Example #1
0
    public static void Start(IApplicationBuilder app, Func <AuthTokenConfigurationEmbedded> tokenConfig, string hashableEncryptionKey)
    {
        SignumControllerFactory.RegisterArea(MethodInfo.GetCurrentMethod());

        AuthTokenServer.Start(tokenConfig, hashableEncryptionKey);

        ReflectionServer.GetContext = () => new
        {
            Culture = ReflectionServer.GetCurrentValidCulture(),
            Role    = UserEntity.Current == null ? null : RoleEntity.Current,
        };

        AuthLogic.OnRulesChanged += ReflectionServer.InvalidateCache;

        if (TypeAuthLogic.IsStarted)
        {
            ReflectionServer.TypeExtension += (ti, t) =>
            {
                if (typeof(Entity).IsAssignableFrom(t))
                {
                    if (UserEntity.Current == null)
                    {
                        return(null);
                    }

                    var ta = TypeAuthLogic.GetAllowed(t);

                    if (ta.MaxUI() == TypeAllowedBasic.None)
                    {
                        return(null);
                    }

                    ti.Extension.Add("maxTypeAllowed", ta.MaxUI());
                    ti.Extension.Add("minTypeAllowed", ta.MinUI());
                    ti.RequiresEntityPack |= ta.Conditions.Any();

                    return(ti);
                }
                else
                {
                    if (t.HasAttribute <AllowUnathenticatedAttribute>())
                    {
                        return(ti);
                    }

                    if (UserEntity.Current == null)
                    {
                        return(null);
                    }

                    if (!AuthServer.IsNamespaceAllowed(t))
                    {
                        return(null);
                    }

                    return(ti);
                }
            };


            EntityPackTS.AddExtension += ep =>
            {
                var typeAllowed =
                    UserEntity.Current == null ? TypeAllowedBasic.None :
                    ep.entity.IsNew ? TypeAuthLogic.GetAllowed(ep.entity.GetType()).MaxUI() :
                    TypeAuthLogic.IsAllowedFor(ep.entity, TypeAllowedBasic.Write, true) ? TypeAllowedBasic.Write :
                    TypeAuthLogic.IsAllowedFor(ep.entity, TypeAllowedBasic.Read, true) ? TypeAllowedBasic.Read :
                    TypeAllowedBasic.None;

                ep.extension.Add("typeAllowed", typeAllowed);
            };

            OperationController.AnyReadonly += (Lite <Entity>[] lites) =>
            {
                return(lites.GroupBy(ap => ap.EntityType).Any(gr =>
                {
                    var ta = TypeAuthLogic.GetAllowed(gr.Key);

                    if (ta.Min(inUserInterface: true) == TypeAllowedBasic.Write)
                    {
                        return false;
                    }

                    if (ta.Max(inUserInterface: true) <= TypeAllowedBasic.Read)
                    {
                        return true;
                    }

                    return giCountReadonly.GetInvoker(gr.Key)() > 0;
                }));
            };
        }

        if (QueryAuthLogic.IsStarted)
        {
            ReflectionServer.TypeExtension += (ti, t) =>
            {
                if (ti.QueryDefined)
                {
                    var allowed = UserEntity.Current == null ? QueryAllowed.None : QueryAuthLogic.GetQueryAllowed(t);
                    if (allowed == QueryAllowed.None)
                    {
                        ti.QueryDefined = false;
                    }

                    ti.Extension.Add("queryAllowed", allowed);
                }

                return(ti);
            };

            ReflectionServer.FieldInfoExtension += (mi, fi) =>
            {
                if (fi.DeclaringType !.Name.EndsWith("Query"))
                {
                    var allowed = UserEntity.Current == null ? QueryAllowed.None : QueryAuthLogic.GetQueryAllowed(fi.GetValue(null) !);

                    if (allowed == QueryAllowed.None)
                    {
                        return(null);
                    }

                    mi.Extension.Add("queryAllowed", allowed);
                }
                return(mi);
            };
        }

        if (PropertyAuthLogic.IsStarted)
        {
            ReflectionServer.PropertyRouteExtension += (mi, pr) =>
            {
                var allowed = UserEntity.Current == null?pr.GetAllowUnathenticated() : pr.GetPropertyAllowed();

                if (allowed == PropertyAllowed.None)
                {
                    return(null);
                }

                mi.Extension.Add("propertyAllowed", allowed);
                return(mi);
            };

