public NancyEngineFixture()
{
this.resolver = A.Fake<IRouteResolver>();
this.response = new Response();
this.route = new FakeRoute(response);
this.context = new NancyContext();
this.statusCodeHandler = A.Fake<IStatusCodeHandler>();
this.requestDispatcher = A.Fake<IRequestDispatcher>();
this.diagnosticsConfiguration = new DiagnosticsConfiguration();
A.CallTo(() => this.requestDispatcher.Dispatch(A<NancyContext>._)).Invokes(x => this.context.Response = new Response());
A.CallTo(() => this.statusCodeHandler.HandlesStatusCode(A<HttpStatusCode>.Ignored, A<NancyContext>.Ignored)).Returns(false);
contextFactory = A.Fake<INancyContextFactory>();
A.CallTo(() => contextFactory.Create(A<Request>._)).Returns(context);
A.CallTo(() => resolver.Resolve(A<NancyContext>.Ignored)).Returns(new ResolveResult(route, DynamicDictionary.Empty, null, null, null));
var applicationPipelines = new Pipelines();
this.routeInvoker = A.Fake<IRouteInvoker>();
A.CallTo(() => this.routeInvoker.Invoke(A<Route>._, A<DynamicDictionary>._, A<NancyContext>._)).ReturnsLazily(arg =>
{
return (Response)((Route)arg.Arguments[0]).Action.Invoke((DynamicDictionary)arg.Arguments[1]);
});
this.engine =
new NancyEngine(this.requestDispatcher, this.contextFactory, new[] { this.statusCodeHandler }, A.Fake<IRequestTracing>(), this.diagnosticsConfiguration, new DisabledStaticContentProvider())
{
RequestPipelinesFactory = ctx => applicationPipelines
};
}
/// <summary>
/// Creates a new instance of the <see cref="DefaultDiagnostics"/> class.
/// </summary>
/// <param name="diagnosticsConfiguration"></param>
/// <param name="diagnosticProviders"></param>
/// <param name="rootPathProvider"></param>
/// <param name="requestTracing"></param>
/// <param name="configuration"></param>
/// <param name="modelBinderLocator"></param>
/// <param name="responseProcessors"></param>
/// <param name="routeSegmentConstraints"></param>
/// <param name="cultureService"></param>
/// <param name="requestTraceFactory"></param>
/// <param name="routeMetadataProviders"></param>
/// <param name="textResource"></param>
public DefaultDiagnostics(
DiagnosticsConfiguration diagnosticsConfiguration,
IEnumerable<IDiagnosticsProvider> diagnosticProviders,
IRootPathProvider rootPathProvider,
IRequestTracing requestTracing,
NancyInternalConfiguration configuration,
IModelBinderLocator modelBinderLocator,
IEnumerable<IResponseProcessor> responseProcessors,
IEnumerable<IRouteSegmentConstraint> routeSegmentConstraints,
ICultureService cultureService,
IRequestTraceFactory requestTraceFactory,
IEnumerable<IRouteMetadataProvider> routeMetadataProviders,
ITextResource textResource)
{
this.diagnosticsConfiguration = diagnosticsConfiguration;
this.diagnosticProviders = diagnosticProviders;
this.rootPathProvider = rootPathProvider;
this.requestTracing = requestTracing;
this.configuration = configuration;
this.modelBinderLocator = modelBinderLocator;
this.responseProcessors = responseProcessors;
this.routeSegmentConstraints = routeSegmentConstraints;
this.cultureService = cultureService;
this.requestTraceFactory = requestTraceFactory;
this.routeMetadataProviders = routeMetadataProviders;
this.textResource = textResource;
}
private static TinyIoCContainer ConfigureContainer(IModuleKeyGenerator moduleKeyGenerator, IEnumerable<IDiagnosticsProvider> providers, IRootPathProvider rootPathProvider, IRequestTracing requestTracing, NancyInternalConfiguration configuration, DiagnosticsConfiguration diagnosticsConfiguration)
{
var diagContainer = new TinyIoCContainer();
diagContainer.Register<IModuleKeyGenerator>(moduleKeyGenerator);
diagContainer.Register<IInteractiveDiagnostics, InteractiveDiagnostics>();
diagContainer.Register<IRequestTracing>(requestTracing);
diagContainer.Register<IRootPathProvider>(rootPathProvider);
diagContainer.Register<NancyInternalConfiguration>(configuration);
diagContainer.Register<IModelBinderLocator, DefaultModelBinderLocator>();
diagContainer.Register<IBinder, DefaultBinder>();
diagContainer.Register<IFieldNameConverter, DefaultFieldNameConverter>();
diagContainer.Register<BindingDefaults, BindingDefaults>();
diagContainer.Register<ISerializer, DefaultJsonSerializer>();
diagContainer.Register<DiagnosticsConfiguration>(diagnosticsConfiguration);
foreach (var diagnosticsProvider in providers)
{
diagContainer.Register<IDiagnosticsProvider>(diagnosticsProvider, diagnosticsProvider.GetType().FullName);
}
foreach (var moduleType in AppDomainAssemblyTypeScanner.TypesOf<DiagnosticModule>().ToArray())
{
diagContainer.Register(typeof(NancyModule), moduleType, moduleKeyGenerator.GetKeyForModuleType(moduleType)).AsMultiInstance();
}
return diagContainer;
}
/// <summary>
/// Initializes a new instance of the <see cref="NancyEngine"/> class.
