPayServer.Tests/UnitTestPeusa.cs
@ -1,52 +0,0 @@
-using NBitcoin;
-using NBitcoin.DataEncoders;
-using NBitpayClient;
-using System;
-using System.Collections.Generic;
-using System.Text;
-using Xunit;
-
-namespace BTCPayServer.Tests
-{
-    // Helper class for testing functionality and generating data needed during coding/debuging
-    public class UnitTestPeusa
-    {
-        // Unit test that generates temorary checkout Bitpay page
-        // https://forkbitpay.slack.com/archives/C7M093Z55/p1508293682000217
-
-        // Testnet of Bitpay down
-        //[Fact]
-        //public void BitpayCheckout()
-        //{
-        //    var key = new Key(Encoders.Hex.DecodeData("7b70a06f35562873e3dcb46005ed0fe78e1991ad906e56adaaafa40ba861e056"));
-        //    var url = new Uri("https://test.bitpay.com/");
-        //    var btcpay = new Bitpay(key, url);
-        //    var invoice = btcpay.CreateInvoice(new Invoice()
-        //    {
-
-        //        Price = 5.0,
-        //        Currency = "USD",
-        //        PosData = "posData",
-        //        OrderId = "cdfd8a5f-6928-4c3b-ba9b-ddf438029e73",
-        //        ItemDesc = "Hello from the otherside"
-        //    }, Facade.Merchant);
-
-        //    // go to invoice.Url
-        //    Console.WriteLine(invoice.Url);
-        //}
-
-        // Generating Extended public key to use on http://localhost:14142/stores/{storeId}
-        [Fact]
-        public void GeneratePubkey()
-        {
-            var network = Network.RegTest;
-
-            ExtKey masterKey = new ExtKey();
-            Console.WriteLine("Master key : " + masterKey.ToString(network));
-            ExtPubKey masterPubKey = masterKey.Neuter();
-
-            ExtPubKey pubkey = masterPubKey.Derive(0);
-            Console.WriteLine("PubKey " + 0 + " : " + pubkey.ToString(network));
-        }
-    }
-}
--- a/BTCPayServer.Tests/UtilitiesTests.cs
+++ b/BTCPayServer.Tests/UtilitiesTests.cs
@ -0,0 +1,111 @@
+using System;
+using System.Linq;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Configuration;
+using NBitcoin.DataEncoders;
+using Newtonsoft.Json.Linq;
+using Xunit;
+using System.IO;
+
+namespace BTCPayServer.Tests
+{
+    /// <summary>
+    /// This class hold easy to run utilities for dev time
+    /// </summary>
+    public class UtilitiesTests
+    {
+        /// <summary>
+        /// Download transifex transactions and put them in BTCPayServer\wwwroot\locales
+        /// </summary>
+        [Trait("Utilities", "Utilities")]
+        [Fact]
+        public async Task PullTransifexTranslations()
+        {
+            // 1. Generate an API Token on https://www.transifex.com/user/settings/api/
+            // 2. Run "dotnet user-secrets set TransifexAPIToken <youapitoken>"
+            var client = new TransifexClient(GetTransifexAPIToken());
+            var json = await client.GetTransifexAsync("https://api.transifex.com/organizations/btcpayserver/projects/btcpayserver/resources/enjson/");
+            var langs = new[] { "en" }.Concat(((JObject)json["stats"]).Properties().Select(n => n.Name)).ToArray();
+
+            var langsDir = Path.Combine(Services.LanguageService.TryGetSolutionDirectoryInfo().FullName, "BTCPayServer", "wwwroot", "locales");
+
+            JObject sourceLang = null;
+            Task.WaitAll(langs.Select(async l =>
+            {
+                bool isSourceLang = l == "en";
+                var j = await client.GetTransifexAsync($"https://www.transifex.com/api/2/project/btcpayserver/resource/enjson/translation/{l}/");
+                if(!isSourceLang)
+                {
+                    while (sourceLang == null)
+                        await Task.Delay(10);
+                }
+                var content = j["content"].Value<string>();
+                if (l == "ne_NP")
+                    l = "np_NP";
+                if (l == "zh_CN")
+                    l = "zh-SP";
+                if (l == "kk")
+                    l = "kk-KZ";
+
+                var langCode = l.Replace("_", "-");
+                var langFile = Path.Combine(langsDir, langCode + ".json");
+                var jobj = JObject.Parse(content);
+                jobj["code"] = langCode;
+
+                if ((string)jobj["currentLanguage"] == "English" && !isSourceLang)
+                    return; // Not translated
+                if ((string)jobj["currentLanguage"] == "disable")
+                    return; // Not translated
+
+                jobj.AddFirst(new JProperty("NOTICE_WARN", "THIS CODE HAS BEEN AUTOMATICALLY GENERATED FROM TRANSIFEX, IF YOU WISH TO HELP TRANSLATION COME ON THE SLACK http://slack.btcpayserver.org TO REQUEST PERMISSION TO https://www.transifex.com/btcpayserver/btcpayserver/"));
+                if (isSourceLang)
+                {
+                    sourceLang = jobj;
+                }
+                else
+                {
+                    if(jobj["InvoiceExpired_Body_3"].Value<string>() == sourceLang["InvoiceExpired_Body_3"].Value<string>())
+                    {
+                        jobj["InvoiceExpired_Body_3"] = string.Empty;
+                    }
+                }
+                content = jobj.ToString(Newtonsoft.Json.Formatting.Indented);
+                File.WriteAllText(Path.Combine(langsDir, langFile), content);
+            }).ToArray());
+        }
+
+        private static string GetTransifexAPIToken()
+        {
+            var builder = new ConfigurationBuilder();
+            builder.AddUserSecrets("AB0AC1DD-9D26-485B-9416-56A33F268117");
+            var config = builder.Build();
+            var token = config["TransifexAPIToken"];
+            Assert.False(token == null, "TransifexAPIToken is not set.\n 1.Generate an API Token on https://www.transifex.com/user/settings/api/ \n 2.Run \"dotnet user-secrets set TransifexAPIToken <youapitoken>\"");
+            return token;
+        }
+    }
+
+    public class TransifexClient
+    {
+        public TransifexClient(string apiToken)
+        {
+            Client = new HttpClient();
+            APIToken = apiToken;
+        }
+
+        public HttpClient Client { get; }
+        public string APIToken { get; }
+
+        public async Task<JObject> GetTransifexAsync(string uri)
+        {
+            var message = new HttpRequestMessage(HttpMethod.Get, uri);
+            message.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", Encoders.Base64.EncodeData(Encoding.ASCII.GetBytes($"api:{APIToken}")));
+            message.Headers.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
+            var response = await Client.SendAsync(message);
+            return await response.Content.ReadAsAsync<JObject>();
+        }
+    }
+}
--- a/BTCPayServer.Tests/docker-bitcoin-cli.ps1
+++ b/BTCPayServer.Tests/docker-bitcoin-cli.ps1
@ -1 +1,2 @@
-docker exec -ti btcpayservertests_bitcoind_1 bitcoin-cli -datadir="/data" $args
+$bitcoind_container_id=$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=bitcoind)
+docker exec -ti $bitcoind_container_id bitcoin-cli -datadir="/data" $args
--- a/BTCPayServer.Tests/docker-bitcoin-cli.sh
+++ b/BTCPayServer.Tests/docker-bitcoin-cli.sh
@ -1,3 +1,4 @@
 #!/bin/bash

-docker exec -ti btcpayservertests_bitcoind_1 bitcoin-cli -datadir="/data" "$@"
+bitcoind_container_id="$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=bitcoind)"
+docker exec -ti "$bitcoind_container_id" bitcoin-cli -datadir="/data" "$@"
--- a/BTCPayServer.Tests/docker-compose.yml
+++ b/BTCPayServer.Tests/docker-compose.yml
@ -14,12 +14,15 @@ services:
      TESTS_LTCRPCCONNECTION: server=http://litecoind:43782;ceiwHEbqWI83:DwubwWsoo3
      TESTS_BTCNBXPLORERURL: http://nbxplorer:32838/
      TESTS_LTCNBXPLORERURL: http://nbxplorer:32838/
+      TESTS_DB: "Postgres"
      TESTS_POSTGRES: User ID=postgres;Host=postgres;Port=5432;Database=btcpayserver
+      TESTS_MYSQL: User ID=root;Host=mysql;Port=3306;Database=btcpayserver
      TESTS_PORT: 80
      TESTS_HOSTNAME: tests
-      TEST_MERCHANTLIGHTNINGD: "/etc/merchant_lightningd_datadir/lightning-rpc"
-      TEST_CUSTOMERLIGHTNINGD: "/etc/customer_lightningd_datadir/lightning-rpc"
-      TEST_MERCHANTCHARGE: http://api-token:foiewnccewuify@lightning-charged:9112/
+      TEST_MERCHANTLIGHTNINGD: "type=clightning;server=unix://etc/merchant_lightningd_datadir/lightning-rpc"
+      TEST_CUSTOMERLIGHTNINGD: "type=clightning;server=unix://etc/customer_lightningd_datadir/lightning-rpc"
+      TEST_MERCHANTCHARGE: "type=charge;server=http://lightning-charged:9112/;api-token=foiewnccewuify"
+      TEST_MERCHANTLND: "https://lnd:lnd@merchant_lnd:8080/"
      TESTS_INCONTAINER: "true"
    expose:
      - "80"
@ -33,20 +36,41 @@ services:

  # The dev container is not actually used, it is just handy to run `docker-compose up dev` to start all services
  dev: 
-    image: nicolasdorier/docker-bitcoin:0.16.0
+    image: btcpayserver/bitcoin:0.17.0
    environment:
+      BITCOIN_NETWORK: regtest
      BITCOIN_EXTRA_ARGS: |
-        regtest=1
+        deprecatedrpc=signrawtransaction
        connect=bitcoind:39388
    links:
      - nbxplorer
      - postgres
+      - mysql
      - customer_lightningd
      - merchant_lightningd
      - lightning-charged
+      - customer_lnd
+      - merchant_lnd
+
+  devlnd: 
+    image: btcpayserver/bitcoin:0.17.0
+    environment:
+      BITCOIN_NETWORK: regtest
+      BITCOIN_EXTRA_ARGS: |
+        deprecatedrpc=signrawtransaction
+        connect=bitcoind:39388
+    links:
+      - nbxplorer
+      - postgres
+      - mysql
+      - customer_lnd
+      - merchant_lnd
+
+

  nbxplorer:
-    image: nicolasdorier/nbxplorer:1.0.1.24
+    image: nicolasdorier/nbxplorer:2.0.0.2
+    restart: unless-stopped
    ports:
      - "32838:32838"
    expose: 
@ -70,34 +94,44 @@ services:
      - litecoind

  bitcoind:
-    image: nicolasdorier/docker-bitcoin:0.16.0
+    image: btcpayserver/bitcoin:0.17.0
    environment:
+      BITCOIN_NETWORK: regtest
      BITCOIN_EXTRA_ARGS: |
+        deprecatedrpc=signrawtransaction
        rpcuser=ceiwHEbqWI83
        rpcpassword=DwubwWsoo3
-        regtest=1
-        server=1
        rpcport=43782
        port=39388
        whitelist=0.0.0.0/0
+        zmqpubrawblock=tcp://0.0.0.0:28332
+        zmqpubrawtx=tcp://0.0.0.0:28333
    ports: 
      - "43782:43782"
+      - "28332:28332"
    expose:
      - "43782" # RPC
      - "39388" # P2P
+      - "28332" # ZMQ
+      - "28333" # ZMQ
    volumes:
      - "bitcoin_datadir:/data"

  customer_lightningd:
-    image: nicolasdorier/clightning
+    image: btcpayserver/lightning:v0.6.2-dev
+    stop_signal: SIGKILL
+    restart: unless-stopped
    environment: 
      EXPOSE_TCP: "true"
      LIGHTNINGD_OPT: |
        bitcoin-datadir=/etc/bitcoin
        bitcoin-rpcconnect=bitcoind
        network=regtest
-        ipaddr=customer_lightningd
+        bind-addr=0.0.0.0
+        announce-addr=customer_lightningd
        log-level=debug
+        dev-broadcast-interval=1000
+        dev-bitcoind-poll=1
    ports:
      - "30992:9835" # api port
    expose:
@ -110,11 +144,11 @@ services:
      - bitcoind

  lightning-charged:
-    image: shesek/lightning-charge:0.3.5
+    image: shesek/lightning-charge:0.4.3
+    restart: unless-stopped
    environment:
      NETWORK: regtest
      API_TOKEN: foiewnccewuify
-      SKIP_BITCOIND: 1
      BITCOIND_RPCCONNECT: bitcoind
    volumes:
      - "bitcoin_datadir:/etc/bitcoin"
@ -130,15 +164,18 @@ services:
      - merchant_lightningd

  merchant_lightningd:
-    image: nicolasdorier/clightning
+    image: btcpayserver/lightning:v0.6.2-dev
+    stop_signal: SIGKILL
    environment: 
      EXPOSE_TCP: "true"
      LIGHTNINGD_OPT: |
        bitcoin-datadir=/etc/bitcoin
        bitcoin-rpcconnect=bitcoind
-        ipaddr=merchant_lightningd
+        bind-addr=0.0.0.0
+        announce-addr=merchant_lightningd
        network=regtest
        log-level=debug
+        dev-broadcast-interval=1000
    ports:
      - "30993:9835" # api port
    expose:
@ -151,7 +188,7 @@ services:
      - bitcoind

  litecoind:
-    image: nicolasdorier/docker-litecoin:0.15.1
+    image: nicolasdorier/docker-litecoin:0.16.3
    environment:
      BITCOIN_EXTRA_ARGS: |
        rpcuser=ceiwHEbqWI83
@ -173,9 +210,75 @@ services:
      - "39372:5432"
    expose:
      - "5432"
+      
+  mysql:
+    image:  mysql:8.0.12
+    expose:
+      - "3306"
+    ports:
+      - "33036:3306"
+    environment:
+      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
+
+  merchant_lnd:
+    image: btcpayserver/lnd:0.5-beta-2
+    restart: unless-stopped
+    environment:
+      LND_CHAIN: "btc"
+      LND_ENVIRONMENT: "regtest"
+      LND_EXTRA_ARGS: |
+        restlisten=0.0.0.0:8080
+        bitcoin.node=bitcoind
+        bitcoind.rpchost=bitcoind:43782
+        bitcoind.zmqpubrawblock=tcp://bitcoind:28332
+        bitcoind.zmqpubrawtx=tcp://bitcoind:28333
+        externalip=merchant_lnd:9735
+        no-macaroons=1
+        debuglevel=debug
+        noseedbackup=1
+        trickledelay=1000
+    ports:
+      - "53280:8080"
+    expose:
+      - "9735"
+    volumes:
+      - "merchant_lnd_datadir:/data"
+      - "bitcoin_datadir:/deps/.bitcoin"
+    links:
+      - bitcoind
+
+  customer_lnd:
+    image: btcpayserver/lnd:0.5-beta-2
+    restart: unless-stopped
+    environment:
+      LND_CHAIN: "btc"
+      LND_ENVIRONMENT: "regtest"
+      LND_EXTRA_ARGS: |
+        restlisten=0.0.0.0:8080
+        bitcoin.node=bitcoind
+        bitcoind.rpchost=bitcoind:43782
+        bitcoind.zmqpubrawblock=tcp://bitcoind:28332
+        bitcoind.zmqpubrawtx=tcp://bitcoind:28333
+        externalip=customer_lnd:10009
+        no-macaroons=1
+        debuglevel=debug
+        noseedbackup=1
+        trickledelay=1000
+    ports:
+      - "53281:8080"
+    expose:
+      - "8080"
+      - "10009"
+    volumes:
+      - "customer_lnd_datadir:/root/.lnd"
+      - "bitcoin_datadir:/deps/.bitcoin"
+    links:
+      - bitcoind

 volumes:
    bitcoin_datadir:
    customer_lightningd_datadir:
    merchant_lightningd_datadir:
    lightning_charge_datadir:
+    customer_lnd_datadir:
+    merchant_lnd_datadir:
--- a/BTCPayServer.Tests/docker-customer-lightning-cli.ps1
+++ b/BTCPayServer.Tests/docker-customer-lightning-cli.ps1
@ -1 +1,2 @@
-docker exec -ti btcpayservertests_customer_lightningd_1 lightning-cli $args
+$customer_lightning_container_id=$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=customer_lightningd)
+docker exec -ti $customer_lightning_container_id lightning-cli $args
--- a/BTCPayServer.Tests/docker-customer-lightning-cli.sh
+++ b/BTCPayServer.Tests/docker-customer-lightning-cli.sh
@ -1,3 +1,4 @@
 #!/bin/bash

-docker exec -ti btcpayservertests_customer_lightningd_1 lightning-cli "$@"
+customer_lightning_container_id="$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=customer_lightningd)"
+docker exec -ti $customer_lightning_container_id lightning-cli "$@"
--- a/BTCPayServer.Tests/docker-entrypoint.sh
+++ b/BTCPayServer.Tests/docker-entrypoint.sh
@ -0,0 +1,5 @@
+#!/bin/sh
+set -e
+
+dotnet test --filter Fast=Fast --no-build
+dotnet test --filter Integration=Integration --no-build
--- a/BTCPayServer.Tests/docker-litecoin-cli.ps1
+++ b/BTCPayServer.Tests/docker-litecoin-cli.ps1
@ -1 +1,2 @@
-docker exec -ti btcpayservertests_litecoind_1 litecoin-cli -datadir="/data" $args
+$litecoind_container_id=$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=litecoind)
+docker exec -ti $litecoind_container_id litecoin-cli -datadir="/data" $args
--- a/BTCPayServer.Tests/docker-litecoin-cli.sh
+++ b/BTCPayServer.Tests/docker-litecoin-cli.sh
@ -1,3 +1,4 @@
 #!/bin/bash

-docker exec -ti btcpayservertests_litecoind_1 litecoin-cli -datadir="/data" "$@"
+litecoind_container_id="$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=litecoind)"
+docker exec -ti "$litecoind_container_id" litecoin-cli -datadir="/data" "$@"
--- a/BTCPayServer.Tests/docker-merchant-lightning-cli.ps1
+++ b/BTCPayServer.Tests/docker-merchant-lightning-cli.ps1
@ -1 +1,2 @@
-docker exec -ti btcpayservertests_merchant_lightningd_1 lightning-cli $args
+$merchant_lightning_container_id=$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=merchant_lightningd)
+docker exec -ti $merchant_lightning_container_id lightning-cli $args
--- a/BTCPayServer.Tests/docker-merchant-lightning-cli.sh
+++ b/BTCPayServer.Tests/docker-merchant-lightning-cli.sh
@ -1,3 +1,4 @@
 #!/bin/bash

-docker exec -ti btcpayservertests_merchant_lightningd_1 lightning-cli "$@"
+merchant_lightning_container_id="$(docker ps -q --filter label=com.docker.compose.project=btcpayservertests --filter label=com.docker.compose.service=merchant_lightningd)"
+docker exec -ti $merchant_lightning_container_id lightning-cli "$@"
--- a/BTCPayServer.Tests/xunit.runner.json
+++ b/BTCPayServer.Tests/xunit.runner.json
@ -0,0 +1,3 @@
+{
+    "parallelizeTestCollections": false
+}
--- a/BTCPayServer/Authentication/BitIdentity.cs
+++ b/BTCPayServer/Authentication/BitIdentity.cs
@ -1,35 +0,0 @@
-using NBitcoin;
-using NBitcoin.DataEncoders;
-using System;
-using System.Collections.Generic;
-using System.Security.Principal;
-using System.Text;
-
-namespace BTCPayServer.Authentication
-{
-    public class BitIdentity : IIdentity
-    {
-        public BitIdentity(PubKey key)
-        {
-            PubKey = key;
-            _Name = Encoders.Base58Check.EncodeData(Encoders.Hex.DecodeData("0f02" + key.Hash.ToString()));
-            SIN = NBitpayClient.Extensions.BitIdExtensions.GetBitIDSIN(key);
-        }
-        string _Name;
-
-        public string SIN
-        {
-            get;
-        }
-        public PubKey PubKey
-        {
-            get;
-        }
-
-        public string AuthenticationType => "BitID";
-
-        public bool IsAuthenticated => true;
-
-        public string Name => _Name;
-    }
-}
--- a/BTCPayServer/Authentication/TokenRepository.cs
+++ b/BTCPayServer/Authentication/TokenRepository.cs
@ -33,6 +33,8 @@ namespace BTCPayServer.Authentication

        public async Task<BitTokenEntity[]> GetTokens(string sin)
        {
+            if (sin == null)
+                return Array.Empty<BitTokenEntity>();
            using (var ctx = _Factory.CreateContext())
            {
                return (await ctx.PairedSINData
@ -43,6 +45,46 @@ namespace BTCPayServer.Authentication
            }
        }

+        public async Task<String> GetStoreIdFromAPIKey(string apiKey)
+        {
+            using (var ctx = _Factory.CreateContext())
+            {
+                return await ctx.ApiKeys.Where(o => o.Id == apiKey).Select(o => o.StoreId).FirstOrDefaultAsync();
+            }
+        }
+
+        public async Task GenerateLegacyAPIKey(string storeId)
+        {
+            // It is legacy support and Bitpay generate string of unknown format, trying to replicate them
+            // as good as possible. The string below got generated for me.
+            var chars = "ERo0vkBMOYhyU0ZHvirCplbLDIGWPdi1ok77VnW7QdE";
+            var rand = new Random(Math.Abs(RandomUtils.GetInt32()));
+            var generated = new char[chars.Length];
+            for (int i = 0; i < generated.Length; i++)
+            {
+                generated[i] = chars[rand.Next(0, generated.Length)];
+            }
+
+            using (var ctx = _Factory.CreateContext())
+            {
+                var existing = await ctx.ApiKeys.Where(o => o.StoreId == storeId).FirstOrDefaultAsync();
+                if (existing != null)
+                {
+                    ctx.ApiKeys.Remove(existing);
+                }
+                ctx.ApiKeys.Add(new APIKeyData() { Id = new string(generated), StoreId = storeId });
+                await ctx.SaveChangesAsync().ConfigureAwait(false);
+            }
+        }
+
+        public async Task<string[]> GetLegacyAPIKeys(string storeId)
+        {
+            using (var ctx = _Factory.CreateContext())
+            {
+                return await ctx.ApiKeys.Where(o => o.StoreId == storeId).Select(c => c.Id).ToArrayAsync();
+            }
+        }
+
        private BitTokenEntity CreateTokenEntity(PairedSINData data)
        {
            return new BitTokenEntity()
@ -200,6 +242,8 @@ namespace BTCPayServer.Authentication
            using (var ctx = _Factory.CreateContext())
            {
                var token = await ctx.PairedSINData.FindAsync(tokenId);
+                if (token == null)
+                    return null;
                return CreateTokenEntity(token);
            }
        }
--- a/BTCPayServer/BTCPayNetwork.cs
+++ b/BTCPayServer/BTCPayNetwork.cs
@ -14,34 +14,28 @@ namespace BTCPayServer
    {
        static BTCPayDefaultSettings()
        {
-            _Settings = new Dictionary<ChainType, BTCPayDefaultSettings>();
-            foreach (var chainType in new[] { ChainType.Main, ChainType.Test, ChainType.Regtest })
+            _Settings = new Dictionary<NetworkType, BTCPayDefaultSettings>();
+            foreach (var chainType in new[] { NetworkType.Mainnet, NetworkType.Testnet, NetworkType.Regtest })
            {
-                var btcNetwork = (chainType == ChainType.Main ? Network.Main :
-                                  chainType == ChainType.Regtest ? Network.RegTest :
-                                  chainType == ChainType.Test ? Network.TestNet : throw new NotSupportedException(chainType.ToString()));
-
                var settings = new BTCPayDefaultSettings();
                _Settings.Add(chainType, settings);
-                settings.ChainType = chainType;
-                settings.DefaultDataDirectory = StandardConfiguration.DefaultDataDirectory.GetDirectory("BTCPayServer", btcNetwork.Name);
+                settings.DefaultDataDirectory = StandardConfiguration.DefaultDataDirectory.GetDirectory("BTCPayServer", NBXplorerDefaultSettings.GetFolderName(chainType));
                settings.DefaultConfigurationFile = Path.Combine(settings.DefaultDataDirectory, "settings.config");
-                settings.DefaultPort = (chainType == ChainType.Main ? 23000 :
-                                                      chainType == ChainType.Regtest ? 23002 :
-                                                      chainType == ChainType.Test ? 23001 : throw new NotSupportedException(chainType.ToString()));
+                settings.DefaultPort = (chainType == NetworkType.Mainnet ? 23000 :
+                                                      chainType == NetworkType.Regtest ? 23002 :
+                                                      chainType == NetworkType.Testnet ? 23001 : throw new NotSupportedException(chainType.ToString()));
            }
        }

-        static Dictionary<ChainType, BTCPayDefaultSettings> _Settings;
+        static Dictionary<NetworkType, BTCPayDefaultSettings> _Settings;

-        public static BTCPayDefaultSettings GetDefaultSettings(ChainType chainType)
+        public static BTCPayDefaultSettings GetDefaultSettings(NetworkType chainType)
        {
            return _Settings[chainType];
        }

        public string DefaultDataDirectory { get; set; }
        public string DefaultConfigurationFile { get; set; }
-        public ChainType ChainType { get; internal set; }
        public int DefaultPort { get; set; }
    }
    public class BTCPayNetwork
@ -50,7 +44,8 @@ namespace BTCPayServer
        public string CryptoCode { get; internal set; }
        public string BlockExplorerLink { get; internal set; }
        public string UriScheme { get; internal set; }
-        public IRateProvider DefaultRateProvider { get; set; }
+        public Money MinFee { get; internal set; }
+        public string DisplayName { get; set; }

        [Obsolete("Should not be needed")]
        public bool IsBTC
@ -68,10 +63,17 @@ namespace BTCPayServer
        public BTCPayDefaultSettings DefaultSettings { get; set; }
        public KeyPath CoinType { get; internal set; }
        public int MaxTrackedConfirmation { get; internal set; } = 6;
+        public string[] DefaultRateRules { get; internal set; } = Array.Empty<string>();

        public override string ToString()
        {
            return CryptoCode;
-        }        
+        }
+
+        internal KeyPath GetRootKeyPath()
+        {
+            return new KeyPath(NBitcoinNetwork.Consensus.SupportSegwit ? "49'" : "44'")
+                        .Derive(CoinType); 
+        }
    }
 }
--- a/BTCPayServer/BTCPayNetworkProvider.Bitcoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Bitcoin.cs
@ -14,21 +14,18 @@ namespace BTCPayServer
        public void InitBitcoin()
        {
            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("BTC");
-            var coinaverage = new CoinAverageRateProvider("BTC");
-            var bitpay = new BitpayRateProvider(new Bitpay(new Key(), new Uri("https://bitpay.com/")));
-            var btcRate = new FallbackRateProvider(new IRateProvider[] { coinaverage, bitpay });
            Add(new BTCPayNetwork()
            {
                CryptoCode = nbxplorerNetwork.CryptoCode,
-                BlockExplorerLink = NBXplorerNetworkProvider.ChainType == ChainType.Main ? "https://www.smartbit.com.au/tx/{0}" : "https://testnet.smartbit.com.au/tx/{0}",
+                DisplayName = "Bitcoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://www.smartbit.com.au/tx/{0}" : "https://testnet.smartbit.com.au/tx/{0}",
                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
                NBXplorerNetwork = nbxplorerNetwork,
                UriScheme = "bitcoin",
-                DefaultRateProvider = btcRate,
-                CryptoImagePath = "imlegacy/bitcoin-symbol.svg",
-                LightningImagePath = "imlegacy/btc-lightning.svg",
-                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NBXplorerNetworkProvider.ChainType),
-                CoinType = NBXplorerNetworkProvider.ChainType == ChainType.Main ? new KeyPath("0'") : new KeyPath("1'")
+                CryptoImagePath = "imlegacy/bitcoin.svg",
+                LightningImagePath = "imlegacy/bitcoin-lightning.svg",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("0'") : new KeyPath("1'")
            });
        }
    }
--- a/BTCPayServer/BTCPayNetworkProvider.BitcoinGold.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.BitcoinGold.cs
@ -0,0 +1,30 @@
+using NBitcoin;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitBitcoinGold()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("BTG");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "BGold",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://explorer.bitcoingold.org/insight/tx/{0}/" : "https://test-explorer.bitcoingold.org/insight/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "bitcoingold",
+                DefaultRateRules = new[]
+                {
+                    "BTG_X = BTG_BTC * BTC_X",
+                    "BTG_BTC = bitfinex(BTG_BTC)",
+                },
+                CryptoImagePath = "imlegacy/btg.svg",
+                LightningImagePath = "imlegacy/btg-lightning.svg",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("156'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Bitcore.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Bitcore.cs
@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitBitcore()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("BTX");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Bitcore",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://insight.bitcore.cc/tx/{0}" : "https://insight.bitcore.cc/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "bitcore",
+                DefaultRateRules = new[]
+                {
+                                "BTX_X = BTX_BTC * BTC_X",
+                                "BTX_BTC = cryptopia(BTX_BTC)"
+                },
+                CryptoImagePath = "imlegacy/bitcore.svg",
+                LightningImagePath = "imlegacy/bitcore-lightning.svg",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("160'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Dash.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Dash.cs
@ -0,0 +1,35 @@
+using NBitcoin;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitDash()
+        {
+            //not needed: NBitcoin.Altcoins.Dash.Instance.EnsureRegistered();
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("DASH");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Dash",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet
+                    ? "https://insight.dash.org/insight/tx/{0}"
+                    : "https://testnet-insight.dashevo.org/insight/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "dash",
+                DefaultRateRules = new[]
+                    {
+                        "DASH_X = DASH_BTC * BTC_X",
+                        "DASH_BTC = bittrex(DASH_BTC)"
+                    },
+                CryptoImagePath = "imlegacy/dash.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                //https://github.com/satoshilabs/slips/blob/master/slip-0044.md
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("5'")
+                    : new KeyPath("1'"),
+                MinFee = Money.Satoshis(1m)
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Dogecoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Dogecoin.cs
@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitDogecoin()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("DOGE");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Dogecoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://dogechain.info/tx/{0}" : "https://dogechain.info/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "dogecoin",
+                DefaultRateRules = new[] 
+                {
+                                "DOGE_X = DOGE_BTC * BTC_X",
+                                "DOGE_BTC = bittrex(DOGE_BTC)"
+                },
+                CryptoImagePath = "imlegacy/dogecoin.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("3'") : new KeyPath("1'"),
+                MinFee = Money.Coins(1m)
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Feathercoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Feathercoin.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitFeathercoin()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("FTC");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Feathercoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://explorer.feathercoin.com/tx/{0}" : "https://explorer.feathercoin.com/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "feathercoin",
+                DefaultRateRules = new[] 
+                {
+                                "FTC_X = FTC_BTC * BTC_X",
+                                "FTC_BTC = bittrex(FTC_BTC)"
+                },
+                CryptoImagePath = "imlegacy/feathercoin.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("8'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Groestlcoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Groestlcoin.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using NBitcoin;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitGroestlcoin()
+        {
+
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("GRS");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Groestlcoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://chainz.cryptoid.info/grs/tx.dws?{0}.htm" : "https://chainz.cryptoid.info/grs-test/tx.dws?{0}.htm",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "groestlcoin",
+                DefaultRateRules = new[]
+                {
+                                "GRS_X = GRS_BTC * BTC_X",
+                                "GRS_BTC = bittrex(GRS_BTC)"
+                },
+                CryptoImagePath = "imlegacy/groestlcoin.png",
+                LightningImagePath = "imlegacy/groestlcoin-lightning.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("17'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Litecoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Litecoin.cs
@ -12,22 +12,19 @@ namespace BTCPayServer
    {
        public void InitLitecoin()
        {
-            NBXplorer.Altcoins.Litecoin.Networks.EnsureRegistered();
-            var ltcRate = new CoinAverageRateProvider("LTC");
-
            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("LTC");
            Add(new BTCPayNetwork()
            {
                CryptoCode = nbxplorerNetwork.CryptoCode,
-                BlockExplorerLink = NBXplorerNetworkProvider.ChainType == ChainType.Main ? "https://live.blockcypher.com/ltc/tx/{0}/" : "http://explorer.litecointools.com/tx/{0}",
+                DisplayName = "Litecoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://live.blockcypher.com/ltc/tx/{0}/" : "http://explorer.litecointools.com/tx/{0}",
                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
                NBXplorerNetwork = nbxplorerNetwork,
                UriScheme = "litecoin",
-                DefaultRateProvider = ltcRate,
-                CryptoImagePath = "imlegacy/litecoin-symbol.svg",
-                LightningImagePath = "imlegacy/ltc-lightning.svg",
-                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NBXplorerNetworkProvider.ChainType),
-                CoinType = NBXplorerNetworkProvider.ChainType == ChainType.Main ? new KeyPath("2'") : new KeyPath("3'")
+                CryptoImagePath = "imlegacy/litecoin.svg",
+                LightningImagePath = "imlegacy/litecoin-lightning.svg",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("2'") : new KeyPath("1'")
            });
        }
    }
--- a/BTCPayServer/BTCPayNetworkProvider.Monacoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Monacoin.cs
@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitMonacoin()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("MONA");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Monacoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://mona.insight.monaco-ex.org/insight/tx/{0}" : "https://testnet-mona.insight.monaco-ex.org/insight/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "monacoin",
+                DefaultRateRules = new[] 
+                {
+                                "MONA_X = MONA_BTC * BTC_X",
+                                "MONA_BTC = bittrex(MONA_BTC)"
+                },
+                CryptoImagePath = "imlegacy/monacoin.png",
+                LightningImagePath = "imlegacy/mona-lightning.svg",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("22'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Polis.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Polis.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitPolis()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("POLIS");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Polis",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://insight.polispay.org/tx/{0}" : "https://insight.polispay.org/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "polis",
+                DefaultRateRules = new[]
+                {
+                                "POLIS_X = POLIS_BTC * BTC_X",
+                                "POLIS_BTC = cryptopia(POLIS_BTC)"
+                },
+                CryptoImagePath = "imlegacy/polis.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("1997'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Ufo.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Ufo.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitUfo()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("UFO");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Ufo",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://chainz.cryptoid.info/ufo/tx.dws?{0}" : "https://chainz.cryptoid.info/ufo/tx.dws?{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "ufo",
+                DefaultRateRules = new[] 
+                {
+                                "UFO_X = UFO_BTC * BTC_X",
+                                "UFO_BTC = coinexchange(UFO_BTC)"
+                },
+                CryptoImagePath = "imlegacy/ufo.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("202'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.Viacoin.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.Viacoin.cs
@ -0,0 +1,35 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+using NBitcoin;
+using NBXplorer;
+
+namespace BTCPayServer
+{
+    public partial class BTCPayNetworkProvider
+    {
+        public void InitViacoin()
+        {
+            var nbxplorerNetwork = NBXplorerNetworkProvider.GetFromCryptoCode("VIA");
+            Add(new BTCPayNetwork()
+            {
+                CryptoCode = nbxplorerNetwork.CryptoCode,
+                DisplayName = "Viacoin",
+                BlockExplorerLink = NetworkType == NetworkType.Mainnet ? "https://explorer.viacoin.org/tx/{0}" : "https://explorer.viacoin.org/tx/{0}",
+                NBitcoinNetwork = nbxplorerNetwork.NBitcoinNetwork,
+                NBXplorerNetwork = nbxplorerNetwork,
+                UriScheme = "viacoin",
+                DefaultRateRules = new[]
+                {
+                                "VIA_X = VIA_BTC * BTC_X",
+                                "VIA_BTC = bittrex(VIA_BTC)"
+                },
+                CryptoImagePath = "imlegacy/viacoin.png",
+                DefaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType),
+                CoinType = NetworkType == NetworkType.Mainnet ? new KeyPath("14'") : new KeyPath("1'")
+            });
+        }
+    }
+}
--- a/BTCPayServer/BTCPayNetworkProvider.cs
+++ b/BTCPayServer/BTCPayNetworkProvider.cs
@ -27,8 +27,8 @@ namespace BTCPayServer

        BTCPayNetworkProvider(BTCPayNetworkProvider filtered, string[] cryptoCodes)
        {
-            ChainType = filtered.ChainType;
-            _NBXplorerNetworkProvider = new NBXplorerNetworkProvider(filtered.ChainType);
+            NetworkType = filtered.NetworkType;
+            _NBXplorerNetworkProvider = new NBXplorerNetworkProvider(filtered.NetworkType);
            _Networks = new Dictionary<string, BTCPayNetwork>();
            cryptoCodes = cryptoCodes.Select(c => c.ToUpperInvariant()).ToArray();
            foreach (var network in filtered._Networks)
@ -40,13 +40,23 @@ namespace BTCPayServer
            }
        }

-        public ChainType ChainType { get; set; }
-        public BTCPayNetworkProvider(ChainType chainType)
+        public NetworkType NetworkType { get; private set; }
+        public BTCPayNetworkProvider(NetworkType networkType)
        {
-            _NBXplorerNetworkProvider = new NBXplorerNetworkProvider(chainType);
-            ChainType = chainType;
+            _NBXplorerNetworkProvider = new NBXplorerNetworkProvider(networkType);
+            NetworkType = networkType;
            InitBitcoin();
            InitLitecoin();
+            InitBitcore();
+            InitDogecoin();
+            InitBitcoinGold();
+            InitMonacoin();
+            InitDash();
+            InitPolis();
+            InitFeathercoin();
+            InitGroestlcoin();
+            InitViacoin();
+            //InitUfo();
        }

        /// <summary>
@ -85,7 +95,11 @@ namespace BTCPayServer

        public BTCPayNetwork GetNetwork(string cryptoCode)
        {
-            _Networks.TryGetValue(cryptoCode.ToUpperInvariant(), out BTCPayNetwork network);
+            if(!_Networks.TryGetValue(cryptoCode.ToUpperInvariant(), out BTCPayNetwork network))
+            {
+                if (cryptoCode == "XBT")
+                    return GetNetwork("BTC");
+            }
            return network;
        }
    }
--- a/BTCPayServer/BTCPayServer.csproj
+++ b/BTCPayServer/BTCPayServer.csproj
@ -1,22 +1,29 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
-		<Version>1.0.1.63</Version>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
+		<Version>1.0.3.32</Version>
    <NoWarn>NU1701,CA1816,CA1308,CA1810,CA2208</NoWarn>
  </PropertyGroup>
+  <PropertyGroup>
+    <LangVersion>7.3</LangVersion>
+  </PropertyGroup>
  <ItemGroup>
    <Compile Remove="Build\dockerfiles\**" />
    <Compile Remove="wwwroot\bundles\jqueryvalidate\**" />
+    <Compile Remove="wwwroot\css\**" />
    <Compile Remove="wwwroot\vendor\jquery-nice-select\**" />
    <Content Remove="Build\dockerfiles\**" />
    <Content Remove="wwwroot\bundles\jqueryvalidate\**" />
+    <Content Remove="wwwroot\css\**" />
    <Content Remove="wwwroot\vendor\jquery-nice-select\**" />
    <EmbeddedResource Remove="Build\dockerfiles\**" />
    <EmbeddedResource Remove="wwwroot\bundles\jqueryvalidate\**" />
+    <EmbeddedResource Remove="wwwroot\css\**" />
    <EmbeddedResource Remove="wwwroot\vendor\jquery-nice-select\**" />
    <None Remove="Build\dockerfiles\**" />
    <None Remove="wwwroot\bundles\jqueryvalidate\**" />
+    <None Remove="wwwroot\css\**" />
    <None Remove="wwwroot\vendor\jquery-nice-select\**" />
  </ItemGroup>
  <ItemGroup>
@ -26,47 +33,52 @@
    <EmbeddedResource Include="Currencies.txt" />
  </ItemGroup>
  <ItemGroup>
-    <PackageReference Include="BuildBundlerMinifier" Version="2.6.362" />
-    <PackageReference Include="Hangfire" Version="1.6.17" />
+    <PackageReference Include="BTCPayServer.Lightning.All" Version="1.1.0.4" />
+    <PackageReference Include="BuildBundlerMinifier" Version="2.7.385" />
+    <PackageReference Include="DigitalRuby.ExchangeSharp" Version="0.5.3" />
+    <PackageReference Include="Hangfire" Version="1.6.20" />
    <PackageReference Include="Hangfire.MemoryStorage" Version="1.5.2" />
-    <PackageReference Include="Hangfire.PostgreSql" Version="1.4.8.1" />
-    <PackageReference Include="LedgerWallet" Version="1.0.1.32" />
-    <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="2.6.1" />
-    <PackageReference Include="Meziantou.AspNetCore.BundleTagHelpers" Version="1.0.1" />
+    <PackageReference Include="LedgerWallet" Version="2.0.0.3" />
+    <PackageReference Include="Meziantou.AspNetCore.BundleTagHelpers" Version="2.0.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="2.1.4" />
    <PackageReference Include="Microsoft.Extensions.Logging.Filter" Version="1.1.2" />
-    <PackageReference Include="Microsoft.NetCore.Analyzers" Version="2.6.0" />
-    <PackageReference Include="NBitcoin" Version="4.0.0.65" />
-    <PackageReference Include="NBitpayClient" Version="1.0.0.18" />	  
-    <PackageReference Include="DBreeze" Version="1.87.0" />
-    <PackageReference Include="NBXplorer.Client" Version="1.0.1.16" />
-    <PackageReference Include="NicolasDorier.CommandLine" Version="1.0.0.1" />
-    <PackageReference Include="NicolasDorier.CommandLine.Configuration" Version="1.0.0.2" />
-    <PackageReference Include="NicolasDorier.StandardConfiguration" Version="1.0.0.13" />
-    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="2.0.1" />
-    <PackageReference Include="System.ValueTuple" Version="4.4.0" />
-    <PackageReference Include="System.Xml.XmlSerializer" Version="4.0.11" />
-    <PackageReference Include="Text.Analyzers" Version="2.6.0" />
+    <PackageReference Include="Microsoft.NetCore.Analyzers" Version="2.6.2">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="NBitcoin" Version="4.1.1.73" />
+    <PackageReference Include="NBitpayClient" Version="1.0.0.30" />	  
+    <PackageReference Include="DBreeze" Version="1.92.0" />
+    <PackageReference Include="NBXplorer.Client" Version="2.0.0.1" />
+    <PackageReference Include="NicolasDorier.CommandLine" Version="1.0.0.2" />
+    <PackageReference Include="NicolasDorier.CommandLine.Configuration" Version="1.0.0.3" />
+    <PackageReference Include="NicolasDorier.RateLimits" Version="1.0.0.3" />
+    <PackageReference Include="NicolasDorier.StandardConfiguration" Version="1.0.0.18" />
+    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="2.1.2" />
+    <PackageReference Include="Pomelo.EntityFrameworkCore.MySql" Version="2.1.2" />
+    <PackageReference Include="Serilog" Version="2.7.1" />
+    <PackageReference Include="Serilog.AspNetCore" Version="2.1.1" />
+    <PackageReference Include="Serilog.Sinks.File" Version="4.0.0" />
+    <PackageReference Include="SSH.NET" Version="2016.1.0" />
+    <PackageReference Include="System.Xml.XmlSerializer" Version="4.3.0" />
+    <PackageReference Include="Text.Analyzers" Version="2.6.2">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
  </ItemGroup>

 	<ItemGroup>
-		<PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.5" />
-		<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="2.0.1" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.6" />
+		<PackageReference Include="YamlDotNet" Version="5.2.1" />
 	</ItemGroup>

 	<ItemGroup>
-		<DotNetCliToolReference Include="Microsoft.EntityFrameworkCore.Tools.DotNet" Version="2.0.0" />
-		<DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="2.0.0" />
 		<DotNetCliToolReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Tools" Version="2.0.0" />
 	</ItemGroup>

 	<ItemGroup>
-	  <None Include="wwwroot\js\checkout\core.js" />
-	  <None Include="wwwroot\js\creative.js" />
-	  <None Include="wwwroot\js\creative.min.js" />
-	  <None Include="wwwroot\js\site.js" />
-	  <None Include="wwwroot\js\site.min.js" />
-	  <None Include="wwwroot\vendor\bootstrap\js\bootstrap.js" />
-	  <None Include="wwwroot\vendor\bootstrap\js\bootstrap.min.js" />
+	  <None Include="wwwroot\checkout\js\core.js" />
+	  <None Include="wwwroot\vendor\bootstrap4-creativestart\creative.js" />
 	  <None Include="wwwroot\vendor\font-awesome\fonts\fontawesome-webfont.svg" />
 	  <None Include="wwwroot\vendor\font-awesome\fonts\fontawesome-webfont.woff2" />
 	  <None Include="wwwroot\vendor\font-awesome\less\animated.less" />
@ -113,11 +125,64 @@
 	<ItemGroup>
 	  <Folder Include="Build\" />
 	  <Folder Include="wwwroot\vendor\clipboard.js\" />
+	  <Folder Include="wwwroot\vendor\highlightjs\" />
 	</ItemGroup>

