public HttpResponseMessage Create(string name, string ip)
{
IPSpec ipSpec = null;
try
{
ipSpec = IPSpecManager.Create(name, ip);
}
catch (IPSpecExistsException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.Conflict, ex.Message));
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex));
}
return(Request.CreateResponse(HttpStatusCode.Created, ipSpec));
}
public HttpResponseMessage Delete(int id)
{
IPSpec ipSpec = IPSpecManager.GetById(id);
if (ipSpec == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "IP spec not found."));
}
try
{
IPSpecManager.Delete(ipSpec);
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "Failed to delete IP spec."));
}
return(Request.CreateResponse(HttpStatusCode.NoContent));
}
public HttpResponseMessage Create(string ip)
{
IPSpec ipSpec = IPSpecManager.Create(ip);
return(Request.CreateResponse(HttpStatusCode.Created, ipSpec));
}
public HttpResponseMessage GetAll()
{
List <IPSpec> ipSpecs = IPSpecManager.GetAll().ToList();
return(Request.CreateResponse(HttpStatusCode.OK, ipSpecs));
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
bool authenticated = false;
string message = "Access denied.";
string forwardingAddress = null;
string clientIpAddress = null;
try
{
// There is a strong possibility that this is not the ip address of the machine
// that sent the request. Being behind a load balancer with transparancy switched
// off or being served through CloudFlare will both affect this value.
clientIpAddress = HttpContext.Current.Request.UserHostAddress;
// We need to get the X-Forwarded-For header from the request, if this is set we
// should use it instead of the ip address from the request.
string forwardedFor = HttpContext.Current.Request.Headers.Get("X-Forwarded-For");
// Forwarded for set?
if (forwardedFor != null)
{
forwardingAddress = clientIpAddress;
clientIpAddress = forwardedFor;
}
// Got the ip address?
if (!string.IsNullOrEmpty(clientIpAddress))
{
// Is it whitelisted or localhost?
if (IPSpecManager.IsWhitelisted(clientIpAddress) || clientIpAddress.Equals("127.0.0.1"))
{
authenticated = true;
}
}
}
catch (Exception ex)
{
// Set appropriate message.
message = "An error occurred while trying to authenticate this request.";
EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex);
}
// If authentication failure occurs, return a response without carrying on executing actions.
if (!authenticated)
{
string log = string.Format("Whitelist check failed for IP address: {0}.", clientIpAddress);
// Was it forwarded?
if (forwardingAddress != null)
{
log = string.Format("Whitelist check failed for IP address: {0}, forwarded by: {1}.", clientIpAddress, forwardingAddress);
}
EventLogManager.Log("AUTH_BAD_IPADDRESS", EventLogSeverity.Warning, log);
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message);
}
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
// Get whitelist state.
bool whitelistDisabled;
try
{
// Attempt to retrieve disabled state.
whitelistDisabled = SettingManager.GetSetting("WHITELIST", "STATE").Value.ToLower() == "false";
}
catch (SettingNotFoundException ex)
{
// Setting not set, default to off.
whitelistDisabled = true;
}
// Get api user.
string apiKey = actionContext.Request.GetApiKey();
APIUser apiUser = APIUserManager.GetByAPIKey(apiKey);
// Is the whitelist disabled or does the api user have permission to
// bypass it?
if (whitelistDisabled || (apiUser != null && apiUser.BypassIPWhitelist))
{
// No need to perform whitelisting checks, return early.
return;
}
bool authenticated = false;
string message = "Access denied.";
string forwardingAddress = null;
string clientIpAddress = null;
try
{
// There is a strong possibility that this is not the ip address of the machine
// that sent the request. Being behind a load balancer with transparancy switched
// off or being served through CloudFlare will both affect this value.
clientIpAddress = HttpContext.Current.Request.UserHostAddress;
// We need to get the X-Forwarded-For header from the request, if this is set we
// should use it instead of the ip address from the request.
string forwardedFor = HttpContext.Current.Request.Headers.Get("X-Forwarded-For");
// Forwarded for set?
if (forwardedFor != null)
{
forwardingAddress = clientIpAddress;
clientIpAddress = forwardedFor;
}
// Got the ip address?
if (!string.IsNullOrEmpty(clientIpAddress))
{
// Is it whitelisted or localhost?
if (IPSpecManager.IsWhitelisted(clientIpAddress) || clientIpAddress.Equals("127.0.0.1"))
{
authenticated = true;
}
}
}
catch (Exception ex)
{
// Set appropriate message.
message = "An error occurred while trying to authenticate this request.";
EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex);
}
// If authentication failure occurs, return a response without carrying on executing actions.
if (!authenticated)
{
string log = string.Format("Whitelist check failed for IP address: {0}.", clientIpAddress);
// Was it forwarded?
if (forwardingAddress != null)
{
log = string.Format("Whitelist check failed for IP address: {0}, forwarded by: {1}.", clientIpAddress, forwardingAddress);
}
EventLogManager.Log("AUTH_BAD_IPADDRESS", EventLogSeverity.Warning, log);
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message);
}
}
