private bool _ValidCall(Type t, MethodInfo method, ISecureSession session, IModel model, string url, Hashtable parameters)
{
List <ASecurityCheck> checks = new List <ASecurityCheck>();
lock (_typeChecks)
{
if (_typeChecks.ContainsKey(t))
{
checks.AddRange(_typeChecks[t]);
}
}
if (method != null)
{
lock (_methodChecks)
{
if (_methodChecks.ContainsKey(t))
{
if (_methodChecks[t].ContainsKey(method))
{
checks.AddRange(_methodChecks[t][method]);
}
}
}
}
foreach (ASecurityCheck asc in checks)
{
if (!asc.HasValidAccess(session, model, url, parameters))
{
return(false);
}
}
return(true);
}
internal static void LocateMethod(Hashtable formData, List <MethodInfo> methods, ISecureSession session, out MethodInfo method, out object[] pars)
{
method = null;
pars = null;
int idx = -1;
if (formData == null || formData.Count == 0)
{
foreach (MethodInfo mi in methods)
{
if (mi.GetParameters().Length == 0 ||
UsesSecureSession(mi, out idx))
{
method = mi;
pars = (idx == -1 ? new object[] { } : new object[] { session });
return;
}
}
}
else
{
foreach (MethodInfo m in methods)
{
bool useSession = UsesSecureSession(m, out idx);
if (m.GetParameters().Length == formData.Count ||
(useSession && m.GetParameters().Length == formData.Count + 1))
{
pars = new object[formData.Count + (useSession ? 1 : 0)];
bool isMethod = true;
int index = 0;
foreach (ParameterInfo pi in m.GetParameters())
{
if (index == idx)
{
pars[idx] = session;
index++;
}
else
{
if (formData.ContainsKey(pi.Name))
{
pars[index] = _ConvertObjectToType(formData[pi.Name], pi.ParameterType);
}
else
{
isMethod = false;
break;
}
index++;
}
}
if (isMethod)
{
method = m;
return;
}
}
}
}
}
public static List <mPerson> Search(string q, ISecureSession session, int pageStartIndex, int pageSize, out int totalPages)
{
System.Diagnostics.Debug.WriteLine(((SessionManager)session).Start);
List <mPerson> ret = new List <mPerson>();
totalPages = 0;
if (q != null)
{
q = q.ToLower();
List <mPerson> matches = new List <mPerson>();
for (int x = 0; x < _persons.Count; x++)
{
if (_persons[x].FirstName.ToLower().Contains(q) ||
_persons[x].LastName.ToLower().Contains(q))
{
matches.Add(_persons[x]);
}
}
totalPages = (int)Math.Ceiling((decimal)matches.Count / (decimal)pageSize);
for (int x = 0; x < pageSize; x++)
{
if (pageStartIndex + x >= matches.Count)
{
break;
}
ret.Add(matches[pageStartIndex + x]);
}
}
return(ret);
}
public TemplatePostHandler(
IRepository<Template> templates,
ISecureSession<Token> secureSession)
{
_templates = templates;
_secureSession = secureSession;
}
public SchedulePostHandler(
IRepository<ScheduleFile> schedules,
ISecureSession<Token> secureSession)
{
_schedules = schedules;
_secureSession = secureSession;
}
private static void PrepareTargetFolder(Deployment settings, ISecureSession userAndPasswordSecureSession)
{
if (settings.CleanDeploymentDestination && userAndPasswordSecureSession.Sftp.Exists(settings.Settings.DestinationPath))
{
Log.Verbose("The destination folder already exists. We are going to delete it.");
userAndPasswordSecureSession.Ssh.DeleteExisting(settings.Settings.DestinationPath);
}
}
public void Dispose()
{
if (session != null)
{
session.Dispose();
session = null;
}
}
public IndexGetHandler(
ISecureSession<Token> secureSession,
DashboardGetHandler dashboard,
ISystemInfo systemInfo)
{
_secureSession = secureSession;
_dashboard = dashboard;
_systemInfo = systemInfo;
}
public AuthorizationBehavior(
IOutputWriter writer,
IActionBehavior actionBehavior,
ISecureSession<Token> secureSession)
{
_writer = writer;
_actionBehavior = actionBehavior;