 	<ItemGroup>
-	  <None Update="devtest.pfx">
-	    <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-	  </None>
+    <Content Update="Views\Apps\_ViewImports.cshtml">
+      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Home\BitpayTranslator.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Server\SparkServices.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Server\SSHService.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Stores\ShowToken.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+    <Content Update="Views\Stores\PayButtonEnable.cshtml">
+      <Pack>$(IncludeRazorContentInPack)</Pack>
+    </Content>
+	  <Content Update="Views\Stores\PayButton.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Public\PayButtonHandle.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Server\LndServices.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Server\Maintenance.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Server\Services.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\ListWallets.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\WalletRescan.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\WalletSendLedger.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\WalletTransactions.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\_Nav.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\_ViewImports.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
+	  <Content Update="Views\Wallets\_ViewStart.cshtml">
+	    <Pack>$(IncludeRazorContentInPack)</Pack>
+	  </Content>
 	</ItemGroup>
 </Project>
--- a/BTCPayServer/Configuration/BTCPayServerOptions.cs
+++ b/BTCPayServer/Configuration/BTCPayServerOptions.cs
@ -11,6 +11,12 @@ using StandardConfiguration;
 using Microsoft.Extensions.Configuration;
 using NBXplorer;
 using BTCPayServer.Payments.Lightning;
+using Renci.SshNet;
+using NBitcoin.DataEncoders;
+using BTCPayServer.SSH;
+using BTCPayServer.Lightning;
+using BTCPayServer.Configuration.External;
+using Serilog.Events;

 namespace BTCPayServer.Configuration
 {
@ -23,11 +29,17 @@ namespace BTCPayServer.Configuration

    public class BTCPayServerOptions
    {
-        public ChainType ChainType
+        public NetworkType NetworkType
        {
            get; set;
        }
        public string ConfigurationFile
+        {
+            get;
+            private set;
+        } 
+        
+        public string LogFile
        {
            get;
            private set;
@ -49,17 +61,27 @@ namespace BTCPayServer.Configuration
            set;
        } = new List<NBXplorerConnectionSetting>();

+        public static string GetDebugLog(IConfiguration configuration)
+        {
+            return configuration.GetValue<string>("debuglog", null);
+        }
+        public static LogEventLevel GetDebugLogLevel(IConfiguration configuration)
+        {
+            var raw = configuration.GetValue("debugloglevel", nameof(LogEventLevel.Debug));
+            return  (LogEventLevel)Enum.Parse(typeof(LogEventLevel), raw, true);
+        }
+
        public void LoadArgs(IConfiguration conf)
        {
-            ChainType = DefaultConfiguration.GetChainType(conf);
-            var defaultSettings = BTCPayDefaultSettings.GetDefaultSettings(ChainType);
+            NetworkType = DefaultConfiguration.GetNetworkType(conf);
+            var defaultSettings = BTCPayDefaultSettings.GetDefaultSettings(NetworkType);
            DataDir = conf.GetOrDefault<string>("datadir", defaultSettings.DefaultDataDirectory);
-            Logs.Configuration.LogInformation("Network: " + ChainType.ToString());
+            Logs.Configuration.LogInformation("Network: " + NetworkType.ToString());

            var supportedChains = conf.GetOrDefault<string>("chains", "btc")
                                      .Split(',', StringSplitOptions.RemoveEmptyEntries)
                                      .Select(t => t.ToUpperInvariant());
-            NetworkProvider = new BTCPayNetworkProvider(ChainType).Filter(supportedChains.ToArray());
+            NetworkProvider = new BTCPayNetworkProvider(NetworkType).Filter(supportedChains.ToArray());
            foreach (var chain in supportedChains)
            {
                if (NetworkProvider.GetNetwork(chain) == null)
@ -74,30 +96,184 @@ namespace BTCPayServer.Configuration
                setting.ExplorerUri = conf.GetOrDefault<Uri>($"{net.CryptoCode}.explorer.url", net.NBXplorerNetwork.DefaultSettings.DefaultUrl);
                setting.CookieFile = conf.GetOrDefault<string>($"{net.CryptoCode}.explorer.cookiefile", net.NBXplorerNetwork.DefaultSettings.DefaultCookieFile);
                NBXplorerConnectionSettings.Add(setting);
-                var lightning = conf.GetOrDefault<string>($"{net.CryptoCode}.lightning", string.Empty);
-                if(lightning.Length != 0)
+
                {
-                    if(!LightningConnectionString.TryParse(lightning, out var connectionString, out var error))
+                    var lightning = conf.GetOrDefault<string>($"{net.CryptoCode}.lightning", string.Empty);
+                    if (lightning.Length != 0)
                    {
-                        throw new ConfigException($"Invalid setting {net.CryptoCode}.lightning, you need to pass either " +
-                            $"the absolute path to the unix socket of a running CLightning instance (eg. /root/.lightning/lightning-rpc), " +
-                            $"or the url to a charge server with crendetials (eg. https://apitoken@API_TOKEN_SECRET:charge.example.com/)");
+                        if (!LightningConnectionString.TryParse(lightning, true, out var connectionString, out var error))
+                        {
+                            throw new ConfigException($"Invalid setting {net.CryptoCode}.lightning, " + Environment.NewLine +
+                                $"If you have a lightning server use: 'type=clightning;server=/root/.lightning/lightning-rpc', " + Environment.NewLine +
+                                $"If you have a lightning charge server: 'type=charge;server=https://charge.example.com;api-token=yourapitoken'" + Environment.NewLine +
+                                $"If you have a lnd server: 'type=lnd-rest;server=https://lnd:lnd@lnd.example.com;macaroon=abf239...;certthumbprint=2abdf302...'" + Environment.NewLine +
+                                $"              lnd server: 'type=lnd-rest;server=https://lnd:lnd@lnd.example.com;macaroonfilepath=/root/.lnd/admin.macaroon;certthumbprint=2abdf302...'" + Environment.NewLine +
+                                error);
+                        }
+                        if (connectionString.IsLegacy)
+                        {
+                            Logs.Configuration.LogWarning($"Setting {net.CryptoCode}.lightning will work but use an deprecated format, please replace it by '{connectionString.ToString()}'");
+                        }
+                        InternalLightningByCryptoCode.Add(net.CryptoCode, connectionString);
                    }
-                    InternalLightningByCryptoCode.Add(net.CryptoCode, connectionString);
+                }
+
+                void externalLnd<T>(string code, string lndType)
+                {
+                    var lightning = conf.GetOrDefault<string>(code, string.Empty);
+                    if (lightning.Length != 0)
+                    {
+                        if (!LightningConnectionString.TryParse(lightning, false, out var connectionString, out var error))
+                        {
+                            throw new ConfigException($"Invalid setting {code}, " + Environment.NewLine +
+                                $"lnd server: 'type={lndType};server=https://lnd.example.com;macaroon=abf239...;certthumbprint=2abdf302...'" + Environment.NewLine +
+                                $"lnd server: 'type={lndType};server=https://lnd.example.com;macaroonfilepath=/root/.lnd/admin.macaroon;certthumbprint=2abdf302...'" + Environment.NewLine +
+                                error);
+                        }
+                        var instanceType = typeof(T);
+                        ExternalServicesByCryptoCode.Add(net.CryptoCode, (ExternalService)Activator.CreateInstance(instanceType, connectionString));
+                    }
+                };
+
+                externalLnd<ExternalLndGrpc>($"{net.CryptoCode}.external.lnd.grpc", "lnd-grpc");
+                externalLnd<ExternalLndRest>($"{net.CryptoCode}.external.lnd.rest", "lnd-rest");
+
+                var spark = conf.GetOrDefault<string>($"{net.CryptoCode}.external.spark", string.Empty);
+                if(spark.Length != 0)
+                {
+                    if (!SparkConnectionString.TryParse(spark, out var connectionString))
+                    {
+                        throw new ConfigException($"Invalid setting {net.CryptoCode}.external.spark, " + Environment.NewLine +
+                            $"Valid example: 'server=https://btcpay.example.com/spark/btc/;cookiefile=/etc/clightning_bitcoin_spark/.cookie'");
+                    }
+                    ExternalServicesByCryptoCode.Add(net.CryptoCode, new ExternalSpark(connectionString));
                }
            }

            Logs.Configuration.LogInformation("Supported chains: " + String.Join(',', supportedChains.ToArray()));

+            var services = conf.GetOrDefault<string>("externalservices", null);
+            if(services != null)
+            {
+                foreach(var service in services.Split(new[] { ';', ',' })
+                                                .Select(p => p.Split(':'))
+                                                .Where(p => p.Length == 2)
+                                                .Select(p => (Name: p[0], Link: p[1])))
+                {
+                    ExternalServices.AddOrReplace(service.Name, service.Link);
+                }
+            }
+
            PostgresConnectionString = conf.GetOrDefault<string>("postgres", null);
+            MySQLConnectionString = conf.GetOrDefault<string>("mysql", null);
            BundleJsCss = conf.GetOrDefault<bool>("bundlejscss", true);
            ExternalUrl = conf.GetOrDefault<Uri>("externalurl", null);
+
+            var sshSettings = ParseSSHConfiguration(conf);
+            if ((!string.IsNullOrEmpty(sshSettings.Password) || !string.IsNullOrEmpty(sshSettings.KeyFile)) && !string.IsNullOrEmpty(sshSettings.Server))
+            {
+                int waitTime = 0;
+                while (!string.IsNullOrEmpty(sshSettings.KeyFile) && !File.Exists(sshSettings.KeyFile))
+                {
+                    if (waitTime++ < 5)
+                        System.Threading.Thread.Sleep(1000);
+                    else
+                        throw new ConfigException($"sshkeyfile does not exist");
+                }
+
+                if (sshSettings.Port > ushort.MaxValue ||
+                   sshSettings.Port < ushort.MinValue)
+                    throw new ConfigException($"ssh port is invalid");
+                if (!string.IsNullOrEmpty(sshSettings.Password) && !string.IsNullOrEmpty(sshSettings.KeyFile))
+                    throw new ConfigException($"sshpassword or sshkeyfile should be provided, but not both");
+                try
+                {
+                    sshSettings.CreateConnectionInfo();
+                }
+                catch
+                {
+                    throw new ConfigException($"sshkeyfilepassword is invalid");
+                }
+                SSHSettings = sshSettings;
+            }
+
+            var fingerPrints = conf.GetOrDefault<string>("sshtrustedfingerprints", "");
+            if (!string.IsNullOrEmpty(fingerPrints))
+            {
+                foreach (var fingerprint in fingerPrints.Split(';', StringSplitOptions.RemoveEmptyEntries))
+                {
+                    if (!SSHFingerprint.TryParse(fingerprint, out var f))
+                        throw new ConfigException($"Invalid ssh fingerprint format {fingerprint}");
+                    TrustedFingerprints.Add(f);
+                }
+            }
+
+            RootPath = conf.GetOrDefault<string>("rootpath", "/");
+            if (!RootPath.StartsWith("/", StringComparison.InvariantCultureIgnoreCase))
+                RootPath = "/" + RootPath;
            var old = conf.GetOrDefault<Uri>("internallightningnode", null);
-            if(old != null)
+            if (old != null)
                throw new ConfigException($"internallightningnode should not be used anymore, use btclightning instead");
+
+            LogFile = GetDebugLog(conf);
+            if (!string.IsNullOrEmpty(LogFile))
+            {
+                Logs.Configuration.LogInformation("LogFile: " + LogFile);
+                Logs.Configuration.LogInformation("Log Level: " + GetDebugLogLevel(conf));
+            }
        }

+        private SSHSettings ParseSSHConfiguration(IConfiguration conf)
+        {
+            var externalUrl = conf.GetOrDefault<Uri>("externalurl", null);
+            var settings = new SSHSettings();
+            settings.Server = conf.GetOrDefault<string>("sshconnection", null);
+            if (settings.Server != null)
+            {
+                var parts = settings.Server.Split(':');
+                if (parts.Length == 2 && int.TryParse(parts[1], out int port))
+                {
+                    settings.Port = port;
+                    settings.Server = parts[0];
+                }
+                else
+                {
+                    settings.Port = 22;
+                }
+
+                parts = settings.Server.Split('@');
+                if (parts.Length == 2)
+                {
+                    settings.Username = parts[0];
+                    settings.Server = parts[1];
+                }
+                else
+                {
+                    settings.Username = "root";
+                }
+            }
+            else if (externalUrl != null)
+            {
+                settings.Port = 22;
+                settings.Username = "root";
+                settings.Server = externalUrl.DnsSafeHost;
+            }
+            settings.Password = conf.GetOrDefault<string>("sshpassword", "");
+            settings.KeyFile = conf.GetOrDefault<string>("sshkeyfile", "");
+            settings.KeyFilePassword = conf.GetOrDefault<string>("sshkeyfilepassword", "");
+            return settings;
+        }
+
+        internal bool IsTrustedFingerprint(byte[] fingerPrint, byte[] hostKey)
+        {
+            return TrustedFingerprints.Any(f => f.Match(fingerPrint, hostKey));
+        }
+
+        public string RootPath { get; set; }
        public Dictionary<string, LightningConnectionString> InternalLightningByCryptoCode { get; set; } = new Dictionary<string, LightningConnectionString>();
+        public Dictionary<string, string> ExternalServices { get; set; } = new Dictionary<string, string>();
+
+        public ExternalServices ExternalServicesByCryptoCode { get; set; } = new ExternalServices();

        public BTCPayNetworkProvider NetworkProvider { get; set; }
        public string PostgresConnectionString
@ -105,6 +281,11 @@ namespace BTCPayServer.Configuration
            get;
            set;
        }
+        public string MySQLConnectionString
+        {
+            get;
+            set;
+        }
        public Uri ExternalUrl
        {
            get;
@ -115,5 +296,20 @@ namespace BTCPayServer.Configuration
            get;
            set;
        }
+        public List<SSHFingerprint> TrustedFingerprints { get; set; } = new List<SSHFingerprint>();
+        public SSHSettings SSHSettings
+        {
+            get;
+            set;
+        }
+
+        internal string GetRootUri()
+        {
+            if (ExternalUrl == null)
+                return null;
+            UriBuilder builder = new UriBuilder(ExternalUrl);
+            builder.Path = RootPath;
+            return builder.ToString();
+        }
    }
 }
--- a/BTCPayServer/Configuration/ConfigurationExtensions.cs
+++ b/BTCPayServer/Configuration/ConfigurationExtensions.cs
@ -37,6 +37,8 @@ namespace BTCPayServer.Configuration
                }
            else if (typeof(T) == typeof(string))
                return (T)(object)str;
+            else if (typeof(T) == typeof(IPAddress))
+                return (T)(object)IPAddress.Parse(str);
            else if (typeof(T) == typeof(IPEndPoint))
            {
                var separator = str.LastIndexOf(":", StringComparison.InvariantCulture);
--- a/BTCPayServer/Configuration/DefaultConfiguration.cs
+++ b/BTCPayServer/Configuration/DefaultConfiguration.cs
@ -18,7 +18,7 @@ namespace BTCPayServer.Configuration
    {
        protected override CommandLineApplication CreateCommandLineApplicationCore()
        {
-            var provider = new BTCPayNetworkProvider(ChainType.Main);
+            var provider = new BTCPayNetworkProvider(NetworkType.Mainnet);
            var chains = string.Join(",", provider.GetAll().Select(n => n.CryptoCode.ToLowerInvariant()).ToArray());
            CommandLineApplication app = new CommandLineApplication(true)
            {
@ -27,19 +27,31 @@ namespace BTCPayServer.Configuration
            };
            app.HelpOption("-? | -h | --help");
            app.Option("-n | --network", $"Set the network among (mainnet,testnet,regtest) (default: mainnet)", CommandOptionType.SingleValue);
-            app.Option("--testnet | -testnet", $"Use testnet (Deprecated, use --network instead)", CommandOptionType.BoolValue);
-            app.Option("--regtest | -regtest", $"Use regtest (Deprecated, use --network instead)", CommandOptionType.BoolValue);
-            app.Option("--chains | -c", $"Chains to support comma separated (default: btc, available: {chains})", CommandOptionType.SingleValue);
-            app.Option("--postgres", $"Connection string to postgres database (default: sqlite is used)", CommandOptionType.SingleValue);
+            app.Option("--testnet | -testnet", $"Use testnet (deprecated, use --network instead)", CommandOptionType.BoolValue);
+            app.Option("--regtest | -regtest", $"Use regtest (deprecated, use --network instead)", CommandOptionType.BoolValue);
+            app.Option("--chains | -c", $"Chains to support as a comma separated (default: btc; available: {chains})", CommandOptionType.SingleValue);
+            app.Option("--postgres", $"Connection string to a PostgreSQL database (default: SQLite)", CommandOptionType.SingleValue);
+            app.Option("--mysql", $"Connection string to a MySQL database (default: SQLite)", CommandOptionType.SingleValue);
+            app.Option("--externalurl", $"The expected external URL of this service, to use if BTCPay is behind a reverse proxy (default: empty, use the incoming HTTP request to figure out)", CommandOptionType.SingleValue);
+            app.Option("--externalservices", $"Links added to external services inside Server Settings / Services under the format service1:path2;service2:path2.(default: empty)", CommandOptionType.SingleValue);
+            app.Option("--bundlejscss", $"Bundle JavaScript and CSS files for better performance (default: true)", CommandOptionType.SingleValue);
+            app.Option("--rootpath", "The root path in the URL to access BTCPay (default: /)", CommandOptionType.SingleValue);
+            app.Option("--sshconnection", "SSH server to manage BTCPay under the form user@server:port (default: root@externalhost or empty)", CommandOptionType.SingleValue);
+            app.Option("--sshpassword", "SSH password to manage BTCPay (default: empty)", CommandOptionType.SingleValue);
+            app.Option("--sshkeyfile", "SSH private key file to manage BTCPay (default: empty)", CommandOptionType.SingleValue);
+            app.Option("--sshkeyfilepassword", "Password of the SSH keyfile (default: empty)", CommandOptionType.SingleValue);
+            app.Option("--sshtrustedfingerprints", "SSH Host public key fingerprint or sha256 (default: empty, it will allow untrusted connections)", CommandOptionType.SingleValue);
+            app.Option("--debuglog", "A rolling log file for debug messages.", CommandOptionType.SingleValue);
+            app.Option("--debugloglevel", "The severity you log (default:information)", CommandOptionType.SingleValue);
            foreach (var network in provider.GetAll())
            {
                var crypto = network.CryptoCode.ToLowerInvariant();
-                app.Option($"--{crypto}explorerurl", $"Url of the NBxplorer for {network.CryptoCode} (default: {network.NBXplorerNetwork.DefaultSettings.DefaultUrl})", CommandOptionType.SingleValue);
+                app.Option($"--{crypto}explorerurl", $"URL of the NBXplorer for {network.CryptoCode} (default: {network.NBXplorerNetwork.DefaultSettings.DefaultUrl})", CommandOptionType.SingleValue);
                app.Option($"--{crypto}explorercookiefile", $"Path to the cookie file (default: {network.NBXplorerNetwork.DefaultSettings.DefaultCookieFile})", CommandOptionType.SingleValue);
-                app.Option($"--{crypto}lightning", $"Easy configuration of lightning for the server adnistrator: Must be a unix socket of CLightning (lightning-rpc) or URL to a charge server (default: empty)", CommandOptionType.SingleValue);
+                app.Option($"--{crypto}lightning", $"Easy configuration of lightning for the server administrator: Must be a UNIX socket of c-lightning (lightning-rpc) or URL to a charge server (default: empty)", CommandOptionType.SingleValue);
+                app.Option($"--{crypto}externallndgrpc", $"The LND gRPC configuration BTCPay will expose to easily connect to the internal lnd wallet from Zap wallet (default: empty)", CommandOptionType.SingleValue);
+                app.Option($"--{crypto}externalspark", $"The connection string to spark server (default: empty)", CommandOptionType.SingleValue);
            }
-            app.Option("--externalurl", $"The expected external url of this service, to use if BTCPay is behind a reverse proxy (default: empty, use the incoming HTTP request to figure out)", CommandOptionType.SingleValue);
-            app.Option("--bundlejscss", $"Bundle javascript and css files for better performance (default: true)", CommandOptionType.SingleValue);
            return app;
        }

@ -47,12 +59,12 @@ namespace BTCPayServer.Configuration

        protected override string GetDefaultDataDir(IConfiguration conf)
        {
-            return BTCPayDefaultSettings.GetDefaultSettings(GetChainType(conf)).DefaultDataDirectory;
+            return BTCPayDefaultSettings.GetDefaultSettings(GetNetworkType(conf)).DefaultDataDirectory;
        }

        protected override string GetDefaultConfigurationFile(IConfiguration conf)
        {
-            var network = BTCPayDefaultSettings.GetDefaultSettings(GetChainType(conf));
+            var network = BTCPayDefaultSettings.GetDefaultSettings(GetNetworkType(conf));
            var dataDir = conf["datadir"];
            if (dataDir == null)
                return network.DefaultConfigurationFile;
@ -68,7 +80,7 @@ namespace BTCPayServer.Configuration
            return Path.Combine(chainDir, fileName);
        }

-        public static ChainType GetChainType(IConfiguration conf)
+        public static NetworkType GetNetworkType(IConfiguration conf)
        {
            var network = conf.GetOrDefault<string>("network", null);
            if (network != null)
@ -78,17 +90,18 @@ namespace BTCPayServer.Configuration
                {
                    throw new ConfigException($"Invalid network parameter '{network}'");
                }
-                return n.ToChainType();
+                return n.NetworkType;
            }
-            var net = conf.GetOrDefault<bool>("regtest", false) ? ChainType.Regtest :
-                        conf.GetOrDefault<bool>("testnet", false) ? ChainType.Test : ChainType.Main;
+            var net = conf.GetOrDefault<bool>("regtest", false) ? NetworkType.Regtest :
+                        conf.GetOrDefault<bool>("testnet", false) ? NetworkType.Testnet : NetworkType.Mainnet;

            return net;
        }

        protected override string GetDefaultConfigurationFileTemplate(IConfiguration conf)
        {
-            var defaultSettings = BTCPayDefaultSettings.GetDefaultSettings(GetChainType(conf));
+            var networkType = GetNetworkType(conf);
+            var defaultSettings = BTCPayDefaultSettings.GetDefaultSettings(networkType);
            StringBuilder builder = new StringBuilder();
            builder.AppendLine("### Global settings ###");
            builder.AppendLine("#network=mainnet");
@ -96,12 +109,15 @@ namespace BTCPayServer.Configuration
            builder.AppendLine("### Server settings ###");
            builder.AppendLine("#port=" + defaultSettings.DefaultPort);
            builder.AppendLine("#bind=127.0.0.1");
+            builder.AppendLine("#httpscertificatefilepath=devtest.pfx");
+            builder.AppendLine("#httpscertificatefilepassword=toto");
            builder.AppendLine();
            builder.AppendLine("### Database ###");
            builder.AppendLine("#postgres=User ID=root;Password=myPassword;Host=localhost;Port=5432;Database=myDataBase;");
+            builder.AppendLine("#mysql=User ID=root;Password=myPassword;Host=localhost;Port=3306;Database=myDataBase;");
            builder.AppendLine();
            builder.AppendLine("### NBXplorer settings ###");
-            foreach (var n in new BTCPayNetworkProvider(defaultSettings.ChainType).GetAll())
+            foreach (var n in new BTCPayNetworkProvider(networkType).GetAll())
            {
                builder.AppendLine($"#{n.CryptoCode}.explorer.url={n.NBXplorerNetwork.DefaultSettings.DefaultUrl}");
                builder.AppendLine($"#{n.CryptoCode}.explorer.cookiefile={ n.NBXplorerNetwork.DefaultSettings.DefaultCookieFile}");
@ -115,7 +131,7 @@ namespace BTCPayServer.Configuration

        protected override IPEndPoint GetDefaultEndpoint(IConfiguration conf)
        {
-            return new IPEndPoint(IPAddress.Parse("127.0.0.1"), BTCPayDefaultSettings.GetDefaultSettings(GetChainType(conf)).DefaultPort);
+            return new IPEndPoint(IPAddress.Parse("127.0.0.1"), BTCPayDefaultSettings.GetDefaultSettings(GetNetworkType(conf)).DefaultPort);
        }
    }
 }
--- a/BTCPayServer/Configuration/External/ExternalLnd.cs
+++ b/BTCPayServer/Configuration/External/ExternalLnd.cs
@ -0,0 +1,30 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Lightning;
+
+namespace BTCPayServer.Configuration.External
+{
+    public abstract class ExternalLnd : ExternalService
+    {
+        public ExternalLnd(LightningConnectionString connectionString, string type)
+        {
+            ConnectionString = connectionString;
+            Type = type;
+        }
+
+        public string Type { get; set; }
+        public LightningConnectionString ConnectionString { get; set; }
+    }
+
+    public class ExternalLndGrpc : ExternalLnd
+    {
+        public ExternalLndGrpc(LightningConnectionString connectionString) : base(connectionString, "lnd-grpc") { }
+    }
+
+    public class ExternalLndRest : ExternalLnd
+    {
+        public ExternalLndRest(LightningConnectionString connectionString) : base(connectionString, "lnd-rest") { }
+    }
+}
--- a/BTCPayServer/Configuration/External/ExternalService.cs
+++ b/BTCPayServer/Configuration/External/ExternalService.cs
@ -0,0 +1,22 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Lightning;
+
+namespace BTCPayServer.Configuration.External
+{
+    public class ExternalServices : MultiValueDictionary<string, ExternalService>
+    {
+        public IEnumerable<T> GetServices<T>(string cryptoCode) where T : ExternalService
+        {
+            if (!this.TryGetValue(cryptoCode.ToUpperInvariant(), out var services))
+                return Array.Empty<T>();
+            return services.OfType<T>();
+        }
+    }
+
+    public class ExternalService
+    {
+    }
+}
--- a/BTCPayServer/Configuration/External/ExternalSpark.cs
+++ b/BTCPayServer/Configuration/External/ExternalSpark.cs
@ -0,0 +1,19 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer.Configuration.External
+{
+    public class ExternalSpark : ExternalService
+    {
+        public SparkConnectionString ConnectionString { get; }
+
+        public ExternalSpark(SparkConnectionString connectionString)
+        {
+            if (connectionString == null)
+                throw new ArgumentNullException(nameof(connectionString));
+            ConnectionString = connectionString;
+        }
+    }
+}
--- a/BTCPayServer/Configuration/SparkConnectionString.cs
+++ b/BTCPayServer/Configuration/SparkConnectionString.cs
@ -0,0 +1,46 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer.Configuration
+{
+    public class SparkConnectionString
+    {
+        public Uri Server { get; private set; }
+        public string CookeFile { get; private set; }
+
+        public static bool TryParse(string str, out SparkConnectionString result)
+        {
+            if (str == null)
+                throw new ArgumentNullException(nameof(str));
+
+            result = null;
+            var resultTemp = new SparkConnectionString();
+            foreach(var kv in str.Split(';')
+                        .Select(part => part.Split('='))
+                        .Where(kv => kv.Length == 2))
+            {
+                switch (kv[0].ToLowerInvariant())
+                {
+                    case "server":
+                        if (resultTemp.Server != null)
+                            return false;
+                        if (!Uri.IsWellFormedUriString(kv[1], UriKind.Absolute))
+                            return false;
+                        resultTemp.Server = new Uri(kv[1], UriKind.Absolute);
+                        break;
+                    case "cookiefile":
+                        if (resultTemp.CookeFile != null)
+                            return false;
+                        resultTemp.CookeFile = kv[1];
+                        break;
+                    default:
+                        return false;
+                }
+            }
+            result = resultTemp;
+            return true;
+        }
+    }
+}
--- a/BTCPayServer/Controllers/AccessTokenController.cs
+++ b/BTCPayServer/Controllers/AccessTokenController.cs
@ -12,6 +12,8 @@ using System.Threading.Tasks;

 namespace BTCPayServer.Controllers
 {
+    [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
+    [BitpayAPIConstraint(true)]
    public class AccessTokenController : Controller
    {
        TokenRepository _TokenRepository;
@ -23,12 +25,13 @@ namespace BTCPayServer.Controllers
        [Route("tokens")]
        public async Task<GetTokensResponse> Tokens()
        {
-            var tokens = await _TokenRepository.GetTokens(this.GetBitIdentity().SIN);
+            var tokens = await _TokenRepository.GetTokens(this.User.GetSIN());
            return new GetTokensResponse(tokens);
        }

        [HttpPost]
        [Route("tokens")]
+        [AllowAnonymous]
        public async Task<DataWrapper<List<PairingCodeResponse>>> Tokens([FromBody] TokenRequest request)
        {
            PairingCodeEntity pairingEntity = null;
@ -51,8 +54,8 @@ namespace BTCPayServer.Controllers
            }
            else
            {
-                var sin = this.GetBitIdentity(false)?.SIN ?? request.Id;
-                if (string.IsNullOrEmpty(request.Id) || !NBitpayClient.Extensions.BitIdExtensions.ValidateSIN(request.Id))
+                var sin = this.User.GetSIN() ?? request.Id;
+                if (string.IsNullOrEmpty(sin) || !NBitpayClient.Extensions.BitIdExtensions.ValidateSIN(sin))
                    throw new BitpayHttpException(400, "'id' property is required, alternatively, use BitId");

                pairingEntity = await _TokenRepository.GetPairingAsync(request.PairingCode);
@ -76,6 +79,7 @@ namespace BTCPayServer.Controllers
                {
                    new PairingCodeResponse()
                    {
+                        Policies = new Newtonsoft.Json.Linq.JArray(),
                        PairingCode = pairingEntity.Id,
                        PairingExpiration = pairingEntity.Expiration,
                        DateCreated = pairingEntity.CreatedTime,
--- a/BTCPayServer/Controllers/AccountController.cs
+++ b/BTCPayServer/Controllers/AccountController.cs
@ -16,10 +16,13 @@ using BTCPayServer.Services;
 using BTCPayServer.Services.Mails;
 using BTCPayServer.Services.Stores;
 using BTCPayServer.Logging;
+using BTCPayServer.Security;
+using System.Globalization;
+using NicolasDorier.RateLimits;

 namespace BTCPayServer.Controllers
 {
-    [Authorize]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
    [Route("[controller]/[action]")]
    public class AccountController : Controller
    {
@ -68,6 +71,7 @@ namespace BTCPayServer.Controllers
        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
+        [RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)]
        public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
        {
            ViewData["ReturnUrl"] = returnUrl;
@ -86,7 +90,7 @@ namespace BTCPayServer.Controllers
                }
                // This doesn't count login failures towards account lockout
                // To enable password failures to trigger account lockout, set lockoutOnFailure: true
-                var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
+                var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
                if (result.Succeeded)
                {
                    _logger.LogInformation("User logged in.");
@ -235,23 +239,25 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [AllowAnonymous]
-        public async Task<IActionResult> Register(string returnUrl = null)
+        public async Task<IActionResult> Register(string returnUrl = null, bool logon = true)
        {
            var policies = await _SettingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
-            if (policies.LockSubscription)
+            if (policies.LockSubscription && !User.IsInRole(Roles.ServerAdmin))
                return RedirectToAction(nameof(HomeController.Index), "Home");
            ViewData["ReturnUrl"] = returnUrl;
+            ViewData["Logon"] = logon.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
            return View();
        }