/// </summary>
/// <param name="dispatcher">An <see cref="IRouteResolver"/> instance that will be used to resolve a route, from the modules, that matches the incoming <see cref="Request"/>.</param>
/// <param name="contextFactory">A factory for creating contexts</param>
/// <param name="statusCodeHandlers">Error handlers</param>
/// <param name="requestTracing">The request tracing instance.</param>
/// <param name="diagnosticsConfiguration"></param>
/// <param name="staticContentProvider">The provider to use for serving static content</param>
public NancyEngine(IRequestDispatcher dispatcher, INancyContextFactory contextFactory, IEnumerable<IStatusCodeHandler> statusCodeHandlers, IRequestTracing requestTracing, DiagnosticsConfiguration diagnosticsConfiguration, IStaticContentProvider staticContentProvider)
{
if (dispatcher == null)
{
throw new ArgumentNullException("dispatcher", "The resolver parameter cannot be null.");
}
if (contextFactory == null)
{
throw new ArgumentNullException("contextFactory");
}
if (statusCodeHandlers == null)
{
throw new ArgumentNullException("statusCodeHandlers");
}
if (requestTracing == null)
{
throw new ArgumentNullException("requestTracing");
}
if (staticContentProvider == null)
{
throw new ArgumentNullException("staticContentProvider");
}
this.dispatcher = dispatcher;
this.contextFactory = contextFactory;
this.statusCodeHandlers = statusCodeHandlers;
this.requestTracing = requestTracing;
this.diagnosticsConfiguration = diagnosticsConfiguration;
this.staticContentProvider = staticContentProvider;
}
public static void Enable(DiagnosticsConfiguration diagnosticsConfiguration, IPipelines pipelines, IEnumerable<IDiagnosticsProvider> providers, IRootPathProvider rootPathProvider, IEnumerable<ISerializer> serializers, IRequestTracing requestTracing, NancyInternalConfiguration configuration, IModelBinderLocator modelBinderLocator, IEnumerable<IResponseProcessor> responseProcessors, ICultureService cultureService)
{
var keyGenerator = new DefaultModuleKeyGenerator();
var diagnosticsModuleCatalog = new DiagnosticsModuleCatalog(keyGenerator, providers, rootPathProvider, requestTracing, configuration, diagnosticsConfiguration);
var diagnosticsRouteCache = new RouteCache(diagnosticsModuleCatalog, keyGenerator, new DefaultNancyContextFactory(cultureService), new DefaultRouteSegmentExtractor(), new DefaultRouteDescriptionProvider(), cultureService);
var diagnosticsRouteResolver = new DefaultRouteResolver(
diagnosticsModuleCatalog,
new DefaultRoutePatternMatcher(),
new DiagnosticsModuleBuilder(rootPathProvider, serializers, modelBinderLocator),
diagnosticsRouteCache,
responseProcessors);
var serializer = new DefaultObjectSerializer();
pipelines.BeforeRequest.AddItemToStartOfPipeline(
new PipelineItem<Func<NancyContext, Response>>(
PipelineKey,
ctx =>
{
if (!ctx.ControlPanelEnabled)
{
return null;
}
if (!ctx.Request.Path.StartsWith(diagnosticsConfiguration.Path, StringComparison.OrdinalIgnoreCase))
{
return null;
}
ctx.Items[ItemsKey] = true;
var resourcePrefix =
string.Concat(diagnosticsConfiguration.Path, "/Resources/");
if (ctx.Request.Path.StartsWith(resourcePrefix, StringComparison.OrdinalIgnoreCase))
{
var resourceNamespace = "Nancy.Diagnostics.Resources";
var path = Path.GetDirectoryName(ctx.Request.Url.Path.Replace(resourcePrefix, string.Empty)) ?? string.Empty;
if (!string.IsNullOrEmpty(path))
{
resourceNamespace += string.Format(".{0}", path.Replace('\\', '.'));
}
return new EmbeddedFileResponse(
typeof(DiagnosticsHook).Assembly,
resourceNamespace,
Path.GetFileName(ctx.Request.Url.Path));
}
RewriteDiagnosticsUrl(diagnosticsConfiguration, ctx);
return diagnosticsConfiguration.Valid
? ExecuteDiagnostics(ctx, diagnosticsRouteResolver, diagnosticsConfiguration, serializer)
: GetDiagnosticsHelpView(ctx);
}));
}
public DiagnosticsApplicationStartup(DiagnosticsConfiguration diagnosticsConfiguration, IEnumerable<IDiagnosticsProvider> diagnosticProviders, IRootPathProvider rootPathProvider, IEnumerable<ISerializer> serializers, IRequestTracing requestTracing, NancyInternalConfiguration configuration, IModelBinderLocator modelBinderLocator)
