Example #1
0
        static void Main(string[] args)
        {
            var dir = Directory.GetCurrentDirectory();

            new WebHostBuilder()
            .UseKestrel(options =>
            {
                options.ThreadCount     = Environment.ProcessorCount;
                options.AddServerHeader = false;
                //options.NoDelay = true;
                options.Limits.KeepAliveTimeout           = TimeSpan.FromSeconds(5);
                options.Limits.MaxRequestLineSize         = 512;
                options.Limits.MaxRequestHeaderCount      = 32;
                options.Limits.MaxRequestHeadersTotalSize = 8192;
                options.Limits.RequestHeadersTimeout      = TimeSpan.FromSeconds(3);
                options.ShutdownTimeout = TimeSpan.FromSeconds(1);
            })
            .UseUrls("http://*:5000/", "ws://*:5001/")
            .UseStartup <Startup>()
            .UseContentRoot(dir)
            .UseWebRoot(Path.Combine(dir, "static"))
            .Build()
            .Run();

            TransmissionsDb.Close();
        }
Example #2
0
        public static async Task <HttpResult> ProcessRequest(HttpContext context)
        {
            var name = context.Request.Headers["X-SG1-Name"].FirstOrDefault().RemoveWhiteSpaces();

            if (string.IsNullOrEmpty(name))
            {
                return new HttpResult {
                           StatusCode = 404, Message = "Substance Not Found"
                }
            }
            ;

            var key = context.Request.Headers["X-SG1-Key"].FirstOrDefault().RemoveWhiteSpaces();

            if (string.IsNullOrEmpty(key))
            {
                return new HttpResult {
                           StatusCode = 403, Message = "Access Denied"
                }
            }
            ;

            try
            {
                using (var hmac = new HMACSHA256(Settings.Key))
                    if (!hmac.ComputeHash(Convert.FromBase64String(name)).FastTimingSecureEquals(Convert.FromBase64String(key)))
                    {
                        return new HttpResult {
                                   StatusCode = 403, Message = "Access Denied"
                        }
                    }
                ;
            }
            catch (FormatException)
            {
                return(new HttpResult {
                    StatusCode = 403, Message = "Access Denied"
                });
            }

            Transmission info;

            if ((info = TransmissionsDb.Find(name)) == null)
            {
                return new HttpResult {
                           StatusCode = 404, Message = "Substance Not Found"
                }
            }
            ;

            context.Response.ContentType = "application/protobuf";

            using (var pooled = await ResponsePool.AcquireAsync().ConfigureAwait(false))
            {
                var buffer = pooled.Item;

                var length = ProtoBufHelper.Serialize(buffer, info);

                context.Response.ContentLength = length;
                if (!await context.Response.Body.WriteAsync(buffer, 0, length, context.RequestAborted).Wrap().WithTimeout(Settings.ReadWriteTimeout).ConfigureAwait(false))
                {
                    context.TryAbort();
                    return(HttpResult.Cancelled);
                }
            }

            return(HttpResult.OK);
        }
        public static async Task <HttpResult> ProcessRequest(HttpContext context)
        {
            context.Response.ContentType = "text/plain; charset=utf-8";

            var name = context.Request.Headers["X-SG1-Name"].FirstOrDefault().RemoveWhiteSpaces();

            if (string.IsNullOrEmpty(name))
            {
                return new HttpResult {
                           StatusCode = 400, Message = "Bad Substance Name"
                }
            }
            ;

            if (name.Length < Settings.MinFieldLength || name.Length > Settings.MaxFieldLength)
            {
                return new HttpResult {
                           StatusCode = 400, Message = "Name Too Long Or Too Short"
                }
            }
            ;

            var secret = context.Request.Headers["X-SG1-Entropy"].FirstOrDefault().RemoveWhiteSpaces();

            if (secret?.Length > Settings.MaxFieldLength)
            {
                return new HttpResult {
                           StatusCode = 400, Message = "Entropy Too Long"
                }
            }
            ;

            if (context.Request.ContentLength == null)
            {
                return new HttpResult {
                           StatusCode = 411, Message = "Substance With Unknown Size"
                }
            }
            ;

            if (context.Request.ContentLength > Settings.MaxIncomingSize)
            {
                return new HttpResult {
                           StatusCode = 413, Message = "Substance Too Large"
                }
            }
            ;

            if (context.RequestAborted.IsCancellationRequested)
            {
                return(HttpResult.Cancelled);
            }

            Bitmap bmp;

            using (var pooled = await InputPool.AcquireAsync().ConfigureAwait(false))
            {
                var length = await context.Request.Body.ReadAllAsync(pooled.Item, context.RequestAborted).WithTimeout(Settings.ReadWriteTimeout).ConfigureAwait(false);

                if (length == default(int))
                {
                    context.TryAbort();
                    return(HttpResult.Cancelled);
                }

                bmp = BitmapHelper.TryFromBuffer(pooled.Item, length);
            }

            if (context.RequestAborted.IsCancellationRequested)
            {
                return(HttpResult.Cancelled);
            }

            if (bmp == null)
            {
                return new HttpResult {
                           StatusCode = 400, Message = "Invalid Substance"
                }
            }
            ;

            if (bmp.Width * bmp.Height > Settings.MaxIncomingDimensions)
            {
                return new HttpResult {
                           StatusCode = 413, Message = "Substance Too Large"
                }
            }
            ;

            // VULN: Uniqueness by Base64-encoded string whilst HMAC by raw bytes
            var info = new Transmission {
                Name = name, Entropy = secret, Timestamp = DateTime.UtcNow.Ticks
            };

            if (!await TransmissionsDb.TryAdd(info))
            {
                return new HttpResult {
                           StatusCode = 409, Message = "Substance Conflict"
                }
            }
            ;

            info         = Serializer.DeepClone(info);     //NOTE: remove secrets from broadcast
            info.Entropy = null;

            context.Response.ContentType = "application/protobuf";

            using (var dbmp = new DirectBitmap(bmp))
                return(await ProcessRequestInternal(context, name, dbmp, info).ConfigureAwait(false));
        }