        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
-        public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null)
+        public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null, bool logon = true)
        {
            ViewData["ReturnUrl"] = returnUrl;
+            ViewData["Logon"] = logon.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
            var policies = await _SettingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
-            if (policies.LockSubscription)
+            if (policies.LockSubscription && !User.IsInRole(Roles.ServerAdmin))
                return RedirectToAction(nameof(HomeController.Index), "Home");
            if (ModelState.IsValid)
            {
@ -273,7 +279,8 @@ namespace BTCPayServer.Controllers
                    await _emailSender.SendEmailConfirmationAsync(model.Email, callbackUrl);
                    if (!policies.RequiresConfirmedEmail)
                    {
-                        await _signInManager.SignInAsync(user, isPersistent: false);
+                        if(logon)
+                            await _signInManager.SignInAsync(user, isPersistent: false);
                        return RedirectToLocal(returnUrl);
                    }
                    else
--- a/BTCPayServer/Controllers/AppsController.PointOfSale.cs
+++ b/BTCPayServer/Controllers/AppsController.PointOfSale.cs
@ -0,0 +1,178 @@
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Models.AppViewModels;
+using BTCPayServer.Services.Apps;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace BTCPayServer.Controllers
+{
+    public partial class AppsController
+    {
+        public class PointOfSaleSettings
+        {
+            public PointOfSaleSettings()
+            {
+                Title = "Tea shop";
+                Currency = "USD";
+                Template =
+                    "green tea:\n" +
+                    "  price: 1\n" +
+                    "  title: Green Tea\n" +
+                    "  description:  Lovely, fresh and tender, Meng Ding Gan Lu ('sweet dew') is grown in the lush Meng Ding Mountains of the southwestern province of Sichuan where it has been cultivated for over a thousand years.\n" +
+                    "  image: https://cdn.pixabay.com/photo/2015/03/26/11/03/green-tea-692339__480.jpg\n\n" +
+                    "black tea:\n" +
+                    "  price: 1\n" +
+                    "  title: Black Tea\n" +
+                    "  description: Tian Jian Tian Jian means 'heavenly tippy tea' in Chinese, and it describes the finest grade of dark tea. Our Tian Jian dark tea is from Hunan province which is famous for making some of the best dark teas available.\n" +
+                    "  image: https://cdn.pixabay.com/photo/2016/11/29/13/04/beverage-1869716__480.jpg\n\n" +
+                    "rooibos:\n" +
+                    "  price: 1.2\n" +
+                    "  title: Rooibos\n" +
+                    "  description: Rooibos is a dramatic red tea made from a South African herb that contains polyphenols and flavonoids. Often called 'African redbush tea', Rooibos herbal tea delights the senses and delivers potential health benefits with each caffeine-free sip.\n" +
+                    "  image: https://cdn.pixabay.com/photo/2017/01/08/08/14/water-1962388__480.jpg\n\n" +
+                    "pu erh:\n" +
+                    "  price: 2\n" +
+                    "  title: Pu Erh\n" +
+                    "  description: This loose pur-erh tea is produced in Yunnan Province, China. The process in a relatively high humidity environment has mellowed the elemental character of the tea when compared to young Pu-erh.\n" +
+                    "  image: https://cdn.pixabay.com/photo/2018/07/21/16/56/tea-cup-3552917__480.jpg\n\n" +
+                    "herbal tea:\n" +
+                    "  price: 1.8\n" +
+                    "  title: Herbal Tea\n" +
+                    "  description: Chamomile tea is made from the flower heads of the chamomile plant. The medicinal use of chamomile dates back to the ancient Egyptians, Romans and Greeks. Pay us what you want!\n" +
+                    "  image: https://cdn.pixabay.com/photo/2015/07/02/20/57/chamomile-829538__480.jpg\n" +
+                    "  custom: true\n\n" +
+                    "fruit tea:\n" +
+                    "  price: 1.5\n" +
+                    "  title: Fruit Tea\n" +
+                    "  description: The Tibetan Himalayas, the land is majestic and beautiful—a spiritual place where, despite the perilous environment, many journey seeking enlightenment. Pay us what you want!\n" +
+                    "  image: https://cdn.pixabay.com/photo/2016/09/16/11/24/darts-1673812__480.jpg\n" +
+                    "  custom: true";
+                EnableShoppingCart = false;
+                ShowCustomAmount = true;
+            }
+            public string Title { get; set; }
+            public string Currency { get; set; }
+            public string Template { get; set; }
+            public bool EnableShoppingCart { get; set; }
+            public bool ShowCustomAmount { get; set; }
+
+            public const string BUTTON_TEXT_DEF = "Buy for {0}";
+            public string ButtonText { get; set; } = BUTTON_TEXT_DEF;
+            public const string CUSTOM_BUTTON_TEXT_DEF = "Pay";
+            public string CustomButtonText { get; set; } = CUSTOM_BUTTON_TEXT_DEF;
+            public const string CUSTOM_TIP_TEXT_DEF = "Do you want to leave a tip?";
+            public string CustomTipText { get; set; } = CUSTOM_TIP_TEXT_DEF;
+
+            public string CustomCSSLink { get; set; }
+        }
+
+        [HttpGet]
+        [Route("{appId}/settings/pos")]
+        public async Task<IActionResult> UpdatePointOfSale(string appId)
+        {
+            var app = await GetOwnedApp(appId, AppType.PointOfSale);
+            if (app == null)
+                return NotFound();
+            var settings = app.GetSettings<PointOfSaleSettings>();
+            var vm = new UpdatePointOfSaleViewModel()
+            {
+                Title = settings.Title,
+                EnableShoppingCart = settings.EnableShoppingCart,
+                ShowCustomAmount = settings.ShowCustomAmount,
+                Currency = settings.Currency,
+                Template = settings.Template,
+                ButtonText = settings.ButtonText ?? PointOfSaleSettings.BUTTON_TEXT_DEF,
+                CustomButtonText = settings.CustomButtonText ?? PointOfSaleSettings.CUSTOM_BUTTON_TEXT_DEF,
+                CustomTipText = settings.CustomTipText ?? PointOfSaleSettings.CUSTOM_TIP_TEXT_DEF,
+                CustomCSSLink = settings.CustomCSSLink
+            };
+            if (HttpContext?.Request != null)
+            {
+                var appUrl = HttpContext.Request.GetAbsoluteRoot().WithTrailingSlash() + $"apps/{appId}/pos";
+                var encoder = HtmlEncoder.Default;
+                if (settings.ShowCustomAmount)
+                {
+                    StringBuilder builder = new StringBuilder();
+                    builder.AppendLine($"<form method=\"POST\" action=\"{encoder.Encode(appUrl)}\">");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"amount\" value=\"100\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"email\" value=\"customer@example.com\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"orderId\" value=\"CustomOrderId\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"notificationUrl\" value=\"https://example.com/callbacks\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"redirectUrl\" value=\"https://example.com/thanksyou\" />");
+                    builder.AppendLine($"  <button type=\"submit\">Buy now</button>");
+                    builder.AppendLine($"</form>");
+                    vm.Example1 = builder.ToString();
+                }
+                try
+                {
+                    var items = _AppsHelper.Parse(settings.Template, settings.Currency);
+                    var builder = new StringBuilder();
+                    builder.AppendLine($"<form method=\"POST\" action=\"{encoder.Encode(appUrl)}\">");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"email\" value=\"customer@example.com\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"orderId\" value=\"CustomOrderId\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"notificationUrl\" value=\"https://example.com/callbacks\" />");
+                    builder.AppendLine($"  <input type=\"hidden\" name=\"redirectUrl\" value=\"https://example.com/thanksyou\" />");
+                    builder.AppendLine($"  <button type=\"submit\" name=\"choiceKey\" value=\"{items[0].Id}\">Buy now</button>");
+                    builder.AppendLine($"</form>");
+                    vm.Example2 = builder.ToString();
+                }
+                catch { }
+                vm.InvoiceUrl = appUrl + "invoices/SkdsDghkdP3D3qkj7bLq3";
+            }
+
+            vm.ExampleCallback = "{\n  \"id\":\"SkdsDghkdP3D3qkj7bLq3\",\n  \"url\":\"https://btcpay.example.com/invoice?id=SkdsDghkdP3D3qkj7bLq3\",\n  \"status\":\"paid\",\n  \"price\":10,\n  \"currency\":\"EUR\",\n  \"invoiceTime\":1520373130312,\n  \"expirationTime\":1520374030312,\n  \"currentTime\":1520373179327,\n  \"exceptionStatus\":false,\n  \"buyerFields\":{\n    \"buyerEmail\":\"customer@example.com\",\n    \"buyerNotify\":false\n  },\n  \"paymentSubtotals\": {\n    \"BTC\":114700\n  },\n  \"paymentTotals\": {\n    \"BTC\":118400\n  },\n  \"transactionCurrency\": \"BTC\",\n  \"amountPaid\": \"1025900\",\n  \"exchangeRates\": {\n    \"BTC\": {\n      \"EUR\": 8721.690715789999,\n      \"USD\": 10817.99\n    }\n  }\n}";
+            return View(vm);
+        }
+        [HttpPost]
+        [Route("{appId}/settings/pos")]
+        public async Task<IActionResult> UpdatePointOfSale(string appId, UpdatePointOfSaleViewModel vm)
+        {
+            if (_AppsHelper.GetCurrencyData(vm.Currency, false) == null)
+                ModelState.AddModelError(nameof(vm.Currency), "Invalid currency");
+            try
+            {
+                _AppsHelper.Parse(vm.Template, vm.Currency);
+            }
+            catch
+            {
+                ModelState.AddModelError(nameof(vm.Template), "Invalid template");
+            }
+            if (!ModelState.IsValid)
+            {
+                return View(vm);
+            }
+            var app = await GetOwnedApp(appId, AppType.PointOfSale);
+            if (app == null)
+                return NotFound();
+            app.SetSettings(new PointOfSaleSettings()
+            {
+                Title = vm.Title,
+                EnableShoppingCart = vm.EnableShoppingCart,
+                ShowCustomAmount = vm.ShowCustomAmount,
+                Currency = vm.Currency.ToUpperInvariant(),
+                Template = vm.Template,
+                ButtonText = vm.ButtonText,
+                CustomButtonText = vm.CustomButtonText,
+                CustomTipText = vm.CustomTipText,
+                CustomCSSLink = vm.CustomCSSLink
+            });
+            await UpdateAppSettings(app);
+            StatusMessage = "App updated";
+            return RedirectToAction(nameof(ListApps));
+        }
+
+        private async Task UpdateAppSettings(AppData app)
+        {
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                ctx.Apps.Add(app);
+                ctx.Entry<AppData>(app).State = EntityState.Modified;
+                ctx.Entry<AppData>(app).Property(a => a.Settings).IsModified = true;
+                await ctx.SaveChangesAsync();
+            }
+        }
+    }
+}
--- a/BTCPayServer/Controllers/AppsController.cs
+++ b/BTCPayServer/Controllers/AppsController.cs
@ -0,0 +1,194 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Models;
+using BTCPayServer.Models.AppViewModels;
+using BTCPayServer.Security;
+using BTCPayServer.Services.Apps;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using NBitcoin;
+using NBitcoin.DataEncoders;
+
+namespace BTCPayServer.Controllers
+{
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
+    [AutoValidateAntiforgeryToken]
+    [Route("apps")]
+    public partial class AppsController : Controller
+    {
+        public AppsController(
+            UserManager<ApplicationUser> userManager,
+            ApplicationDbContextFactory contextFactory,
+            BTCPayNetworkProvider networkProvider,
+            AppsHelper appsHelper)
+        {
+            _UserManager = userManager;
+            _ContextFactory = contextFactory;
+            _NetworkProvider = networkProvider;
+            _AppsHelper = appsHelper;
+        }
+
+        private UserManager<ApplicationUser> _UserManager;
+        private ApplicationDbContextFactory _ContextFactory;
+        private BTCPayNetworkProvider _NetworkProvider;
+        private AppsHelper _AppsHelper;
+
+        [TempData]
+        public string StatusMessage { get; set; }
+        public string CreatedAppId { get; set; }
+
+        public async Task<IActionResult> ListApps()
+        {
+            var apps = await GetAllApps();
+            return View(new ListAppsViewModel()
+            {
+                Apps = apps
+            });
+        }
+
+        [HttpPost]
+        [Route("{appId}/delete")]
+        public async Task<IActionResult> DeleteAppPost(string appId)
+        {
+            var appData = await GetOwnedApp(appId);
+            if (appData == null)
+                return NotFound();
+            if (await DeleteApp(appData))
+                StatusMessage = "App removed successfully";
+            return RedirectToAction(nameof(ListApps));
+        }
+
+        [HttpGet]
+        [Route("create")]
+        public async Task<IActionResult> CreateApp()
+        {
+            var stores = await GetOwnedStores();
+            if (stores.Length == 0)
+            {
+                StatusMessage = "Error: You must have created at least one store";
+                return RedirectToAction(nameof(ListApps));
+            }
+            var vm = new CreateAppViewModel();
+            vm.SetStores(stores);
+            return View(vm);
+        }
+
+        [HttpPost]
+        [Route("create")]
+        public async Task<IActionResult> CreateApp(CreateAppViewModel vm)
+        {
+            var stores = await GetOwnedStores();
+            if (stores.Length == 0)
+            {
+                StatusMessage = "Error: You must own at least one store";
+                return RedirectToAction(nameof(ListApps));
+            }
+            var selectedStore = vm.SelectedStore;
+            vm.SetStores(stores);
+            vm.SelectedStore = selectedStore;
+
+            if (!Enum.TryParse<AppType>(vm.SelectedAppType, out AppType appType))
+                ModelState.AddModelError(nameof(vm.SelectedAppType), "Invalid App Type");
+
+            if (!ModelState.IsValid)
+            {
+                return View(vm);
+            }
+
+            if (!stores.Any(s => s.Id == selectedStore))
+            {
+                StatusMessage = "Error: You are not owner of this store";
+                return RedirectToAction(nameof(ListApps));
+            }
+            var id = Encoders.Base58.EncodeData(RandomUtils.GetBytes(20));
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                var appData = new AppData() { Id = id };
+                appData.StoreDataId = selectedStore;
+                appData.Name = vm.Name;
+                appData.AppType = appType.ToString();
+                ctx.Apps.Add(appData);
+                await ctx.SaveChangesAsync();
+            }
+            StatusMessage = "App successfully created";
+            CreatedAppId = id;
+            if (appType == AppType.PointOfSale)
+                return RedirectToAction(nameof(UpdatePointOfSale), new { appId = id });
+            return RedirectToAction(nameof(ListApps));
+        }
+
+        [HttpGet]
+        [Route("{appId}/delete")]
+        public async Task<IActionResult> DeleteApp(string appId)
+        {
+            var appData = await GetOwnedApp(appId);
+            if (appData == null)
+                return NotFound();
+            return View("Confirm", new ConfirmModel()
+            {
+                Title = $"Delete app {appData.Name} ({appData.AppType})",
+                Description = "This app will be removed from this store",
+                Action = "Delete"
+            });
+        }
+
+        private Task<AppData> GetOwnedApp(string appId, AppType? type = null)
+        {
+            return _AppsHelper.GetAppDataIfOwner(GetUserId(), appId, type);
+        }
+
+        private async Task<StoreData[]> GetOwnedStores()
+        {
+            var userId = GetUserId();
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                return await ctx.UserStore
+                    .Where(us => us.ApplicationUserId == userId && us.Role == StoreRoles.Owner)
+                    .Select(u => u.StoreData)
+                    .ToArrayAsync();
+            }
+        }
+
+        private async Task<bool> DeleteApp(AppData appData)
+        {
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                ctx.Apps.Add(appData);
+                ctx.Entry<AppData>(appData).State = EntityState.Deleted;
+                return await ctx.SaveChangesAsync() == 1;
+            }
+        }
+
+        private async Task<ListAppsViewModel.ListAppViewModel[]> GetAllApps()
+        {
+            var userId = GetUserId();
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                return await ctx.UserStore
+                    .Where(us => us.ApplicationUserId == userId)
+                    .Join(ctx.Apps, us => us.StoreDataId, app => app.StoreDataId,
+                    (us, app) =>
+                    new ListAppsViewModel.ListAppViewModel()
+                    {
+                        IsOwner = us.Role == StoreRoles.Owner,
+                        StoreId = us.StoreDataId,
+                        StoreName = us.StoreData.StoreName,
+                        AppName = app.Name,
+                        AppType = app.AppType,
+                        Id = app.Id
+                    })
+                    .ToArrayAsync();
+            }
+        }
+
+        private string GetUserId()
+        {
+            return _UserManager.GetUserId(User);
+        }
+    }
+}
--- a/BTCPayServer/Controllers/AppsPublicController.cs
+++ b/BTCPayServer/Controllers/AppsPublicController.cs
@ -0,0 +1,248 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Filters;
+using BTCPayServer.Models.AppViewModels;
+using BTCPayServer.Security;
+using BTCPayServer.Services.Apps;
+using BTCPayServer.Services.Rates;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using YamlDotNet.RepresentationModel;
+using static BTCPayServer.Controllers.AppsController;
+
+namespace BTCPayServer.Controllers
+{
+    public class AppsPublicController : Controller
+    {
+        public AppsPublicController(AppsHelper appsHelper, InvoiceController invoiceController)
+        {
+            _AppsHelper = appsHelper;
+            _InvoiceController = invoiceController;
+        }
+
+        private AppsHelper _AppsHelper;
+        private InvoiceController _InvoiceController;
+
+        [HttpGet]
+        [Route("/apps/{appId}/pos")]
+        [XFrameOptionsAttribute(null)]
+        public async Task<IActionResult> ViewPointOfSale(string appId)
+        {
+            var app = await _AppsHelper.GetApp(appId, AppType.PointOfSale);
+            if (app == null)
+                return NotFound();
+            var settings = app.GetSettings<PointOfSaleSettings>();
+
+            var numberFormatInfo = _AppsHelper.Currencies.GetNumberFormatInfo(settings.Currency) ?? _AppsHelper.Currencies.GetNumberFormatInfo("USD");
+            double step = Math.Pow(10, -(numberFormatInfo.CurrencyDecimalDigits));
+
+            return View(new ViewPointOfSaleViewModel()
+            {
+                Title = settings.Title,
+                Step = step.ToString(CultureInfo.InvariantCulture),
+                EnableShoppingCart = settings.EnableShoppingCart,
+                ShowCustomAmount = settings.ShowCustomAmount,
+                CurrencyCode = settings.Currency,
+                CurrencySymbol = numberFormatInfo.CurrencySymbol,
+                CurrencyInfo = new ViewPointOfSaleViewModel.CurrencyInfoData()
+                {
+                    CurrencySymbol = string.IsNullOrEmpty(numberFormatInfo.CurrencySymbol) ? settings.Currency : numberFormatInfo.CurrencySymbol,
+                    Divisibility = numberFormatInfo.CurrencyDecimalDigits,
+                    DecimalSeparator = numberFormatInfo.CurrencyDecimalSeparator,
+                    ThousandSeparator = numberFormatInfo.NumberGroupSeparator,
+                    Prefixed = new[] { 0, 2 }.Contains(numberFormatInfo.CurrencyPositivePattern),
+                    SymbolSpace = new[] { 2, 3 }.Contains(numberFormatInfo.CurrencyPositivePattern)
+                },
+                Items = _AppsHelper.Parse(settings.Template, settings.Currency),
+                ButtonText = settings.ButtonText,
+                CustomButtonText = settings.CustomButtonText,
+                CustomTipText = settings.CustomTipText,
+                CustomCSSLink = settings.CustomCSSLink
+            });
+        }
+
+        [HttpPost]
+        [Route("/apps/{appId}/pos")]
+        [IgnoreAntiforgeryToken]
+        [EnableCors(CorsPolicies.All)]
+        public async Task<IActionResult> ViewPointOfSale(string appId,
+                                                        decimal amount,
+                                                        string email,
+                                                        string orderId,
+                                                        string notificationUrl,
+                                                        string redirectUrl,
+                                                        string choiceKey)
+        {
+            var app = await _AppsHelper.GetApp(appId, AppType.PointOfSale);
+            if (string.IsNullOrEmpty(choiceKey) && amount <= 0)
+            {
+                return RedirectToAction(nameof(ViewPointOfSale), new { appId = appId });
+            }
+            if (app == null)
+                return NotFound();
+            var settings = app.GetSettings<PointOfSaleSettings>();
+            if (string.IsNullOrEmpty(choiceKey) && !settings.ShowCustomAmount && !settings.EnableShoppingCart)
+            {
+                return RedirectToAction(nameof(ViewPointOfSale), new { appId = appId });
+            }
+            string title = null;
+            var price = 0.0m;
+            if (!string.IsNullOrEmpty(choiceKey))
+            {
+                var choices = _AppsHelper.Parse(settings.Template, settings.Currency);
+                var choice = choices.FirstOrDefault(c => c.Id == choiceKey);
+                if (choice == null)
+                    return NotFound();
+                title = choice.Title;
+                price = choice.Price.Value;
+                if (amount > price)
+                    price = amount;
+            }
+            else
+            {
+                if (!settings.ShowCustomAmount && !settings.EnableShoppingCart)
+                    return NotFound();
+                price = amount;
+                title = settings.Title;
+            }
+            var store = await _AppsHelper.GetStore(app);
+            store.AdditionalClaims.Add(new Claim(Policies.CanCreateInvoice.Key, store.Id));
+            var invoice = await _InvoiceController.CreateInvoiceCore(new NBitpayClient.Invoice()
+            {
+                ItemCode = choiceKey ?? string.Empty,
+                ItemDesc = title,
+                Currency = settings.Currency,
+                Price = price,
+                BuyerEmail = email,
+                OrderId = orderId,
+                NotificationURL = notificationUrl,
+                RedirectURL = redirectUrl,
+                FullNotifications = true
+            }, store, HttpContext.Request.GetAbsoluteRoot());
+            return RedirectToAction(nameof(InvoiceController.Checkout), "Invoice", new { invoiceId = invoice.Data.Id });
+        }
+    }
+
+
+    public class AppsHelper
+    {
+        ApplicationDbContextFactory _ContextFactory;
+        CurrencyNameTable _Currencies;
+        public CurrencyNameTable Currencies => _Currencies;
+        public AppsHelper(ApplicationDbContextFactory contextFactory, CurrencyNameTable currencies)
+        {
+            _ContextFactory = contextFactory;
+            _Currencies = currencies;
+
+        }
+
+        public async Task<AppData> GetApp(string appId, AppType appType)
+        {
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                return await ctx.Apps
+                                .Where(us => us.Id == appId &&
+                                             us.AppType == appType.ToString())
+                                .FirstOrDefaultAsync();
+            }
+        }
+
+        public async Task<StoreData> GetStore(AppData app)
+        {
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                return await ctx.Stores.FirstOrDefaultAsync(s => s.Id == app.StoreDataId);
+            }
+        }
+
+
+        public ViewPointOfSaleViewModel.Item[] Parse(string template, string currency)
+        {
+            if (string.IsNullOrWhiteSpace(template))
+                return Array.Empty<ViewPointOfSaleViewModel.Item>();
+            var input = new StringReader(template);
+            YamlStream stream = new YamlStream();
+            stream.Load(input);
+            var root = (YamlMappingNode)stream.Documents[0].RootNode;
+            return root
+                .Children
+                .Select(kv => new PosHolder { Key = (kv.Key as YamlScalarNode)?.Value, Value = kv.Value as YamlMappingNode })
+                .Where(kv => kv.Value != null)
+                .Select(c => new ViewPointOfSaleViewModel.Item()
+                {
+                    Description = c.GetDetailString("description"),
+                    Id = c.Key,
+                    Image = c.GetDetailString("image"),
+                    Title = c.GetDetailString("title") ?? c.Key,
+                    Price = c.GetDetail("price")
+                             .Select(cc => new ViewPointOfSaleViewModel.Item.ItemPrice()
+                             {
+                                 Value = decimal.Parse(cc.Value.Value, CultureInfo.InvariantCulture),
+                                 Formatted = FormatCurrency(cc.Value.Value, currency)
+                             }).Single(),
+                    Custom = c.GetDetailString("custom") == "true"
+                })
+                .ToArray();
+        }
+
+        private class PosHolder
+        {
+            public string Key { get; set; }
+            public YamlMappingNode Value { get; set; }
+
+            public IEnumerable<PosScalar> GetDetail(string field)
+            {
+                var res = Value.Children
+                                 .Where(kv => kv.Value != null)
+                                 .Select(kv => new PosScalar { Key = (kv.Key as YamlScalarNode)?.Value, Value = kv.Value as YamlScalarNode })
+                                 .Where(cc => cc.Key == field);
+                return res;
+            }
+
+            public string GetDetailString(string field)
+            {
+                return GetDetail(field).FirstOrDefault()?.Value?.Value;
+            }
+        }
+        private class PosScalar
+        {
+            public string Key { get; set; }
+            public YamlScalarNode Value { get; set; }
+        }
+
+        public string FormatCurrency(string price, string currency)
+        {
+            return decimal.Parse(price, CultureInfo.InvariantCulture).ToString("C", _Currencies.GetCurrencyProvider(currency));
+        }
+
+        public CurrencyData GetCurrencyData(string currency, bool useFallback)
+        {
+            return _Currencies.GetCurrencyData(currency, useFallback);
+        }
+        public async Task<AppData> GetAppDataIfOwner(string userId, string appId, AppType? type = null)
+        {
+            if (userId == null || appId == null)
+                return null;
+            using (var ctx = _ContextFactory.CreateContext())
+            {
+                var app = await ctx.UserStore
+                                .Where(us => us.ApplicationUserId == userId && us.Role == StoreRoles.Owner)
+                                .SelectMany(us => us.StoreData.Apps.Where(a => a.Id == appId))
+                   .FirstOrDefaultAsync();
+                if (app == null)
+                    return null;
+                if (type != null && type.Value.ToString() != app.AppType)
+                    return null;
+                return app;
+            }
+        }
+    }
+}
--- a/BTCPayServer/Controllers/ChangellyController.cs
+++ b/BTCPayServer/Controllers/ChangellyController.cs
@ -0,0 +1,119 @@
+using System;
+using System.Threading.Tasks;
+using BTCPayServer.Models;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Rating;
+using BTCPayServer.Services.Rates;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers
+{
+    [Route("[controller]/{storeId}")]
+    public class ChangellyController : Controller
+    {
+        private readonly ChangellyClientProvider _changellyClientProvider;
+        private readonly BTCPayNetworkProvider _btcPayNetworkProvider;
+        private readonly RateFetcher _RateProviderFactory;
+
+        public ChangellyController(ChangellyClientProvider changellyClientProvider,
+            BTCPayNetworkProvider btcPayNetworkProvider,
+            RateFetcher rateProviderFactory)
+        {
+            _RateProviderFactory = rateProviderFactory ?? throw new ArgumentNullException(nameof(rateProviderFactory));
+
+            _changellyClientProvider = changellyClientProvider;
+            _btcPayNetworkProvider = btcPayNetworkProvider;
+        }
+
+        [HttpGet]
+        [Route("currencies")]
+        public async Task<IActionResult> GetCurrencyList(string storeId)
+        {
+            try
+            {
+                
+                var client = await TryGetChangellyClient(storeId);
+                
+                return Ok(await client.GetCurrenciesFull());
+            }
+            catch (Exception e)
+            {
+                return BadRequest(new BitpayErrorModel()
+                {
+                    Error = e.Message
+                });
+            }
+        }
+
+        [HttpGet]
+        [Route("calculate")]
+        public async Task<IActionResult> CalculateAmount(string storeId, string fromCurrency, string toCurrency,
+            decimal toCurrencyAmount)
+        {
+            try
+            {
+                var client = await TryGetChangellyClient(storeId);
+
+                if (fromCurrency.Equals("usd", StringComparison.InvariantCultureIgnoreCase)
+                    || fromCurrency.Equals("eur", StringComparison.InvariantCultureIgnoreCase))
+                {
+                    return await HandleCalculateFiatAmount(fromCurrency, toCurrency, toCurrencyAmount);
+                }
+                
+                var callCounter = 0;
+                var baseRate = await client.GetExchangeAmount(fromCurrency, toCurrency, 1);
+                var currentAmount = ChangellyCalculationHelper.ComputeBaseAmount(baseRate, toCurrencyAmount);
+                while (true)
+                {
+                    if (callCounter > 10)
+                    {
+                        BadRequest();
+                    }
+
+                    var computedAmount = await client.GetExchangeAmount(fromCurrency, toCurrency, currentAmount);
+                    callCounter++;
+                    if (computedAmount < toCurrencyAmount)
+                    {
+                        currentAmount =
+                            ChangellyCalculationHelper.ComputeCorrectAmount(currentAmount, computedAmount,
+                                toCurrencyAmount);
+                    }
+                    else
+                    {
+                        return Ok(currentAmount);
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                return BadRequest(new BitpayErrorModel()
+                {
+                    Error = e.Message
+                });
+            }
+        }
+
+        private async Task<Changelly> TryGetChangellyClient(string storeId)
+        {
+            var store = IsTest? null: HttpContext.GetStoreData();
+            storeId = storeId ?? store?.Id;
+
+            return await _changellyClientProvider.TryGetChangellyClient(storeId, store);
+        }
+
+        private async Task<IActionResult> HandleCalculateFiatAmount(string fromCurrency, string toCurrency,
+            decimal toCurrencyAmount)
+        {
+            var store = HttpContext.GetStoreData();
+            var rules = store.GetStoreBlob().GetRateRules(_btcPayNetworkProvider);
+            var rate = await _RateProviderFactory.FetchRate(new CurrencyPair(toCurrency, fromCurrency), rules);
+            if (rate.BidAsk == null) return BadRequest();
+            var flatRate = rate.BidAsk.Center;
+            return Ok(flatRate * toCurrencyAmount);
+        }
+
+        public bool IsTest { get; set; } = false;
+    }
+    
+    
+}
--- a/BTCPayServer/Controllers/HomeController.cs
+++ b/BTCPayServer/Controllers/HomeController.cs
@ -5,16 +5,86 @@ using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using BTCPayServer.Models;
+using NBitcoin.DataEncoders;
+using NBitcoin.Payment;
+using System.Net.Http;
+using Newtonsoft.Json.Linq;
+using NBitcoin;
+using Newtonsoft.Json;

 namespace BTCPayServer.Controllers
 {
    public class HomeController : Controller
    {
+        public IHttpClientFactory HttpClientFactory { get; }
+
+        public HomeController(IHttpClientFactory httpClientFactory)
+        {
+            HttpClientFactory = httpClientFactory;
+        }
        public IActionResult Index()
        {
            return View("Home");
        }

+        [Route("translate")]
+        public IActionResult BitpayTranslator()
+        {
+            return View(new BitpayTranslatorViewModel());
+        }
+
+        [HttpPost]
+        [Route("translate")]
+        public async Task<IActionResult> BitpayTranslator(BitpayTranslatorViewModel vm)
+        {
+            if (!ModelState.IsValid)
+                return View(vm);
+            vm.BitpayLink = vm.BitpayLink ?? string.Empty;
+            vm.BitpayLink = vm.BitpayLink.Trim();
+            if (!vm.BitpayLink.StartsWith("bitcoin:", StringComparison.OrdinalIgnoreCase))
+            {
+                var invoiceId = vm.BitpayLink.Substring(vm.BitpayLink.LastIndexOf("=", StringComparison.OrdinalIgnoreCase) + 1);
+                vm.BitpayLink = $"bitcoin:?r=https://bitpay.com/i/{invoiceId}";
+            }
+
+            try
+            {
+                BitcoinUrlBuilder urlBuilder = new BitcoinUrlBuilder(vm.BitpayLink);
+#pragma warning disable CS0618 // Type or member is obsolete
+                if (!urlBuilder.PaymentRequestUrl.DnsSafeHost.EndsWith("bitpay.com", StringComparison.OrdinalIgnoreCase))
+                {
+                    throw new Exception("This tool only work with bitpay");
+                }
+
+                var client = HttpClientFactory.CreateClient();
+                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, urlBuilder.PaymentRequestUrl);
+#pragma warning restore CS0618 // Type or member is obsolete
+                request.Headers.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/payment-request"));
+                var result = await client.SendAsync(request);
+                // {"network":"main","currency":"BTC","requiredFeeRate":29.834,"outputs":[{"amount":255900,"address":"1PgPo5d4swD6pKfCgoXtoW61zqTfX9H7tj"}],"time":"2018-12-03T14:39:47.162Z","expires":"2018-12-03T14:54:47.162Z","memo":"Payment request for BitPay invoice HHfG8cprRMzZG6MErCqbjv for merchant VULTR Holdings LLC","paymentUrl":"https://bitpay.com/i/HHfG8cprRMzZG6MErCqbjv","paymentId":"HHfG8cprRMzZG6MErCqbjv"}
+                var str = await result.Content.ReadAsStringAsync();
+                try
+                {
+                    var jobj = JObject.Parse(str);
+                    vm.Address = ((JArray)jobj["outputs"])[0]["address"].Value<string>();
+                    var amount = Money.Satoshis(((JArray)jobj["outputs"])[0]["amount"].Value<long>());
+                    vm.Amount = amount.ToString();
+                    vm.BitcoinUri = $"bitcoin:{vm.Address}?amount={amount.ToString()}";
+                }
+                catch (JsonReaderException)
+                {
+                    ModelState.AddModelError(nameof(vm.BitpayLink), $"Invalid or expired bitpay invoice");
+                    return View(vm);
+                }
+            }
+            catch (Exception ex)
+            {
+                ModelState.AddModelError(nameof(vm.BitpayLink), $"Error while requesting {ex.Message}");
+                return View(vm);
+            }
+            return View(vm);
+        }
+
        public IActionResult About()
        {
            ViewData["Message"] = "Your application description page.";
--- a/BTCPayServer/Controllers/InvoiceController.API.cs
+++ b/BTCPayServer/Controllers/InvoiceController.API.cs
@ -1,41 +1,32 @@
-using BTCPayServer.Authentication;
-using Microsoft.Extensions.Logging;
-using BTCPayServer.Filters;
-using BTCPayServer.Logging;
-using BTCPayServer.Models;
-using Microsoft.AspNetCore.Mvc;
-using NBitpayClient;
-using System;
-using System.Collections.Generic;
+using System;
 using System.Linq;
 using System.Threading.Tasks;
-using BTCPayServer.Data;
+using BTCPayServer.Filters;
+using BTCPayServer.Models;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Invoices;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Cors;
-using BTCPayServer.Services.Stores;
+using Microsoft.AspNetCore.Mvc;
+using NBitpayClient;

 namespace BTCPayServer.Controllers
 {
    [EnableCors("BitpayAPI")]
    [BitpayAPIConstraint]
+    [Authorize(Policies.CanCreateInvoice.Key, AuthenticationSchemes = Policies.BitpayAuthentication)]
    public class InvoiceControllerAPI : Controller
    {
        private InvoiceController _InvoiceController;
        private InvoiceRepository _InvoiceRepository;
-        private TokenRepository _TokenRepository;
-        private StoreRepository _StoreRepository;
        private BTCPayNetworkProvider _NetworkProvider;

        public InvoiceControllerAPI(InvoiceController invoiceController,
                                    InvoiceRepository invoceRepository,
-                                    TokenRepository tokenRepository,
-                                    StoreRepository storeRepository,
                                    BTCPayNetworkProvider networkProvider)
        {
            this._InvoiceController = invoiceController;
            this._InvoiceRepository = invoceRepository;
-            this._TokenRepository = tokenRepository;
-            this._StoreRepository = storeRepository;
            this._NetworkProvider = networkProvider;
        }

@ -44,25 +35,23 @@ namespace BTCPayServer.Controllers
        [MediaTypeConstraint("application/json")]
        public async Task<DataWrapper<InvoiceResponse>> CreateInvoice([FromBody] Invoice invoice)
        {
-            var bitToken = await CheckTokenPermissionAsync(Facade.Merchant, invoice.Token);
-            var store = await FindStore(bitToken);
-            return await _InvoiceController.CreateInvoiceCore(invoice, store, HttpContext.Request.GetAbsoluteRoot());
+            return await _InvoiceController.CreateInvoiceCore(invoice, HttpContext.GetStoreData(), HttpContext.Request.GetAbsoluteRoot());
        }

        [HttpGet]
        [Route("invoices/{id}")]
-        public async Task<DataWrapper<InvoiceResponse>> GetInvoice(string id, string token)
+        public async Task<DataWrapper<InvoiceResponse>> GetInvoice(string id)
        {
-            var bitToken = await CheckTokenPermissionAsync(Facade.Merchant, token);
-            var store = await FindStore(bitToken);
-            var invoice = await _InvoiceRepository.GetInvoice(store.Id, id);
+            var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery()
+            {
+                InvoiceId = id,
+                StoreId = new[] { HttpContext.GetStoreData().Id }
+            })).FirstOrDefault();
            if (invoice == null)
                throw new BitpayHttpException(404, "Object not found");
-
            var resp = invoice.EntityToDTO(_NetworkProvider);
            return new DataWrapper<InvoiceResponse>(resp);
        }
-
        [HttpGet]
        [Route("invoices")]
        public async Task<DataWrapper<InvoiceResponse[]>> GetInvoices(
@ -77,8 +66,7 @@ namespace BTCPayServer.Controllers
        {
            if (dateEnd != null)
                dateEnd = dateEnd.Value + TimeSpan.FromDays(1); //Should include the end day
-            var bitToken = await CheckTokenPermissionAsync(Facade.Merchant, token);
-            var store = await FindStore(bitToken);
+            
            var query = new InvoiceQuery()
            {
                Count = limit,
@ -87,55 +75,14 @@ namespace BTCPayServer.Controllers
                StartDate = dateStart,
                OrderId = orderId,
                ItemCode = itemCode,
-                Status = status,
-                StoreId = store.Id
+                Status = status == null ? null : new[] { status },
+                StoreId = new[] { this.HttpContext.GetStoreData().Id }
            };

-
            var entities = (await _InvoiceRepository.GetInvoices(query))
                            .Select((o) => o.EntityToDTO(_NetworkProvider)).ToArray();

            return DataWrapper.Create(entities);
        }
-
-        private async Task<BitTokenEntity> CheckTokenPermissionAsync(Facade facade, string expectedToken)
-        {
-            if (facade == null)
-                throw new ArgumentNullException(nameof(facade));
-
-            var actualTokens = (await _TokenRepository.GetTokens(this.GetBitIdentity().SIN)).ToArray();
-            actualTokens = actualTokens.SelectMany(t => GetCompatibleTokens(t)).ToArray();
-
-            var actualToken = actualTokens.FirstOrDefault(a => a.Value.Equals(expectedToken, StringComparison.Ordinal));
-            if (expectedToken == null || actualToken == null)
-            {
-                Logs.PayServer.LogDebug($"No token found for facade {facade} for SIN {this.GetBitIdentity().SIN}");
-                throw new BitpayHttpException(401, $"This endpoint does not support the `{actualTokens.Select(a => a.Facade).Concat(new[] { "user" }).FirstOrDefault()}` facade");
-            }
-            return actualToken;
-        }
-
-        private IEnumerable<BitTokenEntity> GetCompatibleTokens(BitTokenEntity token)
-        {
-            if (token.Facade == Facade.Merchant.ToString())
-            {
-                yield return token.Clone(Facade.User);
-                yield return token.Clone(Facade.PointOfSale);
-            }
-            if (token.Facade == Facade.PointOfSale.ToString())
-            {
-                yield return token.Clone(Facade.User);
-            }
-            yield return token;
-        }
-
-        private async Task<StoreData> FindStore(BitTokenEntity bitToken)
-        {
-            var store = await _StoreRepository.FindStore(bitToken.StoreId);
-            if (store == null)
-                throw new BitpayHttpException(401, "Unknown store");
-            return store;
-        }
-
    }
 }
--- a/BTCPayServer/Controllers/InvoiceController.PaymentProtocol.cs
+++ b/BTCPayServer/Controllers/InvoiceController.PaymentProtocol.cs
@ -1,87 +0,0 @@
-using BTCPayServer.Filters;
-using Microsoft.Extensions.Logging;
-using BTCPayServer.Logging;
-using Microsoft.AspNetCore.Mvc;
-using NBitcoin;
-using NBitcoin.Payment;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-using BTCPayServer.Services.Invoices;
-using BTCPayServer.Payments;
-
-namespace BTCPayServer.Controllers
-{
-    public partial class InvoiceController
-    {
-        [HttpGet]
-        [Route("i/{invoiceId}/{cryptoCode?}")]
-        [AcceptMediaTypeConstraint("application/bitcoin-paymentrequest")]
-        public async Task<IActionResult> GetInvoiceRequest(string invoiceId, string cryptoCode = null)
-        {
-            if (cryptoCode == null)
-                cryptoCode = "BTC";
-            var invoice = await _InvoiceRepository.GetInvoice(null, invoiceId);
-            var network = _NetworkProvider.GetNetwork(cryptoCode);
-            var paymentMethodId = new PaymentMethodId(cryptoCode, Payments.PaymentTypes.BTCLike);
-            if (invoice == null || invoice.IsExpired() || network == null || !invoice.Support(paymentMethodId))
-                return NotFound();
-
-            var dto = invoice.EntityToDTO(_NetworkProvider);
-            var paymentMethod = dto.CryptoInfo.First(c => c.GetpaymentMethodId() == paymentMethodId);
-            PaymentRequest request = new PaymentRequest
-            {
-                DetailsVersion = 1
-            };
-            request.Details.Expires = invoice.ExpirationTime;
-            request.Details.Memo = invoice.ProductInformation.ItemDesc;
-            request.Details.Network = network.NBitcoinNetwork;
-            request.Details.Outputs.Add(new PaymentOutput() { Amount = paymentMethod.Due, Script = BitcoinAddress.Create(paymentMethod.Address, network.NBitcoinNetwork).ScriptPubKey });
-            request.Details.MerchantData = Encoding.UTF8.GetBytes(invoice.Id);
-            request.Details.Time = DateTimeOffset.UtcNow;
-            request.Details.PaymentUrl = new Uri(invoice.ServerUrl.WithTrailingSlash() + ($"i/{invoice.Id}"), UriKind.Absolute);
-
-            var store = await _StoreRepository.FindStore(invoice.StoreId);
-            if (store == null)
-                throw new BitpayHttpException(401, "Unknown store");
-
-            if (store.StoreCertificate != null)
-            {
-                try
-                {
-                    request.Sign(store.StoreCertificate, PKIType.X509SHA256);
-                }
-                catch (Exception ex)
-                {
-                    Logs.PayServer.LogWarning(ex, "Error while signing payment request");
-                }
-            }
-
-            return new PaymentRequestActionResult(request);
-        }
-
-        [HttpPost]
-        [Route("i/{invoiceId}", Order = 99)]
-        [Route("i/{invoiceId}/{cryptoCode}", Order = 99)]
-        [MediaTypeConstraint("application/bitcoin-payment")]
-        public async Task<IActionResult> PostPayment(string invoiceId, string cryptoCode = null)
-        {
-            var invoice = await _InvoiceRepository.GetInvoice(null, invoiceId);
-            if (cryptoCode == null)
-                cryptoCode = "BTC";
-            var network = _NetworkProvider.GetNetwork(cryptoCode);
-            if (network == null || invoice == null || invoice.IsExpired() || !invoice.Support(new PaymentMethodId(cryptoCode, Payments.PaymentTypes.BTCLike)))
-                return NotFound();
-
-            var wallet = _WalletProvider.GetWallet(network);
-            if (wallet == null)
-                return NotFound();
-            var payment = PaymentMessage.Load(Request.Body);
-            var unused = wallet.BroadcastTransactionsAsync(payment.Transactions);
-            await _InvoiceRepository.AddRefundsAsync(invoiceId, payment.RefundTo.Select(p => new TxOut(p.Amount, p.Script)).ToArray(), network.NBitcoinNetwork);
-            return new PaymentAckActionResult(payment.CreateACK(invoiceId + " is currently processing, thanks for your purchase..."));
-        }
-    }
-}
--- a/BTCPayServer/Controllers/InvoiceController.UI.cs
+++ b/BTCPayServer/Controllers/InvoiceController.UI.cs
@ -1,26 +1,29 @@
-using BTCPayServer.Data;
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Net.Mime;
+using System.Net.WebSockets;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Events;
 using BTCPayServer.Filters;
+using BTCPayServer.Models;
 using BTCPayServer.Models.InvoicingModels;
+using BTCPayServer.Payments;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Payments.Lightning;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Invoices;
+using BTCPayServer.Services.Invoices.Export;
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Rendering;
 using NBitcoin;
 using NBitpayClient;
-using System;
-using System.Collections.Generic;
-using System.Globalization;
-using System.Linq;
-using System.Security.Claims;
-using System.Text;
-using System.Threading.Tasks;
-using BTCPayServer.Services.Rates;
-using System.Net.WebSockets;
-using System.Threading;
-using BTCPayServer.Events;
 using NBXplorer;
-using BTCPayServer.Payments;
+using Newtonsoft.Json.Linq;

 namespace BTCPayServer.Controllers
 {
@ -28,12 +31,13 @@ namespace BTCPayServer.Controllers
    {
        [HttpGet]
        [Route("invoices/{invoiceId}")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        public async Task<IActionResult> Invoice(string invoiceId)
        {
            var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery()
            {
-                UserId = GetUserId(),
                InvoiceId = invoiceId,
+                UserId = GetUserId(),
                IncludeAddresses = true,
                IncludeEvents = true
            })).FirstOrDefault();
@ -42,26 +46,30 @@ namespace BTCPayServer.Controllers

            var dto = invoice.EntityToDTO(_NetworkProvider);
            var store = await _StoreRepository.FindStore(invoice.StoreId);
-
            InvoiceDetailsModel model = new InvoiceDetailsModel()
            {
                StoreName = store.StoreName,
                StoreLink = Url.Action(nameof(StoresController.UpdateStore), "Stores", new { storeId = store.Id }),
                Id = invoice.Id,
-                Status = invoice.Status,
-                TransactionSpeed = invoice.SpeedPolicy == SpeedPolicy.HighSpeed ? "high" : invoice.SpeedPolicy == SpeedPolicy.MediumSpeed ? "medium" : "low",
+                State = invoice.GetInvoiceState().ToString(),
+                TransactionSpeed = invoice.SpeedPolicy == SpeedPolicy.HighSpeed ? "high" :
+                                   invoice.SpeedPolicy == SpeedPolicy.MediumSpeed ? "medium" :
+                                   invoice.SpeedPolicy == SpeedPolicy.LowMediumSpeed ? "low-medium" :
+                                   "low",
                RefundEmail = invoice.RefundMail,
                CreatedDate = invoice.InvoiceTime,
                ExpirationDate = invoice.ExpirationTime,
                MonitoringDate = invoice.MonitoringExpiration,
                OrderId = invoice.OrderId,
                BuyerInformation = invoice.BuyerInformation,
-                Fiat = FormatCurrency((decimal)dto.Price, dto.Currency),
+                Fiat = _CurrencyNameTable.DisplayFormatCurrency(dto.Price, dto.Currency),
+                NotificationEmail = invoice.NotificationEmail,
                NotificationUrl = invoice.NotificationURL,
                RedirectUrl = invoice.RedirectURL,
                ProductInformation = invoice.ProductInformation,
                StatusException = invoice.ExceptionStatus,
-                Events = invoice.Events
+                Events = invoice.Events,
+                PosData = PosDataParser.ParsePosData(dto.PosData)
            };

            foreach (var data in invoice.GetPaymentMethods(null))
@ -71,67 +79,80 @@ namespace BTCPayServer.Controllers
                var paymentMethodId = data.GetId();
                var cryptoPayment = new InvoiceDetailsModel.CryptoPayment();
                cryptoPayment.PaymentMethod = ToString(paymentMethodId);
-                cryptoPayment.Due = accounting.Due.ToString() + $" {paymentMethodId.CryptoCode}";
-                cryptoPayment.Paid = accounting.CryptoPaid.ToString() + $" {paymentMethodId.CryptoCode}";
+                cryptoPayment.Due = $"{accounting.Due} {paymentMethodId.CryptoCode}";
+                cryptoPayment.Paid = $"{accounting.CryptoPaid} {paymentMethodId.CryptoCode}";
+                cryptoPayment.Overpaid = $"{accounting.OverpaidHelper} {paymentMethodId.CryptoCode}";

                var onchainMethod = data.GetPaymentMethodDetails() as Payments.Bitcoin.BitcoinLikeOnChainPaymentMethod;
                if (onchainMethod != null)
                {
                    cryptoPayment.Address = onchainMethod.DepositAddress;
                }
-                cryptoPayment.Rate = FormatCurrency(data);
+                cryptoPayment.Rate = ExchangeRate(data);
                cryptoPayment.PaymentUrl = cryptoInfo.PaymentUrls.BIP21;
                model.CryptoPayments.Add(cryptoPayment);
            }

-            var payments = invoice
+            var onChainPayments = invoice
                .GetPayments()
-                .Where(p => p.GetPaymentMethodId().PaymentType == PaymentTypes.BTCLike)
-                .Select(async payment =>
+                .Select<PaymentEntity, Task<object>>(async payment =>
                {
-                    var paymentData = (Payments.Bitcoin.BitcoinLikePaymentData)payment.GetCryptoPaymentData();
-                    var m = new InvoiceDetailsModel.Payment();
                    var paymentNetwork = _NetworkProvider.GetNetwork(payment.GetCryptoCode());
-                    m.PaymentMethod = ToString(payment.GetPaymentMethodId());
-                    m.DepositAddress = paymentData.Output.ScriptPubKey.GetDestinationAddress(paymentNetwork.NBitcoinNetwork);
-
-                    int confirmationCount = 0;
-                    if (    (paymentData.ConfirmationCount < paymentNetwork.MaxTrackedConfirmation && payment.Accounted)
-                         && (paymentData.Legacy || invoice.MonitoringExpiration < DateTimeOffset.UtcNow)) // The confirmation count in the paymentData is not up to date
+                    var paymentData = payment.GetCryptoPaymentData();
+                    if (paymentData is Payments.Bitcoin.BitcoinLikePaymentData onChainPaymentData)
                    {
-                        confirmationCount = (await ((ExplorerClientProvider)_ServiceProvider.GetService(typeof(ExplorerClientProvider))).GetExplorerClient(payment.GetCryptoCode())?.GetTransactionAsync(paymentData.Outpoint.Hash))?.Confirmations ?? 0;
-                        paymentData.ConfirmationCount = confirmationCount;
-                        payment.SetCryptoPaymentData(paymentData);
-                        await _InvoiceRepository.UpdatePayments(new List<PaymentEntity> { payment });
+                        var m = new InvoiceDetailsModel.Payment();
+                        m.Crypto = payment.GetPaymentMethodId().CryptoCode;
+                        m.DepositAddress = onChainPaymentData.GetDestination(paymentNetwork);
+
+                        int confirmationCount = 0;
+                        if ((onChainPaymentData.ConfirmationCount < paymentNetwork.MaxTrackedConfirmation && payment.Accounted)
+                             && (onChainPaymentData.Legacy || invoice.MonitoringExpiration < DateTimeOffset.UtcNow)) // The confirmation count in the paymentData is not up to date
+                        {
+                            confirmationCount = (await ((ExplorerClientProvider)_ServiceProvider.GetService(typeof(ExplorerClientProvider))).GetExplorerClient(payment.GetCryptoCode())?.GetTransactionAsync(onChainPaymentData.Outpoint.Hash))?.Confirmations ?? 0;
+                            onChainPaymentData.ConfirmationCount = confirmationCount;
+                            payment.SetCryptoPaymentData(onChainPaymentData);
+                            await _InvoiceRepository.UpdatePayments(new List<PaymentEntity> { payment });
+                        }
+                        else
+                        {
+                            confirmationCount = onChainPaymentData.ConfirmationCount;
+                        }
+                        if (confirmationCount >= paymentNetwork.MaxTrackedConfirmation)
+                        {
+                            m.Confirmations = "At least " + (paymentNetwork.MaxTrackedConfirmation);
+                        }
+                        else
+                        {
+                            m.Confirmations = confirmationCount.ToString(CultureInfo.InvariantCulture);
+                        }
+
+                        m.TransactionId = onChainPaymentData.Outpoint.Hash.ToString();
+                        m.ReceivedTime = payment.ReceivedTime;
+                        m.TransactionLink = string.Format(CultureInfo.InvariantCulture, paymentNetwork.BlockExplorerLink, m.TransactionId);
+                        m.Replaced = !payment.Accounted;
+                        return m;
                    }
                    else
                    {
-                        confirmationCount = paymentData.ConfirmationCount;
+                        var lightningPaymentData = (Payments.Lightning.LightningLikePaymentData)paymentData;
+                        return new InvoiceDetailsModel.OffChainPayment()
+                        {
+                            Crypto = paymentNetwork.CryptoCode,
+                            BOLT11 = lightningPaymentData.BOLT11
+                        };
                    }
-                    if (confirmationCount >= paymentNetwork.MaxTrackedConfirmation)
-                    {
-                        m.Confirmations = "At least " + (paymentNetwork.MaxTrackedConfirmation);
-                    }
-                    else
-                    {
-                        m.Confirmations = confirmationCount.ToString(CultureInfo.InvariantCulture);
-                    }
-
-                    m.TransactionId = paymentData.Outpoint.Hash.ToString();
-                    m.ReceivedTime = payment.ReceivedTime;
-                    m.TransactionLink = string.Format(CultureInfo.InvariantCulture, paymentNetwork.BlockExplorerLink, m.TransactionId);
-                    m.Replaced = !payment.Accounted;
-                    return m;
                })
                .ToArray();
-            await Task.WhenAll(payments);
+            await Task.WhenAll(onChainPayments);
            model.Addresses = invoice.HistoricalAddresses.Select(h => new InvoiceDetailsModel.AddressModel
            {
                Destination = h.GetAddress(),
                PaymentMethod = ToString(h.GetPaymentMethodId()),
                Current = !h.UnAssigned.HasValue
            }).ToArray();
-            model.Payments = payments.Select(p => p.GetAwaiter().GetResult()).ToList();
+            model.OnChainPayments = onChainPayments.Select(p => p.GetAwaiter().GetResult()).OfType<InvoiceDetailsModel.Payment>().ToList();
+            model.OffChainPayments = onChainPayments.Select(p => p.GetAwaiter().GetResult()).OfType<InvoiceDetailsModel.OffChainPayment>().ToList();
            model.StatusMessage = StatusMessage;
            return View(model);
        }
@ -157,7 +178,9 @@ namespace BTCPayServer.Controllers
        [Route("invoice")]
        [AcceptMediaTypeConstraint("application/bitcoin-paymentrequest", false)]
        [XFrameOptionsAttribute(null)]
-        public async Task<IActionResult> Checkout(string invoiceId, string id = null, string paymentMethodId = null)
+        [ReferrerPolicyAttribute("origin")]
+        public async Task<IActionResult> Checkout(string invoiceId, string id = null, string paymentMethodId = null,
+            [FromQuery]string view = null)
        {
            //Keep compatibility with Bitpay
            invoiceId = invoiceId ?? id;
@ -168,33 +191,59 @@ namespace BTCPayServer.Controllers
            if (model == null)
                return NotFound();

