internal Endpoint(Method method, Route route, AsyncRequestHandler handler)
{
Method = method;
Route = route;
Handler = handler;
toString = $"Endpoint({Method}:{Route.PathTemplate})";
}
public static Endpoint ApplyResponseFilter(this Endpoint ep, Func <IHttpRequest, HttpResponse, HttpResponse> filter)
{
AsyncRequestHandler filteredHandler = async req => {
var originalResp = await ep.Handler(req).ConfigureAwait(false);
var filteredResp = filter(req, originalResp);
return(filteredResp);
};
return(new Endpoint(ep.Method, ep.Route, filteredHandler));
}
private Hashtable HandleHttpStartSession(Hashtable request)
{
DoExpire();
Hashtable post = DecodePostString(request["body"].ToString());
Hashtable reply = new Hashtable();
reply["str_response_string"] = "";
reply["int_response_code"] = 401;
reply["content_type"] = "text/plain";
string username = post["USER"].ToString();
string password = post["PASS"].ToString();
// Validate the username/password pair
if (Util.AuthenticateAsSystemUser(username, password) == false)
{
return(reply);
}
ConsoleConnection c = new ConsoleConnection();
c.last = System.Environment.TickCount;
c.lastLineSeen = 0;
UUID sessionID = UUID.Random();
lock (m_Connections)
{
m_Connections[sessionID] = c;
}
string uri = "/ReadResponses/" + sessionID.ToString() + "/";
IRequestHandler handler = new AsyncRequestHandler("POST", uri, AsyncReadResponses);
m_Server.AddStreamHandler(handler);
XmlDocument xmldoc = new XmlDocument();
XmlNode xmlnode = xmldoc.CreateNode(XmlNodeType.XmlDeclaration, "", "");
xmldoc.AppendChild(xmlnode);
XmlElement rootElement = xmldoc.CreateElement("", "ConsoleSession", "");
xmldoc.AppendChild(rootElement);
XmlElement id = xmldoc.CreateElement("", "SessionID", "");
id.AppendChild(xmldoc.CreateTextNode(sessionID.ToString()));
rootElement.AppendChild(id);
XmlElement prompt = xmldoc.CreateElement("", "Prompt", "");
prompt.AppendChild(xmldoc.CreateTextNode(DefaultPrompt));
rootElement.AppendChild(prompt);
rootElement.AppendChild(MainConsole.Instance.Commands.GetXml(xmldoc));
reply["str_response_string"] = xmldoc.InnerXml;
reply["int_response_code"] = 200;
reply["content_type"] = "text/xml";
reply = CheckOrigin(reply);
return(reply);
}
public Server(AsyncRequestHandler <HttpListenerRequest, View> handler)
{
_httpListener = new HttpListener();
_handler = handler;
}
private Hashtable HandleHttpStartSession(Hashtable request)
{
DoExpire();
Hashtable post = DecodePostString(request["body"].ToString());
Hashtable reply = new Hashtable();
reply["str_response_string"] = String.Empty;
reply["int_response_code"] = 401;
reply["content_type"] = "text/plain";
var headers = (Hashtable)request["headers"];
if (headers.ContainsKey("Authorization"))
{
var authHeader = headers["Authorization"].ToString();
if (!authHeader.StartsWith("Bearer ", StringComparison.InvariantCultureIgnoreCase))
{
m_log.Warn($"[REMOTECONSOLE] StartSession JWT Authorization header format failure from '{headers["remote_addr"]}'.");
return(reply);
}
try
{
var token = new JWToken(authHeader.Substring(7), m_sigUtil);
// TODO: Make the scope strings come from some central list that can be registered into?
if (!(token.HasValidSignature && token.IsNotExpired && token.Payload.Scope == "remote-console"))
{
m_log.Warn($"[REMOTECONSOLE] StartSession invalid/expired/wrong scope JWToken from '{headers["remote_addr"]}'.");
return(reply);
}
m_log.Info($"[REMOTECONSOLE] StartSession access granted via JWT to '{token.Payload.Username}' from '{headers["remote_addr"]}'.");
}
catch (JWTokenException jte)
{
m_log.Error($"[REMOTECONSOLE] Failure with JWToken in StartSession from '{headers["remote_addr"]}': {jte}");
return(reply);
}
}
else if (request.ContainsKey("USER") && request.ContainsKey("PASS"))
{
string username = post["USER"].ToString();
string password = post["PASS"].ToString();
// Validate the username/password pair
if (Util.AuthenticateAsSystemUser(username, password) == false)
{
return(reply);
}
m_log.Warn($"[REMOTECONSOLE] StartSession access granted via legacy system username and password to '{username}' from '{headers["remote_addr"]}'.");
}
else
{
return(reply);
}
ConsoleConnection c = new ConsoleConnection();
c.last = System.Environment.TickCount;
c.lastLineSeen = 0;
UUID sessionID = UUID.Random();
lock (m_Connections)
{
m_Connections[sessionID] = c;
}
string uri = "/ReadResponses/" + sessionID.ToString() + "/";
IRequestHandler handler = new AsyncRequestHandler("POST", uri, AsyncReadResponses);
m_Server.AddStreamHandler(handler);
XmlDocument xmldoc = new XmlDocument();
XmlNode xmlnode = xmldoc.CreateNode(XmlNodeType.XmlDeclaration, String.Empty, String.Empty);
xmldoc.AppendChild(xmlnode);
XmlElement rootElement = xmldoc.CreateElement(String.Empty, "ConsoleSession", String.Empty);
xmldoc.AppendChild(rootElement);
XmlElement id = xmldoc.CreateElement(String.Empty, "SessionID", String.Empty);
id.AppendChild(xmldoc.CreateTextNode(sessionID.ToString()));
rootElement.AppendChild(id);
XmlElement prompt = xmldoc.CreateElement(String.Empty, "Prompt", String.Empty);
prompt.AppendChild(xmldoc.CreateTextNode(DefaultPrompt));
rootElement.AppendChild(prompt);
rootElement.AppendChild(MainConsole.Instance.Commands.GetXml(xmldoc));
reply["str_response_string"] = xmldoc.InnerXml;
reply["int_response_code"] = 200;
reply["content_type"] = "text/xml";
reply = CheckOrigin(reply);
return(reply);
}