{
this.diagnosticsConfiguration = diagnosticsConfiguration;
this.diagnosticProviders = diagnosticProviders;
this.rootPathProvider = rootPathProvider;
this.serializers = serializers;
this.requestTracing = requestTracing;
this.configuration = configuration;
this.modelBinderLocator = modelBinderLocator;
}
public void Should_return_info_page_if_password_null()
{
var diagsConfig = new DiagnosticsConfiguration { Password = null, CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(b => b.DiagnosticsConfiguration(diagsConfig));
var browser = new Browser(bootstrapper);
var result = browser.Get("/_Nancy");
Assert.True(result.Body.AsString().Contains("Diagnostics Disabled"));
}
public DefaultDiagnostics(DiagnosticsConfiguration diagnosticsConfiguration, IEnumerable<IDiagnosticsProvider> diagnosticProviders, IRootPathProvider rootPathProvider, IRequestTracing requestTracing, NancyInternalConfiguration configuration, IModelBinderLocator modelBinderLocator, IEnumerable<IResponseProcessor> responseProcessors, ICultureService cultureService)
{
this.diagnosticsConfiguration = diagnosticsConfiguration;
this.diagnosticProviders = diagnosticProviders;
this.rootPathProvider = rootPathProvider;
this.requestTracing = requestTracing;
this.configuration = configuration;
this.modelBinderLocator = modelBinderLocator;
this.responseProcessors = responseProcessors;
this.cultureService = cultureService;
}
public void Should_return_login_page_with_auth_cookie_with_incorrect_password()
{
var diagsConfig = new DiagnosticsConfiguration { Password = "******", CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(b => b.DiagnosticsConfiguration(diagsConfig));
var browser = new Browser(bootstrapper);
var result = browser.Get("/_Nancy", with =>
{
with.Cookie(DiagsCookieName, this.GetSessionCookieValue("wrongPassword"));
});
result.Body["#login"].ShouldExistOnce();
}
public void Should_not_accept_invalid_password()
{
var diagsConfig = new DiagnosticsConfiguration { Password = "******", CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(b => b.DiagnosticsConfiguration(diagsConfig));
var browser = new Browser(bootstrapper);
var result = browser.Post("/_Nancy", with =>
{
with.FormValue("Password", "wrongpassword");
});
result.Body["#login"].ShouldExistOnce();
result.Cookies.Any(c => c.Name == DiagsCookieName && !string.IsNullOrEmpty(c.Value)).ShouldBeFalse();
}
public NancyEngineWithAsyncCancellation(
IRequestDispatcher requestDispatcher,
INancyContextFactory nancyContextFactory,
IEnumerable<IStatusCodeHandler> statusCodeHandlers,
IRequestTracing requestTracing,
DiagnosticsConfiguration diagnosticsConfiguration,
IStaticContentProvider staticContentProvider)
{
this.engine = new NancyEngine(
requestDispatcher,
nancyContextFactory,
statusCodeHandlers,
requestTracing,
diagnosticsConfiguration,
staticContentProvider);
}
public void Should_return_info_page_if_password_null()
{
// Given
var diagsConfig = new DiagnosticsConfiguration { Password = null, CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(with =>{
with.EnableAutoRegistration();
with.DiagnosticsConfiguration(diagsConfig);
});
var browser = new Browser(bootstrapper);
// When
var result = browser.Get("/_Nancy");
// Then
Assert.True(result.Body.AsString().Contains("Diagnostics Disabled"));
}
public void Should_return_login_page_with_no_auth_cookie()
{
// Given
var diagsConfig = new DiagnosticsConfiguration { Password = "******", CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(with =>
{
with.EnableAutoRegistration();
with.DiagnosticsConfiguration(diagsConfig);
with.Diagnostics<DefaultDiagnostics>();
});
var browser = new Browser(bootstrapper);
// When
var result = browser.Get(diagsConfig.Path);
// Then
result.Body["#login"].ShouldExistOnce();
}
public void Should_return_main_page_with_valid_auth_cookie()
{
// Given
var diagsConfig = new DiagnosticsConfiguration { Password = "******", CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(with =>