+            if (view == "modal")
+                model.IsModal = true;
+
+            _CSP.Add(new ConsentSecurityPolicy("script-src", "'unsafe-eval'")); // Needed by Vue
+            if (!string.IsNullOrEmpty(model.CustomCSSLink) &&
+                Uri.TryCreate(model.CustomCSSLink, UriKind.Absolute, out var uri))
+            {
+                _CSP.Clear();
+            }
+
+            if (!string.IsNullOrEmpty(model.CustomLogoLink) &&
+                Uri.TryCreate(model.CustomLogoLink, UriKind.Absolute, out uri))
+            {
+                _CSP.Clear();
+            }
+
            return View(nameof(Checkout), model);
        }

        private async Task<PaymentModel> GetInvoiceModel(string invoiceId, string paymentMethodIdStr)
        {
-            var invoice = await _InvoiceRepository.GetInvoice(null, invoiceId);
+            var invoice = await _InvoiceRepository.GetInvoice(invoiceId);
            if (invoice == null)
                return null;
            var store = await _StoreRepository.FindStore(invoice.StoreId);
            bool isDefaultCrypto = false;
            if (paymentMethodIdStr == null)
            {
-                paymentMethodIdStr = store.GetDefaultCrypto();
+                paymentMethodIdStr = store.GetDefaultCrypto(_NetworkProvider);
                isDefaultCrypto = true;
            }
-
            var paymentMethodId = PaymentMethodId.Parse(paymentMethodIdStr);
            var network = _NetworkProvider.GetNetwork(paymentMethodId.CryptoCode);
+            if (network == null && isDefaultCrypto)
+            {
+                network = _NetworkProvider.GetAll().FirstOrDefault();
+                paymentMethodId = new PaymentMethodId(network.CryptoCode, PaymentTypes.BTCLike);
+                paymentMethodIdStr = paymentMethodId.ToString();
+            }
            if (invoice == null || network == null)
                return null;
            if (!invoice.Support(paymentMethodId))
            {
                if (!isDefaultCrypto)
                    return null;
-                var paymentMethodTemp = invoice.GetPaymentMethods(_NetworkProvider).First();
+                var paymentMethodTemp = invoice.GetPaymentMethods(_NetworkProvider)
+                                               .Where(c => paymentMethodId.CryptoCode == c.GetId().CryptoCode)
+                                               .FirstOrDefault();
+                if (paymentMethodTemp == null)
+                    paymentMethodTemp = invoice.GetPaymentMethods(_NetworkProvider).First();
                network = paymentMethodTemp.Network;
                paymentMethodId = paymentMethodTemp.GetId();
+                paymentMethodIdStr = paymentMethodId.ToString();
            }

            var paymentMethod = invoice.GetPaymentMethod(paymentMethodId, _NetworkProvider);
@ -204,81 +253,108 @@ namespace BTCPayServer.Controllers
            var storeBlob = store.GetStoreBlob();
            var currency = invoice.ProductInformation.Currency;
            var accounting = paymentMethod.Calculate();
+
+            ChangellySettings changelly = (storeBlob.ChangellySettings != null && storeBlob.ChangellySettings.Enabled &&
+                                           storeBlob.ChangellySettings.IsConfigured())
+                ? storeBlob.ChangellySettings
+                : null;
+
+
+            var changellyAmountDue = changelly != null
+                ? (accounting.Due.ToDecimal(MoneyUnit.BTC) *
+                   (1m + (changelly.AmountMarkupPercentage / 100m)))
+                : (decimal?)null;
+
            var model = new PaymentModel()
            {
                CryptoCode = network.CryptoCode,
                PaymentMethodId = paymentMethodId.ToString(),
+                PaymentMethodName = GetDisplayName(paymentMethodId, network),
+                CryptoImage = GetImage(paymentMethodId, network),
+                IsLightning = paymentMethodId.PaymentType == PaymentTypes.LightningLike,
                ServerUrl = HttpContext.Request.GetAbsoluteRoot(),
                OrderId = invoice.OrderId,
                InvoiceId = invoice.Id,
-                DefaultLang = storeBlob.DefaultLang ?? "en-US",
+                DefaultLang = storeBlob.DefaultLang ?? "en",
+                HtmlTitle = storeBlob.HtmlTitle ?? "BTCPay Invoice",
+                CustomCSSLink = storeBlob.CustomCSS?.AbsoluteUri,
+                CustomLogoLink = storeBlob.CustomLogo?.AbsoluteUri,
                BtcAddress = paymentMethodDetails.GetPaymentDestination(),
-                OrderAmount = (accounting.TotalDue - accounting.NetworkFee).ToString(),
                BtcDue = accounting.Due.ToString(),
+                OrderAmount = (accounting.TotalDue - accounting.NetworkFee).ToString(),
+                OrderAmountFiat = OrderAmountFromInvoice(network.CryptoCode, invoice.ProductInformation),
                CustomerEmail = invoice.RefundMail,
+                RequiresRefundEmail = storeBlob.RequiresRefundEmail,
                ExpirationSeconds = Math.Max(0, (int)(invoice.ExpirationTime - DateTimeOffset.UtcNow).TotalSeconds),
                MaxTimeSeconds = (int)(invoice.ExpirationTime - invoice.InvoiceTime).TotalSeconds,
                MaxTimeMinutes = (int)(invoice.ExpirationTime - invoice.InvoiceTime).TotalMinutes,
                ItemDesc = invoice.ProductInformation.ItemDesc,
-                Rate = FormatCurrency(paymentMethod),
+                Rate = ExchangeRate(paymentMethod),
                MerchantRefLink = invoice.RedirectURL ?? "/",
                StoreName = store.StoreName,
                InvoiceBitcoinUrl = paymentMethodId.PaymentType == PaymentTypes.BTCLike ? cryptoInfo.PaymentUrls.BIP21 :
                                    paymentMethodId.PaymentType == PaymentTypes.LightningLike ? cryptoInfo.PaymentUrls.BOLT11 :
                                    throw new NotSupportedException(),
+                PeerInfo = (paymentMethodDetails as LightningLikePaymentMethodDetails)?.NodeInfo,
                InvoiceBitcoinUrlQR = paymentMethodId.PaymentType == PaymentTypes.BTCLike ? cryptoInfo.PaymentUrls.BIP21 :
                                    paymentMethodId.PaymentType == PaymentTypes.LightningLike ? cryptoInfo.PaymentUrls.BOLT11.ToUpperInvariant() :
                                    throw new NotSupportedException(),
                TxCount = accounting.TxRequired,
                BtcPaid = accounting.Paid.ToString(),
-                Status = invoice.Status,
-                CryptoImage = "/" + GetImage(paymentMethodId, network),
-                NetworkFeeDescription = $"{accounting.TxRequired} transaction{(accounting.TxRequired > 1 ? "s" : "")} x {paymentMethodDetails.GetTxFee()} {network.CryptoCode}",
-                AllowCoinConversion = storeBlob.AllowCoinConversion,
+#pragma warning disable CS0618 // Type or member is obsolete
+                Status = invoice.StatusString,
+#pragma warning restore CS0618 // Type or member is obsolete
+                NetworkFee = paymentMethodDetails.GetTxFee(),
+                IsMultiCurrency = invoice.GetPayments().Select(p => p.GetPaymentMethodId()).Concat(new[] { paymentMethod.GetId() }).Distinct().Count() > 1,
+                ChangellyEnabled = changelly != null,
+                ChangellyMerchantId = changelly?.ChangellyMerchantId,
+                ChangellyAmountDue = changellyAmountDue,
+                StoreId = store.Id,
                AvailableCryptos = invoice.GetPaymentMethods(_NetworkProvider)
                                          .Where(i => i.Network != null)
                                          .Select(kv => new PaymentModel.AvailableCrypto()
                                          {
                                              PaymentMethodId = kv.GetId().ToString(),
-                                              CryptoImage = "/" + GetImage(kv.GetId(), kv.Network),
+                                              CryptoCode = kv.GetId().CryptoCode,
+                                              PaymentMethodName = GetDisplayName(kv.GetId(), kv.Network),
+                                              IsLightning = kv.GetId().PaymentType == PaymentTypes.LightningLike,
+                                              CryptoImage = GetImage(kv.GetId(), kv.Network),
                                              Link = Url.Action(nameof(Checkout), new { invoiceId = invoiceId, paymentMethodId = kv.GetId().ToString() })
                                          }).Where(c => c.CryptoImage != "/")
-                .ToList()
+                                          .OrderByDescending(a => a.CryptoCode == "BTC").ThenBy(a => a.PaymentMethodName).ThenBy(a => a.IsLightning ? 1 : 0)
+                                          .ToList()
            };

-            var isMultiCurrency = invoice.GetPayments().Select(p => p.GetPaymentMethodId()).Concat(new[] { paymentMethod.GetId() }).Distinct().Count() > 1;
-            if (isMultiCurrency)
-                model.NetworkFeeDescription = $"{accounting.NetworkFee} {network.CryptoCode}";
-
            var expiration = TimeSpan.FromSeconds(model.ExpirationSeconds);
-            model.TimeLeft = PrettyPrint(expiration);
+            model.TimeLeft = expiration.PrettyPrint();
            return model;
        }

+        private string GetDisplayName(PaymentMethodId paymentMethodId, BTCPayNetwork network)
+        {
+            return paymentMethodId.PaymentType == PaymentTypes.BTCLike ?
+                network.DisplayName : network.DisplayName + " (Lightning)";
+        }
+
        private string GetImage(PaymentMethodId paymentMethodId, BTCPayNetwork network)
        {
-            return (paymentMethodId.PaymentType == PaymentTypes.BTCLike ? Url.Content(network.CryptoImagePath) : Url.Content(network.LightningImagePath));
+            var res = paymentMethodId.PaymentType == PaymentTypes.BTCLike ?
+                Url.Content(network.CryptoImagePath) : Url.Content(network.LightningImagePath);
+            return "/" + res;
        }

-        private string FormatCurrency(PaymentMethod paymentMethod)
+        private string OrderAmountFromInvoice(string cryptoCode, ProductInformation productInformation)
+        {
+            // if invoice source currency is the same as currently display currency, no need for "order amount from invoice"
+            if (cryptoCode == productInformation.Currency)
+                return null;
+
+            return _CurrencyNameTable.DisplayFormatCurrency(productInformation.Price, productInformation.Currency);
+        }
+        private string ExchangeRate(PaymentMethod paymentMethod)
        {
            string currency = paymentMethod.ParentEntity.ProductInformation.Currency;
-            return FormatCurrency(paymentMethod.Rate, currency);
-        }
-        public string FormatCurrency(decimal price, string currency)
-        {
-            return price.ToString("C", _CurrencyNameTable.GetCurrencyProvider(currency)) + $" ({currency})";
-        }
-
-        private string PrettyPrint(TimeSpan expiration)
-        {
-            StringBuilder builder = new StringBuilder();
-            if (expiration.Days >= 1)
-                builder.Append(expiration.Days.ToString(CultureInfo.InvariantCulture));
-            if (expiration.Hours >= 1)
-                builder.Append(expiration.Hours.ToString("00", CultureInfo.InvariantCulture));
-            builder.Append($"{expiration.Minutes.ToString("00", CultureInfo.InvariantCulture)}:{expiration.Seconds.ToString("00", CultureInfo.InvariantCulture)}");
-            return builder.ToString();
+            return _CurrencyNameTable.DisplayFormatCurrency(paymentMethod.Rate, currency);
        }

        [HttpGet]
@ -298,8 +374,8 @@ namespace BTCPayServer.Controllers
        {
            if (!HttpContext.WebSockets.IsWebSocketRequest)
                return NotFound();
-            var invoice = await _InvoiceRepository.GetInvoice(null, invoiceId);
-            if (invoice == null || invoice.Status == "complete" || invoice.Status == "invalid" || invoice.Status == "expired")
+            var invoice = await _InvoiceRepository.GetInvoice(invoiceId);
+            if (invoice == null || invoice.Status == InvoiceStatus.Complete || invoice.Status ==  InvoiceStatus.Invalid || invoice.Status == InvoiceStatus.Expired)
                return NotFound();
            var webSocket = await HttpContext.WebSockets.AcceptWebSocketAsync();
            CompositeDisposable leases = new CompositeDisposable();
@ -307,7 +383,7 @@ namespace BTCPayServer.Controllers
            {
                leases.Add(_EventAggregator.Subscribe<Events.InvoiceDataChangedEvent>(async o => await NotifySocket(webSocket, o.InvoiceId, invoiceId)));
                leases.Add(_EventAggregator.Subscribe<Events.InvoiceNewAddressEvent>(async o => await NotifySocket(webSocket, o.InvoiceId, invoiceId)));
-                leases.Add(_EventAggregator.Subscribe<Events.InvoiceEvent>(async o => await NotifySocket(webSocket, o.InvoiceId, invoiceId)));
+                leases.Add(_EventAggregator.Subscribe<Events.InvoiceEvent>(async o => await NotifySocket(webSocket, o.Invoice.Id, invoiceId)));
                while (true)
                {
                    var message = await webSocket.ReceiveAsync(DummyBuffer, default(CancellationToken));
@ -351,70 +427,87 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [Route("invoices")]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
-        public async Task<IActionResult> ListInvoices(string searchTerm = null, int skip = 0, int count = 20)
+        public async Task<IActionResult> ListInvoices(string searchTerm = null, int skip = 0, int count = 50)
+        {
+            var model = new InvoicesModel
+            {
+                SearchTerm = searchTerm,
+                Skip = skip,
+                Count = count,
+                StatusMessage = StatusMessage
+            };
+
+            var list = await ListInvoicesProcess(searchTerm, skip, count);
+            foreach (var invoice in list)
+            {
+                var state = invoice.GetInvoiceState();
+                model.Invoices.Add(new InvoiceModel()
+                {
+                    Status = state.ToString(),
+                    ShowCheckout = invoice.Status == InvoiceStatus.New,
+                    Date = invoice.InvoiceTime,
+                    InvoiceId = invoice.Id,
+                    OrderId = invoice.OrderId ?? string.Empty,
+                    RedirectUrl = invoice.RedirectURL ?? string.Empty,
+                    AmountCurrency = $"{invoice.ProductInformation.Price.ToString(CultureInfo.InvariantCulture)} {invoice.ProductInformation.Currency}",
+                    CanMarkInvalid = state.CanMarkInvalid(),
+                    CanMarkComplete = state.CanMarkComplete()
+                });
+            }
+            return View(model);
+        }
+
+        private async Task<InvoiceEntity[]> ListInvoicesProcess(string searchTerm = null, int skip = 0, int count = 50)
        {
-            var model = new InvoicesModel();
            var filterString = new SearchString(searchTerm);
-            foreach (var invoice in await _InvoiceRepository.GetInvoices(new InvoiceQuery()
+            var list = await _InvoiceRepository.GetInvoices(new InvoiceQuery()
            {
                TextSearch = filterString.TextSearch,
                Count = count,
                Skip = skip,
                UserId = GetUserId(),
-                Status = filterString.Filters.TryGet("status"),
-                StoreId = filterString.Filters.TryGet("storeid")
-            }))
-            {
-                model.SearchTerm = searchTerm;
-                model.Invoices.Add(new InvoiceModel()
-                {
-                    Status = invoice.Status,
-                    Date = Prettify(invoice.InvoiceTime),
-                    InvoiceId = invoice.Id,
-                    OrderId = invoice.OrderId ?? string.Empty,
-                    RedirectUrl = invoice.RedirectURL ?? string.Empty,
-                    AmountCurrency = $"{invoice.ProductInformation.Price.ToString(CultureInfo.InvariantCulture)} {invoice.ProductInformation.Currency}"
-                });
-            }
-            model.Skip = skip;
-            model.Count = count;
-            model.StatusMessage = StatusMessage;
-            return View(model);
-        }
+                Unusual = !filterString.Filters.ContainsKey("unusual") ? null
+                          : !bool.TryParse(filterString.Filters["unusual"].First(), out var r) ? (bool?)null
+                          : r,
+                Status = filterString.Filters.ContainsKey("status") ? filterString.Filters["status"].ToArray() : null,
+                ExceptionStatus = filterString.Filters.ContainsKey("exceptionstatus") ? filterString.Filters["exceptionstatus"].ToArray() : null,
+                StoreId = filterString.Filters.ContainsKey("storeid") ? filterString.Filters["storeid"].ToArray() : null
+            });

-        private string Prettify(DateTimeOffset invoiceTime)
-        {
-            var ago = DateTime.UtcNow - invoiceTime;
-
-            if (ago.TotalMinutes < 1)
-            {
-                return $"{(int)ago.TotalSeconds} second{Plural((int)ago.TotalSeconds)} ago";
-            }
-            if (ago.TotalHours < 1)
-            {
-                return $"{(int)ago.TotalMinutes} minute{Plural((int)ago.TotalMinutes)} ago";
-            }
-            if (ago.Days < 1)
-            {
-                return $"{(int)ago.TotalHours} hour{Plural((int)ago.TotalHours)} ago";
-            }
-            return $"{(int)ago.TotalDays} day{Plural((int)ago.TotalDays)} ago";
-        }
-
-        private string Plural(int totalDays)
-        {
-            return totalDays > 1 ? "s" : string.Empty;
+            return list;
        }

+        [HttpGet]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
+        [BitpayAPIConstraint(false)]
+        public async Task<IActionResult> Export(string format, string searchTerm = null)
+        {
+            var model = new InvoiceExport(_NetworkProvider);
+
+            var invoices = await ListInvoicesProcess(searchTerm, 0, int.MaxValue);
+            var res = model.Process(invoices, format);
+
+            var cd = new ContentDisposition
+            {
+                FileName = $"btcpay-export-{DateTime.UtcNow.ToString("yyyyMMdd-HHmmss", CultureInfo.InvariantCulture)}.{format}",
+                Inline = true
+            };
+            Response.Headers.Add("Content-Disposition", cd.ToString());
+            Response.Headers.Add("X-Content-Type-Options", "nosniff");
+            return Content(res, "application/" + format);
+        }
+
+
+
        [HttpGet]
        [Route("invoices/create")]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
        public async Task<IActionResult> CreateInvoice()
        {
-            var stores = await GetStores(GetUserId());
+            var stores = new SelectList(await _StoreRepository.GetStoresByUserId(GetUserId()), nameof(StoreData.Id), nameof(StoreData.StoreName), null);
            if (stores.Count() == 0)
            {
                StatusMessage = "Error: You need to create at least one store before creating a transaction";
@ -425,27 +518,35 @@ namespace BTCPayServer.Controllers

        [HttpPost]
        [Route("invoices/create")]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
        public async Task<IActionResult> CreateInvoice(CreateInvoiceModel model)
        {
-            model.Stores = await GetStores(GetUserId(), model.StoreId);
+            var stores = await _StoreRepository.GetStoresByUserId(GetUserId());
+            model.Stores = new SelectList(stores, nameof(StoreData.Id), nameof(StoreData.StoreName), model.StoreId);
+            var store = stores.FirstOrDefault(s => s.Id == model.StoreId);
+            if (store == null)
+            {
+                ModelState.AddModelError(nameof(model.StoreId), "Store not found");
+            }
            if (!ModelState.IsValid)
            {
                return View(model);
            }
-            var store = await _StoreRepository.FindStore(model.StoreId, GetUserId());
            StatusMessage = null;
-            if (store.Role != StoreRoles.Owner)
+            if (!store.HasClaim(Policies.CanCreateInvoice.Key))
            {
-                StatusMessage = "Error: You need to be owner of this store to create an invoice";
-            }
-            if (store.GetSupportedPaymentMethods(_NetworkProvider).Count() == 0)
-            {
-                StatusMessage = "Error: You need to configure the derivation scheme in order to create an invoice";
+                ModelState.AddModelError(nameof(model.StoreId), "You need to be owner of this store to create an invoice");
+                return View(model);
            }

-            if(StatusMessage != null)
+            if (store.GetSupportedPaymentMethods(_NetworkProvider).Count() == 0)
+            {
+                ModelState.AddModelError(nameof(model.StoreId), "You need to configure the derivation scheme in order to create an invoice");
+                return View(model);
+            }
+
+            if (StatusMessage != null)
            {
                return RedirectToAction(nameof(StoresController.UpdateStore), "Stores", new
                {
@ -462,6 +563,7 @@ namespace BTCPayServer.Controllers
                    PosData = model.PosData,
                    OrderId = model.OrderId,
                    //RedirectURL = redirect + "redirect",
+                    NotificationEmail = model.NotificationEmail,
                    NotificationURL = model.NotificationUrl,
                    ItemDesc = model.ItemDesc,
                    FullNotifications = true,
@ -471,20 +573,15 @@ namespace BTCPayServer.Controllers
                StatusMessage = $"Invoice {result.Data.Id} just created!";
                return RedirectToAction(nameof(ListInvoices));
            }
-            catch (RateUnavailableException)
+            catch (BitpayHttpException ex)
            {
-                ModelState.TryAddModelError(nameof(model.Currency), "Unsupported currency");
+                ModelState.TryAddModelError(nameof(model.Currency), $"Error: {ex.Message}");
                return View(model);
            }
        }

-        private async Task<SelectList> GetStores(string userId, string storeId = null)
-        {
-            return new SelectList(await _StoreRepository.GetStoresByUserId(userId), nameof(StoreData.Id), nameof(StoreData.StoreName), storeId);
-        }
-
        [HttpPost]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
        public IActionResult SearchInvoice(InvoicesModel invoices)
        {
@ -496,14 +593,60 @@ namespace BTCPayServer.Controllers
            });
        }

-        [HttpPost]
-        [Route("invoices/invalidatepaid")]
-        [Authorize(AuthenticationSchemes = "Identity.Application")]
+        [HttpGet]
+        [Route("invoices/{invoiceId}/changestate/{newState}")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
        [BitpayAPIConstraint(false)]
-        public async Task<IActionResult> InvalidatePaidInvoice(string invoiceId)
+        public IActionResult ChangeInvoiceState(string invoiceId, string newState)
        {
-            await _InvoiceRepository.UpdatePaidInvoiceToInvalid(invoiceId);
-            _EventAggregator.Publish(new InvoiceEvent(invoiceId, 1008, "invoice_markedInvalid"));
+            if (newState == "invalid")
+            {
+                return View("Confirm", new ConfirmModel()
+                {
+                    Action = "Make invoice invalid",
+                    Title = "Change invoice state",
+                    Description = $"You will transition the state of this invoice to \"invalid\", do you want to continue?",
+                });
+            }
+            else if (newState == "complete")
+            {
+                return View("Confirm", new ConfirmModel()
+                {
+                    Action = "Make invoice complete",
+                    Title = "Change invoice state",
+                    Description = $"You will transition the state of this invoice to \"complete\", do you want to continue?",
+                    ButtonClass = "btn-primary"
+                });
+            }
+            else
+                return NotFound();
+        }
+
+        [HttpPost]
+        [Route("invoices/{invoiceId}/changestate/{newState}")]
+        [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
+        [BitpayAPIConstraint(false)]
+        public async Task<IActionResult> ChangeInvoiceStateConfirm(string invoiceId, string newState)
+        {
+            var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery()
+            {
+                InvoiceId = invoiceId,
+                UserId = GetUserId()
+            })).FirstOrDefault();
+            if (invoice == null)
+                return NotFound();
+            if (newState == "invalid")
+            {
+                await _InvoiceRepository.UpdatePaidInvoiceToInvalid(invoiceId);
+                _EventAggregator.Publish(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 1008, "invoice_markedInvalid"));
+                StatusMessage = "Invoice marked invalid";
+            }
+            else if(newState == "complete")
+            {
+                await _InvoiceRepository.UpdatePaidInvoiceToComplete(invoiceId);
+                _EventAggregator.Publish(new InvoiceEvent(invoice.EntityToDTO(_NetworkProvider), 2008, "invoice_markedComplete"));
+                StatusMessage = "Invoice marked complete";
+            }
            return RedirectToAction(nameof(ListInvoices));
        }

@ -518,5 +661,43 @@ namespace BTCPayServer.Controllers
        {
            return _UserManager.GetUserId(User);
        }
+
+        public class PosDataParser
+        {
+            public static Dictionary<string, string> ParsePosData(string posData)
+            {
+                var result = new Dictionary<string,string>();
+                if (string.IsNullOrEmpty(posData))
+                {
+                    return result;
+                }
+            
+                try
+                {
+                
+                    var jObject =JObject.Parse(posData);
+                    foreach (var item in jObject)
+                    {
+                    
+                        switch (item.Value.Type)
+                        {
+                            case JTokenType.Array:
+                                result.Add(item.Key, string.Join(',', item.Value.AsEnumerable()));
+                                break;
+                            default:
+                                result.Add(item.Key, item.Value.ToString());
+                                break;
+                        }
+                    
+                    }
+                }
+                catch
+                {
+                    result.Add(string.Empty, posData);
+                }
+                return result;
+            }
+        }
+        
    }
 }
--- a/BTCPayServer/Controllers/InvoiceController.cs
+++ b/BTCPayServer/Controllers/InvoiceController.cs
@ -1,52 +1,33 @@
-using BTCPayServer.Authentication;
-using System.Reflection;
-using System.Linq;
-using Microsoft.Extensions.Logging;
-using BTCPayServer.Logging;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc;
-using NBitpayClient;
-using System;
+using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
-using BTCPayServer.Models;
-using Newtonsoft.Json;
-using System.Globalization;
-using NBitcoin;
-using NBitcoin.DataEncoders;
-using BTCPayServer.Filters;
-using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
-using System.Net;
-using Microsoft.AspNetCore.Identity;
-using Newtonsoft.Json.Linq;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
-using NBitcoin.Payment;
 using BTCPayServer.Data;
-using BTCPayServer.Models.InvoicingModels;
-using System.Security.Claims;
-using BTCPayServer.Services;
-using System.ComponentModel.DataAnnotations;
-using System.Text.RegularExpressions;
-using BTCPayServer.Services.Stores;
+using BTCPayServer.Logging;
+using BTCPayServer.Models;
+using BTCPayServer.Payments;
+using BTCPayServer.Rating;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Invoices;
 using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
 using BTCPayServer.Services.Wallets;
-using BTCPayServer.Validations;
-
-using Microsoft.EntityFrameworkCore;
-using Microsoft.AspNetCore.Mvc.Routing;
-using NBXplorer.DerivationStrategy;
-using NBXplorer;
-using BTCPayServer.HostedServices;
-using BTCPayServer.Payments;
+using BTCPayServer.Validation;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using NBitcoin;
+using NBitpayClient;
+using Newtonsoft.Json;

 namespace BTCPayServer.Controllers
 {
    public partial class InvoiceController : Controller
    {
        InvoiceRepository _InvoiceRepository;
-        IRateProviderFactory _RateProviders;
+        ContentSecurityPolicies _CSP;
+        RateFetcher _RateProvider;
        StoreRepository _StoreRepository;
        UserManager<ApplicationUser> _UserManager;
        private CurrencyNameTable _CurrencyNameTable;
@ -59,48 +40,32 @@ namespace BTCPayServer.Controllers
            InvoiceRepository invoiceRepository,
            CurrencyNameTable currencyNameTable,
            UserManager<ApplicationUser> userManager,
-            IRateProviderFactory rateProviders,
+            RateFetcher rateProvider,
            StoreRepository storeRepository,
            EventAggregator eventAggregator,
            BTCPayWalletProvider walletProvider,
+            ContentSecurityPolicies csp,
            BTCPayNetworkProvider networkProvider)
        {
            _ServiceProvider = serviceProvider;
            _CurrencyNameTable = currencyNameTable ?? throw new ArgumentNullException(nameof(currencyNameTable));
            _StoreRepository = storeRepository ?? throw new ArgumentNullException(nameof(storeRepository));
            _InvoiceRepository = invoiceRepository ?? throw new ArgumentNullException(nameof(invoiceRepository));
-            _RateProviders = rateProviders ?? throw new ArgumentNullException(nameof(rateProviders));
+            _RateProvider = rateProvider ?? throw new ArgumentNullException(nameof(rateProvider));
            _UserManager = userManager;
            _EventAggregator = eventAggregator;
            _NetworkProvider = networkProvider;
            _WalletProvider = walletProvider;
+            _CSP = csp;
        }


        internal async Task<DataWrapper<InvoiceResponse>> CreateInvoiceCore(Invoice invoice, StoreData store, string serverUrl)
        {
-            var supportedPaymentMethods = store.GetSupportedPaymentMethods(_NetworkProvider)
-                                               .Select(c =>
-                                                (Handler: (IPaymentMethodHandler)_ServiceProvider.GetService(typeof(IPaymentMethodHandler<>).MakeGenericType(c.GetType())),
-                                                SupportedPaymentMethod: c,
-                                                Network: _NetworkProvider.GetNetwork(c.PaymentId.CryptoCode),
-                                                IsAvailable: Task.FromResult(false)))
-                                                .Where(c => c.Network != null)
-                                                .Select(c => 
-                                                {
-                                                    c.IsAvailable = c.Handler.IsAvailable(c.SupportedPaymentMethod, c.Network);
-                                                    return c;
-                                                })
-                                                .ToList();
-            foreach(var supportedPaymentMethod in supportedPaymentMethods.ToList())
-            {
-                if(!await supportedPaymentMethod.IsAvailable)
-                {
-                    supportedPaymentMethods.Remove(supportedPaymentMethod);
-                }
-            }
-            if (supportedPaymentMethods.Count == 0)
-                throw new BitpayHttpException(400, "No derivation strategy are available now for this store");
+            if (!store.HasClaim(Policies.CanCreateInvoice.Key))
+                throw new UnauthorizedAccessException();
+            InvoiceLogs logs = new InvoiceLogs();
+            logs.Write("Creation of invoice starting");
            var entity = new InvoiceEntity
            {
                InvoiceTime = DateTimeOffset.UtcNow
@ -118,7 +83,9 @@ namespace BTCPayServer.Controllers
            entity.FullNotifications = invoice.FullNotifications || invoice.ExtendedNotifications;
            entity.ExtendedNotifications = invoice.ExtendedNotifications;
            entity.NotificationURL = notificationUri?.AbsoluteUri;
+            entity.NotificationEmail = invoice.NotificationEmail;
            entity.BuyerInformation = Map<Invoice, BuyerInformation>(invoice);
+            entity.PaymentTolerance = storeBlob.PaymentTolerance;
            //Another way of passing buyer info to support
            FillBuyerInfo(invoice.Buyer, entity.BuyerInformation);
            if (entity?.BuyerInformation?.BuyerEmail != null)
@ -129,69 +96,168 @@ namespace BTCPayServer.Controllers
            }
            entity.ProductInformation = Map<Invoice, ProductInformation>(invoice);
            entity.RedirectURL = invoice.RedirectURL ?? store.StoreWebsite;
-            entity.Status = "new";
+            if (!Uri.IsWellFormedUriString(entity.RedirectURL, UriKind.Absolute))
+                entity.RedirectURL = null;
+
+            entity.Status = InvoiceStatus.New;
            entity.SpeedPolicy = ParseSpeedPolicy(invoice.TransactionSpeed, store.SpeedPolicy);

-            var methods = supportedPaymentMethods
-                        .Select(async o =>
-                        {
-                            var rate = await storeBlob.ApplyRateRules(o.Network, _RateProviders.GetRateProvider(o.Network, false)).GetRateAsync(invoice.Currency);
-                            PaymentMethod paymentMethod = new PaymentMethod();
-                            paymentMethod.ParentEntity = entity;
-                            paymentMethod.SetId(o.SupportedPaymentMethod.PaymentId);
-                            paymentMethod.Rate = rate;
-                            var paymentDetails = await o.Handler.CreatePaymentMethodDetails(o.SupportedPaymentMethod, paymentMethod, o.Network);
-                            if (storeBlob.NetworkFeeDisabled)
-                                paymentDetails.SetNoTxFee();
-                            paymentMethod.SetPaymentMethodDetails(paymentDetails);
-#pragma warning disable CS0618
-                            if (paymentMethod.GetId().IsBTCOnChain)
-                            {
-                                entity.TxFee = paymentMethod.TxFee;
-                                entity.Rate = paymentMethod.Rate;
-                                entity.DepositAddress = paymentMethod.DepositAddress;
-                            }
-#pragma warning restore CS0618
-                            return paymentMethod;
-                        });
-            entity.SetSupportedPaymentMethods(supportedPaymentMethods.Select(s => s.SupportedPaymentMethod));
-            var paymentMethods = new PaymentMethodDictionary();
-            foreach (var method in methods)
+            HashSet<CurrencyPair> currencyPairsToFetch = new HashSet<CurrencyPair>();
+            var rules = storeBlob.GetRateRules(_NetworkProvider);
+            var excludeFilter = storeBlob.GetExcludedPaymentMethods(); // Here we can compose filters from other origin with PaymentFilter.Any()
+            foreach (var network in store.GetSupportedPaymentMethods(_NetworkProvider)
+                                                .Where(s => !excludeFilter.Match(s.PaymentId))
+                                                .Select(c => _NetworkProvider.GetNetwork(c.PaymentId.CryptoCode))
+                                                .Where(c => c != null))
            {
-                paymentMethods.Add(await method);
-            }
-#pragma warning disable CS0618
-            // Legacy Bitpay clients expect information for BTC information, even if the store do not support it
-            var legacyBTCisSet = paymentMethods.Any(p => p.GetId().IsBTCOnChain);
-            if (!legacyBTCisSet && _NetworkProvider.BTC != null)
-            {
-                var btc = _NetworkProvider.BTC;
-                var feeProvider = ((IFeeProviderFactory)_ServiceProvider.GetService(typeof(IFeeProviderFactory))).CreateFeeProvider(btc);
-                var rateProvider = storeBlob.ApplyRateRules(btc, _RateProviders.GetRateProvider(btc, false));
-                if (feeProvider != null && rateProvider != null)
-                {
-                    var gettingFee = feeProvider.GetFeeRateAsync();
-                    var gettingRate = rateProvider.GetRateAsync(invoice.Currency);
-                    entity.TxFee = GetTxFee(storeBlob, await gettingFee);
-                    entity.Rate = await gettingRate;
-                }
-#pragma warning restore CS0618
+                currencyPairsToFetch.Add(new CurrencyPair(network.CryptoCode, invoice.Currency));
+                if (storeBlob.LightningMaxValue != null)
+                    currencyPairsToFetch.Add(new CurrencyPair(network.CryptoCode, storeBlob.LightningMaxValue.Currency));
+                if (storeBlob.OnChainMinValue != null)
+                    currencyPairsToFetch.Add(new CurrencyPair(network.CryptoCode, storeBlob.OnChainMinValue.Currency));
            }

+            var rateRules = storeBlob.GetRateRules(_NetworkProvider);
+            var fetchingByCurrencyPair = _RateProvider.FetchRates(currencyPairsToFetch, rateRules);
+
+            var fetchingAll = WhenAllFetched(logs, fetchingByCurrencyPair);
+            var supportedPaymentMethods = store.GetSupportedPaymentMethods(_NetworkProvider)
+                                               .Where(s => !excludeFilter.Match(s.PaymentId))
+                                               .Select(c =>
+                                                (Handler: (IPaymentMethodHandler)_ServiceProvider.GetService(typeof(IPaymentMethodHandler<>).MakeGenericType(c.GetType())),
+                                                SupportedPaymentMethod: c,
+                                                Network: _NetworkProvider.GetNetwork(c.PaymentId.CryptoCode)))
+                                                .Where(c => c.Network != null)
+                                                .Select(o =>
+                                                    (SupportedPaymentMethod: o.SupportedPaymentMethod,
+                                                    PaymentMethod: CreatePaymentMethodAsync(fetchingByCurrencyPair, o.Handler, o.SupportedPaymentMethod, o.Network, entity, store, logs)))
+                                                .ToList();
+            List<ISupportedPaymentMethod> supported = new List<ISupportedPaymentMethod>();
+            var paymentMethods = new PaymentMethodDictionary();
+            foreach (var o in supportedPaymentMethods)
+            {
+                var paymentMethod = await o.PaymentMethod;
+                if (paymentMethod == null)
+                    continue;
+                supported.Add(o.SupportedPaymentMethod);
+                paymentMethods.Add(paymentMethod);
+            }
+
+            if (supported.Count == 0)
+            {
+                StringBuilder errors = new StringBuilder();
+                errors.AppendLine("No payment method available for this store");
+                foreach (var error in logs.ToList())
+                {
+                    errors.AppendLine(error.ToString());
+                }
+                throw new BitpayHttpException(400, errors.ToString());
+            }
+
+            entity.SetSupportedPaymentMethods(supported);
            entity.SetPaymentMethods(paymentMethods);
            entity.PosData = invoice.PosData;
-            entity = await _InvoiceRepository.CreateInvoiceAsync(store.Id, entity, _NetworkProvider);
-            _EventAggregator.Publish(new Events.InvoiceEvent(entity, 1001, "invoice_created"));
+            entity = await _InvoiceRepository.CreateInvoiceAsync(store.Id, entity, logs, _NetworkProvider);
+            await fetchingAll;
+            _EventAggregator.Publish(new Events.InvoiceEvent(entity.EntityToDTO(_NetworkProvider), 1001, "invoice_created"));
            var resp = entity.EntityToDTO(_NetworkProvider);
            return new DataWrapper<InvoiceResponse>(resp) { Facade = "pos/invoice" };
        }

-#pragma warning disable CS0618
-        private static Money GetTxFee(StoreBlob storeBlob, FeeRate feeRate)
+        private Task WhenAllFetched(InvoiceLogs logs, Dictionary<CurrencyPair, Task<RateResult>> fetchingByCurrencyPair)
        {
-            return storeBlob.NetworkFeeDisabled ? Money.Zero : feeRate.GetFee(100);
+            return Task.WhenAll(fetchingByCurrencyPair.Select(async pair =>
+            {
+                var rateResult = await pair.Value;
+                logs.Write($"{pair.Key}: The rating rule is {rateResult.Rule}");
+                logs.Write($"{pair.Key}: The evaluated rating rule is {rateResult.EvaluatedRule}");
+                if (rateResult.Errors.Count != 0)
+                {
+                    var allRateRuleErrors = string.Join(", ", rateResult.Errors.ToArray());
+                    logs.Write($"{pair.Key}: Rate rule error ({allRateRuleErrors})");
+                }
+                foreach (var ex in rateResult.ExchangeExceptions)
+                {
+                    logs.Write($"{pair.Key}: Exception reaching exchange {ex.ExchangeName} ({ex.Exception.Message})");
+                }
+            }).ToArray());
        }
+
+        private async Task<PaymentMethod> CreatePaymentMethodAsync(Dictionary<CurrencyPair, Task<RateResult>> fetchingByCurrencyPair, IPaymentMethodHandler handler, ISupportedPaymentMethod supportedPaymentMethod, BTCPayNetwork network, InvoiceEntity entity, StoreData store, InvoiceLogs logs)
+        {
+            try
+            {
+                var storeBlob = store.GetStoreBlob();
+                var preparePayment = handler.PreparePayment(supportedPaymentMethod, store, network);
+                var rate = await fetchingByCurrencyPair[new CurrencyPair(network.CryptoCode, entity.ProductInformation.Currency)];
+                if (rate.BidAsk == null)
+                {
+                    return null;
+                }
+                PaymentMethod paymentMethod = new PaymentMethod();
+                paymentMethod.ParentEntity = entity;
+                paymentMethod.Network = network;
+                paymentMethod.SetId(supportedPaymentMethod.PaymentId);
+                paymentMethod.Rate = rate.BidAsk.Bid;
+                var paymentDetails = await handler.CreatePaymentMethodDetails(supportedPaymentMethod, paymentMethod, store, network, preparePayment);
+                if (storeBlob.NetworkFeeDisabled)
+                    paymentDetails.SetNoTxFee();
+                paymentMethod.SetPaymentMethodDetails(paymentDetails);
+
+                Func<Money, Money, bool> compare = null;
+                CurrencyValue limitValue = null;
+                string errorMessage = null;
+                if (supportedPaymentMethod.PaymentId.PaymentType == PaymentTypes.LightningLike &&
+                   storeBlob.LightningMaxValue != null)
+                {
+                    compare = (a, b) => a > b;
+                    limitValue = storeBlob.LightningMaxValue;
+                    errorMessage = "The amount of the invoice is too high to be paid with lightning";
+                }
+                else if (supportedPaymentMethod.PaymentId.PaymentType == PaymentTypes.BTCLike &&
+                   storeBlob.OnChainMinValue != null)
+                {
+                    compare = (a, b) => a < b;
+                    limitValue = storeBlob.OnChainMinValue;
+                    errorMessage = "The amount of the invoice is too low to be paid on chain";
+                }
+
+                if (compare != null)
+                {
+                    var limitValueRate = await fetchingByCurrencyPair[new CurrencyPair(network.CryptoCode, limitValue.Currency)];
+                    if (limitValueRate.BidAsk != null)
+                    {
+                        var limitValueCrypto = Money.Coins(limitValue.Value / limitValueRate.BidAsk.Bid);
+                        if (compare(paymentMethod.Calculate().Due, limitValueCrypto))
+                        {
+                            logs.Write($"{supportedPaymentMethod.PaymentId.CryptoCode}: {errorMessage}");
+                            return null;
+                        }
+                    }
+                }
+                ///////////////
+
+
+#pragma warning disable CS0618
+                if (paymentMethod.GetId().IsBTCOnChain)
+                {
+                    entity.TxFee = paymentMethod.TxFee;
+                    entity.Rate = paymentMethod.Rate;
+                    entity.DepositAddress = paymentMethod.DepositAddress;
+                }
 #pragma warning restore CS0618
+                return paymentMethod;
+            }
+            catch (PaymentMethodUnavailableException ex)
+            {
+                logs.Write($"{supportedPaymentMethod.PaymentId.CryptoCode}: Payment method unavailable ({ex.Message})");
+            }
+            catch (Exception ex)
+            {
+                logs.Write($"{supportedPaymentMethod.PaymentId.CryptoCode}: Unexpected exception ({ex.ToString()})");
+            }
+            return null;
+        }

        private SpeedPolicy ParseSpeedPolicy(string transactionSpeed, SpeedPolicy defaultPolicy)
        {
@ -199,6 +265,7 @@ namespace BTCPayServer.Controllers
                return defaultPolicy;
            var mappings = new Dictionary<string, SpeedPolicy>();
            mappings.Add("low", SpeedPolicy.LowSpeed);
+            mappings.Add("low-medium", SpeedPolicy.LowMediumSpeed);
            mappings.Add("medium", SpeedPolicy.MediumSpeed);
            mappings.Add("high", SpeedPolicy.HighSpeed);
            if (!mappings.TryGetValue(transactionSpeed, out SpeedPolicy policy))
@ -221,11 +288,6 @@ namespace BTCPayServer.Controllers
            buyerInformation.BuyerZip = buyerInformation.BuyerZip ?? buyer.zip;
        }

-        private DerivationStrategyBase ParseDerivationStrategy(string derivationStrategy, BTCPayNetwork network)
-        {
-            return new DerivationStrategyFactory(network.NBitcoinNetwork).Parse(derivationStrategy);
-        }
-
        private TDest Map<TFrom, TDest>(TFrom data)
        {
            return JsonConvert.DeserializeObject<TDest>(JsonConvert.SerializeObject(data));
--- a/BTCPayServer/Controllers/Macaroons.cs
+++ b/BTCPayServer/Controllers/Macaroons.cs
@ -0,0 +1,57 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer.Controllers
+{
+    public class Macaroons
+    {
+        public class Macaroon
+        {
+            public Macaroon(byte[] bytes)
+            {
+                Bytes = bytes;
+                Hex = NBitcoin.DataEncoders.Encoders.Hex.EncodeData(bytes);
+            }
+
+            public string Hex { get; set; }
+            public byte[] Bytes { get; set; }
+        }
+        public static async Task<Macaroons> GetFromDirectoryAsync(string directoryPath)
+        {
+            if (directoryPath == null)
+                throw new ArgumentNullException(nameof(directoryPath));
+            Macaroons macaroons = new Macaroons();
+            if (!Directory.Exists(directoryPath))
+                return macaroons;
+            foreach(var file in Directory.GetFiles(directoryPath, "*.macaroon"))
+            {
+                try
+                {
+                    switch (Path.GetFileName(file))
+                    {
+                        case "admin.macaroon":
+                            macaroons.AdminMacaroon = new Macaroon(await File.ReadAllBytesAsync(file));
+                            break;
+                        case "readonly.macaroon":
+                            macaroons.ReadonlyMacaroon = new Macaroon(await File.ReadAllBytesAsync(file));
+                            break;
+                        case "invoice.macaroon":
+                            macaroons.InvoiceMacaroon = new Macaroon(await File.ReadAllBytesAsync(file));
+                            break;
+                        default:
+                            break;
+                    }
+                }
+                catch { }
+            }
+            return macaroons;
+        }
+        public Macaroon ReadonlyMacaroon { get; set; }
+
+        public Macaroon InvoiceMacaroon { get; set; }
+        public Macaroon AdminMacaroon { get; set; }
+    }
+}
--- a/BTCPayServer/Controllers/ManageController.cs
+++ b/BTCPayServer/Controllers/ManageController.cs
@ -21,10 +21,11 @@ using BTCPayServer.Services.Stores;
 using BTCPayServer.Services.Wallets;
 using BTCPayServer.Services.Mails;
 using System.Globalization;
+using BTCPayServer.Security;

 namespace BTCPayServer.Controllers
 {
-    [Authorize]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
    [Route("[controller]/[action]")]
    public class ManageController : Controller
    {
@ -442,7 +443,7 @@ namespace BTCPayServer.Controllers

            if (!is2faTokenValid)
            {
-                ModelState.AddModelError("model.Code", "Verification code is invalid.");
+                ModelState.AddModelError(nameof(model.Code), "Verification code is invalid.");
                return View(model);
            }