            SignumServer.WebEntityJsonConverterFactory.CanReadPropertyRoute += (pr, mod) =>
            {
                var allowed = UserEntity.Current == null?pr.GetAllowUnathenticated() : pr.GetPropertyAllowed();

                return(allowed == PropertyAllowed.None ? "Not allowed" : null);
            };

            SignumServer.WebEntityJsonConverterFactory.CanWritePropertyRoute += (pr, mod) =>
            {
                var allowed = UserEntity.Current == null?pr.GetAllowUnathenticated() : pr.GetPropertyAllowed();

                return(allowed == PropertyAllowed.Write ? null : "Not allowed to write property: " + pr.ToString());
            };
        }

        if (OperationAuthLogic.IsStarted)
        {
            ReflectionServer.OperationExtension += (oits, oi, type) =>
            {
                var allowed = UserEntity.Current == null ? false :
                              OperationAuthLogic.GetOperationAllowed(oi.OperationSymbol, type, inUserInterface: true);

                if (!allowed)
                {
                    return(null);
                }

                return(oits);
            };
        }

        if (PermissionAuthLogic.IsStarted)
        {
            ReflectionServer.FieldInfoExtension += (mi, fi) =>
            {
                if (fi.FieldType == typeof(PermissionSymbol))
                {
                    var allowed = UserEntity.Current == null ? false :
                                  PermissionAuthLogic.IsAuthorized((PermissionSymbol)fi.GetValue(null) !);

                    if (allowed == false)
                    {
                        return(null);
                    }
                }

                return(mi);
            };
        }

        var piPasswordHash = ReflectionTools.GetPropertyInfo((UserEntity e) => e.PasswordHash);
        var pcs            = SignumServer.WebEntityJsonConverterFactory.GetPropertyConverters(typeof(UserEntity));

        pcs.GetOrThrow("passwordHash").CustomWriteJsonProperty = (writer, ctx) => { };
        pcs.Add("newPassword", new PropertyConverter
        {
            AvoidValidate           = true,
            CustomWriteJsonProperty = (Utf8JsonWriter writer, WriteJsonPropertyContext ctx) => { },
            CustomReadJsonProperty  = (ref Utf8JsonReader reader, ReadJsonPropertyContext ctx) =>
            {
                SignumServer.WebEntityJsonConverterFactory.AssertCanWrite(ctx.ParentPropertyRoute.Add(piPasswordHash), ctx.Entity);

                var password = reader.GetString();

                if (password == null)
                {
                    ((UserEntity)ctx.Entity).PasswordHash = null;
                }
                else
                {
                    var error = UserEntity.OnValidatePassword(password);
                    if (error != null)
                    {
                        throw new ApplicationException(error);
                    }

                    ((UserEntity)ctx.Entity).PasswordHash = Security.EncodePassword(password);
                }
            }
        });

        if (TypeAuthLogic.IsStarted)
        {
            Omnibox.OmniboxServer.IsNavigable += type => TypeAuthLogic.GetAllowed(type).MaxUI() >= TypeAllowedBasic.Read;
        }

        if (SessionLogLogic.IsStarted)
        {
            AuthServer.UserLogged += (ActionContext ac, UserEntity user) =>
            {
                Microsoft.AspNetCore.Http.HttpRequest re = ac.HttpContext.Request;
                SessionLogLogic.SessionStart(
                    re.Host.ToString(),
                    re.Headers["User-Agent"].FirstOrDefault());
            }
        }
        ;

        SchemaMap.GetColorProviders += GetMapColors;
    }