{
with.EnableAutoRegistration();
with.DiagnosticsConfiguration(diagsConfig);
with.Diagnostics<FakeDiagnostics>();
});
var browser = new Browser(bootstrapper);
// When
var result = browser.Get(diagsConfig.Path + "/interactive/providers/", with =>
{
with.Cookie(DiagsCookieName, this.GetSessionCookieValue("password"));
});
// Then should see our fake provider and not the default testing provider
result.Body.AsString().ShouldContain("Fake testing provider");
result.Body.AsString().ShouldNotContain("Testing Diagnostic Provider");
}
public void Should_use_rolling_expiry_for_auth_cookie()
{
var diagsConfig = new DiagnosticsConfiguration { Password = "******", CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(b => b.DiagnosticsConfiguration(diagsConfig));
var browser = new Browser(bootstrapper);
var expiryDate = DateTime.Now.AddMinutes(5);
var result = browser.Get("/_Nancy", with => with.Cookie(DiagsCookieName, this.GetSessionCookieValue("password", expiryDate)));
result.Cookies.Any(c => c.Name == DiagsCookieName).ShouldBeTrue();
this.DecodeCookie(result.Cookies.First(c => c.Name == DiagsCookieName))
.Expiry.ShouldNotEqual(expiryDate);
}
public void Should_set_login_cookie_when_password_correct()
{
var diagsConfig = new DiagnosticsConfiguration { Password = "******", CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(b => b.DiagnosticsConfiguration(diagsConfig));
var browser = new Browser(bootstrapper);
var result = browser.Post("/_Nancy/", with =>
{
with.FormValue("Password", "password");
});
result.Cookies.Any(c => c.Name == DiagsCookieName).ShouldBeTrue();
string.IsNullOrEmpty(result.Cookies.First(c => c.Name == DiagsCookieName).Value).ShouldBeFalse();
}
public void Should_return_login_page_with_no_auth_cookie()
{
var diagsConfig = new DiagnosticsConfiguration { Password = "******", CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(b => b.DiagnosticsConfiguration(diagsConfig));
var browser = new Browser(bootstrapper);
var result = browser.Get("/_Nancy");
result.Body["#login"].ShouldExistOnce();
}
public DiagnosticsModuleCatalog(IEnumerable <IDiagnosticsProvider> providers, IRootPathProvider rootPathProvider, IRequestTracing requestTracing, NancyInternalConfiguration configuration, DiagnosticsConfiguration diagnosticsConfiguration)
{
this.container = ConfigureContainer(providers, rootPathProvider, requestTracing, configuration, diagnosticsConfiguration);
}
private static void AddUpdateSessionCookie(DiagnosticsSession session, NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
if (context.Response == null)
{
return;
}
session.Expiry = DateTime.Now.AddMinutes(diagnosticsConfiguration.SlidingTimeout);
var serializedSession = serializer.Serialize(session);
var encryptedSession = diagnosticsConfiguration.CryptographyConfiguration.EncryptionProvider.Encrypt(serializedSession);
var hmacBytes = diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.GenerateHmac(encryptedSession);
var hmacString = Convert.ToBase64String(hmacBytes);
var cookie = new NancyCookie(diagnosticsConfiguration.CookieName, String.Format("{1}{0}", encryptedSession, hmacString), true);
context.Response.AddCookie(cookie);
}
private static bool ValidateConfiguration(DiagnosticsConfiguration configuration)
{
return !string.IsNullOrWhiteSpace(configuration.Password) &&
!string.IsNullOrWhiteSpace(configuration.CookieName) &&
!string.IsNullOrWhiteSpace(configuration.Path) &&
configuration.SlidingTimeout != 0;
}
private static bool IsLoginRequest(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration)
{
return(context.Request.Method == "POST" &&
context.Request.Path.TrimEnd(new[] { '/' }) == diagnosticsConfiguration.Path);
}
private static Response ExecuteDiagnostics(NancyContext ctx, IRouteResolver routeResolver, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
var session = GetSession(ctx, diagnosticsConfiguration, serializer);
if (session == null)
{
var view = GetDiagnosticsLoginView(ctx);
view.AddCookie(
