public static Response Redirect(
this NancyContext context,
string location,
RedirectResponse.RedirectType type = RedirectResponse.RedirectType.SeeOther)
{
return new RedirectResponse(context.ToFullPath(location), type);
}
public AuthModule(IDocumentSession ravenSession)
: base("/auth/")
{
#if !DEBUG
this.RequiresXForwardProtoHeader(true);
#endif
Get["/login"] = parameters => View["login.cshtml", (string)Request.Query.url];
//the Post["/login"] method is used mainly to fetch the api key for subsequent calls
Post["/login"] = x =>
{
var requestContent = this.Bind<AuthCredential>();
var authUser = ravenSession.Load<AuthUser>(requestContent.Username);
if (authUser == null ||
authUser.HashedPassword != HashPassword(requestContent.Password))
return new Response {StatusCode = HttpStatusCode.Unauthorized};
var apiKey = authUser.ApiKey;
var responseUrl = Request.Form.url;
var authCookie = BuildCookie(apiKey, DateTime.Now.AddDays(1));
if (string.IsNullOrEmpty(responseUrl))
return
(new Response {StatusCode = HttpStatusCode.NoContent}).AddCookie(authCookie);
var response =
new RedirectResponse(HttpUtility.HtmlDecode(responseUrl)).AddCookie(authCookie);
return response;
};
//do something to destroy the api key, maybe?
Delete["/"] = x => new Response {StatusCode = HttpStatusCode.OK};
}
private static Func<NancyContext, Response> RequiresHttps(bool redirect)
{
return (ctx) =>
{
Response response = null;
var request = ctx.Request;
if (ctx.Request.Headers["X-Forwarded-Proto"].FirstOrDefault(x => x == "https") == null)
{
if (redirect)
{
var redirectUrl = request.Url.Clone();
redirectUrl.Scheme = "https";
response = new RedirectResponse(redirectUrl.ToString());
}
else
{
response = new Response {StatusCode = HttpStatusCode.Forbidden};
}
}
return response;
};
}
public static Func<NancyContext, Response> RequiresHttps(bool redirect)
{
return (ctx) =>
{
Response response = null;
var request = ctx.Request;
if (!request.Url.IsSecure)
{
if (redirect && request.Method.Equals("GET", StringComparison.OrdinalIgnoreCase))
{
var redirectUrl = request.Url.Clone();
redirectUrl.Scheme = "https";
response = new RedirectResponse(redirectUrl.ToString());
}
else
{
response = new Response { StatusCode = HttpStatusCode.Forbidden };
}
}
return response;
};
}
public void Default_redirect_should_return_status_code_303()
{
var response = new RedirectResponse("/");
response.StatusCode.ShouldEqual(HttpStatusCode.SeeOther);
}
public void Temporary_redirect_should_return_status_code_307()
{
var response = new RedirectResponse("/", RedirectResponse.RedirectType.Temporary);
response.StatusCode.ShouldEqual(HttpStatusCode.TemporaryRedirect);
}
public void Permanent_redirect_should_return_status_code_301()
{
var response = new RedirectResponse("/", RedirectResponse.RedirectType.Permanent);
response.StatusCode.ShouldEqual(HttpStatusCode.MovedPermanently);
}