_secureSession = secureSession;
}
private static Task SyncFiles(DirectoryInfo source, Deployment settings,
ISecureSession userAndPasswordSecureSession)
{
Log.Information("Deploying files...");
PrepareTargetFolder(settings, userAndPasswordSecureSession);
var synchronizer = new SshFolderSynchronizer(userAndPasswordSecureSession.Sftp);
return(synchronizer.Sync(source, settings.Settings.DestinationPath));
}
public DashboardGetHandler(
ISecureSession<Token> secureSession,
ISystemInfo systemInfo,
IRepository<ScheduleFile> schedules,
IRepository<Batch> batches)
{
_secureSession = secureSession;
_systemInfo = systemInfo;
_schedules = schedules;
_batches = batches;
}
public AjaxAuthorizationBehavior(
IOutputWriter writer,
IActionBehavior actionBehavior,
ISecureSession<Token> secureSession,
IWebServer webServer)
{
_writer = writer;
_actionBehavior = actionBehavior;
_secureSession = secureSession;
_webServer = webServer;
}
public static mPerson Load(string id, ISecureSession session)
{
System.Diagnostics.Debug.WriteLine(((SessionManager)session).Start);
mPerson ret = null;
foreach (mPerson per in _persons)
{
if (id == per.id)
{
ret = per;
break;
}
}
return(ret);
}
public bool Delete(ISecureSession session)
{
System.Diagnostics.Debug.WriteLine(((SessionManager)session).Start);
bool ret = false;
for (int x = 0; x < _persons.Count; x++)
{
if (_persons[x].id == this.id)
{
_persons.RemoveAt(x);
ret = true;
break;
}
}
return(ret);
}
public async Task ProcessRequest(HttpContext context, ISecureSession session)
{
string url = Utility.CleanURL(Utility.BuildURL(context));
RequestMethods method = (RequestMethods)Enum.Parse(typeof(RequestMethods), context.Request.Method.ToUpper());
string formData = new StreamReader(context.Request.Body).ReadToEnd();
bool found = false;
foreach (IRequestHandler handler in _Handlers)
{
if (handler.HandlesRequest(url, method))
{
found = true;
try
{
await handler.HandleRequest(url, method, formData, context, session, new IsValidCall(_ValidCall));
}
catch (CallNotFoundException cnfe)
{
context.Response.ContentType = "text/text";
context.Response.StatusCode = 400;
await context.Response.WriteAsync(cnfe.Message);
}
catch (InsecureAccessException iae)
{
context.Response.ContentType = "text/text";
context.Response.StatusCode = 403;
await context.Response.WriteAsync(iae.Message);
}
catch (Exception e)
{
context.Response.ContentType = "text/text";
context.Response.StatusCode = 500;
await context.Response.WriteAsync("Error");
}
}
}
if (!found)
{
context.Response.ContentType = "text/text";
context.Response.StatusCode = 404;
await context.Response.WriteAsync("Not Found");
}
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, Hashtable formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
if (!securityCheck.Invoke(_method.DeclaringType, _method, session, null, url, formData))
{
throw new InsecureAccessException();
}
context.Response.ContentType = "text/json";
context.Response.StatusCode = 200;
ParameterInfo[] pars = _method.GetParameters();
object[] opars = new object[] { };
if (pars.Length > 0)
{
opars = new object[pars.Length];
if (_usesSession)
{
opars[_sessionIndex] = session;
}
if (pars.Length > 1 || !_usesSession)
{
Match m = _reg.Match(url);
foreach (int x in _groupIndexes.Keys)
{
opars[x] = _ConvertParameterValue(m.Groups[_groupIndexes[x] + 1].Value, pars[x].ParameterType);
}
}
}
object ret = _method.Invoke(null, opars);
if (_isPaged)
{
return(context.Response.WriteAsync(JSON.JsonEncode(new Hashtable()
{
{ "response", ret },
{ "TotalPages", opars[opars.Length - 1] }
})));
}
else
{