--- a/BTCPayServer/Controllers/PaymentRequestActionResult.cs
+++ b/BTCPayServer/Controllers/PaymentRequestActionResult.cs
@ -1,40 +0,0 @@
-using Microsoft.AspNetCore.Mvc;
-using NBitcoin.Payment;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-
-namespace BTCPayServer.Controllers
-{
-    public class PaymentRequestActionResult : IActionResult
-    {
-        PaymentRequest req;
-        public PaymentRequestActionResult(PaymentRequest req)
-        {
-            this.req = req;
-        }
-        public Task ExecuteResultAsync(ActionContext context)
-        {
-            context.HttpContext.Response.Headers["Content-Transfer-Encoding"] = "binary";
-            context.HttpContext.Response.ContentType = "application/bitcoin-paymentrequest";
-            req.WriteTo(context.HttpContext.Response.Body);
-            return Task.CompletedTask;
-        }
-    }
-    public class PaymentAckActionResult : IActionResult
-    {
-        PaymentACK req;
-        public PaymentAckActionResult(PaymentACK req)
-        {
-            this.req = req;
-        }
-        public Task ExecuteResultAsync(ActionContext context)
-        {
-            context.HttpContext.Response.Headers["Content-Transfer-Encoding"] = "binary";
-            context.HttpContext.Response.ContentType = "application/bitcoin-paymentack";
-            req.WriteTo(context.HttpContext.Response.Body);
-            return Task.CompletedTask;
-        }
-    }
-}
--- a/BTCPayServer/Controllers/PublicController.cs
+++ b/BTCPayServer/Controllers/PublicController.cs
@ -0,0 +1,62 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using BTCPayServer.Filters;
+using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Services.Stores;
+using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers
+{
+    public class PublicController : Controller
+    {
+        public PublicController(InvoiceController invoiceController,
+            StoreRepository storeRepository)
+        {
+            _InvoiceController = invoiceController;
+            _StoreRepository = storeRepository;
+        }
+
+        private InvoiceController _InvoiceController;
+        private StoreRepository _StoreRepository;
+
+        [HttpPost]
+        [Route("api/v1/invoices")]
+        [MediaTypeAcceptConstraintAttribute("text/html")]
+        [IgnoreAntiforgeryToken]
+        [EnableCors(CorsPolicies.All)]
+        public async Task<IActionResult> PayButtonHandle([FromForm]PayButtonViewModel model)
+        {
+            var store = await _StoreRepository.FindStore(model.StoreId);
+            if (store == null)
+                ModelState.AddModelError("Store", "Invalid store");
+            else
+            {
+                var storeBlob = store.GetStoreBlob();
+                if (!storeBlob.AnyoneCanInvoice)
+                    ModelState.AddModelError("Store", "Store has not enabled Pay Button");
+            }
+            
+            if (model == null || model.Price <= 0)
+                ModelState.AddModelError("Price", "Price must be greater than 0");
+
+            if (!ModelState.IsValid)
+                return View();
+
+            var invoice = await _InvoiceController.CreateInvoiceCore(new NBitpayClient.Invoice()
+            {
+                Price = model.Price,
+                Currency = model.Currency,
+                ItemDesc = model.CheckoutDesc,
+                OrderId = model.OrderId,
+                NotificationEmail = model.NotifyEmail,
+                NotificationURL = model.ServerIpn,
+                RedirectURL = model.BrowserRedirect,
+                FullNotifications = true
+            }, store, HttpContext.Request.GetAbsoluteRoot());
+            return Redirect(invoice.Data.Url);
+        }
+    }
+}
--- a/BTCPayServer/Controllers/RateController.cs
+++ b/BTCPayServer/Controllers/RateController.cs
@ -8,67 +8,229 @@ using System.Threading.Tasks;
 using BTCPayServer.Filters;
 using BTCPayServer.Services.Rates;
 using BTCPayServer.Services.Stores;
+using BTCPayServer.Rating;
+using Newtonsoft.Json;
+using Microsoft.AspNetCore.Authorization;
+using BTCPayServer.Authentication;

 namespace BTCPayServer.Controllers
 {
+    [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
+    [AllowAnonymous]
    public class RateController : Controller
    {
-        IRateProviderFactory _RateProviderFactory;
+        RateFetcher _RateProviderFactory;
        BTCPayNetworkProvider _NetworkProvider;
        CurrencyNameTable _CurrencyNameTable;
        StoreRepository _StoreRepo;
+
+        public TokenRepository TokenRepository { get; }
+
        public RateController(
-            IRateProviderFactory rateProviderFactory, 
+            RateFetcher rateProviderFactory,
            BTCPayNetworkProvider networkProvider,
+            TokenRepository tokenRepository,
            StoreRepository storeRepo,
            CurrencyNameTable currencyNameTable)
        {
            _RateProviderFactory = rateProviderFactory ?? throw new ArgumentNullException(nameof(rateProviderFactory));
            _NetworkProvider = networkProvider;
+            TokenRepository = tokenRepository;
            _StoreRepo = storeRepo;
            _CurrencyNameTable = currencyNameTable ?? throw new ArgumentNullException(nameof(currencyNameTable));
        }

+        [Route("rates/{baseCurrency}")]
+        [HttpGet]
+        [BitpayAPIConstraint]
+        public async Task<IActionResult> GetBaseCurrencyRates(string baseCurrency, string storeId)
+        {
+            storeId = await GetStoreId(storeId);
+            var store = this.HttpContext.GetStoreData();
+            if (store == null || store.Id != storeId)
+                store = await _StoreRepo.FindStore(storeId);
+            if (store == null)
+            {
+                var err = Json(new BitpayErrorsModel() { Error = "Store not found" });
+                err.StatusCode = 404;
+                return err;
+            }
+            var supportedMethods = store.GetSupportedPaymentMethods(_NetworkProvider);
+
+            var currencyCodes = supportedMethods.Where(method => !string.IsNullOrEmpty(method.PaymentId.CryptoCode))
+                .Select(method => method.PaymentId.CryptoCode).Distinct();
+
+            var currencypairs = BuildCurrencyPairs(currencyCodes, baseCurrency);
+            
+            var result = await GetRates2(currencypairs, store.Id);
+            var rates = (result as JsonResult)?.Value as Rate[];
+            if (rates == null)
+                return result;
+            return Json(new DataWrapper<Rate[]>(rates));
+        }
+
+
+        [Route("rates/{baseCurrency}/{currency}")]
+        [HttpGet]
+        [BitpayAPIConstraint]
+        public async Task<IActionResult> GetCurrencyPairRate(string baseCurrency, string currency, string storeId)
+        {
+            storeId = await GetStoreId(storeId);
+            var result = await GetRates2($"{baseCurrency}_{currency}", storeId);
+            var rates = (result as JsonResult)?.Value as Rate[];
+            if (rates == null)
+                return result;
+            return Json(new DataWrapper<Rate>(rates.First()));
+        }
+
        [Route("rates")]
        [HttpGet]
        [BitpayAPIConstraint]
-        public async Task<IActionResult> GetRates(string cryptoCode = null, string storeId = null)
+        public async Task<IActionResult> GetRates(string currencyPairs, string storeId)
        {
-            var result = await GetRates2(cryptoCode, storeId);
-            var rates = (result as JsonResult)?.Value as NBitpayClient.Rate[];
-            if(rates == null)
+            storeId = await GetStoreId(storeId);
+            var result = await GetRates2(currencyPairs, storeId);
+            var rates = (result as JsonResult)?.Value as Rate[];
+            if (rates == null)
                return result;
-            return Json(new DataWrapper<NBitpayClient.Rate[]>(rates)); 
+            return Json(new DataWrapper<Rate[]>(rates));
+        }
+
+        private async Task<string> GetStoreId(string storeId)
+        {
+            if (storeId != null && this.HttpContext.GetStoreData()?.Id == storeId)
+                return storeId;
+            if(storeId == null)
+            {
+                var tokens = await this.TokenRepository.GetTokens(this.User.GetSIN());
+                storeId = tokens.Select(s => s.StoreId).Where(s => s != null).FirstOrDefault();
+            }
+            if (storeId == null)
+                return null;
+            var store = await _StoreRepo.FindStore(storeId);
+            if (store == null)
+                return null;
+            this.HttpContext.SetStoreData(store);
+            return storeId;
        }

        [Route("api/rates")]
        [HttpGet]
-        public async Task<IActionResult> GetRates2(string cryptoCode = null, string storeId = null)
+        public async Task<IActionResult> GetRates2(string currencyPairs, string storeId)
        {
-            cryptoCode = cryptoCode ?? "BTC";
-            var network = _NetworkProvider.GetNetwork(cryptoCode);
-            if (network == null)
-                return NotFound();
-            var rateProvider = _RateProviderFactory.GetRateProvider(network, true);
-            if (rateProvider == null)
-                return NotFound();
-
-            if (storeId != null)
+            storeId = await GetStoreId(storeId);
+            if (storeId == null)
            {
-                var store = await _StoreRepo.FindStore(storeId);
-                if (store == null)
-                    return NotFound();
-                rateProvider = store.GetStoreBlob().ApplyRateRules(network, rateProvider);
+                var result = Json(new BitpayErrorsModel() { Error = "You need to specify storeId (in your store settings)" });
+                result.StatusCode = 400;
+                return result;
+            }
+            var store = this.HttpContext.GetStoreData();
+            if (store == null || store.Id != storeId)
+                store = await _StoreRepo.FindStore(storeId);
+            if (store == null)
+            {
+                var result = Json(new BitpayErrorsModel() { Error = "Store not found" });
+                result.StatusCode = 404;
+                return result;
            }

-            var allRates = (await rateProvider.GetRatesAsync());
-            return Json(allRates.Select(r =>
-                            new NBitpayClient.Rate()
+            if (currencyPairs == null)
+            {
+                var supportedMethods = store.GetSupportedPaymentMethods(_NetworkProvider);
+                var currencyCodes = supportedMethods.Select(method => method.PaymentId.CryptoCode).Distinct();
+                var defaultCrypto = store.GetDefaultCrypto(_NetworkProvider);
+
+                currencyPairs = BuildCurrencyPairs(currencyCodes, defaultCrypto);
+
+                if (string.IsNullOrEmpty(currencyPairs))
+                {
+                    var result = Json(new BitpayErrorsModel() { Error = "You need to specify currencyPairs (eg. BTC_USD,LTC_CAD)" });
+                    result.StatusCode = 400;
+                    return result;
+                }
+            }
+
+
+            var rules = store.GetStoreBlob().GetRateRules(_NetworkProvider);
+
+            HashSet<CurrencyPair> pairs = new HashSet<CurrencyPair>();
+            foreach (var currency in currencyPairs.Split(','))
+            {
+                if (!CurrencyPair.TryParse(currency, out var pair))
+                {
+                    var result = Json(new BitpayErrorsModel() { Error = $"Currency pair {currency} uncorrectly formatted" });
+                    result.StatusCode = 400;
+                    return result;
+                }
+                pairs.Add(pair);
+            }
+
+            var fetching = _RateProviderFactory.FetchRates(pairs, rules);
+            await Task.WhenAll(fetching.Select(f => f.Value).ToArray());
+            return Json(pairs
+                            .Select(r => (Pair: r, Value: fetching[r].GetAwaiter().GetResult().BidAsk?.Bid))
+                            .Where(r => r.Value.HasValue)
+                            .Select(r =>
+                            new Rate()
                            {
-                                Code = r.Currency,
-                                Name = _CurrencyNameTable.GetCurrencyData(r.Currency)?.Name,
-                                Value = r.Value
+                                CryptoCode = r.Pair.Left,
+                                Code = r.Pair.Right,
+                                CurrencyPair = r.Pair.ToString(),
+                                Name = _CurrencyNameTable.GetCurrencyData(r.Pair.Right, true).Name,
+                                Value = r.Value.Value
                            }).Where(n => n.Name != null).ToArray());
        }
+
+        private static string BuildCurrencyPairs(IEnumerable<string> currencyCodes, string baseCrypto)
+        {
+            StringBuilder currencyPairsBuilder = new StringBuilder();
+            bool first = true;
+            foreach (var currencyCode in currencyCodes)
+            {
+                if(!first)
+                    currencyPairsBuilder.Append(",");
+                first = false;
+                currencyPairsBuilder.Append($"{baseCrypto}_{currencyCode}");
+            }
+            return currencyPairsBuilder.ToString();
+        }
+
+        public class Rate
+        {
+
+            [JsonProperty(PropertyName = "name")]
+            public string Name
+            {
+                get;
+                set;
+            }
+            [JsonProperty(PropertyName = "cryptoCode")]
+            public string CryptoCode
+            {
+                get;
+                set;
+            }
+
+            [JsonProperty(PropertyName = "currencyPair")]
+            public string CurrencyPair
+            {
+                get;
+                set;
+            }
+
+            [JsonProperty(PropertyName = "code")]
+            public string Code
+            {
+                get;
+                set;
+            }
+            [JsonProperty(PropertyName = "rate")]
+            public decimal Value
+            {
+                get;
+                set;
+            }
+        }
    }
 }
--- a/BTCPayServer/Controllers/ServerController.cs
+++ b/BTCPayServer/Controllers/ServerController.cs
@ -1,31 +1,133 @@
-using BTCPayServer.Models;
+using BTCPayServer.Configuration;
+using Microsoft.Extensions.Logging;
+using BTCPayServer.HostedServices;
+using BTCPayServer.Models;
 using BTCPayServer.Models.ServerViewModels;
+using BTCPayServer.Payments.Lightning;
 using BTCPayServer.Services;
 using BTCPayServer.Services.Mails;
-using BTCPayServer.Validations;
+using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
+using BTCPayServer.Validation;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using NBitcoin;
+using NBitcoin.DataEncoders;
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
+using System.IO;
 using System.Linq;
 using System.Net;
+using System.Net.Http;
 using System.Net.Mail;
 using System.Threading.Tasks;
+using Renci.SshNet;
+using BTCPayServer.Logging;
+using BTCPayServer.Lightning;
+using BTCPayServer.Configuration.External;

 namespace BTCPayServer.Controllers
 {
-    [Authorize(Roles = Roles.ServerAdmin)]
+    [Authorize(Policy = BTCPayServer.Security.Policies.CanModifyServerSettings.Key)]
    public class ServerController : Controller
    {
        private UserManager<ApplicationUser> _UserManager;
        SettingsRepository _SettingsRepository;
+        private readonly NBXplorerDashboard _dashBoard;
+        private RateFetcher _RateProviderFactory;
+        private StoreRepository _StoreRepository;
+        LightningConfigurationProvider _LnConfigProvider;
+        BTCPayServerOptions _Options;

-        public ServerController(UserManager<ApplicationUser> userManager, SettingsRepository settingsRepository)
+        public ServerController(UserManager<ApplicationUser> userManager,
+            Configuration.BTCPayServerOptions options,
+            RateFetcher rateProviderFactory,
+            SettingsRepository settingsRepository,
+            NBXplorerDashboard dashBoard,
+            IHttpClientFactory httpClientFactory,
+            LightningConfigurationProvider lnConfigProvider,
+            Services.Stores.StoreRepository storeRepository)
        {
+            _Options = options;
            _UserManager = userManager;
            _SettingsRepository = settingsRepository;
+            _dashBoard = dashBoard;
+            HttpClientFactory = httpClientFactory;
+            _RateProviderFactory = rateProviderFactory;
+            _StoreRepository = storeRepository;
+            _LnConfigProvider = lnConfigProvider;
+        }
+
+        [Route("server/rates")]
+        public async Task<IActionResult> Rates()
+        {
+            var rates = (await _SettingsRepository.GetSettingAsync<RatesSetting>()) ?? new RatesSetting();
+
+            var vm = new RatesViewModel()
+            {
+                CacheMinutes = rates.CacheInMinutes,
+                PrivateKey = rates.PrivateKey,
+                PublicKey = rates.PublicKey
+            };
+            await FetchRateLimits(vm);
+            return View(vm);
+        }
+
+        private static async Task FetchRateLimits(RatesViewModel vm)
+        {
+            var coinAverage = GetCoinaverageService(vm, false);
+            if (coinAverage != null)
+            {
+                try
+                {
+                    vm.RateLimits = await coinAverage.GetRateLimitsAsync();
+                }
+                catch { }
+            }
+        }
+
+        [Route("server/rates")]
+        [HttpPost]
+        public async Task<IActionResult> Rates(RatesViewModel vm)
+        {
+            var rates = (await _SettingsRepository.GetSettingAsync<RatesSetting>()) ?? new RatesSetting();
+            rates.PrivateKey = vm.PrivateKey;
+            rates.PublicKey = vm.PublicKey;
+            rates.CacheInMinutes = vm.CacheMinutes;
+            try
+            {
+                var service = GetCoinaverageService(vm, true);
+                if (service != null)
+                    await service.TestAuthAsync();
+            }
+            catch
+            {
+                ModelState.AddModelError(nameof(vm.PrivateKey), "Invalid API key pair");
+            }
+            if (!ModelState.IsValid)
+            {
+                await FetchRateLimits(vm);
+                return View(vm);
+            }
+            await _SettingsRepository.UpdateSetting(rates);
+            StatusMessage = "Rate settings successfully updated";
+            return RedirectToAction(nameof(Rates));
+        }
+
+        private static CoinAverageRateProvider GetCoinaverageService(RatesViewModel vm, bool withAuth)
+        {
+            var settings = new CoinAverageSettings()
+            {
+                KeyPair = (vm.PublicKey, vm.PrivateKey)
+            };
+            if (!withAuth || settings.GetCoinAverageSignature() != null)
+            {
+                return new CoinAverageRateProvider()
+                { Authenticator = settings };
+            }
+            return null;
        }

        [Route("server/users")]
@ -52,10 +154,185 @@ namespace BTCPayServer.Controllers
            var roles = await _UserManager.GetRolesAsync(user);
            var userVM = new UserViewModel();
            userVM.Id = user.Id;
+            userVM.Email = user.Email;
            userVM.IsAdmin = IsAdmin(roles);
            return View(userVM);
        }

+        [Route("server/maintenance")]
+        public IActionResult Maintenance()
+        {
+            MaintenanceViewModel vm = new MaintenanceViewModel();
+            vm.UserName = "btcpayserver";
+            vm.DNSDomain = this.Request.Host.Host;
+            vm.SetConfiguredSSH(_Options.SSHSettings);
+            if (IPAddress.TryParse(vm.DNSDomain, out var unused))
+                vm.DNSDomain = null;
+            return View(vm);
+        }
+        
+        [Route("server/maintenance")]
+        [HttpPost]
+        public async Task<IActionResult> Maintenance(MaintenanceViewModel vm, string command)
+        {
+            if (!ModelState.IsValid)
+                return View(vm);
+            vm.SetConfiguredSSH(_Options.SSHSettings);
+            if (command == "changedomain")
+            {
+                if (string.IsNullOrWhiteSpace(vm.DNSDomain))
+                {
+                    ModelState.AddModelError(nameof(vm.DNSDomain), $"Required field");
+                    return View(vm);
+                }
+                vm.DNSDomain = vm.DNSDomain.Trim().ToLowerInvariant();
+                if (vm.DNSDomain.Equals(this.Request.Host.Host, StringComparison.OrdinalIgnoreCase))
+                    return View(vm);
+                if (IPAddress.TryParse(vm.DNSDomain, out var unused))
+                {
+                    ModelState.AddModelError(nameof(vm.DNSDomain), $"This should be a domain name");
+                    return View(vm);
+                }
+                if (vm.DNSDomain.Equals(this.Request.Host.Host, StringComparison.InvariantCultureIgnoreCase))
+                {
+                    ModelState.AddModelError(nameof(vm.DNSDomain), $"The server is already set to use this domain");
+                    return View(vm);
+                }
+                var builder = new UriBuilder();
+                using (var client = new HttpClient(new HttpClientHandler()
+                {
+                    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
+                }))
+                {
+                    try
+                    {
+                        builder.Scheme = this.Request.Scheme;
+                        builder.Host = vm.DNSDomain;
+                        var addresses1 = Dns.GetHostAddressesAsync(this.Request.Host.Host);
+                        var addresses2 = Dns.GetHostAddressesAsync(vm.DNSDomain);
+                        await Task.WhenAll(addresses1, addresses2);
+
+                        var addressesSet = addresses1.GetAwaiter().GetResult().Select(c => c.ToString()).ToHashSet();
+                        var hasCommonAddress = addresses2.GetAwaiter().GetResult().Select(c => c.ToString()).Any(s => addressesSet.Contains(s));
+                        if (!hasCommonAddress)
+                        {
+                            ModelState.AddModelError(nameof(vm.DNSDomain), $"Invalid host ({vm.DNSDomain} is not pointing to this BTCPay instance)");
+                            return View(vm);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        var messages = new List<object>();
+                        messages.Add(ex.Message);
+                        if (ex.InnerException != null)
+                            messages.Add(ex.InnerException.Message);
+                        ModelState.AddModelError(nameof(vm.DNSDomain), $"Invalid domain ({string.Join(", ", messages.ToArray())})");
+                        return View(vm);
+                    }
+                }
+
+                var error = RunSSH(vm, $"changedomain.sh {vm.DNSDomain}");
+                if (error != null)
+                    return error;
+
+                builder.Path = null;
+                builder.Query = null;
+                StatusMessage = $"Domain name changing... the server will restart, please use \"{builder.Uri.AbsoluteUri}\"";
+            }
+            else if (command == "update")
+            {
+                var error = RunSSH(vm, $"btcpay-update.sh");
+                if (error != null)
+                    return error;
+                StatusMessage = $"The server might restart soon if an update is available...";
+            }
+            else
+            {
+                return NotFound();
+            }
+            return RedirectToAction(nameof(Maintenance));
+        }
+
+        public static string RunId = Encoders.Hex.EncodeData(NBitcoin.RandomUtils.GetBytes(32));
+        [HttpGet]
+        [Route("runid")]
+        [AllowAnonymous]
+        public IActionResult SeeRunId(string expected = null)
+        {
+            if (expected == RunId)
+                return Ok();
+            return BadRequest();
+        }
+
+        private IActionResult RunSSH(MaintenanceViewModel vm, string ssh)
+        {
+            ssh = $"sudo bash -c '. /etc/profile.d/btcpay-env.sh && nohup {ssh} > /dev/null 2>&1 & disown'";
+            var sshClient = _Options.SSHSettings == null ? vm.CreateSSHClient(this.Request.Host.Host)
+                                                         : new SshClient(_Options.SSHSettings.CreateConnectionInfo());
+
+            if (_Options.TrustedFingerprints.Count != 0)
+            {
+                sshClient.HostKeyReceived += (object sender, Renci.SshNet.Common.HostKeyEventArgs e) =>
+                {
+                    if (_Options.TrustedFingerprints.Count == 0)
+                    {
+                        Logs.Configuration.LogWarning($"SSH host fingerprint for {e.HostKeyName} is untrusted, start BTCPay with -sshtrustedfingerprints \"{Encoders.Hex.EncodeData(e.FingerPrint)}\"");
+                        e.CanTrust = true; // Not a typo, we want the connection to succeed with a warning
+                    }
+                    else
+                    {
+                        e.CanTrust = _Options.IsTrustedFingerprint(e.FingerPrint, e.HostKey);
+                        if (!e.CanTrust)
+                            Logs.Configuration.LogError($"SSH host fingerprint for {e.HostKeyName} is untrusted, start BTCPay with -sshtrustedfingerprints \"{Encoders.Hex.EncodeData(e.FingerPrint)}\"");
+                    }
+                };
+            }
+            else
+            {
+
+            }
+
+            try
+            {
+                sshClient.Connect();
+            }
+            catch (Renci.SshNet.Common.SshAuthenticationException)
+            {
+                ModelState.AddModelError(nameof(vm.Password), "Invalid credentials");
+                sshClient.Dispose();
+                return View(vm);
+            }
+            catch (Exception ex)
+            {
+                var message = ex.Message;
+                if (ex is AggregateException aggrEx && aggrEx.InnerException?.Message != null)
+                {
+                    message = aggrEx.InnerException.Message;
+                }
+                ModelState.AddModelError(nameof(vm.UserName), $"Connection problem ({message})");
+                sshClient.Dispose();
+                return View(vm);
+            }
+
+            var sshCommand = sshClient.CreateCommand(ssh);
+            sshCommand.CommandTimeout = TimeSpan.FromMinutes(1.0);
+            sshCommand.BeginExecute(ar =>
+            {
+                try
+                {
+                    Logs.PayServer.LogInformation("Running SSH command: " + ssh);
+                    var result = sshCommand.EndExecute(ar);
+                    Logs.PayServer.LogInformation("SSH command executed: " + result);
+                }
+                catch (Exception ex)
+                {
+                    Logs.PayServer.LogWarning("Error while executing SSH command: " + ex.Message);
+                }
+                sshClient.Dispose();
+            });
+            return null;
+        }
+
        private static bool IsAdmin(IList<string> roles)
        {
            return roles.Contains(Roles.ServerAdmin, StringComparer.Ordinal);
@ -72,7 +349,7 @@ namespace BTCPayServer.Controllers
            var isAdmin = IsAdmin(roles);
            bool updated = false;

-            if(isAdmin != viewModel.IsAdmin)
+            if (isAdmin != viewModel.IsAdmin)
            {
                if (viewModel.IsAdmin)
                    await _UserManager.AddToRoleAsync(user, Roles.ServerAdmin);
@ -80,7 +357,7 @@ namespace BTCPayServer.Controllers
                    await _UserManager.RemoveFromRoleAsync(user, Roles.ServerAdmin);
                updated = true;
            }
-            if(updated)
+            if (updated)
            {
                viewModel.StatusMessage = "User successfully updated";
            }
@ -110,6 +387,7 @@ namespace BTCPayServer.Controllers
            if (user == null)
                return NotFound();
            await _UserManager.DeleteAsync(user);
+            await _StoreRepository.CleanUnreachableStores();
            StatusMessage = "User deleted";
            return RedirectToAction(nameof(ListUsers));
        }
@ -119,6 +397,7 @@ namespace BTCPayServer.Controllers
        {
            get; set;
        }
+        public IHttpClientFactory HttpClientFactory { get; }

        [Route("server/emails")]
        public async Task<IActionResult> Emails()
@ -138,7 +417,256 @@ namespace BTCPayServer.Controllers
        public async Task<IActionResult> Policies(PoliciesSettings settings)
        {
            await _SettingsRepository.UpdateSetting(settings);
-            TempData["StatusMessage"] = "Policies upadated successfully";
+            TempData["StatusMessage"] = "Policies updated successfully";
+            return View(settings);
+        }
+
+        [Route("server/services")]
+        public IActionResult Services()
+        {
+            var result = new ServicesViewModel();
+            foreach (var cryptoCode in _Options.ExternalServicesByCryptoCode.Keys)
+            {
+                int i = 0;
+                foreach (var grpcService in _Options.ExternalServicesByCryptoCode.GetServices<ExternalLnd>(cryptoCode))
+                {
+                    result.LNDServices.Add(new ServicesViewModel.LNDServiceViewModel()
+                    {
+                        Crypto = cryptoCode,
+                        Type = grpcService.Type,
+                        Action = nameof(LndServices),
+                        Index = i++,
+                    });
+                }
+                i = 0;
+                foreach (var sparkService in _Options.ExternalServicesByCryptoCode.GetServices<ExternalSpark>(cryptoCode))
+                {
+                    result.LNDServices.Add(new ServicesViewModel.LNDServiceViewModel()
+                    {
+                        Crypto = cryptoCode,
+                        Type = "Spark server",
+                        Action = nameof(SparkServices),
+                        Index = i++,
+                    });
+                }
+            }
+            foreach(var externalService in _Options.ExternalServices)
+            {
+                result.ExternalServices.Add(new ServicesViewModel.ExternalService()
+                {
+                    Name = externalService.Key,
+                    Link = this.Request.GetRelativePath(externalService.Value)
+                });
+            }
+            if(_Options.SSHSettings != null)
+            {
+                result.ExternalServices.Add(new ServicesViewModel.ExternalService()
+                {
+                    Name = "SSH",
+                    Link = this.Url.Action(nameof(SSHService))
+                });
+            }
+            return View(result);
+        }
+
+        [Route("server/services/spark/{cryptoCode}/{index}")]
+        public async Task<IActionResult> SparkServices(string cryptoCode, int index, bool showQR = false)
+        {
+            if (!_dashBoard.IsFullySynched(cryptoCode, out var unusud))
+            {
+                StatusMessage = $"Error: {cryptoCode} is not fully synched";
+                return RedirectToAction(nameof(Services));
+            }
+            var spark = _Options.ExternalServicesByCryptoCode.GetServices<ExternalSpark>(cryptoCode).Skip(index).Select(c => c.ConnectionString).FirstOrDefault();
+            if(spark == null)
+            {
+                return NotFound();
+            }
+
+            SparkServicesViewModel vm = new SparkServicesViewModel();
+            vm.ShowQR = showQR;
+            try
+            {
+                var cookie = (spark.CookeFile == "fake"
+                            ? "fake:fake:fake" // If we are testing, it should not crash
+                            : await System.IO.File.ReadAllTextAsync(spark.CookeFile)).Split(':');
+                if (cookie.Length >= 3)
+                {
+                    vm.SparkLink = $"{spark.Server.AbsoluteUri}?access-key={cookie[2]}";
+                }
+            }
+            catch(Exception ex)
+            {
+                StatusMessage = $"Error: {ex.Message}";
+                return RedirectToAction(nameof(Services));
+            }
+            return View(vm);
+        }
+
+        [Route("server/services/lnd/{cryptoCode}/{index}")]
+        public async Task<IActionResult> LndServices(string cryptoCode, int index, uint? nonce)
+        {
+            if (!_dashBoard.IsFullySynched(cryptoCode, out var unusud))
+            {
+                StatusMessage = $"Error: {cryptoCode} is not fully synched";
+                return RedirectToAction(nameof(Services));
+            }
+            var external = GetExternalLndConnectionString(cryptoCode, index);
+            if (external == null)
+                return NotFound();
+            var model = new LndGrpcServicesViewModel();
+            if (external.ConnectionType == LightningConnectionType.LndGRPC)
+            {
+                model.Host = $"{external.BaseUri.DnsSafeHost}:{external.BaseUri.Port}";
+                model.SSL = external.BaseUri.Scheme == "https";
+                model.ConnectionType = "GRPC";
+                model.GRPCSSLCipherSuites = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256";
+            }
+            else if(external.ConnectionType == LightningConnectionType.LndREST)
+            {
+                model.Uri = external.BaseUri.AbsoluteUri;
+                model.ConnectionType = "REST";
+            }
+
+            if (external.CertificateThumbprint != null)
+            {
+                model.CertificateThumbprint = Encoders.Hex.EncodeData(external.CertificateThumbprint);
+            }
+            if (external.Macaroon != null)
+            {
+                model.Macaroon = Encoders.Hex.EncodeData(external.Macaroon);
+            }
+            var macaroons = external.MacaroonDirectoryPath == null ? null : await Macaroons.GetFromDirectoryAsync(external.MacaroonDirectoryPath);
+            model.AdminMacaroon = macaroons?.AdminMacaroon?.Hex;
+            model.InvoiceMacaroon = macaroons?.InvoiceMacaroon?.Hex;
+            model.ReadonlyMacaroon = macaroons?.ReadonlyMacaroon?.Hex;
+
+            if (nonce != null)
+            {
+                var configKey = GetConfigKey("lnd", cryptoCode, index, nonce.Value);
+                var lnConfig = _LnConfigProvider.GetConfig(configKey);
+                if (lnConfig != null)
+                {
+                    model.QRCodeLink = $"{this.Request.GetAbsoluteRoot().WithTrailingSlash()}lnd-config/{configKey}/lnd.config";
+                    model.QRCode = $"config={model.QRCodeLink}";
+                }
+            }
+
+            return View(model);
+        }
+
+        private static uint GetConfigKey(string type, string cryptoCode, int index, uint nonce)
+        {
+            return (uint)HashCode.Combine(type, cryptoCode, index, nonce);
+        }
+
+        [Route("lnd-config/{configKey}/lnd.config")]
+        [AllowAnonymous]
+        public IActionResult GetLNDConfig(uint configKey)
+        {
+            var conf = _LnConfigProvider.GetConfig(configKey);
+            if (conf == null)
+                return NotFound();
+            return Json(conf);
+        }
+
+        [Route("server/services/lnd/{cryptoCode}/{index}")]
+        [HttpPost]
+        public async Task<IActionResult> LndServicesPost(string cryptoCode, int index)
+        {
+            var external = GetExternalLndConnectionString(cryptoCode, index);
+            if (external == null)
+                return NotFound();
+            LightningConfigurations confs = new LightningConfigurations();
+            var macaroons = external.MacaroonDirectoryPath == null ? null : await Macaroons.GetFromDirectoryAsync(external.MacaroonDirectoryPath);
+            if (external.ConnectionType == LightningConnectionType.LndGRPC)
+            {
+                LightningConfiguration grpcConf = new LightningConfiguration();
+                grpcConf.Type = "grpc";
+                grpcConf.Host = external.BaseUri.DnsSafeHost;
+                grpcConf.Port = external.BaseUri.Port;
+                grpcConf.SSL = external.BaseUri.Scheme == "https";
+                confs.Configurations.Add(grpcConf);
+            }
+            else if (external.ConnectionType == LightningConnectionType.LndREST)
+            {
+                var restconf = new LNDRestConfiguration();
+                restconf.Type = "lnd-rest";
+                restconf.Uri = external.BaseUri.AbsoluteUri;
+                confs.Configurations.Add(restconf);
+            }
+            else
+                throw new NotSupportedException(external.ConnectionType.ToString());
+            var commonConf = (LNDConfiguration)confs.Configurations[confs.Configurations.Count - 1];
+            commonConf.ChainType = _Options.NetworkType.ToString();
+            commonConf.CryptoCode = cryptoCode;
+            commonConf.Macaroon = external.Macaroon == null ? null : Encoders.Hex.EncodeData(external.Macaroon);
+            commonConf.CertificateThumbprint = external.CertificateThumbprint == null ? null : Encoders.Hex.EncodeData(external.CertificateThumbprint);
+            commonConf.AdminMacaroon = macaroons?.AdminMacaroon?.Hex;
+            commonConf.ReadonlyMacaroon = macaroons?.ReadonlyMacaroon?.Hex;
+            commonConf.InvoiceMacaroon = macaroons?.InvoiceMacaroon?.Hex;
+
+            var nonce = RandomUtils.GetUInt32();
+            var configKey = GetConfigKey("lnd", cryptoCode, index, nonce);
+            _LnConfigProvider.KeepConfig(configKey, confs);
+            return RedirectToAction(nameof(LndServices), new { cryptoCode = cryptoCode, nonce = nonce });
+        }
+
+        private LightningConnectionString GetExternalLndConnectionString(string cryptoCode, int index)
+        {
+            var connectionString = _Options.ExternalServicesByCryptoCode.GetServices<ExternalLnd>(cryptoCode).Skip(index).Select(c => c.ConnectionString).FirstOrDefault();
+            if (connectionString == null)
+                return null;
+            connectionString = connectionString.Clone();
+            if (connectionString.MacaroonFilePath != null)
+            {
+                try
+                {
+                    connectionString.Macaroon = System.IO.File.ReadAllBytes(connectionString.MacaroonFilePath);
+                    connectionString.MacaroonFilePath = null;
+                }
+                catch
+                {
+                    Logs.Configuration.LogWarning($"{cryptoCode}: The macaroon file path of the external LND grpc config was not found ({connectionString.MacaroonFilePath})");
+                    return null;
+                }
+            }
+            return connectionString;
+        }
+
+        [Route("server/services/ssh")]
+        public IActionResult SSHService(bool downloadKeyFile = false)
+        {
+            var settings = _Options.SSHSettings;
+            if (settings == null)
+                return NotFound();
+            if (downloadKeyFile)
+            {
+                if (!System.IO.File.Exists(settings.KeyFile))
+                    return NotFound();
+                return File(System.IO.File.ReadAllBytes(settings.KeyFile), "application/octet-stream", "id_rsa");
+            }
+            SSHServiceViewModel vm = new SSHServiceViewModel();
+            string port = settings.Port == 22 ? "" : $" -p {settings.Port}";
+            vm.CommandLine = $"ssh {settings.Username}@{settings.Server}{port}";
+            vm.Password = settings.Password;
+            vm.KeyFilePassword = settings.KeyFilePassword;
+            vm.HasKeyFile = !string.IsNullOrEmpty(settings.KeyFile);
+            return View(vm);
+        }
+
+        [Route("server/theme")]
+        public async Task<IActionResult> Theme()
+        {
+            var data = (await _SettingsRepository.GetSettingAsync<ThemeSettings>()) ?? new ThemeSettings();
+            return View(data);
+        }
+        [Route("server/theme")]
+        [HttpPost]
+        public async Task<IActionResult> Theme(ThemeSettings settings)
+        {
+            await _SettingsRepository.UpdateSetting(settings);
+            TempData["StatusMessage"] = "Theme settings updated successfully";
            return View(settings);
        }

@ -148,10 +676,13 @@ namespace BTCPayServer.Controllers
        {
            if (command == "Test")
            {
-                if (!ModelState.IsValid)
-                    return View(model);
                try
                {
+                    if (!model.Settings.IsComplete())
+                    {
+                        model.StatusMessage = "Error: Required fields missing";
+                        return View(model);
+                    }
                    var client = model.Settings.CreateSmtpClient();
                    await client.SendMailAsync(model.Settings.From, model.TestEmail, "BTCPay test", "BTCPay test");
                    model.StatusMessage = "Email sent to " + model.TestEmail + ", please, verify you received it";
@ -162,15 +693,73 @@ namespace BTCPayServer.Controllers
                }
                return View(model);
            }
-            else
+            else // if(command == "Save")
            {
-                ModelState.Remove(nameof(model.TestEmail));
-                if (!ModelState.IsValid)
-                    return View(model);
                await _SettingsRepository.UpdateSetting(model.Settings);
                model.StatusMessage = "Email settings saved";
                return View(model);
            }
        }
+
+        [Route("server/logs/{file?}")]
+        public async Task<IActionResult> LogsView(string file = null, int offset = 0)
+        {
+            if (offset < 0)
+            {
+                offset = 0;
+            }
+
+            var vm = new LogsViewModel();
+
+            if (string.IsNullOrEmpty(_Options.LogFile))
+            {
+                vm.StatusMessage = "Error: File Logging Option not specified. " +
+                                   "You need to set debuglog and optionally " +
+                                   "debugloglevel in the configuration or through runtime arguments";
+            }
+            else
+            {
+                var di = Directory.GetParent(_Options.LogFile);
+                if (di == null)
+                {
+                    vm.StatusMessage = "Error: Could not load log files";
+                }
+
+                var fileNameWithoutExtension = Path.GetFileNameWithoutExtension(_Options.LogFile);
+                var fileExtension = Path.GetExtension(_Options.LogFile) ?? string.Empty;
+                var logFiles = di.GetFiles($"{fileNameWithoutExtension}*{fileExtension}");
+                vm.LogFileCount = logFiles.Length;
+                vm.LogFiles = logFiles
+                    .OrderBy(info => info.LastWriteTime)
+                    .Skip(offset)
+                    .Take(5)
+                    .ToList();
+                vm.LogFileOffset = offset;
+
+                if (string.IsNullOrEmpty(file)) return View("Logs", vm);
+                vm.Log = "";
+                var path = Path.Combine(di.FullName, file);
+                try
+                {
+                    using (var fileStream = new FileStream(
+                        path,
+                        FileMode.Open,
+                        FileAccess.Read,
+                        FileShare.ReadWrite))
+                    {
+                        using (var reader = new StreamReader(fileStream))
+                        {
+                            vm.Log = await reader.ReadToEndAsync();
+                        }
+                    }
+                }
+                catch
+                {
+                    return NotFound();
+                }
+            }
+
+            return View("Logs", vm);
+        }
    }
 }
--- a/BTCPayServer/Controllers/StoresController.BTCLike.cs
+++ b/BTCPayServer/Controllers/StoresController.BTCLike.cs
@ -10,6 +10,7 @@ using BTCPayServer.Data;
 using BTCPayServer.Models.StoreViewModels;
 using BTCPayServer.Payments;
 using BTCPayServer.Services;
+using LedgerWallet;
 using Microsoft.AspNetCore.Mvc;
 using NBitcoin;
 using NBXplorer.DerivationStrategy;
@ -21,22 +22,82 @@ namespace BTCPayServer.Controllers
    {
        [HttpGet]
        [Route("{storeId}/derivations/{cryptoCode}")]
-        public async Task<IActionResult> AddDerivationScheme(string storeId, string cryptoCode)
+        public IActionResult AddDerivationScheme(string storeId, string cryptoCode)
        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
+            var network = cryptoCode == null ? null : _ExplorerProvider.GetNetwork(cryptoCode);
+            if (network == null)
+            {
+                return NotFound();
+            }

            DerivationSchemeViewModel vm = new DerivationSchemeViewModel();
-            vm.ServerUrl = GetStoreUrl(storeId);
            vm.CryptoCode = cryptoCode;
+            vm.RootKeyPath = network.GetRootKeyPath();
            SetExistingValues(store, vm);
            return View(vm);
        }

+        [HttpGet]
+        [Route("{storeId}/derivations/{cryptoCode}/ledger/ws")]
+        public async Task<IActionResult> AddDerivationSchemeLedger(
+            string storeId,
+            string cryptoCode,
+            string command,
+            int account = 0)
+        {
+            if (!HttpContext.WebSockets.IsWebSocketRequest)
+                return NotFound();
+
+            var webSocket = await HttpContext.WebSockets.AcceptWebSocketAsync();
+            var hw = new HardwareWalletService(webSocket);
+            object result = null;
+            var network = _NetworkProvider.GetNetwork(cryptoCode);
+
+            using (var normalOperationTimeout = new CancellationTokenSource())
+            {
+                normalOperationTimeout.CancelAfter(TimeSpan.FromMinutes(30));
+                try
+                {
+                    if (command == "test")
+                    {
+                        result = await hw.Test(normalOperationTimeout.Token);
+                    }
+                    if (command == "getxpub")
+                    {
+                        var getxpubResult = await hw.GetExtPubKey(network, account, normalOperationTimeout.Token);
+                        result = getxpubResult;
+                    }
+                }
+                catch (OperationCanceledException)
+                { result = new LedgerTestResult() { Success = false, Error = "Timeout" }; }
+                catch (Exception ex)
+                { result = new LedgerTestResult() { Success = false, Error = ex.Message }; }
+                finally { hw.Dispose(); }
+                try
+                {
+                    if (result != null)
+                    {
+                        UTF8Encoding UTF8NOBOM = new UTF8Encoding(false);
+                        var bytes = UTF8NOBOM.GetBytes(JsonConvert.SerializeObject(result, MvcJsonOptions.Value.SerializerSettings));
+                        await webSocket.SendAsync(new ArraySegment<byte>(bytes), WebSocketMessageType.Text, true, new CancellationTokenSource(2000).Token);
+                    }
+                }
+                catch { }
+                finally
+                {
+                    await webSocket.CloseSocket();
+                }
+            }
+            return new EmptyResult();
+        }
+
        private void SetExistingValues(StoreData store, DerivationSchemeViewModel vm)
        {
            vm.DerivationScheme = GetExistingDerivationStrategy(vm.CryptoCode, store)?.DerivationStrategyBase.ToString();
+            vm.Enabled = !store.GetStoreBlob().IsExcluded(new PaymentMethodId(vm.CryptoCode, PaymentTypes.BTCLike));
        }

        private DerivationStrategy GetExistingDerivationStrategy(string cryptoCode, StoreData store)
@ -52,9 +113,8 @@ namespace BTCPayServer.Controllers
        [Route("{storeId}/derivations/{cryptoCode}")]
        public async Task<IActionResult> AddDerivationScheme(string storeId, DerivationSchemeViewModel vm, string cryptoCode)
        {
-            vm.ServerUrl = GetStoreUrl(storeId);
            vm.CryptoCode = cryptoCode;
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();

@ -63,6 +123,7 @@ namespace BTCPayServer.Controllers
            {
                return NotFound();
            }
+            vm.RootKeyPath = network.GetRootKeyPath();
            var wallet = _WalletProvider.GetWallet(network);
            if (wallet == null)
            {
@ -70,6 +131,11 @@ namespace BTCPayServer.Controllers
            }

            PaymentMethodId paymentMethodId = new PaymentMethodId(network.CryptoCode, PaymentTypes.BTCLike);
+            var exisingStrategy = store.GetSupportedPaymentMethods(_NetworkProvider)
+                                       .Where(c => c.PaymentId == paymentMethodId)
+                                       .OfType<DerivationStrategy>()
+                                       .Select(c => c.DerivationStrategyBase.ToString())
+                                       .FirstOrDefault();
            DerivationStrategy strategy = null;
            try
            {
@ -85,11 +151,40 @@ namespace BTCPayServer.Controllers
                vm.Confirmation = false;
                return View(vm);
            }
+            var storeBlob = store.GetStoreBlob();
+            var wasExcluded = storeBlob.GetExcludedPaymentMethods().Match(paymentMethodId);
+            var willBeExcluded = !vm.Enabled;

-            if (!vm.Confirmation && strategy != null)
-                return ShowAddresses(vm, strategy);
+            var showAddress = // Show addresses if:
+                              // - If the user is testing the hint address in confirmation screen
+                              (vm.Confirmation && !string.IsNullOrWhiteSpace(vm.HintAddress)) ||
+                              // - The user is setting a new derivation scheme
+                              (!vm.Confirmation && strategy != null && exisingStrategy != strategy.DerivationStrategyBase.ToString()) ||
+                              // - The user is clicking on continue without changing anything   
+                              (!vm.Confirmation && willBeExcluded == wasExcluded);