new NancyCookie(diagnosticsConfiguration.CookieName, String.Empty, true) { Expires = DateTime.Now.AddDays(-1) });
return view;
}
var resolveResult = routeResolver.Resolve(ctx);
ctx.Parameters = resolveResult.Parameters;
ExecuteRoutePreReq(ctx, CancellationToken, resolveResult.Before);
if (ctx.Response == null)
{
// Don't care about async here, so just get the result
var task = resolveResult.Route.Invoke(resolveResult.Parameters, CancellationToken);
task.Wait();
ctx.Response = task.Result;
}
if (ctx.Request.Method.ToUpperInvariant() == "HEAD")
{
ctx.Response = new HeadResponse(ctx.Response);
}
if (resolveResult.After != null)
{
resolveResult.After.Invoke(ctx, CancellationToken);
}
AddUpdateSessionCookie(session, ctx, diagnosticsConfiguration, serializer);
return ctx.Response;
}
private static Response ExecuteDiagnostics(NancyContext ctx, IRouteResolver routeResolver, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer, INancyEnvironment environment)
{
var session = GetSession(ctx, diagnosticsConfiguration, serializer);
if (session == null)
{
var view = GetDiagnosticsLoginView(ctx, environment);
view.WithCookie(
new NancyCookie(diagnosticsConfiguration.CookieName, string.Empty, true)
{
Expires = DateTime.Now.AddDays(-1)
});
return(view);
}
var resolveResult = routeResolver.Resolve(ctx);
ctx.Parameters = resolveResult.Parameters;
ExecuteRoutePreReq(ctx, CancellationToken, resolveResult.Before);
if (ctx.Response == null)
{
var routeResult = resolveResult.Route.Invoke(resolveResult.Parameters, CancellationToken);
routeResult.Wait();
ctx.Response = (Response)routeResult.Result;
}
if (ctx.Request.Method.Equals("HEAD", StringComparison.OrdinalIgnoreCase))
{
ctx.Response = new HeadResponse(ctx.Response);
}
if (resolveResult.After != null)
{
resolveResult.After.Invoke(ctx, CancellationToken);
}
AddUpdateSessionCookie(session, ctx, diagnosticsConfiguration, serializer);
return(ctx.Response);
}
private static bool IsLoginRequest(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration)
{
return(context.Request.Method.Equals("POST", StringComparison.OrdinalIgnoreCase) &&
context.Request.Url.BasePath.TrimEnd('/').EndsWith(diagnosticsConfiguration.Path) &&
context.Request.Url.Path == "/");
}
public DiagnosticsModuleCatalog(IModuleKeyGenerator keyGenerator, IEnumerable<IDiagnosticsProvider> providers, IRootPathProvider rootPathProvider, IRequestTracing requestTracing, NancyInternalConfiguration configuration, DiagnosticsConfiguration diagnosticsConfiguration)
{
this.container = ConfigureContainer(keyGenerator, providers, rootPathProvider, requestTracing, configuration, diagnosticsConfiguration);
}
public void Should_not_accept_invalid_password()
{
// Given
var diagsConfig = new DiagnosticsConfiguration { Password = "******", CryptographyConfiguration = this.cryptoConfig };
var bootstrapper = new ConfigurableBootstrapper(with =>
{
with.EnableAutoRegistration();
with.DiagnosticsConfiguration(diagsConfig);
with.Diagnostics<DefaultDiagnostics>();
});
var browser = new Browser(bootstrapper);
// When
var result = browser.Post(diagsConfig.Path, with =>
{
with.FormValue("Password", "wrongpassword");
});
// Then
result.Body["#login"].ShouldExistOnce();
result.Cookies.Any(c => c.Name == DiagsCookieName && !string.IsNullOrEmpty(c.Value)).ShouldBeFalse();
}
private static Response ExecuteDiagnostics(NancyContext ctx, IRouteResolver routeResolver, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
var session = GetSession(ctx, diagnosticsConfiguration, serializer);
if (session == null)
{
var view = GetDiagnosticsLoginView(ctx);
view.AddCookie(
new NancyCookie(diagnosticsConfiguration.CookieName, String.Empty, true)
{
Expires = DateTime.Now.AddDays(-1)
});
return(view);
}
var resolveResult = routeResolver.Resolve(ctx);
ctx.Parameters = resolveResult.Parameters;
ExecuteRoutePreReq(ctx, CancellationToken, resolveResult.Before);
if (ctx.Response == null)
{
// Don't care about async here, so just get the result
var task = resolveResult.Route.Invoke(resolveResult.Parameters, CancellationToken);