return(context.Response.WriteAsync(JSON.JsonEncode(ret)));
}
}
public static IModel InvokeLoad(MethodInfo mi, string id, ISecureSession session)
{
List <object> pars = new List <object>();
ParameterInfo[] mpars = mi.GetParameters();
if (mpars.Length == 1)
{
pars.Add(id);
}
else
{
if (mpars[0].ParameterType == typeof(string))
{
pars.AddRange(new object[] { id, session });
}
else
{
pars.AddRange(new object[] { session, id });
}
}
return((IModel)mi.Invoke(null, pars.ToArray()));
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, string formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
sMethodPatterns?patt = null;
lock (_patterns)
{
foreach (sMethodPatterns smp in _patterns)
{
if (smp.IsValid(url))
{
patt = smp;
break;
}
}
}
if (patt.HasValue)
{
return(patt.Value.HandleRequest(url, method, formData, context, session, securityCheck));
}
throw new CallNotFoundException();
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, string formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
Match m = _reg.Match(url);
string id = m.Groups[1].Value;
string smethod = m.Groups[2].Value;
IModel model = (IModel)_loadMethod.Invoke(null, new object[] { id });
if (model == null)
{
throw new CallNotFoundException("Model Not Found");
}
MethodInfo mi;
object[] pars;
Utility.LocateMethod(formData, _methods[smethod], out mi, out pars);
if (mi == null)
{
throw new CallNotFoundException("Unable to locate requested method to invoke");
}
else
{
if (!securityCheck.Invoke(mi.DeclaringType, mi, session, model, url, (Hashtable)JSON.JsonDecode(formData)))
{
throw new InsecureAccessException();
}
context.Response.ContentType = "text/json";
context.Response.StatusCode = 200;
try
{
if (mi.ReturnType == typeof(void))
{
mi.Invoke(model, pars);
return(context.Response.WriteAsync(""));
}
else
{
return(context.Response.WriteAsync(JSON.JsonEncode(mi.Invoke(model, pars))));
}
}
catch (Exception ex)
{
throw new Exception("Execution Error");
}
}
}
public abstract bool HasValidAccess(ISecureSession session, IModel model, string url, Hashtable parameters);
public override bool HasValidAccess(ISecureSession session, IModel model, string url, Hashtable parameters)
{
return(session != null);
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, Hashtable formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
MethodInfo mi = null;
lock (_methods)
{
if (_methods.ContainsKey(url))
{
mi = _methods[url];
}
}
if (mi != null)
{
if (!securityCheck.Invoke(mi.DeclaringType, mi, session, null, url, null))
{
throw new InsecureAccessException();
}
context.Response.ContentType = "text/json";
context.Response.StatusCode = 200;
return(context.Response.WriteAsync(JSON.JsonEncode(mi.Invoke(null, (mi.GetParameters().Length == 1 ? new object[] { session } : new object[] { })))));
}
else
{
throw new CallNotFoundException();
}
}
public static List <mPerson> LoadAll(ISecureSession session)
{
System.Diagnostics.Debug.WriteLine(((SessionManager)session).Start);
return(_persons);
}
public void Dispose()
{
if(session!=null)
{
session.Dispose();
session=null;
}
}
public UserDeleteService(IRepository<User> users, ISecureSession<Token> secureSession)
{
_users = users;
_secureSession = secureSession;
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, string formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
if (!HandlesRequest(url, method))
{
throw new CallNotFoundException();
}
else
{
Type model = null;
if (_types != null)
{
foreach (Type t in _types)
{
foreach (ModelJSFilePath mjsfp in t.GetCustomAttributes(typeof(ModelJSFilePath), false))
{
if (mjsfp.IsMatch(url))
{
model = t;