-            if (vm.Confirmation && !string.IsNullOrWhiteSpace(vm.HintAddress))
+            showAddress = showAddress && strategy != null;
+            if (!showAddress)
+            {
+                try
+                {
+                    if (strategy != null)
+                        await wallet.TrackAsync(strategy.DerivationStrategyBase);
+                    store.SetSupportedPaymentMethod(paymentMethodId, strategy);
+                    storeBlob.SetExcluded(paymentMethodId, willBeExcluded);
+                    store.SetStoreBlob(storeBlob);
+                }
+                catch
+                {
+                    ModelState.AddModelError(nameof(vm.DerivationScheme), "Invalid Derivation Scheme");
+                    return View(vm);
+                }
+
+                await _Repo.UpdateStore(store);
+                StatusMessage = $"Derivation scheme for {network.CryptoCode} has been modified.";
+                return RedirectToAction(nameof(UpdateStore), new { storeId = storeId });
+            }
+            else if (!string.IsNullOrEmpty(vm.HintAddress))
            {
                BitcoinAddress address = null;
                try
@ -115,26 +210,8 @@ namespace BTCPayServer.Controllers
                vm.StatusMessage = "Address successfully found, please verify that the rest is correct and click on \"Confirm\"";
                ModelState.Remove(nameof(vm.HintAddress));
                ModelState.Remove(nameof(vm.DerivationScheme));
-                return ShowAddresses(vm, strategy);
-            }
-            else
-            {
-                try
-                {
-                    if (strategy != null)
-                        await wallet.TrackAsync(strategy.DerivationStrategyBase);
-                    store.SetSupportedPaymentMethod(paymentMethodId, strategy);
-                }
-                catch
-                {
-                    ModelState.AddModelError(nameof(vm.DerivationScheme), "Invalid Derivation Scheme");
-                    return View(vm);
-                }
-
-                await _Repo.UpdateStore(store);
-                StatusMessage = $"Derivation scheme for {network.CryptoCode} has been modified.";
-                return RedirectToAction(nameof(UpdateStore), new { storeId = storeId });
            }
+            return ShowAddresses(vm, strategy);
        }

        private IActionResult ShowAddresses(DerivationSchemeViewModel vm, DerivationStrategy strategy)
@ -153,201 +230,5 @@ namespace BTCPayServer.Controllers
            vm.Confirmation = true;
            return View(vm);
        }
-
-
-        public class GetInfoResult
-        {
-            public int RecommendedSatoshiPerByte { get; set; }
-            public double Balance { get; set; }
-        }
-
-        public class SendToAddressResult
-        {
-            public string TransactionId { get; set; }
-        }
-
-        [HttpGet]
-        [Route("{storeId}/ws/ledger")]
-        public async Task<IActionResult> LedgerConnection(
-            string storeId,
-            string command,
-            // getinfo
-            string cryptoCode = null,
-            // getxpub
-            int account = 0,
-            // sendtoaddress
-            string destination = null, string amount = null, string feeRate = null, string substractFees = null
-            )
-        {
-            if (!HttpContext.WebSockets.IsWebSocketRequest)
-                return NotFound();
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-
-            var webSocket = await HttpContext.WebSockets.AcceptWebSocketAsync();
-
-            var hw = new HardwareWalletService(webSocket);
-            object result = null;
-            try
-            {
-                BTCPayNetwork network = null;
-                if (cryptoCode != null)
-                {
-                    network = _NetworkProvider.GetNetwork(cryptoCode);
-                    if (network == null)
-                        throw new FormatException("Invalid value for crypto code");
-                }
-
-                BitcoinAddress destinationAddress = null;
-                if (destination != null)
-                {
-                    try
-                    {
-                        destinationAddress = BitcoinAddress.Create(destination);
-                    }
-                    catch { }
-                    if (destinationAddress == null)
-                        throw new FormatException("Invalid value for destination");
-                }
-
-                FeeRate feeRateValue = null;
-                if (feeRate != null)
-                {
-                    try
-                    {
-                        feeRateValue = new FeeRate(Money.Satoshis(int.Parse(feeRate, CultureInfo.InvariantCulture)), 1);
-                    }
-                    catch { }
-                    if (feeRateValue == null || feeRateValue.FeePerK <= Money.Zero)
-                        throw new FormatException("Invalid value for fee rate");
-                }
-
-                Money amountBTC = null;
-                if (amount != null)
-                {
-                    try
-                    {
-                        amountBTC = Money.Parse(amount);
-                    }
-                    catch { }
-                    if (amountBTC == null || amountBTC <= Money.Zero)
-                        throw new FormatException("Invalid value for amount");
-                }
-
-                bool subsctractFeesValue = false;
-                if (substractFees != null)
-                {
-                    try
-                    {
-                        subsctractFeesValue = bool.Parse(substractFees);
-                    }
-                    catch { throw new FormatException("Invalid value for subtract fees"); }
-                }
-                if (command == "test")
-                {
-                    result = await hw.Test();
-                }
-                if (command == "getxpub")
-                {
-                    var getxpubResult = await hw.GetExtPubKey(network, account);
-                    ;
-                    getxpubResult.CoinType = (int)(getxpubResult.KeyPath.Indexes[1] - 0x80000000);
-                    result = getxpubResult;
-                }
-                if (command == "getinfo")
-                {
-                    var strategy = GetDirectDerivationStrategy(store, network);
-                    var strategyBase = GetDerivationStrategy(store, network);
-                    if (strategy == null || !await hw.SupportDerivation(network, strategy))
-                    {
-                        throw new Exception($"This store is not configured to use this ledger");
-                    }
-
-                    var feeProvider = _FeeRateProvider.CreateFeeProvider(network);
-                    var recommendedFees = feeProvider.GetFeeRateAsync();
-                    var balance = _WalletProvider.GetWallet(network).GetBalance(strategyBase);
-                    result = new GetInfoResult() { Balance = (double)(await balance).ToDecimal(MoneyUnit.BTC), RecommendedSatoshiPerByte = (int)(await recommendedFees).GetFee(1).Satoshi };
-                }
-
-                if (command == "sendtoaddress")
-                {
-                    if (!_Dashboard.IsFullySynched(network.CryptoCode, out var summary))
-                        throw new Exception($"{network.CryptoCode}: not started or fully synched");
-                    var strategy = GetDirectDerivationStrategy(store, network);
-                    var strategyBase = GetDerivationStrategy(store, network);
-                    var wallet = _WalletProvider.GetWallet(network);
-                    var change = wallet.GetChangeAddressAsync(strategyBase);
-
-                    var unspentCoins = await wallet.GetUnspentCoins(strategyBase);
-                    var changeAddress = await change;
-                    var transaction = await hw.SendToAddress(strategy, unspentCoins, network,
-                                            new[] { (destinationAddress as IDestination, amountBTC, subsctractFeesValue) },
-                                            feeRateValue,
-                                            changeAddress.Item1,
-                                            changeAddress.Item2, summary.Status.BitcoinStatus.MinRelayTxFee);
-                    try
-                    {
-                        var broadcastResult = await wallet.BroadcastTransactionsAsync(new List<Transaction>() { transaction });
-                        if (!broadcastResult[0].Success)
-                        {
-                            throw new Exception($"RPC Error while broadcasting: {broadcastResult[0].RPCCode} {broadcastResult[0].RPCCodeMessage} {broadcastResult[0].RPCMessage}");
-                        }
-                    }
-                    catch (Exception ex)
-                    {
-                        throw new Exception("Error while broadcasting: " + ex.Message);
-                    }
-                    wallet.InvalidateCache(strategyBase);
-                    result = new SendToAddressResult() { TransactionId = transaction.GetHash().ToString() };
-                }
-            }
-            catch (OperationCanceledException)
-            { result = new LedgerTestResult() { Success = false, Error = "Timeout" }; }
-            catch (Exception ex)
-            { result = new LedgerTestResult() { Success = false, Error = ex.Message }; }
-
-            try
-            {
-                if (result != null)
-                {
-                    UTF8Encoding UTF8NOBOM = new UTF8Encoding(false);
-                    var bytes = UTF8NOBOM.GetBytes(JsonConvert.SerializeObject(result, _MvcJsonOptions.SerializerSettings));
-                    await webSocket.SendAsync(new ArraySegment<byte>(bytes), WebSocketMessageType.Text, true, new CancellationTokenSource(2000).Token);
-                }
-            }
-            catch { }
-            finally
-            {
-                await webSocket.CloseSocket();
-            }
-
-            return new EmptyResult();
-        }
-
-        private DirectDerivationStrategy GetDirectDerivationStrategy(StoreData store, BTCPayNetwork network)
-        {
-            var strategy = GetDerivationStrategy(store, network);
-            var directStrategy = strategy as DirectDerivationStrategy;
-            if (directStrategy == null)
-                directStrategy = (strategy as P2SHDerivationStrategy).Inner as DirectDerivationStrategy;
-            if (!directStrategy.Segwit)
-                return null;
-            return directStrategy;
-        }
-
-        private DerivationStrategyBase GetDerivationStrategy(StoreData store, BTCPayNetwork network)
-        {
-            var strategy = store
-                            .GetSupportedPaymentMethods(_NetworkProvider)
-                            .OfType<DerivationStrategy>()
-                            .FirstOrDefault(s => s.Network.NBitcoinNetwork == network.NBitcoinNetwork);
-            if (strategy == null)
-            {
-                throw new Exception($"Derivation strategy for {network.CryptoCode} is not set");
-            }
-
-            return strategy.DerivationStrategyBase;
-        }
    }
 }
--- a/BTCPayServer/Controllers/StoresController.Changelly.cs
+++ b/BTCPayServer/Controllers/StoresController.Changelly.cs
@ -0,0 +1,96 @@
+using System;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Payments.Changelly;
+using Microsoft.AspNetCore.Mvc;
+
+namespace BTCPayServer.Controllers
+{
+    public partial class StoresController
+    {
+        [HttpGet]
+        [Route("{storeId}/changelly")]
+        public IActionResult UpdateChangellySettings(string storeId)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+                return NotFound();
+            UpdateChangellySettingsViewModel vm = new UpdateChangellySettingsViewModel();
+            SetExistingValues(store, vm);
+            return View(vm);
+        }
+
+        private void SetExistingValues(StoreData store, UpdateChangellySettingsViewModel vm)
+        {
+
+            var existing = store.GetStoreBlob().ChangellySettings;
+            if (existing == null) return;
+            vm.ApiKey = existing.ApiKey;
+            vm.ApiSecret = existing.ApiSecret;
+            vm.ApiUrl = existing.ApiUrl;
+            vm.ChangellyMerchantId = existing.ChangellyMerchantId;
+            vm.Enabled = existing.Enabled;
+            vm.AmountMarkupPercentage = existing.AmountMarkupPercentage;
+            vm.ShowFiat = existing.ShowFiat;
+
+        }
+
+        [HttpPost]
+        [Route("{storeId}/changelly")]
+        public async Task<IActionResult> UpdateChangellySettings(string storeId, UpdateChangellySettingsViewModel vm,
+            string command)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+                return NotFound();
+            if (vm.Enabled)
+            {
+                if (!ModelState.IsValid)
+                {
+                    return View(vm);
+                }
+            }
+
+            var changellySettings = new ChangellySettings()
+            {
+                ApiKey = vm.ApiKey,
+                ApiSecret = vm.ApiSecret,
+                ApiUrl = vm.ApiUrl,
+                ChangellyMerchantId = vm.ChangellyMerchantId,
+                Enabled = vm.Enabled,
+                AmountMarkupPercentage = vm.AmountMarkupPercentage,
+                ShowFiat = vm.ShowFiat
+            };
+            
+            switch (command)
+            {
+                case "save":
+                    var storeBlob = store.GetStoreBlob();
+                    storeBlob.ChangellySettings = changellySettings;
+                    store.SetStoreBlob(storeBlob);
+                    await _Repo.UpdateStore(store);
+                    StatusMessage = "Changelly settings modified";
+                    _changellyClientProvider.InvalidateClient(storeId);
+                    return RedirectToAction(nameof(UpdateStore), new {
+                        storeId});
+                case "test":
+                    try
+                    {
+                        var client = new Changelly(_httpClientFactory, changellySettings.ApiKey, changellySettings.ApiSecret,
+                            changellySettings.ApiUrl);
+                        var result = await client.GetCurrenciesFull();
+                        vm.StatusMessage = "Test Successful";
+                        return View(vm);
+                    }
+                    catch (Exception ex)
+                    {
+                        vm.StatusMessage = $"Error: {ex.Message}";
+                        return View(vm);
+                    }
+                default:
+                    return View(vm);
+            }
+        }
+    }
+}
--- a/BTCPayServer/Controllers/StoresController.LightningLike.cs
+++ b/BTCPayServer/Controllers/StoresController.LightningLike.cs
@ -5,11 +5,12 @@ using System.Linq;
 using System.Threading.Tasks;
 using BTCPayServer.Models.StoreViewModels;
 using BTCPayServer.Payments;
-using BTCPayServer.Payments.Lightning.CLightning;
 using Microsoft.AspNetCore.Mvc;
 using BTCPayServer.Payments.Lightning;
 using System.Net;
 using BTCPayServer.Data;
+using System.Threading;
+using BTCPayServer.Lightning;

 namespace BTCPayServer.Controllers
 {
@ -18,23 +19,25 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [Route("{storeId}/lightning/{cryptoCode}")]
-        public async Task<IActionResult> AddLightningNode(string storeId, string cryptoCode)
+        public IActionResult AddLightningNode(string storeId, string cryptoCode)
        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
-            LightningNodeViewModel vm = new LightningNodeViewModel();
-            vm.CryptoCode = cryptoCode;
-            vm.InternalLightningNode = GetInternalLighningNode(cryptoCode)?.ToUri(true)?.AbsoluteUri;
+            LightningNodeViewModel vm = new LightningNodeViewModel
+            {
+                CryptoCode = cryptoCode,
+                InternalLightningNode = GetInternalLighningNode(cryptoCode)?.ToString()
+            };
            SetExistingValues(store, vm);
            return View(vm);
        }

        private void SetExistingValues(StoreData store, LightningNodeViewModel vm)
        {
-            vm.Url = GetExistingLightningSupportedPaymentMethod(vm.CryptoCode, store)?.GetLightningUrl()?.ToString();
+            vm.ConnectionString = GetExistingLightningSupportedPaymentMethod(vm.CryptoCode, store)?.GetLightningUrl()?.ToString();
+            vm.Enabled = !store.GetStoreBlob().IsExcluded(new PaymentMethodId(vm.CryptoCode, PaymentTypes.LightningLike));
        }
-
        private LightningSupportedPaymentMethod GetExistingLightningSupportedPaymentMethod(string cryptoCode, StoreData store)
        {
            var id = new PaymentMethodId(cryptoCode, PaymentTypes.LightningLike);
@ -58,13 +61,13 @@ namespace BTCPayServer.Controllers
        public async Task<IActionResult> AddLightningNode(string storeId, LightningNodeViewModel vm, string command, string cryptoCode)
        {
            vm.CryptoCode = cryptoCode;
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
            var network = vm.CryptoCode == null ? null : _ExplorerProvider.GetNetwork(vm.CryptoCode);

            var internalLightning = GetInternalLighningNode(network.CryptoCode);
-            vm.InternalLightningNode = internalLightning?.ToUri(true)?.AbsoluteUri;
+            vm.InternalLightningNode = internalLightning?.ToString();
            if (network == null)
            {
                ModelState.AddModelError(nameof(vm.CryptoCode), "Invalid network");
@ -73,33 +76,57 @@ namespace BTCPayServer.Controllers

            PaymentMethodId paymentMethodId = new PaymentMethodId(network.CryptoCode, PaymentTypes.LightningLike);
            Payments.Lightning.LightningSupportedPaymentMethod paymentMethod = null;
-            if (!string.IsNullOrEmpty(vm.Url))
+            if (!string.IsNullOrEmpty(vm.ConnectionString))
            {
-                if (!LightningConnectionString.TryParse(vm.Url, out var connectionString, out var error))
+                if (!LightningConnectionString.TryParse(vm.ConnectionString, false, out var connectionString, out var error))
                {
-                    ModelState.AddModelError(nameof(vm.Url), $"Invalid URL ({error})");
+                    ModelState.AddModelError(nameof(vm.ConnectionString), $"Invalid URL ({error})");
                    return View(vm);
                }

-                var internalDomain = internalLightning?.ToUri(false)?.DnsSafeHost;
-                bool isLocal = (internalDomain == "127.0.0.1" || internalDomain == "localhost");
+                if(connectionString.ConnectionType == LightningConnectionType.LndGRPC)
+                {
+                    ModelState.AddModelError(nameof(vm.ConnectionString), $"BTCPay does not support gRPC connections");
+                    return View(vm);
+                }
+
+                var internalDomain = internalLightning?.BaseUri?.DnsSafeHost;

                bool isInternalNode = connectionString.ConnectionType == LightningConnectionType.CLightning ||
                                      connectionString.BaseUri.DnsSafeHost == internalDomain ||
-                                      isLocal;
+                                      (internalDomain == "127.0.0.1" || internalDomain == "localhost");

-                if (connectionString.BaseUri.Scheme == "http" && !isLocal)
+                if (connectionString.BaseUri.Scheme == "http")
                {
-                    if (!isInternalNode || (isInternalNode && !CanUseInternalLightning()))
+                    if (!isInternalNode)
                    {
-                        ModelState.AddModelError(nameof(vm.Url), "The url must be HTTPS");
+                        ModelState.AddModelError(nameof(vm.ConnectionString), "The url must be HTTPS");
+                        return View(vm);
+                    }
+                }
+
+                if(connectionString.MacaroonFilePath != null)
+                {
+                    if(!CanUseInternalLightning())
+                    {
+                        ModelState.AddModelError(nameof(vm.ConnectionString), "You are not authorized to use macaroonfilepath");
+                        return View(vm);
+                    }
+                    if(!System.IO.File.Exists(connectionString.MacaroonFilePath))
+                    {
+                        ModelState.AddModelError(nameof(vm.ConnectionString), "The macaroonfilepath file does not exist");
+                        return View(vm);
+                    }
+                    if(!System.IO.Path.IsPathRooted(connectionString.MacaroonFilePath))
+                    {
+                        ModelState.AddModelError(nameof(vm.ConnectionString), "The macaroonfilepath should be fully rooted");
                        return View(vm);
                    }
                }

                if (isInternalNode && !CanUseInternalLightning())
                {
-                    ModelState.AddModelError(nameof(vm.Url), "Unauthorized url");
+                    ModelState.AddModelError(nameof(vm.ConnectionString), "Unauthorized url");
                    return View(vm);
                }

@ -109,32 +136,42 @@ namespace BTCPayServer.Controllers
                };
                paymentMethod.SetLightningUrl(connectionString);
            }
-            if (command == "save")
+
+            switch (command)
            {
-                store.SetSupportedPaymentMethod(paymentMethodId, paymentMethod);
-                await _Repo.UpdateStore(store);
-                StatusMessage = $"Lightning node modified ({network.CryptoCode})";
-                return RedirectToAction(nameof(UpdateStore), new { storeId = storeId });
-            }
-            else // if(command == "test")
-            {
-                if (paymentMethod == null)
-                {
-                    ModelState.AddModelError(nameof(vm.Url), "Missing url parameter");
+                case "save":
+                    var storeBlob = store.GetStoreBlob();
+                    storeBlob.SetExcluded(paymentMethodId, !vm.Enabled);
+                    store.SetStoreBlob(storeBlob);
+                    store.SetSupportedPaymentMethod(paymentMethodId, paymentMethod);
+                    await _Repo.UpdateStore(store);
+                    StatusMessage = $"Lightning node modified ({network.CryptoCode})";
+                    return RedirectToAction(nameof(UpdateStore), new { storeId = storeId });
+                case "test" when paymentMethod == null:
+                    ModelState.AddModelError(nameof(vm.ConnectionString), "Missing url parameter");
                    return View(vm);
-                }
-                var handler = (LightningLikePaymentHandler)_ServiceProvider.GetRequiredService<IPaymentMethodHandler<Payments.Lightning.LightningSupportedPaymentMethod>>();
-                try
-                {
-                    var info = await handler.Test(paymentMethod, network);
-                    vm.StatusMessage = $"Connection to the lightning node succeed ({info})";
-                }
-                catch (Exception ex)
-                {
-                    vm.StatusMessage = $"Error: {ex.Message}";
+                case "test":
+                    var handler = (LightningLikePaymentHandler)_ServiceProvider.GetRequiredService<IPaymentMethodHandler<Payments.Lightning.LightningSupportedPaymentMethod>>();
+                    try
+                    {
+                        var info = await handler.Test(paymentMethod, network);
+                        if (!vm.SkipPortTest)
+                        {
+                            using (CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(20)))
+                            {
+                                await handler.TestConnection(info, cts.Token);
+                            }
+                        }
+                        vm.StatusMessage = $"Connection to the lightning node succeeded ({info})";
+                    }
+                    catch (Exception ex)
+                    {
+                        vm.StatusMessage = $"Error: {ex.Message}";
+                        return View(vm);
+                    }
+                    return View(vm);
+                default:
                    return View(vm);
-                }                
-                return View(vm);
            }
        }

--- a/BTCPayServer/Controllers/StoresController.cs
+++ b/BTCPayServer/Controllers/StoresController.cs
@ -1,13 +1,24 @@
-using BTCPayServer.Authentication;
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Net.Http;
+using System.Threading.Tasks;
+using BTCPayServer.Authentication;
 using BTCPayServer.Configuration;
 using BTCPayServer.Data;
-using BTCPayServer.HostedServices;
 using BTCPayServer.Models;
+using BTCPayServer.Models.AppViewModels;
 using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Rating;
+using BTCPayServer.Security;
 using BTCPayServer.Services;
+using BTCPayServer.Services.Rates;
 using BTCPayServer.Services.Stores;
 using BTCPayServer.Services.Wallets;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
@ -15,63 +26,58 @@ using Microsoft.AspNetCore.Mvc.Rendering;
 using Microsoft.Extensions.Options;
 using NBitcoin;
 using NBitcoin.DataEncoders;
-using NBXplorer.DerivationStrategy;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net.Http;
-using System.Threading;
-using System.Threading.Tasks;

 namespace BTCPayServer.Controllers
 {
    [Route("stores")]
-    [Authorize(AuthenticationSchemes = "Identity.Application")]
-    [Authorize(Policy = StorePolicies.OwnStore)]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
+    [Authorize(Policy = Policies.CanModifyStoreSettings.Key)]
    [AutoValidateAntiforgeryToken]
    public partial class StoresController : Controller
    {
+        RateFetcher _RateFactory;
        public string CreatedStoreId { get; set; }
        public StoresController(
-            NBXplorerDashboard dashboard,
            IServiceProvider serviceProvider,
            BTCPayServerOptions btcpayServerOptions,
            BTCPayServerEnvironment btcpayEnv,
-            IOptions<MvcJsonOptions> mvcJsonOptions,
            StoreRepository repo,
            TokenRepository tokenRepo,
            UserManager<ApplicationUser> userManager,
            AccessTokenController tokenController,
            BTCPayWalletProvider walletProvider,
            BTCPayNetworkProvider networkProvider,
+            RateFetcher rateFactory,
            ExplorerClientProvider explorerProvider,
            IFeeProviderFactory feeRateProvider,
            LanguageService langService,
-            IHostingEnvironment env)
+            ChangellyClientProvider changellyClientProvider,
+            IOptions<MvcJsonOptions> mvcJsonOptions,
+            IHostingEnvironment env, IHttpClientFactory httpClientFactory)
        {
-            _Dashboard = dashboard;
+            _RateFactory = rateFactory;
            _Repo = repo;
            _TokenRepository = tokenRepo;
            _UserManager = userManager;
            _LangService = langService;
+            _changellyClientProvider = changellyClientProvider;
+            MvcJsonOptions = mvcJsonOptions;
            _TokenController = tokenController;
            _WalletProvider = walletProvider;
            _Env = env;
+            _httpClientFactory = httpClientFactory;
            _NetworkProvider = networkProvider;
            _ExplorerProvider = explorerProvider;
-            _MvcJsonOptions = mvcJsonOptions.Value;
            _FeeRateProvider = feeRateProvider;
            _ServiceProvider = serviceProvider;
            _BtcpayServerOptions = btcpayServerOptions;
            _BTCPayEnv = btcpayEnv;
        }
-        NBXplorerDashboard _Dashboard;
        BTCPayServerOptions _BtcpayServerOptions;
        BTCPayServerEnvironment _BTCPayEnv;
        IServiceProvider _ServiceProvider;
        BTCPayNetworkProvider _NetworkProvider;
        private ExplorerClientProvider _ExplorerProvider;
-        private MvcJsonOptions _MvcJsonOptions;
        private IFeeProviderFactory _FeeRateProvider;
        BTCPayWalletProvider _WalletProvider;
        AccessTokenController _TokenController;
@ -79,7 +85,9 @@ namespace BTCPayServer.Controllers
        TokenRepository _TokenRepository;
        UserManager<ApplicationUser> _UserManager;
        private LanguageService _LangService;
+        private readonly ChangellyClientProvider _changellyClientProvider;
        IHostingEnvironment _Env;
+        private IHttpClientFactory _httpClientFactory;

        [TempData]
        public string StatusMessage
@ -87,37 +95,19 @@ namespace BTCPayServer.Controllers
            get; set;
        }

-        [HttpGet]
-        [Route("{storeId}/wallet/{cryptoCode}")]
-        public async Task<IActionResult> Wallet(string storeId, string cryptoCode)
-        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-            WalletModel model = new WalletModel();
-            model.ServerUrl = GetStoreUrl(storeId);
-            model.CryptoCurrency = cryptoCode;
-            return View(model);
-        }
-
-        private string GetStoreUrl(string storeId)
-        {
-            return HttpContext.Request.GetAbsoluteRoot() + "/stores/" + storeId + "/";
-        }
-
        [HttpGet]
        [Route("{storeId}/users")]
-        public async Task<IActionResult> StoreUsers(string storeId)
+        public async Task<IActionResult> StoreUsers()
        {
            StoreUsersViewModel vm = new StoreUsersViewModel();
-            await FillUsers(storeId, vm);
+            await FillUsers(vm);
            return View(vm);
        }

-        private async Task FillUsers(string storeId, StoreUsersViewModel vm)
+        private async Task FillUsers(StoreUsersViewModel vm)
        {
-            var users = await _Repo.GetStoreUsers(storeId);
-            vm.StoreId = storeId;
+            var users = await _Repo.GetStoreUsers(StoreData.Id);
+            vm.StoreId = StoreData.Id;
            vm.Users = users.Select(u => new StoreUsersViewModel.StoreUserViewModel()
            {
                Email = u.Email,
@ -126,11 +116,20 @@ namespace BTCPayServer.Controllers
            }).ToList();
        }

+        public StoreData StoreData
+        {
+            get
+            {
+                return this.HttpContext.GetStoreData();
+            }
+        }
+
+
        [HttpPost]
        [Route("{storeId}/users")]
-        public async Task<IActionResult> StoreUsers(string storeId, StoreUsersViewModel vm)
+        public async Task<IActionResult> StoreUsers(StoreUsersViewModel vm)
        {
-            await FillUsers(storeId, vm);
+            await FillUsers(vm);
            if (!ModelState.IsValid)
            {
                return View(vm);
@ -146,7 +145,7 @@ namespace BTCPayServer.Controllers
                ModelState.AddModelError(nameof(vm.Role), "Invalid role");
                return View(vm);
            }
-            if (!await _Repo.AddStoreUser(storeId, user.Id, vm.Role))
+            if (!await _Repo.AddStoreUser(StoreData.Id, user.Id, vm.Role))
            {
                ModelState.AddModelError(nameof(vm.Email), "The user already has access to this store");
                return View(vm);
@ -157,19 +156,16 @@ namespace BTCPayServer.Controllers

        [HttpGet]
        [Route("{storeId}/users/{userId}/delete")]
-        public async Task<IActionResult> DeleteStoreUser(string storeId, string userId)
+        public async Task<IActionResult> DeleteStoreUser(string userId)
        {
            StoreUsersViewModel vm = new StoreUsersViewModel();
-            var store = await _Repo.FindStore(storeId, userId);
-            if (store == null)
-                return NotFound();
            var user = await _UserManager.FindByIdAsync(userId);
            if (user == null)
                return NotFound();
            return View("Confirm", new ConfirmModel()
            {
                Title = $"Remove store user",
-                Description = $"Are you sure to remove access to remove {store.Role} access to {user.Email}?",
+                Description = $"Are you sure to remove access to remove access to {user.Email}?",
                Action = "Delete"
            });
        }
@ -184,10 +180,224 @@ namespace BTCPayServer.Controllers
        }

        [HttpGet]
-        [Route("{storeId}")]
-        public async Task<IActionResult> UpdateStore(string storeId)
+        [Route("{storeId}/rates")]
+        public IActionResult Rates()
        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var storeBlob = StoreData.GetStoreBlob();
+            var vm = new RatesViewModel();
+            vm.SetExchangeRates(GetSupportedExchanges(), storeBlob.PreferredExchange ?? CoinAverageRateProvider.CoinAverageName);
+            vm.Spread = (double)(storeBlob.Spread * 100m);
+            vm.Script = storeBlob.GetRateRules(_NetworkProvider).ToString();
+            vm.DefaultScript = storeBlob.GetDefaultRateRules(_NetworkProvider).ToString();
+            vm.AvailableExchanges = GetSupportedExchanges();
+            vm.ShowScripting = storeBlob.RateScripting;
+            return View(vm);
+        }
+
+        [HttpPost]
+        [Route("{storeId}/rates")]
+        public async Task<IActionResult> Rates(RatesViewModel model, string command = null)
+        {
+            model.SetExchangeRates(GetSupportedExchanges(), model.PreferredExchange);
+            if (!ModelState.IsValid)
+            {
+                return View(model);
+            }
+            if (model.PreferredExchange != null)
+                model.PreferredExchange = model.PreferredExchange.Trim().ToLowerInvariant();
+
+            var blob = StoreData.GetStoreBlob();
+            model.DefaultScript = blob.GetDefaultRateRules(_NetworkProvider).ToString();
+            model.AvailableExchanges = GetSupportedExchanges();
+
+            blob.PreferredExchange = model.PreferredExchange;
+            blob.Spread = (decimal)model.Spread / 100.0m;
+
+            if (!model.ShowScripting)
+            {
+                if (!GetSupportedExchanges().Select(c => c.Name).Contains(blob.PreferredExchange, StringComparer.OrdinalIgnoreCase))
+                {
+                    ModelState.AddModelError(nameof(model.PreferredExchange), $"Unsupported exchange ({model.RateSource})");
+                    return View(model);
+                }
+            }
+            RateRules rules = null;
+            if (model.ShowScripting)
+            {
+                if (!RateRules.TryParse(model.Script, out rules, out var errors))
+                {
+                    errors = errors ?? new List<RateRulesErrors>();
+                    var errorString = String.Join(", ", errors.ToArray());
+                    ModelState.AddModelError(nameof(model.Script), $"Parsing error ({errorString})");
+                    return View(model);
+                }
+                else
+                {
+                    blob.RateScript = rules.ToString();
+                    ModelState.Remove(nameof(model.Script));
+                    model.Script = blob.RateScript;
+                }
+            }
+            rules = blob.GetRateRules(_NetworkProvider);
+
+            if (command == "Test")
+            {
+                if (string.IsNullOrWhiteSpace(model.ScriptTest))
+                {
+                    ModelState.AddModelError(nameof(model.ScriptTest), "Fill out currency pair to test for (like BTC_USD,BTC_CAD)");
+                    return View(model);
+                }
+                var splitted = model.ScriptTest.Split(',', StringSplitOptions.RemoveEmptyEntries);
+
+                var pairs = new List<CurrencyPair>();
+                foreach (var pair in splitted)
+                {
+                    if (!CurrencyPair.TryParse(pair, out var currencyPair))
+                    {
+                        ModelState.AddModelError(nameof(model.ScriptTest), $"Invalid currency pair '{pair}' (it should be formatted like BTC_USD,BTC_CAD)");
+                        return View(model);
+                    }
+                    pairs.Add(currencyPair);
+                }
+
+                var fetchs = _RateFactory.FetchRates(pairs.ToHashSet(), rules);
+                var testResults = new List<RatesViewModel.TestResultViewModel>();
+                foreach (var fetch in fetchs)
+                {
+                    var testResult = await (fetch.Value);
+                    testResults.Add(new RatesViewModel.TestResultViewModel()
+                    {
+                        CurrencyPair = fetch.Key.ToString(),
+                        Error = testResult.Errors.Count != 0,
+                        Rule = testResult.Errors.Count == 0 ? testResult.Rule + " = " + testResult.BidAsk.Bid.ToString(CultureInfo.InvariantCulture)
+                                                            : testResult.EvaluatedRule
+                    });
+                }
+                model.TestRateRules = testResults;
+                return View(model);
+            }
+            else // command == Save
+            {
+                if (StoreData.SetStoreBlob(blob))
+                {
+                    await _Repo.UpdateStore(StoreData);
+                    StatusMessage = "Rate settings updated";
+                }
+                return RedirectToAction(nameof(Rates), new
+                {
+                    storeId = StoreData.Id
+                });
+            }
+        }
+
+        [HttpGet]
+        [Route("{storeId}/rates/confirm")]
+        public IActionResult ShowRateRules(bool scripting)
+        {
+            return View("Confirm", new ConfirmModel()
+            {
+                Action = "Continue",
+                Title = "Rate rule scripting",
+                Description = scripting ?
+                                "This action will modify your current rate sources. Are you sure to turn on rate rules scripting? (Advanced users)"
+                                : "This action will delete your rate script. Are you sure to turn off rate rules scripting?",
+                ButtonClass = "btn-primary"
+            });
+        }
+
+        [HttpPost]
+        [Route("{storeId}/rates/confirm")]
+        public async Task<IActionResult> ShowRateRulesPost(bool scripting)
+        {
+            var blob = StoreData.GetStoreBlob();
+            blob.RateScripting = scripting;
+            blob.RateScript = blob.GetDefaultRateRules(_NetworkProvider).ToString();
+            StoreData.SetStoreBlob(blob);
+            await _Repo.UpdateStore(StoreData);
+            StatusMessage = "Rate rules scripting activated";
+            return RedirectToAction(nameof(Rates), new { storeId = StoreData.Id });
+        }
+
+        [HttpGet]
+        [Route("{storeId}/checkout")]
+        public IActionResult CheckoutExperience()
+        {
+            var storeBlob = StoreData.GetStoreBlob();
+            var vm = new CheckoutExperienceViewModel();
+            vm.SetCryptoCurrencies(_ExplorerProvider, StoreData.GetDefaultCrypto(_NetworkProvider));
+            vm.SetLanguages(_LangService, storeBlob.DefaultLang);
+            vm.LightningMaxValue = storeBlob.LightningMaxValue?.ToString() ?? "";
+            vm.OnChainMinValue = storeBlob.OnChainMinValue?.ToString() ?? "";
+            vm.RequiresRefundEmail = storeBlob.RequiresRefundEmail;
+            vm.CustomCSS = storeBlob.CustomCSS?.AbsoluteUri;
+            vm.CustomLogo = storeBlob.CustomLogo?.AbsoluteUri;
+            vm.HtmlTitle = storeBlob.HtmlTitle;
+            return View(vm);
+        }
+
+        [HttpPost]
+        [Route("{storeId}/checkout")]
+        public async Task<IActionResult> CheckoutExperience(CheckoutExperienceViewModel model)
+        {
+            CurrencyValue lightningMaxValue = null;
+            if (!string.IsNullOrWhiteSpace(model.LightningMaxValue))
+            {
+                if (!CurrencyValue.TryParse(model.LightningMaxValue, out lightningMaxValue))
+                {
+                    ModelState.AddModelError(nameof(model.LightningMaxValue), "Invalid lightning max value");
+                }
+            }
+
+            CurrencyValue onchainMinValue = null;
+            if (!string.IsNullOrWhiteSpace(model.OnChainMinValue))
+            {
+                if (!CurrencyValue.TryParse(model.OnChainMinValue, out onchainMinValue))
+                {
+                    ModelState.AddModelError(nameof(model.OnChainMinValue), "Invalid on chain min value");
+                }
+            }
+            bool needUpdate = false;
+            var blob = StoreData.GetStoreBlob();
+            if (StoreData.GetDefaultCrypto(_NetworkProvider) != model.DefaultCryptoCurrency)
+            {
+                needUpdate = true;
+                StoreData.SetDefaultCrypto(model.DefaultCryptoCurrency);
+            }
+            model.SetCryptoCurrencies(_ExplorerProvider, model.DefaultCryptoCurrency);
+            model.SetLanguages(_LangService, model.DefaultLang);
+
+            if (!ModelState.IsValid)
+            {
+                return View(model);
+            }
+            blob.DefaultLang = model.DefaultLang;
+            blob.RequiresRefundEmail = model.RequiresRefundEmail;
+            blob.LightningMaxValue = lightningMaxValue;
+            blob.OnChainMinValue = onchainMinValue;
+            blob.CustomLogo = string.IsNullOrWhiteSpace(model.CustomLogo) ? null : new Uri(model.CustomLogo, UriKind.Absolute);
+            blob.CustomCSS = string.IsNullOrWhiteSpace(model.CustomCSS) ? null : new Uri(model.CustomCSS, UriKind.Absolute);
+            blob.HtmlTitle = string.IsNullOrWhiteSpace(model.HtmlTitle) ? null : model.HtmlTitle;
+            if (StoreData.SetStoreBlob(blob))
+            {
+                needUpdate = true;
+            }
+            if (needUpdate)
+            {
+                await _Repo.UpdateStore(StoreData);
+                StatusMessage = "Store successfully updated";
+            }
+
+            return RedirectToAction(nameof(CheckoutExperience), new
+            {
+                storeId = StoreData.Id
+            });
+        }
+
+        [HttpGet]
+        [Route("{storeId}")]
+        public IActionResult UpdateStore()
+        {
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();

@ -195,24 +405,23 @@ namespace BTCPayServer.Controllers
            var vm = new StoreViewModel();
            vm.Id = store.Id;
            vm.StoreName = store.StoreName;
-            vm.SetCryptoCurrencies(_ExplorerProvider, store.GetDefaultCrypto());
-            vm.SetLanguages(_LangService, storeBlob.DefaultLang);
            vm.StoreWebsite = store.StoreWebsite;
            vm.NetworkFee = !storeBlob.NetworkFeeDisabled;
+            vm.AnyoneCanCreateInvoice = storeBlob.AnyoneCanInvoice;
            vm.SpeedPolicy = store.SpeedPolicy;
-            AddPaymentMethods(store, vm);
-            vm.StatusMessage = StatusMessage;
+            vm.CanDelete = _Repo.CanDeleteStores();
+            AddPaymentMethods(store, storeBlob, vm);
            vm.MonitoringExpiration = storeBlob.MonitoringExpiration;
            vm.InvoiceExpiration = storeBlob.InvoiceExpiration;
-            vm.RateMultiplier = (double)storeBlob.GetRateMultiplier();
-            vm.PreferredExchange = storeBlob.PreferredExchange.IsCoinAverage() ? "coinaverage" : storeBlob.PreferredExchange;
-            vm.AllowCoinConversion = storeBlob.AllowCoinConversion;
+            vm.LightningDescriptionTemplate = storeBlob.LightningDescriptionTemplate;
+            vm.PaymentTolerance = storeBlob.PaymentTolerance;
            return View(vm);
        }


-        private void AddPaymentMethods(StoreData store, StoreViewModel vm)
+        private void AddPaymentMethods(StoreData store, StoreBlob storeBlob, StoreViewModel vm)
        {
+            var excludeFilters = storeBlob.GetExcludedPaymentMethods();
            var derivationByCryptoCode =
                store
                .GetSupportedPaymentMethods(_NetworkProvider)
@ -224,7 +433,9 @@ namespace BTCPayServer.Controllers
                vm.DerivationSchemes.Add(new StoreViewModel.DerivationScheme()
                {
                    Crypto = network.CryptoCode,
-                    Value = strategy?.DerivationStrategyBase?.ToString() ?? string.Empty
+                    Value = strategy?.DerivationStrategyBase?.ToString() ?? string.Empty,
+                    WalletId = new WalletId(store.Id, network.CryptoCode),
+                    Enabled = !excludeFilters.Match(new Payments.PaymentMethodId(network.CryptoCode, Payments.PaymentTypes.BTCLike))
                });
            }

@ -236,110 +447,115 @@ namespace BTCPayServer.Controllers
            foreach (var network in _NetworkProvider.GetAll())
            {
                var lightning = lightningByCryptoCode.TryGet(network.CryptoCode);
+                var paymentId = new Payments.PaymentMethodId(network.CryptoCode, Payments.PaymentTypes.LightningLike);
                vm.LightningNodes.Add(new StoreViewModel.LightningNode()
                {
                    CryptoCode = network.CryptoCode,
-                    Address = lightning?.GetLightningUrl()?.BaseUri.AbsoluteUri ?? string.Empty
+                    Address = lightning?.GetLightningUrl()?.BaseUri.AbsoluteUri ?? string.Empty,
+                    Enabled = !excludeFilters.Match(paymentId)
                });
            }
+
+
+            var changellyEnabled = storeBlob.ChangellySettings != null && storeBlob.ChangellySettings.Enabled;
+            vm.ThirdPartyPaymentMethods.Add(new StoreViewModel.ThirdPartyPaymentMethod()
+            {
+                Enabled = changellyEnabled,
+                Action = nameof(UpdateChangellySettings),
+                Provider = "Changelly"
+            });
        }

        [HttpPost]
        [Route("{storeId}")]
-        public async Task<IActionResult> UpdateStore(string storeId, StoreViewModel model)
+        public async Task<IActionResult> UpdateStore(StoreViewModel model, string command = null)
        {
-
-            if (!ModelState.IsValid)
-            {
-                return View(model);
-            }
-            if (model.PreferredExchange != null)
-                model.PreferredExchange = model.PreferredExchange.Trim().ToLowerInvariant();
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-            AddPaymentMethods(store, model);
-
            bool needUpdate = false;
-            if (store.SpeedPolicy != model.SpeedPolicy)
+            if (StoreData.SpeedPolicy != model.SpeedPolicy)
            {
                needUpdate = true;
-                store.SpeedPolicy = model.SpeedPolicy;
+                StoreData.SpeedPolicy = model.SpeedPolicy;
            }
-            if (store.StoreName != model.StoreName)
+            if (StoreData.StoreName != model.StoreName)
            {
                needUpdate = true;
-                store.StoreName = model.StoreName;
+                StoreData.StoreName = model.StoreName;
            }
-            if (store.StoreWebsite != model.StoreWebsite)
+            if (StoreData.StoreWebsite != model.StoreWebsite)
            {
                needUpdate = true;
-                store.StoreWebsite = model.StoreWebsite;
+                StoreData.StoreWebsite = model.StoreWebsite;
            }

-            if (store.GetDefaultCrypto() != model.DefaultCryptoCurrency)
-            {
-                needUpdate = true;
-                store.SetDefaultCrypto(model.DefaultCryptoCurrency);
-            }
-            model.SetCryptoCurrencies(_ExplorerProvider, model.DefaultCryptoCurrency);
-            model.SetLanguages(_LangService, model.DefaultLang);
-
-            var blob = store.GetStoreBlob();
+            var blob = StoreData.GetStoreBlob();
+            blob.AnyoneCanInvoice = model.AnyoneCanCreateInvoice;
            blob.NetworkFeeDisabled = !model.NetworkFee;
            blob.MonitoringExpiration = model.MonitoringExpiration;
            blob.InvoiceExpiration = model.InvoiceExpiration;
-            blob.DefaultLang = model.DefaultLang;
+            blob.LightningDescriptionTemplate = model.LightningDescriptionTemplate ?? string.Empty;
+            blob.PaymentTolerance = model.PaymentTolerance;

-            bool newExchange = blob.PreferredExchange != model.PreferredExchange;
-            blob.PreferredExchange = model.PreferredExchange;
-
-            blob.SetRateMultiplier(model.RateMultiplier);
-            blob.AllowCoinConversion = model.AllowCoinConversion;
-
-            if (store.SetStoreBlob(blob))
+            if (StoreData.SetStoreBlob(blob))
            {
                needUpdate = true;
            }