task.Wait();
ctx.Response = task.Result;
}
if (ctx.Request.Method.ToUpperInvariant() == "HEAD")
{
ctx.Response = new HeadResponse(ctx.Response);
}
if (resolveResult.After != null)
{
resolveResult.After.Invoke(ctx, CancellationToken);
}
AddUpdateSessionCookie(session, ctx, diagnosticsConfiguration, serializer);
return(ctx.Response);
}
private static DiagnosticsSession GetSession(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
if (context.Request == null)
{
return null;
}
if (IsLoginRequest(context, diagnosticsConfiguration))
{
return ProcessLogin(context, diagnosticsConfiguration, serializer);
}
if (!context.Request.Cookies.ContainsKey(diagnosticsConfiguration.CookieName))
{
return null;
}
var encryptedValue = HttpUtility.UrlDecode(context.Request.Cookies[diagnosticsConfiguration.CookieName]);
var hmacStringLength = Base64Helpers.GetBase64Length(diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.HmacLength);
var encryptedSession = encryptedValue.Substring(hmacStringLength);
var hmacString = encryptedValue.Substring(0, hmacStringLength);
var hmacBytes = Convert.FromBase64String(hmacString);
var newHmac = diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.GenerateHmac(encryptedSession);
var hmacValid = HmacComparer.Compare(newHmac, hmacBytes, diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.HmacLength);
if (!hmacValid)
{
return null;
}
var decryptedValue = diagnosticsConfiguration.CryptographyConfiguration.EncryptionProvider.Decrypt(encryptedSession);
var session = serializer.Deserialize(decryptedValue) as DiagnosticsSession;
if (session == null || session.Expiry < DateTime.Now || !SessionPasswordValid(session, diagnosticsConfiguration.Password))
{
return null;
}
return session;
}
private static Response ExecuteDiagnostics(NancyContext ctx, IRouteResolver routeResolver, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
var session = GetSession(ctx, diagnosticsConfiguration, serializer);
ctx.Request.Url.BasePath =
string.Concat(ctx.Request.Url.BasePath, diagnosticsConfiguration.Path);
ctx.Request.Url.Path =
ctx.Request.Url.Path.Substring(diagnosticsConfiguration.Path.Length);
if (ctx.Request.Url.Path.Length.Equals(0))
{
ctx.Request.Url.Path = "/";
}
if (session == null)
{
var view = GetDiagnosticsLoginView(ctx);
view.AddCookie(
new NancyCookie(diagnosticsConfiguration.CookieName, String.Empty, true)
{
Expires = DateTime.Now.AddDays(-1)
});
return(view);
}
var resolveResult = routeResolver.Resolve(ctx);
ctx.Parameters = resolveResult.Item2;
var resolveResultPreReq = resolveResult.Item3;
var resolveResultPostReq = resolveResult.Item4;
ExecuteRoutePreReq(ctx, resolveResultPreReq);
if (ctx.Response == null)
{
ctx.Response = resolveResult.Item1.Invoke(resolveResult.Item2);
}
if (ctx.Request.Method.ToUpperInvariant() == "HEAD")
{
ctx.Response = new HeadResponse(ctx.Response);
}
if (resolveResultPostReq != null)
{
resolveResultPostReq.Invoke(ctx);
}
AddUpdateSessionCookie(session, ctx, diagnosticsConfiguration, serializer);
return(ctx.Response);
}
private static bool IsLoginRequest(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration)
{
return context.Request.Method == "POST" &&
context.Request.Url.BasePath.TrimEnd(new[] { '/' }).EndsWith(diagnosticsConfiguration.Path) &&
context.Request.Url.Path == "/";
}
private static bool IsLoginRequest(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration)
{
return context.Request.Method.Equals("POST", StringComparison.OrdinalIgnoreCase) &&
context.Request.Url.BasePath.TrimEnd(new[] { '/' }).EndsWith(diagnosticsConfiguration.Path) &&
context.Request.Url.Path == "/";
}
public static void Enable(
DiagnosticsConfiguration diagnosticsConfiguration,
IPipelines pipelines,
IEnumerable <IDiagnosticsProvider> providers,
IRootPathProvider rootPathProvider,
IRequestTracing requestTracing,
NancyInternalConfiguration configuration,
IModelBinderLocator modelBinderLocator,
IEnumerable <IResponseProcessor> responseProcessors,
IEnumerable <IRouteSegmentConstraint> routeSegmentConstraints,