break;
}
}
}
if (model != null)
{
if (!securityCheck.Invoke(model, null, session, null, url, null))
{
throw new InsecureAccessException();
}
}
}
string ret = null;
context.Response.ContentType = "text/javascript";
context.Response.StatusCode = 200;
lock (_cache)
{
if (_cache.ContainsKey(url))
{
ret = _cache[url];
}
}
if (ret == null && model != null)
{
WrappedStringBuilder builder = new WrappedStringBuilder(url.ToLower().EndsWith(".min.js"));
foreach (IJSGenerator gen in _generators)
{
gen.GeneratorJS(ref builder, url.ToLower().EndsWith(".min.js"), model);
}
ret = builder.ToString();
lock (_cache)
{
if (!_cache.ContainsKey(url))
{
_cache.Add(url, ret);
}
}
}
return(context.Response.WriteAsync(ret));
}
}
public SecureConnection()
{
provider = SessionProviderFactory.GetProvider();
session = provider.CreateClientSession(Protocol.AutoDetect);
}
public UserPostHandler(IRepository<User> users, IUserFactory userFactory, ISecureSession<Token> secureSession)
{
_users = users;
_userFactory = userFactory;
_secureSession = secureSession;
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, string formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
IModel model = null;
lock (_loadMethods)
{
if (_loadMethods.ContainsKey(url.Substring(0, url.LastIndexOf("/"))))
{
model = (IModel)_loadMethods[url.Substring(0, url.LastIndexOf("/"))].Invoke(null, new object[] { url.Substring(url.LastIndexOf("/") + 1) });
}
}
if (model == null)
{
throw new CallNotFoundException("Model Not Found");
}
else
{
MethodInfo mi = null;
lock (_deleteMethods)
{
if (_deleteMethods.ContainsKey(url.Substring(0, url.LastIndexOf("/"))))
{
mi = _deleteMethods[url.Substring(0, url.LastIndexOf("/"))];
}
}
if (mi != null)
{
if (!securityCheck(mi.DeclaringType, mi, session, model, url, null))
{
throw new UnauthorizedAccessException();
}
else
{
context.Response.ContentType = "text/json";
context.Response.StatusCode = 200;
return(context.Response.WriteAsync(JSON.JsonEncode(mi.Invoke(model, new object[] { }))));
}
}
else
{
throw new CallNotFoundException("Method Not Found");
}
}
}
public UserUpdateService(IRepository<User> userRepository, ISecureSession<Token> secureSession)
{
_userRepository = userRepository;
_secureSession = secureSession;
}
public async Task ProcessRequest(HttpContext context, ISecureSession session)
{
string url = Utility.CleanURL(Utility.BuildURL(context));
RequestMethods method = (RequestMethods)Enum.Parse(typeof(RequestMethods), context.Request.Method.ToUpper());
Hashtable formData = new Hashtable();
if (context.Request.ContentType != null &&
(
context.Request.ContentType == "application/x-www-form-urlencoded" ||
context.Request.ContentType.StartsWith("multipart/form-data")
))
{
foreach (string key in context.Request.Form.Keys)
{
if (key.EndsWith(":json"))
{
if (context.Request.Form[key].Count > 1)
{
ArrayList al = new ArrayList();
foreach (string str in context.Request.Form[key])
{
al.Add(JSON.JsonDecode(str));
}
formData.Add(key.Substring(0, key.Length - 5), al);
}
else
{
formData.Add(key.Substring(0, key.Length - 5), JSON.JsonDecode(context.Request.Form[key][0]));
}
}
else
{
if (context.Request.Form[key].Count > 1)
{
ArrayList al = new ArrayList();
foreach (string str in context.Request.Form[key])
{
al.Add(str);
}
formData.Add(key, al);
}
else
{
formData.Add(key, context.Request.Form[key][0]);
}
}
}
}
else
{
string tmp = await new StreamReader(context.Request.Body).ReadToEndAsync();
if (tmp != "")
{
formData = (Hashtable)JSON.JsonDecode(tmp);
}
}
bool found = false;
foreach (IRequestHandler handler in _Handlers)
{
