public RemoteSecurityModule(IOMServerContext serverContext) : base("/rsec")
{
ServerContext = serverContext;
var accessValidator = new StatelessClientValidator <OMAccessKey, OMApiAccessScope>();
this.RequiresAllClaims(new[] { accessValidator.GetAccessClaim(OMApiAccessScope.Admin) });
// Rule management (these can also manage keys)
Post("/rules/create/{dbid?}", HandleCreateRuleRequestAsync);
Delete("/rules/clear/{dbid?}", HandleClearRulesRequestAsync);
Delete("/rules/delete/{dbid?}", HandleDeleteRuleRequestAsync);
Get("/rules/list/{dbid?}", HandleGetRuleListRequestAsync);
Get("/rules/get/{dbid?}", HandleGetRuleByIdRequestAsync);
// API key management
Post("/keys/create/{keyid}", HandleCreateKeyRequestAsync);
Get("/keys/get/{keyid}", HandleGetKeyRequestAsync);
Delete("/keys/delete/{keyid}", HandleDeleteKeyRequestAsync);
// Persist state after successful request
After += ctx =>
{
if (ctx.Response.StatusCode == HttpStatusCode.OK)
{
ServerContext.ServerState.Persist();
}
};
}
public DataQueryModule(INAServerContext serverContext) : base("/qr")
{
ServerContext = serverContext;
var accessValidator = new StatelessClientValidator <NAAccessKey, NAApiAccessScope>();
this.RequiresAllClaims(new[] { accessValidator.GetAccessClaim(NAApiAccessScope.Query) },
accessValidator.GetAccessClaim(NAApiAccessScope.Admin));
// Query Log Requests
// Limit is the max number of log requests to return. Default 100
Get("/log/{limit:int}", async args =>
{
var itemLimit = args.limit as int? ?? 100;
var dataLoggerService = new DataLoggerService(ServerContext);
var data = await dataLoggerService.QueryRequestsAsync(itemLimit);
return(Response.AsJsonNet(data));
});
// Query SessionData
// Id is the ID of the session to find
Get("/sessdata/{id}", async args =>
{
var sessionStorageService = new SessionStorageService(ServerContext);
var data = await sessionStorageService.GetSessionFromIdentifierAsync((string)args.id);
return(Response.AsJsonNet(data));
});
// Query Tagged Requests
// Tag is the tag to filter by
// Limit is the max number of log requests to return
Get("/tagged/{tags}/{limit:int}", async args =>
{
var itemLimit = args.limit as int? ?? 100;
var filterTags = (args.tags != null) ? ((string)args.tags).Split(',') : null;
var dataLoggerService = new DataLoggerService(ServerContext);
var data = await dataLoggerService.QueryTaggedRequestsAsync(itemLimit, filterTags);
return(Response.AsJsonNet(data));
});
}
public KeyManagementModule(INAServerContext serverContext) : base("/km")
{
ServerContext = serverContext;
var accessValidator = new StatelessClientValidator <NAAccessKey, NAApiAccessScope>();
this.RequiresAllClaims(new[] { accessValidator.GetAccessClaim(NAApiAccessScope.Admin) });
// API key management
Post("/keys/create/{keyid}", HandleCreateKeyRequestAsync);
Get("/keys/get/{keyid}", HandleGetKeyRequestAsync);
Get("/keys/list", HandleListKeyRequestAsync);
Delete("/keys/delete/{keyid}", HandleDeleteKeyRequestAsync);
// Persist state after successful request
After += ctx =>
{
if (ctx.Response.StatusCode == HttpStatusCode.OK)
{
ServerContext.ServerState.Persist();
}
};
}
public static RequestProcessor CreateRequestProcessor(IOMServerContext serverContext)
{
var processor = new RequestProcessor(serverContext.OMContext);
processor.AuthTokenValidator = accessRequest =>
{
// get key identity
var authenticator = new StatelessAuthenticationService <OMAccessKey, OMApiAccessScope>(serverContext);
var identity = authenticator.ResolveClientIdentity(accessRequest.AuthToken);
if (identity == null)
{
return(false);
}
var accessKey = authenticator.ResolveKey(accessRequest.AuthToken);
// make sure realm is allowed
if (!accessKey.AllowedRealms.Contains(accessRequest.DatabaseId))
{
return(false);
}
// check more rules
if (processor.ValidateAdditionalRules(accessRequest, accessKey.SecurityRules).Granted)
{
return(true);
}
// only check admin
var accessValidator = new StatelessClientValidator <OMAccessKey, OMApiAccessScope>();
if (identity.EnsureClaim(accessValidator.GetAccessClaim(OMApiAccessScope.Admin)))
{
return(true);
}
return(false);
};
return(processor);
}