ICultureService cultureService,
IRequestTraceFactory requestTraceFactory,
IEnumerable <IRouteMetadataProvider> routeMetadataProviders)
{
var diagnosticsModuleCatalog = new DiagnosticsModuleCatalog(providers, rootPathProvider, requestTracing, configuration, diagnosticsConfiguration);
var diagnosticsRouteCache = new RouteCache(diagnosticsModuleCatalog, new DefaultNancyContextFactory(cultureService, requestTraceFactory), new DefaultRouteSegmentExtractor(), new DefaultRouteDescriptionProvider(), cultureService, routeMetadataProviders);
var diagnosticsRouteResolver = new DefaultRouteResolver(
diagnosticsModuleCatalog,
new DiagnosticsModuleBuilder(rootPathProvider, modelBinderLocator),
diagnosticsRouteCache,
new RouteResolverTrie(new TrieNodeFactory(routeSegmentConstraints)));
var serializer = new DefaultObjectSerializer();
pipelines.BeforeRequest.AddItemToStartOfPipeline(
new PipelineItem <Func <NancyContext, Response> >(
PipelineKey,
ctx =>
{
if (!ctx.ControlPanelEnabled)
{
return(null);
}
if (!ctx.Request.Path.StartsWith(diagnosticsConfiguration.Path, StringComparison.OrdinalIgnoreCase))
{
return(null);
}
ctx.Items[ItemsKey] = true;
var resourcePrefix =
string.Concat(diagnosticsConfiguration.Path, "/Resources/");
if (ctx.Request.Path.StartsWith(resourcePrefix, StringComparison.OrdinalIgnoreCase))
{
var resourceNamespace = "Nancy.Diagnostics.Resources";
var path = Path.GetDirectoryName(ctx.Request.Url.Path.Replace(resourcePrefix, string.Empty)) ?? string.Empty;
if (!string.IsNullOrEmpty(path))
{
resourceNamespace += string.Format(".{0}", path.Replace(Path.DirectorySeparatorChar, '.'));
}
return(new EmbeddedFileResponse(
typeof(DiagnosticsHook).Assembly,
resourceNamespace,
Path.GetFileName(ctx.Request.Url.Path)));
}
RewriteDiagnosticsUrl(diagnosticsConfiguration, ctx);
return(diagnosticsConfiguration.Valid
? ExecuteDiagnostics(ctx, diagnosticsRouteResolver, diagnosticsConfiguration, serializer)
: GetDiagnosticsHelpView(ctx));
}));
}
private static Response ExecuteDiagnostics(NancyContext ctx, IRouteResolver routeResolver, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
var session = GetSession(ctx, diagnosticsConfiguration, serializer);
if (session == null)
{
var view = GetDiagnosticsLoginView(ctx);
view.AddCookie(
new NancyCookie(DiagsCookieName, String.Empty, true) { Expires = DateTime.Now.AddDays(-1) });
return view;
}
// TODO - duplicate the context and strip out the "_/Nancy" bit so we don't need to use it in the module
var resolveResult = routeResolver.Resolve(ctx);
ctx.Parameters = resolveResult.Item2;
var resolveResultPreReq = resolveResult.Item3;
var resolveResultPostReq = resolveResult.Item4;
ExecuteRoutePreReq(ctx, resolveResultPreReq);
if (ctx.Response == null)
{
ctx.Response = resolveResult.Item1.Invoke(resolveResult.Item2);
}
if (ctx.Request.Method.ToUpperInvariant() == "HEAD")
{
ctx.Response = new HeadResponse(ctx.Response);
}
if (resolveResultPostReq != null)
{
resolveResultPostReq.Invoke(ctx);
}
AddUpdateSessionCookie(session, ctx, diagnosticsConfiguration, serializer);
// If we duplicate the context this makes more sense :)
return ctx.Response;
}
private static bool IsLoginRequest(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration)
{
return(context.Request.Method == "POST" &&
context.Request.Url.BasePath.TrimEnd(new[] { '/' }).EndsWith(diagnosticsConfiguration.Path) &&
context.Request.Url.Path == "/");
}
private static void AddUpdateSessionCookie(DiagnosticsSession session, NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
if (context.Response == null)
{
return;
}
session.Expiry = DateTime.Now.AddMinutes(diagnosticsConfiguration.SlidingTimeout);
var serializedSession = serializer.Serialize(session);
var encryptedSession = diagnosticsConfiguration.CryptographyConfiguration.EncryptionProvider.Encrypt(serializedSession);
var hmacBytes = diagnosticsConfiguration.CryptographyConfiguration.HmacProvider.GenerateHmac(encryptedSession);
var hmacString = Convert.ToBase64String(hmacBytes);