if (handler.HandlesRequest(url, method))
{
found = true;
try
{
await handler.HandleRequest(url, method, formData, context, session, new IsValidCall(_ValidCall));
}
catch (CallNotFoundException cnfe)
{
context.Response.ContentType = "text/text";
context.Response.StatusCode = 400;
await context.Response.WriteAsync(cnfe.Message);
}
catch (InsecureAccessException iae)
{
context.Response.ContentType = "text/text";
context.Response.StatusCode = 403;
await context.Response.WriteAsync(iae.Message);
}
catch (Exception e)
{
context.Response.ContentType = "text/text";
context.Response.StatusCode = 500;
await context.Response.WriteAsync("Error");
}
}
}
if (!found)
{
context.Response.ContentType = "text/text";
context.Response.StatusCode = 404;
await context.Response.WriteAsync("Not Found");
}
}
public PublicPostHandler(ISecureSession<Token> secureSession)
{
_secureSession = secureSession;
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, Hashtable formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
sModelListCall?mlc = null;
lock (_calls)
{
foreach (sModelListCall call in _calls)
{
if (call.IsValid(url))
{
mlc = call;
break;
}
}
}
if (mlc.HasValue)
{
return(mlc.Value.HandleRequest(url, method, formData, context, session, securityCheck));
}
throw new CallNotFoundException();
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, Hashtable formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
if (!HandlesRequest(url, method))
{
throw new CallNotFoundException();
}
else
{
List <Type> models = new List <Type>();
if (_types != null)
{
foreach (Type t in _types)
{
foreach (ModelJSFilePath mjsfp in t.GetCustomAttributes(typeof(ModelJSFilePath), false))
{
if (mjsfp.IsMatch(url))
{
models.Add(t);
}
}
}
foreach (Type model in models)
{
if (!securityCheck.Invoke(model, null, session, null, url, null))
{
throw new InsecureAccessException();
}
}
}
DateTime modDate = DateTime.MinValue;
foreach (Type model in models)
{
try
{
FileInfo fi = new FileInfo(model.Assembly.Location);
if (fi.Exists)
{
modDate = new DateTime(Math.Max(modDate.Ticks, fi.LastWriteTime.Ticks));
}
}
catch (Exception e) { }
}
if (modDate == DateTime.MinValue)
{
modDate = RequestHandler.StartTime;
}
if (context.Request.Headers.ContainsKey("If-Modified-Since"))
{
DateTime lastModified = DateTime.Parse(context.Request.Headers["If-Modified-Since"]);
if (modDate.ToString() == lastModified.ToString())
{
context.Response.StatusCode = 304;
return(Task.CompletedTask);
}
}
string ret = null;
context.Response.ContentType = "text/javascript";
context.Response.StatusCode = 200;
lock (_cache)
{
if (_cache.ContainsKey(url))
{
ret = _cache[url];
}
}
if (ret == null && models.Count > 0)
{
WrappedStringBuilder builder = new WrappedStringBuilder(url.ToLower().EndsWith(".min.js"));
foreach (IBasicJSGenerator gen in _oneTimeInitialGenerators)
{
gen.GeneratorJS(ref builder);
}
foreach (Type model in models)
{
foreach (IJSGenerator gen in _instanceGenerators)
{
gen.GeneratorJS(ref builder, model);
}
foreach (IJSGenerator gen in _globalGenerators)
{
gen.GeneratorJS(ref builder, model);
}
}
foreach (IBasicJSGenerator gen in _oneTimeFinishGenerators)
{
gen.GeneratorJS(ref builder);
}
ret = builder.ToString();
lock (_cache)
{
if (!_cache.ContainsKey(url))
{
_cache.Add(url, ret);
}
}
}
context.Response.Headers.Add("Last-Modified", modDate.ToUniversalTime().ToString("R"));
context.Response.Headers.Add("Cache-Control", "public");
return(context.Response.WriteAsync(ret));
}
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, string formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