-            if (!blob.PreferredExchange.IsCoinAverage() && newExchange)
-            {
-                using (HttpClient client = new HttpClient())
-                {
-                    var rate = await client.GetAsync(model.RateSource);
-                    if (rate.StatusCode == System.Net.HttpStatusCode.NotFound)
-                    {
-                        ModelState.AddModelError(nameof(model.PreferredExchange), $"Unsupported exchange ({model.RateSource})");
-                        return View(model);
-                    }
-                }
-            }
-
            if (needUpdate)
            {
-                await _Repo.UpdateStore(store);
+                await _Repo.UpdateStore(StoreData);
                StatusMessage = "Store successfully updated";
            }

            return RedirectToAction(nameof(UpdateStore), new
            {
-                storeId = storeId
+                storeId = StoreData.Id
            });
+
+        }
+
+        [HttpGet]
+        [Route("{storeId}/delete")]
+        public IActionResult DeleteStore(string storeId)
+        {
+            return View("Confirm", new ConfirmModel()
+            {
+                Action = "Delete this store",
+                Title = "Delete this store",
+                Description = "This action is irreversible and will remove all information related to this store. (Invoices, Apps etc...)",
+                ButtonClass = "btn-danger"
+            });
+        }
+
+        [HttpPost]
+        [Route("{storeId}/delete")]
+        public async Task<IActionResult> DeleteStorePost(string storeId)
+        {
+            await _Repo.DeleteStore(StoreData.Id);
+            StatusMessage = "Success: Store successfully deleted";
+            return RedirectToAction(nameof(UserStoresController.ListStores), "UserStores");
+        }
+
+        private CoinAverageExchange[] GetSupportedExchanges()
+        {
+            return _RateFactory.RateProviderFactory.GetSupportedExchanges()
+                    .Select(c => c.Value)
+                    .OrderBy(s => s.Name, StringComparer.OrdinalIgnoreCase)
+                    .ToArray();
        }

        private DerivationStrategy ParseDerivationStrategy(string derivationScheme, Script hint, BTCPayNetwork network)
        {
-            var parser = new DerivationSchemeParser(network.NBitcoinNetwork, network.DefaultSettings.ChainType);
+            var parser = new DerivationSchemeParser(network.NBitcoinNetwork);
            parser.HintScriptPubKey = hint;
            return new DerivationStrategy(parser.Parse(derivationScheme), network);
        }

        [HttpGet]
        [Route("{storeId}/Tokens")]
-        public async Task<IActionResult> ListTokens(string storeId)
+        public async Task<IActionResult> ListTokens()
        {
            var model = new TokensViewModel();
-            var tokens = await _TokenRepository.GetTokensByStoreIdAsync(storeId);
+            var tokens = await _TokenRepository.GetTokensByStoreIdAsync(StoreData.Id);
            model.StatusMessage = StatusMessage;
            model.Tokens = tokens.Select(t => new TokenViewModel()
            {
@ -348,30 +564,82 @@ namespace BTCPayServer.Controllers
                SIN = t.SIN,
                Id = t.Value
            }).ToArray();
+
+            model.ApiKey = (await _TokenRepository.GetLegacyAPIKeys(StoreData.Id)).FirstOrDefault();
+            if (model.ApiKey == null)
+                model.EncodedApiKey = "*API Key*";
+            else
+                model.EncodedApiKey = Encoders.Base64.EncodeData(Encoders.ASCII.DecodeData(model.ApiKey));
            return View(model);
        }

+        [HttpGet]
+        [Route("{storeId}/tokens/{tokenId}/revoke")]
+        public async Task<IActionResult> RevokeToken(string tokenId)
+        {
+            var token = await _TokenRepository.GetToken(tokenId);
+            if (token == null || token.StoreId != StoreData.Id)
+                return NotFound();
+            return View("Confirm", new ConfirmModel()
+            {
+                Action = "Revoke the token",
+                Title = "Revoke the token",
+                Description = $"The access token with the label \"{token.Label}\" will be revoked, do you wish to continue?",
+                ButtonClass = "btn-danger"
+            });
+        }
+        [HttpPost]
+        [Route("{storeId}/tokens/{tokenId}/revoke")]
+        public async Task<IActionResult> RevokeTokenConfirm(string tokenId)
+        {
+            var token = await _TokenRepository.GetToken(tokenId);
+            if (token == null ||
+                token.StoreId != StoreData.Id ||
+               !await _TokenRepository.DeleteToken(tokenId))
+                StatusMessage = "Failure to revoke this token";
+            else
+                StatusMessage = "Token revoked";
+            return RedirectToAction(nameof(ListTokens));
+        }
+
+        [HttpGet]
+        [Route("{storeId}/tokens/{tokenId}")]
+        public async Task<IActionResult> ShowToken(string tokenId)
+        {
+            var token = await _TokenRepository.GetToken(tokenId);
+            if (token == null || token.StoreId != StoreData.Id)
+                return NotFound();
+            return View(token);
+        }
+
        [HttpPost]
        [Route("/api-tokens")]
        [Route("{storeId}/Tokens/Create")]
-        public async Task<IActionResult> CreateToken(string storeId, CreateTokenViewModel model)
+        [AllowAnonymous]
+        public async Task<IActionResult> CreateToken(CreateTokenViewModel model)
        {
            if (!ModelState.IsValid)
            {
                return View(model);
            }
            model.Label = model.Label ?? String.Empty;
-            storeId = model.StoreId ?? storeId;
            var userId = GetUserId();
            if (userId == null)
-                return Unauthorized();
-            var store = await _Repo.FindStore(storeId, userId);
-            if (store == null)
-                return Unauthorized();
-            if (store.Role != StoreRoles.Owner)
+                return Challenge(Policies.CookieAuthentication);
+
+            var store = StoreData;
+            var storeId = StoreData?.Id;
+            if (storeId == null)
            {
-                StatusMessage = "Error: You need to be owner of this store to request pairing codes";
-                return RedirectToAction(nameof(UserStoresController.ListStores), "UserStores");
+                storeId = model.StoreId;
+                store = await _Repo.FindStore(storeId, userId);
+                if (store == null)
+                    return Challenge(Policies.CookieAuthentication);
+            }
+
+            if (!store.HasClaim(Policies.CanModifyStoreSettings.Key))
+            {
+                return Challenge(Policies.CookieAuthentication);
            }

            var tokenRequest = new TokenRequest()
@ -408,15 +676,25 @@ namespace BTCPayServer.Controllers
        }

        public string GeneratedPairingCode { get; set; }
+        public IOptions<MvcJsonOptions> MvcJsonOptions { get; }

        [HttpGet]
        [Route("/api-tokens")]
        [Route("{storeId}/Tokens/Create")]
-        public async Task<IActionResult> CreateToken(string storeId)
+        [AllowAnonymous]
+        public async Task<IActionResult> CreateToken()
        {
            var userId = GetUserId();
            if (string.IsNullOrWhiteSpace(userId))
-                return Unauthorized();
+                return Challenge(Policies.CookieAuthentication);
+            var storeId = StoreData?.Id;
+            if (StoreData != null)
+            {
+                if (!StoreData.HasClaim(Policies.CanModifyStoreSettings.Key))
+                {
+                    return Challenge(Policies.CookieAuthentication);
+                }
+            }
            var model = new CreateTokenViewModel();
            model.Facade = "merchant";
            ViewBag.HidePublicKey = storeId == null;
@ -425,32 +703,37 @@ namespace BTCPayServer.Controllers
            model.StoreId = storeId;
            if (storeId == null)
            {
-                model.Stores = new SelectList(await _Repo.GetStoresByUserId(userId), nameof(StoreData.Id), nameof(StoreData.StoreName), storeId);
+                var stores = await _Repo.GetStoresByUserId(userId);
+                model.Stores = new SelectList(stores.Where(s => s.HasClaim(Policies.CanModifyStoreSettings.Key)), nameof(StoreData.Id), nameof(StoreData.StoreName), storeId);
+                if (model.Stores.Count() == 0)
+                {
+                    StatusMessage = "Error: You need to be owner of at least one store before pairing";
+                    return RedirectToAction(nameof(UserStoresController.ListStores), "UserStores");
+                }
            }
-
            return View(model);
        }

-
        [HttpPost]
-        [Route("{storeId}/Tokens/Delete")]
-        public async Task<IActionResult> DeleteToken(string storeId, string tokenId)
+        [Route("{storeId}/tokens/apikey")]
+        public async Task<IActionResult> GenerateAPIKey()
        {
-            var token = await _TokenRepository.GetToken(tokenId);
-            if (token == null ||
-                token.StoreId != storeId ||
-               !await _TokenRepository.DeleteToken(tokenId))
-                StatusMessage = "Failure to revoke this token";
-            else
-                StatusMessage = "Token revoked";
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+                return NotFound();
+            await _TokenRepository.GenerateLegacyAPIKey(StoreData.Id);
+            StatusMessage = "API Key re-generated";
            return RedirectToAction(nameof(ListTokens));
        }

-
        [HttpGet]
        [Route("/api-access-request")]
+        [AllowAnonymous]
        public async Task<IActionResult> RequestPairing(string pairingCode, string selectedStore = null)
        {
+            var userId = GetUserId();
+            if (userId == null)
+                return Challenge(Policies.CookieAuthentication);
            if (pairingCode == null)
                return NotFound();
            var pairing = await _TokenRepository.GetPairingAsync(pairingCode);
@ -461,7 +744,7 @@ namespace BTCPayServer.Controllers
            }
            else
            {
-                var stores = await _Repo.GetStoresByUserId(GetUserId());
+                var stores = await _Repo.GetStoresByUserId(userId);
                return View(new PairingModel()
                {
                    Id = pairing.Id,
@ -469,7 +752,7 @@ namespace BTCPayServer.Controllers
                    Label = pairing.Label,
                    SIN = pairing.SIN ?? "Server-Initiated Pairing",
                    SelectedStore = selectedStore ?? stores.FirstOrDefault()?.Id,
-                    Stores = stores.Select(s => new PairingModel.StoreViewModel()
+                    Stores = stores.Where(u => u.HasClaim(Policies.CanModifyStoreSettings.Key)).Select(s => new PairingModel.StoreViewModel()
                    {
                        Id = s.Id,
                        Name = string.IsNullOrEmpty(s.StoreName) ? s.Id : s.StoreName
@ -480,19 +763,22 @@ namespace BTCPayServer.Controllers

        [HttpPost]
        [Route("/api-access-request")]
+        [AllowAnonymous]
        public async Task<IActionResult> Pair(string pairingCode, string selectedStore)
        {
            if (pairingCode == null)
                return NotFound();
-            var store = await _Repo.FindStore(selectedStore, GetUserId());
+            var userId = GetUserId();
+            if (userId == null)
+                return Challenge(Policies.CookieAuthentication);
+            var store = await _Repo.FindStore(selectedStore, userId);
            var pairing = await _TokenRepository.GetPairingAsync(pairingCode);
            if (store == null || pairing == null)
                return NotFound();

-            if (store.Role != StoreRoles.Owner)
+            if (!store.HasClaim(Policies.CanModifyStoreSettings.Key))
            {
-                StatusMessage = "Error: You can't approve a pairing without being owner of the store";
-                return RedirectToAction(nameof(UserStoresController.ListStores), "UserStores");
+                return Challenge(Policies.CookieAuthentication);
            }

            var pairingResult = await _TokenRepository.PairWithStoreAsync(pairingCode, store.Id);
@ -503,7 +789,8 @@ namespace BTCPayServer.Controllers
                    StatusMessage = "Server initiated pairing code: " + pairingCode;
                return RedirectToAction(nameof(ListTokens), new
                {
-                    storeId = store.Id
+                    storeId = store.Id,
+                    pairingCode = pairingCode
                });
            }
            else
@ -518,7 +805,58 @@ namespace BTCPayServer.Controllers

        private string GetUserId()
        {
+            if (User.Identity.AuthenticationType != Policies.CookieAuthentication)
+                return null;
            return _UserManager.GetUserId(User);
        }
+
+
+
+        // TODO: Need to have talk about how architect default currency implementation
+        // For now we have also hardcoded USD for Store creation and then Invoice creation
+        const string DEFAULT_CURRENCY = "USD";
+
+        [Route("{storeId}/paybutton")]
+        public IActionResult PayButton()
+        {
+            var store = StoreData;
+
+            var storeBlob = store.GetStoreBlob();
+            if (!storeBlob.AnyoneCanInvoice)
+            {
+                return View("PayButtonEnable", null);
+            }
+
+            var appUrl = HttpContext.Request.GetAbsoluteRoot().WithTrailingSlash();
+            var model = new PayButtonViewModel
+            {
+                Price = 10,
+                Currency = DEFAULT_CURRENCY,
+                ButtonSize = 2,
+                UrlRoot = appUrl,
+                PayButtonImageUrl = appUrl + "img/paybutton/pay.png",
+                StoreId = store.Id
+            };
+            return View(model);
+        }
+
+        [HttpPost]
+        [Route("{storeId}/paybutton")]
+        public async Task<IActionResult> PayButton(bool enableStore)
+        {
+            var blob = StoreData.GetStoreBlob();
+            blob.AnyoneCanInvoice = enableStore;
+            if (StoreData.SetStoreBlob(blob))
+            {
+                await _Repo.UpdateStore(StoreData);
+                StatusMessage = "Store successfully updated";
+            }
+
+            return RedirectToAction(nameof(PayButton), new
+            {
+                storeId = StoreData.Id
+            });
+
+        }
    }
 }
--- a/BTCPayServer/Controllers/UserStoresController.cs
+++ b/BTCPayServer/Controllers/UserStoresController.cs
@ -5,6 +5,7 @@ using System.Threading;
 using System.Threading.Tasks;
 using BTCPayServer.Models;
 using BTCPayServer.Models.StoreViewModels;
+using BTCPayServer.Security;
 using BTCPayServer.Services.Stores;
 using BTCPayServer.Services.Wallets;
 using Microsoft.AspNetCore.Authorization;
@ -15,40 +16,23 @@ using NBXplorer.DerivationStrategy;
 namespace BTCPayServer.Controllers
 {
    [Route("stores")]
-    [Authorize(AuthenticationSchemes = "Identity.Application")]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
    [AutoValidateAntiforgeryToken]
    public partial class UserStoresController : Controller
    {
        private StoreRepository _Repo;
        private BTCPayNetworkProvider _NetworkProvider;
        private UserManager<ApplicationUser> _UserManager;
-        private BTCPayWalletProvider _WalletProvider;

        public UserStoresController(
            UserManager<ApplicationUser> userManager,
            BTCPayNetworkProvider networkProvider,
-            BTCPayWalletProvider walletProvider,
            StoreRepository storeRepository)
        {
            _Repo = storeRepository;
            _NetworkProvider = networkProvider;
            _UserManager = userManager;
-            _WalletProvider = walletProvider;
-        }
-        [HttpGet]
-        [Route("{storeId}/delete")]
-        public async Task<IActionResult> DeleteStore(string storeId)
-        {
-            var store = await _Repo.FindStore(storeId, GetUserId());
-            if (store == null)
-                return NotFound();
-            return View("Confirm", new ConfirmModel()
-            {
-                Title = "Delete store " + store.StoreName,
-                Description = "This store will still be accessible to users sharing it",
-                Action = "Delete"
-            });
-        }
+        }        

        [HttpGet]
        [Route("create")]
@ -62,12 +46,27 @@ namespace BTCPayServer.Controllers
            get; set;
        }

+        [HttpGet]
+        [Route("{storeId}/me/delete")]
+        public IActionResult DeleteStore(string storeId)
+        {
+            var store = HttpContext.GetStoreData();
+            if (store == null)
+                return NotFound();
+            return View("Confirm", new ConfirmModel()
+            {
+                Title = "Delete store " + store.StoreName,
+                Description = "This store will still be accessible to users sharing it",
+                Action = "Delete"
+            });
+        }
+
        [HttpPost]
-        [Route("{storeId}/delete")]
+        [Route("{storeId}/me/delete")]
        public async Task<IActionResult> DeleteStorePost(string storeId)
        {
            var userId = GetUserId();
-            var store = await _Repo.FindStore(storeId, GetUserId());
+            var store = HttpContext.GetStoreData();
            if (store == null)
                return NotFound();
            await _Repo.RemoveStore(storeId, userId);
@ -83,17 +82,6 @@ namespace BTCPayServer.Controllers
        {
            StoresViewModel result = new StoresViewModel();
            var stores = await _Repo.GetStoresByUserId(GetUserId());
-
-            var balances = stores
-                                .Select(s => s.GetSupportedPaymentMethods(_NetworkProvider)
-                                              .OfType<DerivationStrategy>()
-                                              .Select(d => ((Wallet: _WalletProvider.GetWallet(d.Network),
-                                                            DerivationStrategy: d.DerivationStrategyBase)))
-                                              .Where(_ => _.Wallet != null)
-                                              .Select(async _ => (await GetBalanceString(_)) + " " + _.Wallet.Network.CryptoCode))
-                                .ToArray();
-
-            await Task.WhenAll(balances.SelectMany(_ => _));
            for (int i = 0; i < stores.Length; i++)
            {
                var store = stores[i];
@ -102,8 +90,7 @@ namespace BTCPayServer.Controllers
                    Id = store.Id,
                    Name = store.StoreName,
                    WebSite = store.StoreWebsite,
-                    IsOwner = store.Role == StoreRoles.Owner,
-                    Balances = store.Role == StoreRoles.Owner ? balances[i].Select(t => t.Result).ToArray() : Array.Empty<string>()
+                    IsOwner = store.HasClaim(Policies.CanModifyStoreSettings.Key)
                });
            }
            return View(result);
@ -120,25 +107,12 @@ namespace BTCPayServer.Controllers
            var store = await _Repo.CreateStore(GetUserId(), vm.Name);
            CreatedStoreId = store.Id;
            StatusMessage = "Store successfully created";
-            return RedirectToAction(nameof(ListStores));
-        }
-
-        private static async Task<string> GetBalanceString((BTCPayWallet Wallet, DerivationStrategyBase DerivationStrategy) _)
-        {
-            using (CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(10)))
+            return RedirectToAction(nameof(StoresController.UpdateStore), "Stores", new
            {
-                try
-                {
-                    return (await _.Wallet.GetBalance(_.DerivationStrategy, cts.Token)).ToString();
-                }
-                catch
-                {
-                    return "--";
-                }
-            }
+                storeId = store.Id
+            });
        }

-
        private string GetUserId()
        {
            return _UserManager.GetUserId(User);
--- a/BTCPayServer/Controllers/WalletsController.cs
+++ b/BTCPayServer/Controllers/WalletsController.cs
@ -0,0 +1,642 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Net.WebSockets;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Data;
+using BTCPayServer.HostedServices;
+using BTCPayServer.ModelBinders;
+using BTCPayServer.Models;
+using BTCPayServer.Models.WalletViewModels;
+using BTCPayServer.Security;
+using BTCPayServer.Services;
+using BTCPayServer.Services.Rates;
+using BTCPayServer.Services.Stores;
+using BTCPayServer.Services.Wallets;
+using LedgerWallet;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using NBitcoin;
+using NBXplorer.DerivationStrategy;
+using NBXplorer.Models;
+using Newtonsoft.Json;
+using static BTCPayServer.Controllers.StoresController;
+
+namespace BTCPayServer.Controllers
+{
+    [Route("wallets")]
+    [Authorize(AuthenticationSchemes = Policies.CookieAuthentication)]
+    [AutoValidateAntiforgeryToken]
+    public partial class WalletsController : Controller
+    {
+        public StoreRepository Repository { get; }
+        public BTCPayNetworkProvider NetworkProvider { get; }
+        public ExplorerClientProvider ExplorerClientProvider { get; }
+
+        private readonly UserManager<ApplicationUser> _userManager;
+        private readonly IOptions<MvcJsonOptions> _mvcJsonOptions;
+        private readonly NBXplorerDashboard _dashboard;
+
+        private readonly IFeeProviderFactory _feeRateProvider;
+        private readonly BTCPayWalletProvider _walletProvider;
+        public RateFetcher RateFetcher { get; }
+        [TempData]
+        public string StatusMessage { get; set; }
+
+        CurrencyNameTable _currencyTable;
+        public WalletsController(StoreRepository repo,
+                                 CurrencyNameTable currencyTable,
+                                 BTCPayNetworkProvider networkProvider,
+                                 UserManager<ApplicationUser> userManager,
+                                 IOptions<MvcJsonOptions> mvcJsonOptions,
+                                 NBXplorerDashboard dashboard,
+                                 RateFetcher rateProvider,
+                                 ExplorerClientProvider explorerProvider,
+                                 IFeeProviderFactory feeRateProvider,
+                                 BTCPayWalletProvider walletProvider)
+        {
+            _currencyTable = currencyTable;
+            Repository = repo;
+            RateFetcher = rateProvider;
+            NetworkProvider = networkProvider;
+            _userManager = userManager;
+            _mvcJsonOptions = mvcJsonOptions;
+            _dashboard = dashboard;
+            ExplorerClientProvider = explorerProvider;
+            _feeRateProvider = feeRateProvider;
+            _walletProvider = walletProvider;
+        }
+
+        public async Task<IActionResult> ListWallets()
+        {
+            var wallets = new ListWalletsViewModel();
+            var stores = await Repository.GetStoresByUserId(GetUserId());
+
+            var onChainWallets = stores
+                                .SelectMany(s => s.GetSupportedPaymentMethods(NetworkProvider)
+                                              .OfType<DerivationStrategy>()
+                                              .Select(d => ((Wallet: _walletProvider.GetWallet(d.Network),
+                                                            DerivationStrategy: d.DerivationStrategyBase,
+                                                            Network: d.Network)))
+                                              .Where(_ => _.Wallet != null)
+                                              .Select(_ => (Wallet: _.Wallet,
+                                                            Store: s,
+                                                            Balance: GetBalanceString(_.Wallet, _.DerivationStrategy),
+                                                            DerivationStrategy: _.DerivationStrategy,
+                                                            Network: _.Network)))
+                                              .ToList();
+
+            foreach (var wallet in onChainWallets)
+            {
+                ListWalletsViewModel.WalletViewModel walletVm = new ListWalletsViewModel.WalletViewModel();
+                wallets.Wallets.Add(walletVm);
+                walletVm.Balance = await wallet.Balance + " " + wallet.Wallet.Network.CryptoCode;
+                if (!wallet.Store.HasClaim(Policies.CanModifyStoreSettings.Key))
+                {
+                    walletVm.Balance = "";
+                }
+                walletVm.CryptoCode = wallet.Network.CryptoCode;
+                walletVm.StoreId = wallet.Store.Id;
+                walletVm.Id = new WalletId(wallet.Store.Id, wallet.Network.CryptoCode);
+                walletVm.StoreName = wallet.Store.StoreName;
+                walletVm.IsOwner = wallet.Store.HasClaim(Policies.CanModifyStoreSettings.Key);
+            }
+
+            return View(wallets);
+        }
+
+        [HttpGet]
+        [Route("{walletId}")]
+        public async Task<IActionResult> WalletTransactions(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId)
+        {
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+
+            var wallet = _walletProvider.GetWallet(paymentMethod.Network);
+            var transactions = await wallet.FetchTransactions(paymentMethod.DerivationStrategyBase);
+
+            var model = new ListTransactionsViewModel();
+            foreach (var tx in transactions.UnconfirmedTransactions.Transactions.Concat(transactions.ConfirmedTransactions.Transactions))
+            {
+                var vm = new ListTransactionsViewModel.TransactionViewModel();
+                model.Transactions.Add(vm);
+                vm.Id = tx.TransactionId.ToString();
+                vm.Link = string.Format(CultureInfo.InvariantCulture, paymentMethod.Network.BlockExplorerLink, vm.Id);
+                vm.Timestamp = tx.Timestamp;
+                vm.Positive = tx.BalanceChange >= Money.Zero;
+                vm.Balance = tx.BalanceChange.ToString();
+                vm.IsConfirmed = tx.Confirmations != 0;
+            }
+            model.Transactions = model.Transactions.OrderByDescending(t => t.Timestamp).ToList();
+            return View(model);
+        }
+
+
+        [HttpGet]
+        [Route("{walletId}/send")]
+        public async Task<IActionResult> WalletSend(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId, string defaultDestination = null, string defaultAmount = null)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+            var network = this.NetworkProvider.GetNetwork(walletId?.CryptoCode);
+            if (network == null)
+                return NotFound();
+            var storeData = store.GetStoreBlob();
+            var rateRules = store.GetStoreBlob().GetRateRules(NetworkProvider);
+            rateRules.Spread = 0.0m;
+            var currencyPair = new Rating.CurrencyPair(paymentMethod.PaymentId.CryptoCode, GetCurrencyCode(storeData.DefaultLang) ?? "USD");
+            WalletSendModel model = new WalletSendModel()
+            {
+                Destination = defaultDestination,
+                CryptoCode = walletId.CryptoCode
+            };
+            if (double.TryParse(defaultAmount, out var amount))
+                model.Amount = (decimal)amount;
+
+            var feeProvider = _feeRateProvider.CreateFeeProvider(network);
+            var recommendedFees = feeProvider.GetFeeRateAsync();
+            var balance = _walletProvider.GetWallet(network).GetBalance(paymentMethod.DerivationStrategyBase);
+            model.CurrentBalance = (await balance).ToDecimal(MoneyUnit.BTC);
+            model.RecommendedSatoshiPerByte = (int)(await recommendedFees).GetFee(1).Satoshi;
+            model.FeeSatoshiPerByte = model.RecommendedSatoshiPerByte;
+
+            using (CancellationTokenSource cts = new CancellationTokenSource())
+            {
+                try
+                {
+                    cts.CancelAfter(TimeSpan.FromSeconds(5));
+                    var result = await RateFetcher.FetchRate(currencyPair, rateRules).WithCancellation(cts.Token);
+                    if (result.BidAsk != null)
+                    {
+                        model.Rate = result.BidAsk.Center;
+                        model.Divisibility = _currencyTable.GetNumberFormatInfo(currencyPair.Right, true).CurrencyDecimalDigits;
+                        model.Fiat = currencyPair.Right;
+                    }
+                    else
+                    {
+                        model.RateError = $"{result.EvaluatedRule} ({string.Join(", ", result.Errors.OfType<object>().ToArray())})";
+                    }
+                }
+                catch (Exception ex) { model.RateError = ex.Message; }
+            }
+            return View(model);
+        }
+
+        [HttpPost]
+        [Route("{walletId}/send")]
+        public async Task<IActionResult> WalletSend(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId, WalletSendModel vm)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            if (store == null)
+                return NotFound();
+            var network = this.NetworkProvider.GetNetwork(walletId?.CryptoCode);
+            if (network == null)
+                return NotFound();
+            var destination = ParseDestination(vm.Destination, network.NBitcoinNetwork);
+            if (destination == null)
+                ModelState.AddModelError(nameof(vm.Destination), "Invalid address");
+
+            if (vm.Amount.HasValue)
+            {
+                if (vm.CurrentBalance == vm.Amount.Value && !vm.SubstractFees)
+                    ModelState.AddModelError(nameof(vm.Amount), "You are sending all your balance to the same destination, you should substract the fees");
+                if (vm.CurrentBalance < vm.Amount.Value)
+                    ModelState.AddModelError(nameof(vm.Amount), "You are sending more than what you own");
+            }
+            if (!ModelState.IsValid)
+                return View(vm);
+
+            return RedirectToAction(nameof(WalletSendLedger), new WalletSendLedgerModel()
+            {
+                Destination = vm.Destination,
+                Amount = vm.Amount.Value,
+                SubstractFees = vm.SubstractFees,
+                FeeSatoshiPerByte = vm.FeeSatoshiPerByte
+            });
+        }
+
+        [HttpGet]
+        [Route("{walletId}/send/ledger")]
+        public async Task<IActionResult> WalletSendLedger(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId, WalletSendLedgerModel vm)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+            var network = this.NetworkProvider.GetNetwork(walletId?.CryptoCode);
+            if (network == null)
+                return NotFound();
+            return View(vm);
+        }
+
+        private IDestination[] ParseDestination(string destination, Network network)
+        {
+            try
+            {
+                destination = destination?.Trim();
+                return new IDestination[] { BitcoinAddress.Create(destination, network) };
+            }
+            catch
+            {
+                return null;
+            }
+        }
+
+        [HttpGet]
+        [Route("{walletId}/rescan")]
+        public async Task<IActionResult> WalletRescan(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+
+            var vm = new RescanWalletModel();
+            vm.IsFullySync = _dashboard.IsFullySynched(walletId.CryptoCode, out var unused);
+            // We need to ensure it is segwit, 
+            // because hardware wallet support need the parent transactions to sign, which NBXplorer don't have. (Nor does a pruned node)
+            vm.IsSegwit = paymentMethod.DerivationStrategyBase.IsSegwit();
+            vm.IsServerAdmin = User.Claims.Any(c => c.Type == Policies.CanModifyServerSettings.Key && c.Value == "true");
+            vm.IsSupportedByCurrency = _dashboard.Get(walletId.CryptoCode)?.Status?.BitcoinStatus?.Capabilities?.CanScanTxoutSet == true;
+            var explorer = ExplorerClientProvider.GetExplorerClient(walletId.CryptoCode);
+            var scanProgress = await explorer.GetScanUTXOSetInformationAsync(paymentMethod.DerivationStrategyBase);
+            if (scanProgress != null)
+            {
+                vm.PreviousError = scanProgress.Error;
+                if (scanProgress.Status == ScanUTXOStatus.Queued || scanProgress.Status == ScanUTXOStatus.Pending)
+                {
+                    if (scanProgress.Progress == null)
+                    {
+                        vm.Progress = 0;
+                    }
+                    else
+                    {
+                        vm.Progress = scanProgress.Progress.OverallProgress;
+                        vm.RemainingTime = TimeSpan.FromSeconds(scanProgress.Progress.RemainingSeconds).PrettyPrint();
+                    }
+                }
+                if (scanProgress.Status == ScanUTXOStatus.Complete)
+                {
+                    vm.LastSuccess = scanProgress.Progress;
+                    vm.TimeOfScan = (scanProgress.Progress.CompletedAt.Value - scanProgress.Progress.StartedAt).PrettyPrint();
+                }
+            }
+            return View(vm);
+        }
+
+        [HttpPost]
+        [Route("{walletId}/rescan")]
+        [Authorize(Policy = Policies.CanModifyServerSettings.Key)]
+        public async Task<IActionResult> WalletRescan(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId, RescanWalletModel vm)
+        {
+            if (walletId?.StoreId == null)
+                return NotFound();
+            var store = await Repository.FindStore(walletId.StoreId, GetUserId());
+            DerivationStrategy paymentMethod = GetPaymentMethod(walletId, store);
+            if (paymentMethod == null)
+                return NotFound();
+            var explorer = ExplorerClientProvider.GetExplorerClient(walletId.CryptoCode);
+            try
+            {
+                await explorer.ScanUTXOSetAsync(paymentMethod.DerivationStrategyBase, vm.BatchSize, vm.GapLimit, vm.StartingIndex);
+            }
+            catch (NBXplorerException ex) when (ex.Error.Code == "scanutxoset-in-progress")
+            {
+
+            }
+            return RedirectToAction();
+        }
+
+        private string GetCurrencyCode(string defaultLang)
+        {
+            if (defaultLang == null)
+                return null;
+            try
+            {
+                var ri = new RegionInfo(defaultLang);
+                return ri.ISOCurrencySymbol;
+            }
+            catch (ArgumentException) { }
+            return null;
+        }
+
+        private DerivationStrategy GetPaymentMethod(WalletId walletId, StoreData store)
+        {
+            if (store == null || !store.HasClaim(Policies.CanModifyStoreSettings.Key))
+                return null;
+
+            var paymentMethod = store
+                            .GetSupportedPaymentMethods(NetworkProvider)
+                            .OfType<DerivationStrategy>()
+                            .FirstOrDefault(p => p.PaymentId.PaymentType == Payments.PaymentTypes.BTCLike && p.PaymentId.CryptoCode == walletId.CryptoCode);
+            return paymentMethod;
+        }
+
+        private static async Task<string> GetBalanceString(BTCPayWallet wallet, DerivationStrategyBase derivationStrategy)
+        {
+            using (CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(10)))
+            {
+                try
+                {
+                    return (await wallet.GetBalance(derivationStrategy, cts.Token)).ToString();
+                }
+                catch
+                {
+                    return "--";
+                }
+            }
+        }
+
+        private string GetUserId()
+        {
+            return _userManager.GetUserId(User);
+        }
+
+        [HttpGet]
+        [Route("{walletId}/send/ledger/success")]
+        public IActionResult WalletSendLedgerSuccess(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId,
+            string txid)
+        {
+            StatusMessage = $"Transaction broadcasted ({txid})";
+            return RedirectToAction(nameof(this.WalletTransactions), new { walletId = walletId.ToString() });
+        }
+
+        [HttpGet]
+        [Route("{walletId}/send/ledger/ws")]
+        public async Task<IActionResult> LedgerConnection(
+            [ModelBinder(typeof(WalletIdModelBinder))]
+            WalletId walletId,
+            string command,
+            // getinfo
+            // getxpub
+            int account = 0,
+            // sendtoaddress
+            string destination = null, string amount = null, string feeRate = null, string substractFees = null
+            )
+        {
+            if (!HttpContext.WebSockets.IsWebSocketRequest)
+                return NotFound();
+
+            var cryptoCode = walletId.CryptoCode;
+            var storeBlob = (await Repository.FindStore(walletId.StoreId, GetUserId()));
+            var derivationScheme = GetPaymentMethod(walletId, storeBlob).DerivationStrategyBase;
+
+            var webSocket = await HttpContext.WebSockets.AcceptWebSocketAsync();
+
+            using (var normalOperationTimeout = new CancellationTokenSource())
+            using (var signTimeout = new CancellationTokenSource())
+            {
+                normalOperationTimeout.CancelAfter(TimeSpan.FromMinutes(30));
+                var hw = new HardwareWalletService(webSocket);
+                object result = null;
+                try
+                {
+                    BTCPayNetwork network = null;
+                    if (cryptoCode != null)
+                    {
+                        network = NetworkProvider.GetNetwork(cryptoCode);
+                        if (network == null)
+                            throw new FormatException("Invalid value for crypto code");
+                    }
+
+                    BitcoinAddress destinationAddress = null;
+                    if (destination != null)
+                    {
+                        try
+                        {
+                            destinationAddress = BitcoinAddress.Create(destination, network.NBitcoinNetwork);
+                        }
+                        catch { }
+                        if (destinationAddress == null)
+                            throw new FormatException("Invalid value for destination");
+                    }
+
+                    FeeRate feeRateValue = null;
+                    if (feeRate != null)
+                    {
+                        try
+                        {
+                            feeRateValue = new FeeRate(Money.Satoshis(int.Parse(feeRate, CultureInfo.InvariantCulture)), 1);
+                        }
+                        catch { }
+                        if (feeRateValue == null || feeRateValue.FeePerK <= Money.Zero)
+                            throw new FormatException("Invalid value for fee rate");
+                    }
+
+                    Money amountBTC = null;
+                    if (amount != null)
+                    {
+                        try
+                        {
+                            amountBTC = Money.Parse(amount);
+                        }
+                        catch { }
+                        if (amountBTC == null || amountBTC <= Money.Zero)
+                            throw new FormatException("Invalid value for amount");
+                    }
+
+                    bool subsctractFeesValue = false;
+                    if (substractFees != null)
+                    {
+                        try
+                        {
+                            subsctractFeesValue = bool.Parse(substractFees);
+                        }
+                        catch { throw new FormatException("Invalid value for subtract fees"); }
+                    }
+                    if (command == "getinfo")
+                    {
+                        var strategy = GetDirectDerivationStrategy(derivationScheme);
+                        if (strategy == null || await hw.GetKeyPath(network, strategy, normalOperationTimeout.Token) == null)
+                        {
+                            throw new Exception($"This store is not configured to use this ledger");
+                        }
+                        result = new GetInfoResult();
+                    }
+                    if (command == "test")
+                    {
+                        result = await hw.Test(normalOperationTimeout.Token);
+                    }
+                    if (command == "sendtoaddress")
+                    {
+                        if (!_dashboard.IsFullySynched(network.CryptoCode, out var summary))
+                            throw new Exception($"{network.CryptoCode}: not started or fully synched");
+                        var strategy = GetDirectDerivationStrategy(derivationScheme);
+                        var wallet = _walletProvider.GetWallet(network);
+                        var change = wallet.GetChangeAddressAsync(derivationScheme);
+
+                        var unspentCoins = await wallet.GetUnspentCoins(derivationScheme);
+                        var changeAddress = await change;
+                        var send = new[] { (
+                        destination: destinationAddress as IDestination,
+                        amount: amountBTC,
+                        substractFees: subsctractFeesValue) };
+
+                        foreach (var element in send)
+                        {
+                            if (element.destination == null)
+                                throw new ArgumentNullException(nameof(element.destination));
+                            if (element.amount == null)
+                                throw new ArgumentNullException(nameof(element.amount));
+                            if (element.amount <= Money.Zero)
+                                throw new ArgumentOutOfRangeException(nameof(element.amount), "The amount should be above zero");
+                        }
+
+                        var foundKeyPath = await hw.GetKeyPath(network, strategy, normalOperationTimeout.Token);
+                        if (foundKeyPath == null)
+                        {
+                            throw new HardwareWalletException($"This store is not configured to use this ledger");
+                        }
+
+                        TransactionBuilder builder = network.NBitcoinNetwork.CreateTransactionBuilder();
+                        builder.StandardTransactionPolicy.MinRelayTxFee = summary.Status.BitcoinStatus.MinRelayTxFee;
+                        builder.AddCoins(unspentCoins.Select(c => c.Coin).ToArray());
+
+                        foreach (var element in send)
+                        {
+                            builder.Send(element.destination, element.amount);
+                            if (element.substractFees)
+                                builder.SubtractFees();
+                        }
+                        builder.SetChange(changeAddress.Item1);
+
+                        if (network.MinFee == null)
+                        {
+                            builder.SendEstimatedFees(feeRateValue);
+                        }
+                        else
+                        {
+                            var estimatedFee = builder.EstimateFees(feeRateValue);
+                            if (network.MinFee > estimatedFee)
+                                builder.SendFees(network.MinFee);
+                            else
+                                builder.SendEstimatedFees(feeRateValue);
+                        }
+                        var unsigned = builder.BuildTransaction(false);
+
+                        var keypaths = new Dictionary<Script, KeyPath>();
+                        foreach (var c in unspentCoins)
+                        {
+                            keypaths.TryAdd(c.Coin.ScriptPubKey, c.KeyPath);
+                        }
+
+                        var hasChange = unsigned.Outputs.Count == 2;
+                        var usedCoins = builder.FindSpentCoins(unsigned);
+
+                        Dictionary<uint256, Transaction> parentTransactions = new Dictionary<uint256, Transaction>();
+
+                        if (!strategy.Segwit)
+                        {
+                            var parentHashes = usedCoins.Select(c => c.Outpoint.Hash).ToHashSet();
+                            var explorer = ExplorerClientProvider.GetExplorerClient(network);
+                            var getTransactionAsyncs = parentHashes.Select(h => (Op: explorer.GetTransactionAsync(h), Hash: h)).ToList();
+                            foreach (var getTransactionAsync in getTransactionAsyncs)
+                            {
+                                var tx = (await getTransactionAsync.Op);
+                                if (tx == null)
+                                    throw new Exception($"Parent transaction {getTransactionAsync.Hash} not found");
+                                parentTransactions.Add(tx.Transaction.GetHash(), tx.Transaction);
+                            }
+                        }
+
+
+                        signTimeout.CancelAfter(TimeSpan.FromMinutes(5));
+                        var transaction = await hw.SignTransactionAsync(usedCoins.Select(c => new SignatureRequest
+                        {
+                            InputTransaction = parentTransactions.TryGet(c.Outpoint.Hash),
+                            InputCoin = c,
+                            KeyPath = foundKeyPath.Derive(keypaths[c.TxOut.ScriptPubKey]),
+                            PubKey = strategy.Root.Derive(keypaths[c.TxOut.ScriptPubKey]).PubKey
+                        }).ToArray(), unsigned, hasChange ? foundKeyPath.Derive(changeAddress.Item2) : null, signTimeout.Token);
+                        try
+                        {
+                            var broadcastResult = await wallet.BroadcastTransactionsAsync(new List<Transaction>() { transaction });
+                            if (!broadcastResult[0].Success)
+                            {
+                                throw new Exception($"RPC Error while broadcasting: {broadcastResult[0].RPCCode} {broadcastResult[0].RPCCodeMessage} {broadcastResult[0].RPCMessage}");
+                            }
+                        }
+                        catch (Exception ex)
+                        {
+                            throw new Exception("Error while broadcasting: " + ex.Message);
+                        }
+                        wallet.InvalidateCache(derivationScheme);
+                        result = new SendToAddressResult() { TransactionId = transaction.GetHash().ToString() };
+                    }
+                }
+                catch (OperationCanceledException)
+                { result = new LedgerTestResult() { Success = false, Error = "Timeout" }; }
+                catch (Exception ex)
+                { result = new LedgerTestResult() { Success = false, Error = ex.Message }; }
+                finally { hw.Dispose(); }
+                try
+                {
+                    if (result != null)
+                    {
+                        UTF8Encoding UTF8NOBOM = new UTF8Encoding(false);
+                        var bytes = UTF8NOBOM.GetBytes(JsonConvert.SerializeObject(result, _mvcJsonOptions.Value.SerializerSettings));
+                        await webSocket.SendAsync(new ArraySegment<byte>(bytes), WebSocketMessageType.Text, true, new CancellationTokenSource(2000).Token);
+                    }
+                }
+                catch { }
+                finally
+                {
+                    await webSocket.CloseSocket();
+                }
+            }
+            return new EmptyResult();
+        }
+
+        private DirectDerivationStrategy GetDirectDerivationStrategy(DerivationStrategyBase strategy)
+        {
+            if (strategy == null)
+                throw new Exception("The derivation scheme is not provided");
+            var directStrategy = strategy as DirectDerivationStrategy;
+            if (directStrategy == null)
+                directStrategy = (strategy as P2SHDerivationStrategy).Inner as DirectDerivationStrategy;
+            return directStrategy;
+        }
+    }
+
+
+    public class GetInfoResult
+    {
+    }
+
+    public class SendToAddressResult
+    {
+        public string TransactionId { get; set; }
+    }
+}
--- a/BTCPayServer/CorsPolicies.cs
+++ b/BTCPayServer/CorsPolicies.cs
@ -0,0 +1,12 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer
+{
+    public static class CorsPolicies
+    {
+        public const string All = "BTCPAY_ALL";
+    }
+}
--- a/BTCPayServer/CurrencyValue.cs
+++ b/BTCPayServer/CurrencyValue.cs
@ -0,0 +1,44 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+using BTCPayServer.Services.Rates;
+
+namespace BTCPayServer
+{
+    public class CurrencyValue
+    {
+        static Regex _Regex = new Regex("^([0-9]+(\\.[0-9]+)?)\\s*([a-zA-Z]+)$");
+        static CurrencyNameTable _CurrencyTable = new CurrencyNameTable();
+        public static bool TryParse(string str, out CurrencyValue value)
+        {
+            value = null;
+            var match = _Regex.Match(str);
+            if (!match.Success ||
+                !decimal.TryParse(match.Groups[1].Value, out var v))
+                return false;
+
+            var currency = match.Groups.Last().Value.ToUpperInvariant();
+            var currencyData = _CurrencyTable.GetCurrencyData(currency, false);
+            if (currencyData == null)
+                return false;
+            v = Math.Round(v, currencyData.Divisibility);
+            value = new CurrencyValue()
+            {
+                Value = v,
+                Currency = currency
+            };
+            return true;
+        }
+
+        public decimal Value { get; set; }
+        public string Currency { get; set; }
+
+        public override string ToString()
+        {
+            return Value.ToString(CultureInfo.InvariantCulture) + " " + Currency;
+        }
+    }
+}
--- a/BTCPayServer/Data/APIKeyData.cs
+++ b/BTCPayServer/Data/APIKeyData.cs
@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer.Data
+{
+    public class APIKeyData
+    {
+        [MaxLength(50)]
+        public string Id
+        {
+            get; set;
+        }
+
+        [MaxLength(50)]
+        public string StoreId
+        {
+            get; set;
+        }
+
+        public StoreData StoreData { get; set; }
+    }
+}
--- a/BTCPayServer/Data/AppData.cs
+++ b/BTCPayServer/Data/AppData.cs
@ -0,0 +1,40 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Newtonsoft.Json;
+
+namespace BTCPayServer.Data
+{
+    public class AppData
+    {
+        public string Id { get; set; }
+        public string Name { get; set; }
+        public string StoreDataId
+        {
+            get; set;
+        }
+        public string AppType { get; set; }
+        public StoreData StoreData
+        {
+            get; set;
+        }
+        public DateTimeOffset Created
+        {
+            get; set;
+        }
+        public string Settings { get; set; }
+
+        public T GetSettings<T>() where T : class, new()
+        {
+            if (String.IsNullOrEmpty(Settings))
+                return new T();
+            return JsonConvert.DeserializeObject<T>(Settings);
+        }
+
+        public void SetSettings(object value)
+        {
+            Settings = value == null ? null : JsonConvert.SerializeObject(value);
+        }
+    }
+}
--- a/BTCPayServer/Data/ApplicationDbContext.cs
+++ b/BTCPayServer/Data/ApplicationDbContext.cs
@ -26,6 +26,11 @@ namespace BTCPayServer.Data
            get; set;
        }

+        public DbSet<AppData> Apps
+        {
+            get; set;
+        }
+
        public DbSet<InvoiceEventData> InvoiceEvents
        {
            get; set;
@ -81,6 +86,11 @@ namespace BTCPayServer.Data
            get; set;
        }