var cookie = new NancyCookie(diagnosticsConfiguration.CookieName, String.Format("{1}{0}", encryptedSession, hmacString), true);
context.Response.AddCookie(cookie);
}
private static TinyIoCContainer ConfigureContainer(IEnumerable <IDiagnosticsProvider> providers, IRootPathProvider rootPathProvider, IRequestTracing requestTracing, NancyInternalConfiguration configuration, DiagnosticsConfiguration diagnosticsConfiguration)
{
var diagContainer = new TinyIoCContainer();
diagContainer.Register <IInteractiveDiagnostics, InteractiveDiagnostics>();
diagContainer.Register <IRequestTracing>(requestTracing);
diagContainer.Register <IRootPathProvider>(rootPathProvider);
diagContainer.Register <NancyInternalConfiguration>(configuration);
diagContainer.Register <IModelBinderLocator, DefaultModelBinderLocator>();
diagContainer.Register <IBinder, DefaultBinder>();
diagContainer.Register <IFieldNameConverter, DefaultFieldNameConverter>();
diagContainer.Register <BindingDefaults, BindingDefaults>();
diagContainer.Register <ISerializer>(new DefaultJsonSerializer {
RetainCasing = false
});
diagContainer.Register <DiagnosticsConfiguration>(diagnosticsConfiguration);
foreach (var diagnosticsProvider in providers)
{
diagContainer.Register <IDiagnosticsProvider>(diagnosticsProvider, diagnosticsProvider.GetType().FullName);
}
foreach (var moduleType in AppDomainAssemblyTypeScanner.TypesOf <DiagnosticModule>().ToArray())
{
diagContainer.Register(typeof(INancyModule), moduleType, moduleType.FullName).AsMultiInstance();
}
return(diagContainer);
}
private static DiagnosticsSession ProcessLogin(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
string password = context.Request.Form.Password;
if (!string.Equals(password, diagnosticsConfiguration.Password, StringComparison.Ordinal))
{
return null;
}
var salt = DiagnosticsSession.GenerateRandomSalt();
var hash = DiagnosticsSession.GenerateSaltedHash(password, salt);
var session = new DiagnosticsSession
{
Hash = hash,
Salt = salt,
Expiry = DateTime.Now.AddMinutes(diagnosticsConfiguration.SlidingTimeout)
};
return session;
}
private static Response ExecuteDiagnostics(NancyContext ctx, IRouteResolver routeResolver, DiagnosticsConfiguration diagnosticsConfiguration, DefaultObjectSerializer serializer)
{
var session = GetSession(ctx, diagnosticsConfiguration, serializer);
ctx.Request.Url.BasePath =
string.Concat(ctx.Request.Url.BasePath, diagnosticsConfiguration.Path);
ctx.Request.Url.Path =
ctx.Request.Url.Path.Substring(diagnosticsConfiguration.Path.Length);
if (ctx.Request.Url.Path.Length.Equals(0))
{
ctx.Request.Url.Path = "/";
}
if (session == null)
{
var view = GetDiagnosticsLoginView(ctx);
view.AddCookie(
new NancyCookie(diagnosticsConfiguration.CookieName, String.Empty, true) { Expires = DateTime.Now.AddDays(-1) });
return view;
}
var resolveResult = routeResolver.Resolve(ctx);
ctx.Parameters = resolveResult.Item2;
var resolveResultPreReq = resolveResult.Item3;
var resolveResultPostReq = resolveResult.Item4;
ExecuteRoutePreReq(ctx, resolveResultPreReq);
if (ctx.Response == null)
{
ctx.Response = resolveResult.Item1.Invoke(resolveResult.Item2);
}
if (ctx.Request.Method.ToUpperInvariant() == "HEAD")
{
ctx.Response = new HeadResponse(ctx.Response);
}
if (resolveResultPostReq != null)
{
resolveResultPostReq.Invoke(ctx);
}
AddUpdateSessionCookie(session, ctx, diagnosticsConfiguration, serializer);
return ctx.Response;
}
private static void RewriteDiagnosticsUrl(DiagnosticsConfiguration diagnosticsConfiguration, NancyContext ctx)
{
ctx.Request.Url.BasePath =
string.Concat(ctx.Request.Url.BasePath, diagnosticsConfiguration.Path);
ctx.Request.Url.Path =
ctx.Request.Url.Path.Substring(diagnosticsConfiguration.Path.Length);
if (ctx.Request.Url.Path.Length.Equals(0))
{
ctx.Request.Url.Path = "/";
}
}
private static bool IsLoginRequest(NancyContext context, DiagnosticsConfiguration diagnosticsConfiguration)
{
return context.Request.Method == "POST" &&
context.Request.Path.TrimEnd(new[] { '/' }) == diagnosticsConfiguration.Path;
}