MethodInfo mi = null;
lock (_methods)
{
if (_methods.ContainsKey(url.Substring(0, url.LastIndexOf("/"))))
{
mi = _methods[url.Substring(0, url.LastIndexOf("/"))];
}
}
if (mi != null)
{
if (!securityCheck.Invoke(mi.DeclaringType, mi, session, null, url, new System.Collections.Hashtable()
{
{ "id", url.Substring(url.LastIndexOf("/") + 1) }
}))
{
throw new InsecureAccessException();
}
context.Response.ContentType = "text/json";
context.Response.StatusCode = 200;
return(context.Response.WriteAsync(JSON.JsonEncode(mi.Invoke(null, new object[] { url.Substring(url.LastIndexOf("/") + 1) }))));
}
throw new CallNotFoundException();
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, string formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
IModel model = null;
lock (_loadMethods)
{
if (_loadMethods.ContainsKey(url.Substring(0, url.LastIndexOf("/"))))
{
if (!securityCheck.Invoke(_loadMethods[url.Substring(0, url.LastIndexOf("/"))].DeclaringType, _loadMethods[url.Substring(0, url.LastIndexOf("/"))], session, null, url, new Hashtable()
{
{ "id", url.Substring(0, url.LastIndexOf("/")) }
}))
{
throw new InsecureAccessException();
}
model = (IModel)_loadMethods[url.Substring(0, url.LastIndexOf("/"))].Invoke(null, new object[] { url.Substring(url.LastIndexOf("/") + 1) });
}
}
if (model == null)
{
throw new CallNotFoundException("Model Not Found");
}
else
{
MethodInfo mi = null;
lock (_updateMethods)
{
if (_updateMethods.ContainsKey(url.Substring(0, url.LastIndexOf("/"))))
{
mi = _updateMethods[url.Substring(0, url.LastIndexOf("/"))];
}
}
if (mi != null)
{
if (!securityCheck.Invoke(mi.DeclaringType, mi, session, model, url, (Hashtable)JSON.JsonDecode(formData)))
{
throw new InsecureAccessException();
}
context.Response.ContentType = "text/json";
context.Response.StatusCode = 200;
Utility.SetModelValues(formData, ref model, false);
return(context.Response.WriteAsync(JSON.JsonEncode(mi.Invoke(model, new object[] { }))));
}
throw new CallNotFoundException();
}
}
private static void GiveExecutablePermission(CustomizableSettings settings, ISecureSession userAndPasswordSecureSession)
{
var executable = GetExecutableName(settings);
userAndPasswordSecureSession.Ssh.RunCommand($"chmod +x {executable}");
}
public SecureConnection()
{
provider = SessionProviderFactory.GetProvider();
session = provider.CreateClientSession(Protocol.AutoDetect);
}
public Task HandleRequest(string url, RequestHandler.RequestMethods method, Hashtable formData, HttpContext context, ISecureSession session, IsValidCall securityCheck)
{
IModel model = null;
lock (_constructors)
{
if (_constructors.ContainsKey(url))
{
model = (IModel)_constructors[url].Invoke(new object[] { });
}
}
if (model == null)
{
throw new CallNotFoundException("Model Not Found");
}
else
{
MethodInfo mi = null;
lock (_saveMethods)
{
if (_saveMethods.ContainsKey(url))
{
mi = _saveMethods[url];
}
}
if (mi != null)
{
if (!securityCheck.Invoke(mi.DeclaringType, mi, session, null, url, formData))
{
throw new InsecureAccessException();
}
Utility.SetModelValues(formData, ref model, true);
if ((bool)mi.Invoke(model, (mi.GetParameters().Length == 1 ? new object[] { session } : new object[] { })))
{
context.Response.ContentType = "text/json";
context.Response.StatusCode = 200;
return(context.Response.WriteAsync(JSON.JsonEncode(new Hashtable()
{
{ "id", model.id }
})));
}
throw new Exception("Failed");
}
throw new CallNotFoundException();
}
}
public bool Save(ISecureSession session)
{
System.Diagnostics.Debug.WriteLine(((SessionManager)session).Start);
_persons.Add(this);
return(true);
}