+        public DbSet<APIKeyData> ApiKeys
+        {
+            get; set;
+        }
+
        protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
        {
            var isConfigured = optionsBuilder.Options.Extensions.OfType<RelationalOptionsExtension>().Any();
@ -92,14 +102,27 @@ namespace BTCPayServer.Data
        {
            base.OnModelCreating(builder);
            builder.Entity<InvoiceData>()
-                .HasIndex(o => o.StoreDataId);
+                .HasOne(o => o.StoreData)
+                .WithMany(a => a.Invoices).OnDelete(DeleteBehavior.Cascade);
+            builder.Entity<InvoiceData>().HasIndex(o => o.StoreDataId);
+

            builder.Entity<PaymentData>()
-                .HasIndex(o => o.InvoiceDataId);
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.Payments).OnDelete(DeleteBehavior.Cascade);
+            builder.Entity<PaymentData>()
+                   .HasIndex(o => o.InvoiceDataId);

+
+            builder.Entity<RefundAddressesData>()
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.RefundAddresses).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<RefundAddressesData>()
                .HasIndex(o => o.InvoiceDataId);

+            builder.Entity<UserStore>()
+                   .HasOne(o => o.StoreData)
+                   .WithMany(i => i.UserStores).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<UserStore>()
                   .HasKey(t => new
                   {
@ -107,6 +130,19 @@ namespace BTCPayServer.Data
                       t.StoreDataId
                   });

+            builder.Entity<APIKeyData>()
+                   .HasOne(o => o.StoreData)
+                   .WithMany(i => i.APIKeys)
+                   .HasForeignKey(i => i.StoreId).OnDelete(DeleteBehavior.Cascade);
+            builder.Entity<APIKeyData>()
+                .HasIndex(o => o.StoreId);
+
+            builder.Entity<AppData>()
+                   .HasOne(o => o.StoreData)
+                   .WithMany(i => i.Apps).OnDelete(DeleteBehavior.Cascade);
+            builder.Entity<AppData>()
+                    .HasOne(a => a.StoreData);
+
            builder.Entity<UserStore>()
                 .HasOne(pt => pt.ApplicationUser)
                 .WithMany(p => p.UserStores)
@ -117,6 +153,10 @@ namespace BTCPayServer.Data
                .WithMany(t => t.UserStores)
                .HasForeignKey(pt => pt.StoreDataId);

+
+            builder.Entity<AddressInvoiceData>()
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.AddressInvoices).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<AddressInvoiceData>()
 #pragma warning disable CS0618
                .HasKey(o => o.Address);
@ -125,12 +165,24 @@ namespace BTCPayServer.Data
            builder.Entity<PairingCodeData>()
                .HasKey(o => o.Id);

+            builder.Entity<PendingInvoiceData>()
+                .HasOne(o => o.InvoiceData)
+                .WithMany(o => o.PendingInvoices)
+                .HasForeignKey(o => o.Id).OnDelete(DeleteBehavior.Cascade);
+
+
+            builder.Entity<PairedSINData>()
+                   .HasOne(o => o.StoreData)
+                   .WithMany(i => i.PairedSINs).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<PairedSINData>(b =>
            {
                b.HasIndex(o => o.SIN);
                b.HasIndex(o => o.StoreDataId);
            });

+            builder.Entity<HistoricalAddressInvoiceData>()
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.HistoricalAddressInvoices).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<HistoricalAddressInvoiceData>()
                .HasKey(o => new
                {
@ -140,6 +192,10 @@ namespace BTCPayServer.Data
 #pragma warning restore CS0618
                });

+
+            builder.Entity<InvoiceEventData>()
+                   .HasOne(o => o.InvoiceData)
+                   .WithMany(i => i.Events).OnDelete(DeleteBehavior.Cascade);
            builder.Entity<InvoiceEventData>()
                .HasKey(o => new
                {
--- a/BTCPayServer/Data/ApplicationDbContextFactory.cs
+++ b/BTCPayServer/Data/ApplicationDbContextFactory.cs
@ -5,14 +5,19 @@ using System.Linq;
 using System.Threading.Tasks;
 using Hangfire;
 using Hangfire.MemoryStorage;
-using Hangfire.PostgreSql;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Migrations;
+using JetBrains.Annotations;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Migrations.Operations;
+using Microsoft.EntityFrameworkCore.Metadata;

 namespace BTCPayServer.Data
 {
    public enum DatabaseType
    {
        Sqlite,
-        Postgres
+        Postgres,
+        MySQL,
    }
    public class ApplicationDbContextFactory
    {
@ -24,6 +29,15 @@ namespace BTCPayServer.Data
            _Type = type;
        }

+
+        public DatabaseType Type
+        {
+            get
+            {
+                return _Type;
+            }
+        }
+
        public ApplicationDbContext CreateContext()
        {
            var builder = new DbContextOptionsBuilder<ApplicationDbContext>();
@ -31,20 +45,68 @@ namespace BTCPayServer.Data
            return new ApplicationDbContext(builder.Options);
        }

+        class CustomNpgsqlMigrationsSqlGenerator : NpgsqlMigrationsSqlGenerator
+        {
+            public CustomNpgsqlMigrationsSqlGenerator(MigrationsSqlGeneratorDependencies dependencies) : base(dependencies)
+            {
+            }
+
+            protected override void Generate(NpgsqlCreateDatabaseOperation operation, IModel model, MigrationCommandListBuilder builder)
+            {
+                builder
+                     .Append("CREATE DATABASE ")
+                     .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier(operation.Name));
+
+                // POSTGRES gotcha: Indexed Text column (even if PK) are not used if we are not using C locale
+                builder
+                    .Append(" TEMPLATE ")
+                    .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier("template0"));
+
+                builder
+                    .Append(" LC_CTYPE ")
+                    .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier("C"));
+
+                builder
+                    .Append(" LC_COLLATE ")
+                    .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier("C"));
+
+                builder
+                    .Append(" ENCODING ")
+                    .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier("UTF8"));
+
+                if (operation.Tablespace != null)
+                {
+                    builder
+                        .Append(" TABLESPACE ")
+                        .Append(Dependencies.SqlGenerationHelper.DelimitIdentifier(operation.Tablespace));
+                }
+
+                builder.AppendLine(Dependencies.SqlGenerationHelper.StatementTerminator);
+
+                EndStatement(builder, suppressTransaction: true);
+            }
+        }
+
        public void ConfigureBuilder(DbContextOptionsBuilder builder)
        {
            if (_Type == DatabaseType.Sqlite)
                builder.UseSqlite(_ConnectionString);
            else if (_Type == DatabaseType.Postgres)
-                builder.UseNpgsql(_ConnectionString);
+                builder
+                    .UseNpgsql(_ConnectionString)
+                    .ReplaceService<IMigrationsSqlGenerator, CustomNpgsqlMigrationsSqlGenerator>();
+            else if (_Type == DatabaseType.MySQL)
+                builder.UseMySql(_ConnectionString);
        }

        public void ConfigureHangfireBuilder(IGlobalConfiguration builder)
        {
-            if (_Type == DatabaseType.Sqlite)
-                builder.UseMemoryStorage(); //Sql provider does not support multiple workers
-            else if (_Type == DatabaseType.Postgres)
-                builder.UsePostgreSqlStorage(_ConnectionString);
+            builder.UseMemoryStorage();
+            //We always use memory storage because of incompatibilities with the latest postgres in 2.1
+            //if (_Type == DatabaseType.Sqlite)
+            //    builder.UseMemoryStorage(); //Sqlite provider does not support multiple workers
+            //else if (_Type == DatabaseType.Postgres)
+            //    builder.UsePostgreSqlStorage(_ConnectionString);
        }
    }
 }
--- a/BTCPayServer/Data/HistoricalAddressInvoiceData.cs
+++ b/BTCPayServer/Data/HistoricalAddressInvoiceData.cs
@ -12,6 +12,11 @@ namespace BTCPayServer.Data
            get; set;
        }

+        public InvoiceData InvoiceData
+        {
+            get; set;
+        }
+
        /// <summary>
        /// Some crypto currencies share same address prefix
        /// For not having exceptions thrown by two address on different network, we suffix by "#CRYPTOCODE" 
--- a/BTCPayServer/Data/InvoiceData.cs
+++ b/BTCPayServer/Data/InvoiceData.cs
@ -80,5 +80,11 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+        public List<PendingInvoiceData> PendingInvoices { get; set; }
+
+        public Services.Invoices.InvoiceState GetInvoiceState()
+        {
+            return new Services.Invoices.InvoiceState(Status, ExceptionStatus);
+        }
    }
 }
--- a/BTCPayServer/Data/InvoiceEventData.cs
+++ b/BTCPayServer/Data/InvoiceEventData.cs
@ -11,6 +11,10 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+        public InvoiceData InvoiceData
+        {
+            get; set;
+        }
        public string UniqueId { get; internal set; }
        public DateTimeOffset Timestamp
        {
--- a/BTCPayServer/Data/PairedSINData.cs
+++ b/BTCPayServer/Data/PairedSINData.cs
@ -21,6 +21,9 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+
+        public StoreData StoreData { get; set; }
+
        public string Label
        {
            get;
--- a/BTCPayServer/Data/PendingInvoiceData.cs
+++ b/BTCPayServer/Data/PendingInvoiceData.cs
@ -11,5 +11,6 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+        public InvoiceData InvoiceData { get; set; }
    }
 }
--- a/BTCPayServer/Data/StoreData.cs
+++ b/BTCPayServer/Data/StoreData.cs
@ -13,6 +13,13 @@ using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using BTCPayServer.Services.Rates;
 using BTCPayServer.Payments;
+using BTCPayServer.JsonConverters;
+using System.ComponentModel.DataAnnotations;
+using BTCPayServer.Services;
+using System.Security.Claims;
+using BTCPayServer.Payments.Changelly;
+using BTCPayServer.Security;
+using BTCPayServer.Rating;

 namespace BTCPayServer.Data
 {
@ -28,6 +35,12 @@ namespace BTCPayServer.Data
        {
            get; set;
        }
+        public List<AppData> Apps
+        {
+            get; set;
+        }
+
+        public List<InvoiceData> Invoices { get; set; }

        [Obsolete("Use GetDerivationStrategies instead")]
        public string DerivationStrategy
@ -114,7 +127,7 @@ namespace BTCPayServer.Data
                }
            }

-            if(!existing && supportedPaymentMethod == null && paymentMethodId.IsBTCOnChain)
+            if (!existing && supportedPaymentMethod == null && paymentMethodId.IsBTCOnChain)
            {
                DerivationStrategy = null;
            }
@ -145,10 +158,36 @@ namespace BTCPayServer.Data
        }

        [NotMapped]
+        [Obsolete]
        public string Role
        {
            get; set;
        }
+
+        public Claim[] GetClaims()
+        {
+            List<Claim> claims = new List<Claim>();
+            claims.AddRange(AdditionalClaims);
+#pragma warning disable CS0612 // Type or member is obsolete
+            var role = Role;
+#pragma warning restore CS0612 // Type or member is obsolete
+            if (role == StoreRoles.Owner)
+            {
+                claims.Add(new Claim(Policies.CanModifyStoreSettings.Key, Id));
+            }
+
+            if(role == StoreRoles.Owner || role == StoreRoles.Guest || GetStoreBlob().AnyoneCanInvoice)
+            {
+                claims.Add(new Claim(Policies.CanCreateInvoice.Key, Id));
+            }
+            return claims.ToArray();
+        }
+
+        public bool HasClaim(string claim)
+        {
+            return GetClaims().Any(c => c.Type == claim && c.Value == Id);
+        }
+
        public byte[] StoreBlob
        {
            get;
@ -156,11 +195,16 @@ namespace BTCPayServer.Data
        }
        [Obsolete("Use GetDefaultCrypto instead")]
        public string DefaultCrypto { get; set; }
+        public List<PairedSINData> PairedSINs { get; set; }
+        public IEnumerable<APIKeyData> APIKeys { get; set; }
+
+        [NotMapped]
+        public List<Claim> AdditionalClaims { get; set; } = new List<Claim>();

 #pragma warning disable CS0618
-        public string GetDefaultCrypto()
+        public string GetDefaultCrypto(BTCPayNetworkProvider networkProvider = null)
        {
-            return DefaultCrypto ?? "BTC";
+            return DefaultCrypto ?? (networkProvider == null ? "BTC" : GetSupportedPaymentMethods(networkProvider).Select(p => p.PaymentId.CryptoCode).FirstOrDefault() ?? "BTC");
        }
        public void SetDefaultCrypto(string defaultCryptoCurrency)
        {
@ -172,7 +216,10 @@ namespace BTCPayServer.Data

        public StoreBlob GetStoreBlob()
        {
-            return StoreBlob == null ? new StoreBlob() : new Serializer(Dummy).ToObject<StoreBlob>(Encoding.UTF8.GetString(StoreBlob));
+            var result = StoreBlob == null ? new StoreBlob() : new Serializer(Dummy).ToObject<StoreBlob>(Encoding.UTF8.GetString(StoreBlob));
+            if (result.PreferredExchange == null)
+                result.PreferredExchange = CoinAverageRateProvider.CoinAverageName;
+            return result;
        }

        public bool SetStoreBlob(StoreBlob storeBlob)
@ -186,9 +233,9 @@ namespace BTCPayServer.Data
        }
    }

-    public class RateRule
+    public class RateRule_Obsolete
    {
-        public RateRule()
+        public RateRule_Obsolete()
        {
            RuleName = "Multiplier";
        }
@ -208,15 +255,15 @@ namespace BTCPayServer.Data
        {
            InvoiceExpiration = 15;
            MonitoringExpiration = 60;
+            PaymentTolerance = 0;
+            RequiresRefundEmail = true;
        }
        public bool NetworkFeeDisabled
        {
            get; set;
        }
-        public bool AllowCoinConversion
-        {
-            get; set;
-        }
+        public bool RequiresRefundEmail { get; set; }
+
        public string DefaultLang { get; set; }
        [DefaultValue(60)]
        [JsonProperty(DefaultValueHandling = DefaultValueHandling.Populate)]
@ -234,50 +281,116 @@ namespace BTCPayServer.Data
            set;
        }

-        public void SetRateMultiplier(double rate)
-        {
-            RateRules = new List<RateRule>();
-            RateRules.Add(new RateRule() { Multiplier = rate });
-        }
-        public decimal GetRateMultiplier()
-        {
-            decimal rate = 1.0m;
-            if (RateRules == null || RateRules.Count == 0)
-                return rate;
-            foreach (var rule in RateRules)
-            {
-                rate = rule.Apply(null, rate);
-            }
-            return rate;
-        }
+        public decimal Spread { get; set; } = 0.0m;

-        public List<RateRule> RateRules { get; set; } = new List<RateRule>();
+        [Obsolete]
+        public List<RateRule_Obsolete> RateRules { get; set; } = new List<RateRule_Obsolete>();
        public string PreferredExchange { get; set; }

-        public IRateProvider ApplyRateRules(BTCPayNetwork network, IRateProvider rateProvider)
+        [JsonConverter(typeof(CurrencyValueJsonConverter))]
+        public CurrencyValue LightningMaxValue { get; set; }
+        [JsonConverter(typeof(CurrencyValueJsonConverter))]
+        public CurrencyValue OnChainMinValue { get; set; }
+
+        [JsonConverter(typeof(UriJsonConverter))]
+        public Uri CustomLogo { get; set; }
+        [JsonConverter(typeof(UriJsonConverter))]
+        public Uri CustomCSS { get; set; }
+        public string HtmlTitle { get; set; }
+
+        public bool RateScripting { get; set; }
+
+        public string RateScript { get; set; }
+
+        public bool AnyoneCanInvoice { get; set; }
+        
+        public ChangellySettings ChangellySettings { get; set; }
+
+
+        string _LightningDescriptionTemplate;
+        public string LightningDescriptionTemplate
        {
-            if (!PreferredExchange.IsCoinAverage())
+            get
            {
-                // If the original rateProvider is a cache, use the same inner provider as fallback, and same memory cache to wrap it all
-                if (rateProvider is CachedRateProvider cachedRateProvider)
+                return _LightningDescriptionTemplate ?? "Paid to {StoreName} (Order ID: {OrderId})";
+            }
+            set
+            {
+                _LightningDescriptionTemplate = value;
+            }
+        }
+
+        [DefaultValue(0)]
+        [JsonProperty(DefaultValueHandling = DefaultValueHandling.Populate)]
+        public double PaymentTolerance { get; set; }
+
+        public BTCPayServer.Rating.RateRules GetRateRules(BTCPayNetworkProvider networkProvider)
+        {
+            if (!RateScripting ||
+                string.IsNullOrEmpty(RateScript) ||
+                !BTCPayServer.Rating.RateRules.TryParse(RateScript, out var rules))
+            {
+                return GetDefaultRateRules(networkProvider);
+            }
+            else
+            {
+                rules.Spread = Spread;
+                return rules;
+            }
+        }
+
+        public RateRules GetDefaultRateRules(BTCPayNetworkProvider networkProvider)
+        {
+            StringBuilder builder = new StringBuilder();
+            foreach (var network in networkProvider.GetAll())
+            {
+                if (network.DefaultRateRules.Length != 0)
                {
-                    rateProvider = new FallbackRateProvider(new IRateProvider[] {
-                        new CoinAverageRateProvider(network.CryptoCode) { Exchange = PreferredExchange },
-                        cachedRateProvider.Inner
-                    });
-                    rateProvider = new CachedRateProvider(network.CryptoCode, rateProvider, cachedRateProvider.MemoryCache) { AdditionalScope = PreferredExchange };
-                }
-                else
-                {
-                    rateProvider = new FallbackRateProvider(new IRateProvider[] {
-                        new CoinAverageRateProvider(network.CryptoCode) { Exchange = PreferredExchange },
-                        rateProvider
-                    });
+                    builder.AppendLine($"// Default rate rules for {network.CryptoCode}");
+                    foreach (var line in network.DefaultRateRules)
+                    {
+                        builder.AppendLine(line);
+                    }
+                    builder.AppendLine($"////////");
+                    builder.AppendLine();
                }
            }
-            if (RateRules == null || RateRules.Count == 0)
-                return rateProvider;
-            return new TweakRateProvider(network, rateProvider, RateRules.ToList());
+
+            var preferredExchange = string.IsNullOrEmpty(PreferredExchange) ? "coinaverage" : PreferredExchange;
+            builder.AppendLine($"X_X = {preferredExchange}(X_X);");
+
+            BTCPayServer.Rating.RateRules.TryParse(builder.ToString(), out var rules);
+            rules.Spread = Spread;
+            return rules;
+        }
+
+        [Obsolete("Use GetExcludedPaymentMethods instead")]
+        public string[] ExcludedPaymentMethods { get; set; }
+
+        public IPaymentFilter GetExcludedPaymentMethods()
+        {
+#pragma warning disable CS0618 // Type or member is obsolete
+            if (ExcludedPaymentMethods == null || ExcludedPaymentMethods.Length == 0)
+                return PaymentFilter.Never();
+            return PaymentFilter.Any(ExcludedPaymentMethods.Select(p => PaymentFilter.WhereIs(PaymentMethodId.Parse(p))).ToArray());
+#pragma warning restore CS0618 // Type or member is obsolete
+        }
+
+        public bool IsExcluded(PaymentMethodId paymentMethodId)
+        {
+            return GetExcludedPaymentMethods().Match(paymentMethodId);
+        }
+
+        public void SetExcluded(PaymentMethodId paymentMethodId, bool value)
+        {
+#pragma warning disable CS0618 // Type or member is obsolete
+            var methods = new HashSet<string>(ExcludedPaymentMethods ?? Array.Empty<string>());
+            if (value)
+                methods.Add(paymentMethodId.ToString());
+            else
+                methods.Remove(paymentMethodId.ToString());
+            ExcludedPaymentMethods = methods.ToArray();
+#pragma warning restore CS0618 // Type or member is obsolete
        }
    }
 }
--- a/BTCPayServer/DerivationSchemeParser.cs
+++ b/BTCPayServer/DerivationSchemeParser.cs
@ -13,13 +13,11 @@ namespace BTCPayServer
    public class DerivationSchemeParser
    {
        public Network Network { get; set; }
-        public ChainType ChainType { get; set; }
        public Script HintScriptPubKey { get; set; }

-        public DerivationSchemeParser(Network expectedNetwork, ChainType chainType)
+        public DerivationSchemeParser(Network expectedNetwork)
        {
            Network = expectedNetwork;
-            ChainType = chainType;
        }

        public DerivationStrategyBase Parse(string str)
@ -43,6 +41,9 @@ namespace BTCPayServer
                }
            }

+            if(!Network.Consensus.SupportSegwit)
+                hintedLabels.Add("legacy");
+
            try
            {
                var result = new DerivationStrategyFactory(Network).Parse(str);
@ -62,24 +63,32 @@ namespace BTCPayServer
            electrumMapping.Add(p2wpkh, Array.Empty<string>());

            var parts = str.Split('-');
+            bool hasLabel = false;
            for (int i = 0; i < parts.Length; i++)
            {
                if (IsLabel(parts[i]))
                {
+                    if (!hasLabel)
+                    {
+                        hintedLabels.Clear();
+                        if (!Network.Consensus.SupportSegwit)
+                            hintedLabels.Add("legacy");
+                    }
+                    hasLabel = true;
                    hintedLabels.Add(parts[i].Substring(1, parts[i].Length - 2).ToLowerInvariant());
                    continue;
                }
                try
                {
-                    var data = Encoders.Base58Check.DecodeData(parts[i]);
+                    var data = Network.GetBase58CheckEncoder().DecodeData(parts[i]);
                    if (data.Length < 4)
                        continue;
                    var prefix = Utils.ToUInt32(data, false);
-                    var standardPrefix = Utils.ToBytes(ChainType == NBXplorer.ChainType.Main ? 0x0488b21eU : 0x043587cf, false);
+                    var standardPrefix = Utils.ToBytes(Network.NetworkType == NetworkType.Mainnet ? 0x0488b21eU : 0x043587cf, false);
                    for (int ii = 0; ii < 4; ii++)
                        data[ii] = standardPrefix[ii];

-                    var derivationScheme = new BitcoinExtPubKey(Encoders.Base58Check.EncodeData(data), Network).ToString();
+                    var derivationScheme = new BitcoinExtPubKey(Network.GetBase58CheckEncoder().EncodeData(data), Network).ToString();
                    electrumMapping.TryGetValue(prefix, out string[] labels);
                    if (labels != null)
                    {
--- a/BTCPayServer/DerivationStrategy.cs
+++ b/BTCPayServer/DerivationStrategy.cs
@ -32,7 +32,7 @@ namespace BTCPayServer

        public BTCPayNetwork Network { get { return this._Network; } }

-        public DerivationStrategyBase DerivationStrategyBase { get { return this._DerivationStrategy; } }
+        public DerivationStrategyBase DerivationStrategyBase => this._DerivationStrategy;

        public PaymentMethodId PaymentId => new PaymentMethodId(Network.CryptoCode, PaymentTypes.BTCLike);

--- a/BTCPayServer/Events/InvoiceDataChangedEvent.cs
+++ b/BTCPayServer/Events/InvoiceDataChangedEvent.cs
@ -11,23 +11,14 @@ namespace BTCPayServer.Events
        public InvoiceDataChangedEvent(InvoiceEntity invoice)
        {
            InvoiceId = invoice.Id;
-            Status = invoice.Status;
-            ExceptionStatus = invoice.ExceptionStatus;
+            State = invoice.GetInvoiceState();
        }
-        public string InvoiceId { get; set; }
-        public string Status { get; internal set; }
-        public string ExceptionStatus { get; internal set; }
+        public string InvoiceId { get; }
+        public InvoiceState State { get; }

        public override string ToString()
        {
-            if (string.IsNullOrEmpty(ExceptionStatus) || ExceptionStatus == "false")
-            { 
-                return $"Invoice status is {Status}";
-            }
-            else
-            {
-                return $"Invoice status is {Status} (Exception status: {ExceptionStatus})";
-            }
+            return $"Invoice status is {State}";
        }
    }
 }
--- a/BTCPayServer/Events/InvoiceEvent.cs
+++ b/BTCPayServer/Events/InvoiceEvent.cs
@ -8,24 +8,20 @@ namespace BTCPayServer.Events
 {
    public class InvoiceEvent
    {
-        public InvoiceEvent(InvoiceEntity invoice, int code, string name) : this(invoice.Id, code, name)
+        public InvoiceEvent(Models.InvoiceResponse invoice, int code, string name)
        {
-
-        }
-        public InvoiceEvent(string invoiceId, int code, string name)
-        {
-            InvoiceId = invoiceId;
+            Invoice = invoice;
            EventCode = code;
            Name = name;
        }

-        public string InvoiceId { get; set; }
+        public Models.InvoiceResponse Invoice { get; set; }
        public int EventCode { get; set; }
        public string Name { get; set; }

        public override string ToString()
        {
-            return $"Invoice {InvoiceId} new event: {Name} ({EventCode})";
+            return $"Invoice {Invoice.Id} new event: {Name} ({EventCode})";
        }
    }
 }
--- a/BTCPayServer/Events/NBXplorerStateChangedEvent.cs
+++ b/BTCPayServer/Events/NBXplorerStateChangedEvent.cs
@ -6,21 +6,6 @@ using BTCPayServer.HostedServices;

 namespace BTCPayServer.Events
 {
-    public class NBXplorerErrorEvent
-    {
-        public NBXplorerErrorEvent(BTCPayNetwork network, string errorMessage)
-        {
-            Message = errorMessage;
-            Network = network;
-        }
-        public string Message { get; set; }
-        public BTCPayNetwork Network { get; set; }
-
-        public override string ToString()
-        {
-            return $"{Network.CryptoCode}: NBXplorer error `{Message}`";
-        }
-    }
    public class NBXplorerStateChangedEvent
    {
        public NBXplorerStateChangedEvent(BTCPayNetwork network, NBXplorerState old, NBXplorerState newState)
--- a/BTCPayServer/Extensions.cs
+++ b/BTCPayServer/Extensions.cs
@ -25,11 +25,29 @@ using System.Net.WebSockets;
 using BTCPayServer.Services.Invoices;
 using NBitpayClient;
 using BTCPayServer.Payments;
+using Microsoft.AspNetCore.Identity;
+using BTCPayServer.Models;
+using System.Security.Claims;
+using System.Globalization;
+using BTCPayServer.Services;
+using BTCPayServer.Data;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using NBXplorer.DerivationStrategy;

 namespace BTCPayServer
 {
    public static class Extensions
    {
+        public static string PrettyPrint(this TimeSpan expiration)
+        {
+            StringBuilder builder = new StringBuilder();
+            if (expiration.Days >= 1)
+                builder.Append(expiration.Days.ToString(CultureInfo.InvariantCulture));
+            if (expiration.Hours >= 1)
+                builder.Append(expiration.Hours.ToString("00", CultureInfo.InvariantCulture));
+            builder.Append($"{expiration.Minutes.ToString("00", CultureInfo.InvariantCulture)}:{expiration.Seconds.ToString("00", CultureInfo.InvariantCulture)}");
+            return builder.ToString();
+        }
        public static decimal RoundUp(decimal value, int precision)
        {
            for (int i = 0; i < precision; i++)
@ -66,10 +84,13 @@ namespace BTCPayServer
            return activeProvider != "Microsoft.EntityFrameworkCore.Sqlite";
        }

-        public static bool IsCoinAverage(this string exchangeName)
+        public static bool SupportDropForeignKey(this Microsoft.EntityFrameworkCore.Migrations.Migration migration, string activeProvider)
        {
-            string[] coinAverages = new[] { "coinaverage", "bitcoinaverage" };
-            return String.IsNullOrWhiteSpace(exchangeName) ? true : coinAverages.Contains(exchangeName, StringComparer.OrdinalIgnoreCase) ? true : false;
+            return activeProvider != "Microsoft.EntityFrameworkCore.Sqlite";
+        }
+        public static bool SupportDropForeignKey(this DatabaseFacade facade)
+        {
+            return facade.ProviderName != "Microsoft.EntityFrameworkCore.Sqlite";
        }

        public static async Task<Dictionary<uint256, TransactionResult>> GetTransactions(this BTCPayWallet client, uint256[] hashes, CancellationToken cts = default(CancellationToken))
@ -88,6 +109,39 @@ namespace BTCPayServer
            return str + "/";
        }

+        public static void SetHeaderOnStarting(this HttpResponse resp, string name, string value)
+        {
+            if (resp.HasStarted)
+                return;
+            resp.OnStarting(() =>
+            {
+                SetHeader(resp, name, value);
+                return Task.CompletedTask;
+            });
+        }
+
+        public static void SetHeader(this HttpResponse resp, string name, string value)
+        {
+            var existing = resp.Headers[name].FirstOrDefault();
+            if (existing != null && value == null)
+                resp.Headers.Remove(name);
+            else
+                resp.Headers[name] = value;
+        }
+
+        public static bool IsSegwit(this DerivationStrategyBase derivationStrategyBase)
+        {
+            if (IsSegwitCore(derivationStrategyBase))
+                return true;
+            return (derivationStrategyBase is P2SHDerivationStrategy p2shStrat && IsSegwitCore(p2shStrat.Inner));
+        }
+
+        private static bool IsSegwitCore(DerivationStrategyBase derivationStrategyBase)
+        {
+            return (derivationStrategyBase is P2WSHDerivationStrategy) ||
+                            (derivationStrategyBase is DirectDerivationStrategy direct) && direct.Segwit;
+        }
+
        public static string GetAbsoluteRoot(this HttpRequest request)
        {
            return string.Concat(
@ -97,6 +151,40 @@ namespace BTCPayServer
                        request.PathBase.ToUriComponent());
        }

+        public static string GetCurrentUrl(this HttpRequest request)
+        {
+            return string.Concat(
+                        request.Scheme,
+                        "://",
+                        request.Host.ToUriComponent(),
+                        request.PathBase.ToUriComponent(),
+                        request.Path.ToUriComponent());
+        }
+
+        public static string GetCurrentPath(this HttpRequest request)
+        {
+            return string.Concat(
+                        request.PathBase.ToUriComponent(),
+                        request.Path.ToUriComponent());
+        }
+
+        public static string GetRelativePath(this HttpRequest request, string path)
+        {
+            if (path.Length > 0 && path[0] != '/')
+                path = $"/{path}";
+            return string.Concat(
+                        request.PathBase.ToUriComponent(),
+                        path);
+        }
+
+        public static string GetAbsoluteUri(this HttpRequest request, string redirectUrl)
+        {
+            bool isRelative =
+                (redirectUrl.Length > 0 && redirectUrl[0] == '/')
+                || !new Uri(redirectUrl, UriKind.RelativeOrAbsolute).IsAbsoluteUri;
+            return isRelative ? request.GetAbsoluteRoot() + redirectUrl : redirectUrl;
+        }
+
        public static IServiceCollection ConfigureBTCPayServer(this IServiceCollection services, IConfiguration conf)
        {
            services.Configure<BTCPayServerOptions>(o =>
@ -106,12 +194,76 @@ namespace BTCPayServer
            return services;
        }

-
-        public static BitIdentity GetBitIdentity(this Controller controller, bool throws = true)
+        public static string GetSIN(this ClaimsPrincipal principal)
        {
-            if (!(controller.User.Identity is BitIdentity))
-                return throws ? throw new UnauthorizedAccessException("no-bitid") : (BitIdentity)null;
-            return (BitIdentity)controller.User.Identity;
+            return principal.Claims.Where(c => c.Type == Claims.SIN).Select(c => c.Value).FirstOrDefault();
+        }
+
+        public static string GetStoreId(this ClaimsPrincipal principal)
+        {
+            return principal.Claims.Where(c => c.Type == Claims.OwnStore).Select(c => c.Value).FirstOrDefault();
+        }
+
+        public static void SetIsBitpayAPI(this HttpContext ctx, bool value)
+        {
+            NBitcoin.Extensions.TryAdd(ctx.Items, "IsBitpayAPI", value);
+        }
+
+        public static void AddRange<T>(this HashSet<T> hashSet, IEnumerable<T> items)
+        {
+            foreach (var item in items)
+            {
+                hashSet.Add(item);
+            }
+        }
+        public static bool GetIsBitpayAPI(this HttpContext ctx)
+        {
+            return ctx.Items.TryGetValue("IsBitpayAPI", out object obj) &&
+                  obj is bool b && b;
+        }
+
+        public static void SetBitpayAuth(this HttpContext ctx, (string Signature, String Id, String Authorization) value)
+        {
+            NBitcoin.Extensions.TryAdd(ctx.Items, "BitpayAuth", value);
+        }
+
+        public static async Task<T> WithCancellation<T>(this Task<T> task, CancellationToken cancellationToken)
+        {
+            using (var delayCTS = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken))
+            {
+                var waiting = Task.Delay(-1, delayCTS.Token);
+                var doing = task;
+                await Task.WhenAny(waiting, doing);
+                delayCTS.Cancel();
+                cancellationToken.ThrowIfCancellationRequested();
+                return await doing;
+            }
+        }
+        public static async Task WithCancellation(this Task task, CancellationToken cancellationToken)
+        {
+            using (var delayCTS = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken))
+            {
+                var waiting = Task.Delay(-1, delayCTS.Token);
+                var doing = task;
+                await Task.WhenAny(waiting, doing);
+                delayCTS.Cancel();
+                cancellationToken.ThrowIfCancellationRequested();
+            }
+        }
+
+        public static (string Signature, String Id, String Authorization) GetBitpayAuth(this HttpContext ctx)
+        {
+            ctx.Items.TryGetValue("BitpayAuth", out object obj);
+            return ((string Signature, String Id, String Authorization))obj;
+        }
+
+        public static StoreData GetStoreData(this HttpContext ctx)
+        {
+            return ctx.Items.TryGet("BTCPAY.STOREDATA") as StoreData;
+        }
+        public static void SetStoreData(this HttpContext ctx, StoreData storeData)
+        {
+            ctx.Items["BTCPAY.STOREDATA"] = storeData;
        }

        private static JsonSerializerSettings jsonSettings = new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver() };
@ -120,13 +272,5 @@ namespace BTCPayServer
            var res = JsonConvert.SerializeObject(o, Formatting.None, jsonSettings);
            return res;
        }
-
-        public static HtmlString ToJSVariableModel(this object o, string variableName)
-        {
-            var encodedJson = JavaScriptEncoder.Default.Encode(o.ToJson());
-            return new HtmlString($"var {variableName} = JSON.parse('" + encodedJson + "');");
-        }
-
-
    }
 }
--- a/BTCPayServer/Filters/ContentSecurityPolicyAttribute.cs
+++ b/BTCPayServer/Filters/ContentSecurityPolicyAttribute.cs
@ -0,0 +1,106 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using BTCPayServer.Security;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace BTCPayServer.Filters
+{
+    public interface IContentSecurityPolicy : IFilterMetadata { }
+    public class ContentSecurityPolicyAttribute : Attribute, IActionFilter, IContentSecurityPolicy
+    {
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+
+        }
+
+        public bool AutoSelf { get; set; } = true;
+        public bool UnsafeInline { get; set; } = true;
+        public bool FixWebsocket { get; set; } = true;
+        public string FontSrc { get; set; } = null;
+        public string ImgSrc { get; set; } = null;
+        public string DefaultSrc { get; set; }
+        public string StyleSrc { get; set; }
+        public string ScriptSrc { get; set; }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            if (context.IsEffectivePolicy<IContentSecurityPolicy>(this))
+            {
+                var policies = context.HttpContext.RequestServices.GetService(typeof(ContentSecurityPolicies)) as ContentSecurityPolicies;
+                if (policies == null)
+                    return;
+                if (DefaultSrc != null)
+                {
+                    policies.Add(new ConsentSecurityPolicy("default-src", DefaultSrc));
+                }
+                if (UnsafeInline)
+                {
+                    policies.Add(new ConsentSecurityPolicy("script-src", "'unsafe-inline'"));
+                }
+                if (!string.IsNullOrEmpty(FontSrc))
+                {
+                    policies.Add(new ConsentSecurityPolicy("font-src", FontSrc));
+                }
+
+                if (!string.IsNullOrEmpty(ImgSrc))
+                {
+                    policies.Add(new ConsentSecurityPolicy("img-src", ImgSrc));
+                }
+
+                if (!string.IsNullOrEmpty(StyleSrc))
+                {
+                    policies.Add(new ConsentSecurityPolicy("style-src", StyleSrc));
+                }
+
+                if (!string.IsNullOrEmpty(ScriptSrc))
+                {
+                    policies.Add(new ConsentSecurityPolicy("script-src", ScriptSrc));
+                }
+
+                if (FixWebsocket && AutoSelf) // Self does not match wss:// and ws:// :(
+                {
+                    var request = context.HttpContext.Request;
+
+                    var url = string.Concat(
+                            request.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase) ? "ws" : "wss",
+                            "://",
+                            request.Host.ToUriComponent(),
+                            request.PathBase.ToUriComponent());
+                    policies.Add(new ConsentSecurityPolicy("connect-src", url));
+                }
+
+                context.HttpContext.Response.OnStarting(() =>
+                {
+                    if (!policies.HasRules)
+                        return Task.CompletedTask;
+                    if (AutoSelf)
+                    {
+                        bool hasSelf = false;
+                        foreach (var group in policies.Rules.GroupBy(p => p.Name))
+                        {
+                            hasSelf = group.Any(g => g.Value.Contains("'self'", StringComparison.OrdinalIgnoreCase));
+                            if (!hasSelf && !group.Any(g => g.Value.Contains("'none'", StringComparison.OrdinalIgnoreCase) ||
+                                               g.Value.Contains("*", StringComparison.OrdinalIgnoreCase)))
+                            {
+                                policies.Add(new ConsentSecurityPolicy(group.Key, "'self'"));
+                                hasSelf = true;
+                            }
+                            if (hasSelf)
+                            {
+                                foreach (var authorized in policies.Authorized)
+                                {
+                                    policies.Add(new ConsentSecurityPolicy(group.Key, authorized));
+                                }
+                            }
+                        }
+                    }
+                    context.HttpContext.Response.SetHeader("Content-Security-Policy", policies.ToString());
+                    return Task.CompletedTask;
+                });
+            }
+        }
+    }
+}
--- a/BTCPayServer/Filters/OnlyMediaTypeAttribute.cs
+++ b/BTCPayServer/Filters/OnlyMediaTypeAttribute.cs
@ -28,6 +28,28 @@ namespace BTCPayServer.Filters
        }
    }

+    public class MediaTypeAcceptConstraintAttribute : Attribute, IActionConstraint
+    {
+        public MediaTypeAcceptConstraintAttribute(string mediaType)
+        {
+            MediaType = mediaType ?? throw new ArgumentNullException(nameof(mediaType));
+        }
+
+        public string MediaType
+        {
+            get; set;
+        }
+
+        public int Order => 100;
+
+        public bool Accept(ActionConstraintContext context)
+        {
+            if (!context.RouteContext.HttpContext.Request.Headers.ContainsKey("Accept"))
+                return false;
+            return context.RouteContext.HttpContext.Request.Headers["Accept"].ToString().StartsWith(MediaType, StringComparison.Ordinal);
+        }
+    }
+
    public class BitpayAPIConstraintAttribute : Attribute, IActionConstraint
    {
        public BitpayAPIConstraintAttribute(bool isBitpayAPI = true)
@ -43,9 +65,7 @@ namespace BTCPayServer.Filters

        public bool Accept(ActionConstraintContext context)
        {
-            var hasVersion = context.RouteContext.HttpContext.Request.Headers["x-accept-version"].Where(h => h == "2.0.0").Any();
-            var hasIdentity = context.RouteContext.HttpContext.Request.Headers["x-identity"].Any();
-            return (hasVersion || hasIdentity) == IsBitpayAPI;
+            return context.RouteContext.HttpContext.GetIsBitpayAPI() == IsBitpayAPI;
        }
    }

--- a/BTCPayServer/Filters/ReferrerPolicyAttribute.cs
+++ b/BTCPayServer/Filters/ReferrerPolicyAttribute.cs
@ -0,0 +1,30 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace BTCPayServer.Filters
+{
+    public interface IReferrerPolicy : IFilterMetadata { }
+    public class ReferrerPolicyAttribute : Attribute, IActionFilter
+    {
+        public ReferrerPolicyAttribute(string value)
+        {
+            Value = value;
+        }
+        public string Value { get; set; }
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+
+        }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            if (context.IsEffectivePolicy<ReferrerPolicyAttribute>(this))
+            {
+                context.HttpContext.Response.SetHeaderOnStarting("Referrer-Policy", Value);
+            }
+        }
+    }
+}
--- a/BTCPayServer/Filters/XContentTypeOptionsAttribute.cs
+++ b/BTCPayServer/Filters/XContentTypeOptionsAttribute.cs
@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace BTCPayServer.Filters
+{
+    public class XContentTypeOptionsAttribute : Attribute, IActionFilter
+    {
+        public XContentTypeOptionsAttribute(string value)
+        {
+            Value = value;
+        }
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+        }
+
+        public string Value { get; set; }
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            context.HttpContext.Response.SetHeaderOnStarting("X-Content-Type-Options", Value);
+        }
+    }
+}
--- a/BTCPayServer/Filters/XFrameOptionsAttribute.cs
+++ b/BTCPayServer/Filters/XFrameOptionsAttribute.cs
@ -23,11 +23,10 @@ namespace BTCPayServer.Filters

        public void OnActionExecuting(ActionExecutingContext context)
        {
-            var existing = context.HttpContext.Response.Headers["x-frame-options"].FirstOrDefault();
-            if (existing != null && Value == null)
-                context.HttpContext.Response.Headers.Remove("x-frame-options");
-            else
-                context.HttpContext.Response.Headers["x-frame-options"] = Value;
+            if (context.IsEffectivePolicy<XFrameOptionsAttribute>(this))
+            {
+                context.HttpContext.Response.SetHeaderOnStarting("X-Frame-Options", Value);
+            }
        }
    }
 }
--- a/BTCPayServer/Filters/XXSSProtectionAttribute.cs
+++ b/BTCPayServer/Filters/XXSSProtectionAttribute.cs
@ -0,0 +1,23 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.AspNetCore.Mvc.ViewFeatures;
+using Microsoft.AspNetCore.Mvc.ViewFeatures.Internal;
+
+namespace BTCPayServer.Filters
+{
+    public class XXSSProtectionAttribute : Attribute, IActionFilter
+    {
+        public void OnActionExecuted(ActionExecutedContext context)
+        {
+        }
+
+        public void OnActionExecuting(ActionExecutingContext context)
+        {
+            context.HttpContext.Response.SetHeaderOnStarting("X-XSS-Protection", "1; mode=block");
+        }
+        
+    }
+}
--- a/BTCPayServer/HostedServices/BaseAsyncService.cs
+++ b/BTCPayServer/HostedServices/BaseAsyncService.cs
@ -0,0 +1,66 @@
+using System;
+using Microsoft.Extensions.Logging;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using BTCPayServer.Services;
+using BTCPayServer.Services.Rates;
+using Microsoft.Extensions.Hosting;
+using BTCPayServer.Logging;
+using System.Runtime.CompilerServices;
+using System.IO;
+using System.Text;
+
+namespace BTCPayServer.HostedServices
+{
+    public abstract class BaseAsyncService : IHostedService
+    {
+        private CancellationTokenSource _Cts;
+        protected Task[] _Tasks;
+
+        public Task StartAsync(CancellationToken cancellationToken)
+        {
+            _Cts = new CancellationTokenSource();
+            _Tasks = InitializeTasks();
+            return Task.CompletedTask;
+        }
+
+        internal abstract Task[] InitializeTasks();
+
+        protected CancellationToken Cancellation
+        {
+            get { return _Cts.Token; }
+        }
+
+        protected async Task CreateLoopTask(Func<Task> act, [CallerMemberName]string caller = null)
+        {
+            await new SynchronizationContextRemover();
+            while (!_Cts.IsCancellationRequested)
+            {
+                try
+                {
+                    await act();
+                }
+                catch (OperationCanceledException) when (_Cts.IsCancellationRequested)
+                {
+                }
+                catch (Exception ex)
+                {
+                    Logs.PayServer.LogWarning(ex, caller + " failed");
+                    try
+                    {
+                        await Task.Delay(TimeSpan.FromMinutes(1), _Cts.Token);
+                    }
+                    catch (OperationCanceledException) when (_Cts.IsCancellationRequested) { }
+                }
+            }
+        }
+
+        public Task StopAsync(CancellationToken cancellationToken)
+        {
+            _Cts.Cancel();
+            return Task.WhenAll(_Tasks);
+        }
+    }
+}
--- a/Show More
+++ b/Show More