public static async Task AuthorizeUploadTus(AuthorizeContext arg)
{
CommonController.LogDebug("Authorizing upload request");
var user = await UserSessions.GetLoggedInUser(arg.HttpContext);
if (user != null)
{
var video = new Video
{
id = new Guid(arg.HttpContext.Request.Headers["guid"]),
userid = user.userid,
privacy = VideoPrivacy.Processing,
};
CommonController.LogDebug("Video metadata:");
CommonController.LogDebug($"\t id: {video.id}");
CommonController.LogDebug($"\t userid: {video.userid}");
CommonController.LogDebug($"\t privacy: {video.privacy}");
var cachedOwner = (User)uploadAuthorisationCache[video.id.ToString()];
bool exists;
bool owns;
if (cachedOwner == null)
{
CommonController.LogDebug("No owner found in cache");
using var connection = Database.OpenNewConnection();
exists = await VideoExists(video.id, connection);
owns = await UserOwnsVideo(video.id, user.userid, connection);
await AddOrUpdateVideo(video, connection);
}
//NOTE(Simon): At this point the video has definitely been created, so it exists and is owned by the cached user
else if (cachedOwner.userid == user.userid)
{
CommonController.LogDebug("User is owner of video. allow upload");
exists = true;
owns = true;
}
else
{
CommonController.LogDebug("User not authorized to update this video");
arg.FailRequest("This user is not authorized to update this video");
return;
}
if (exists && owns || !exists)
{
CommonController.LogDebug("Adding user to cache");
uploadAuthorisationCache.Add(video.id.ToString(), user, new CacheItemPolicy {
SlidingExpiration = TimeSpan.FromMinutes(10)
});
return;
}
}
arg.FailRequest("This user is not authorized to update this video");
CommonController.LogDebug("User not authorized to upload videos");
}
// 限定公開メソッド
protected override AuthorizeContext OnGetAuthorizeContext(AuthorizeParameter parameter)
{
var viewContext = new ViewContext();
viewContext.MaxStage = 1;
viewContext.AuthorizeChild = new AuthorizeChild();
var context = new AuthorizeContext(parameter, viewContext);
return(context);
}
private static async Task OnAuthorizeAsync(AuthorizeContext eventContext, IAuthorizationService authService)
{
var authenticateResult = await eventContext.HttpContext.AuthenticateAsync();
if (authenticateResult is null || authenticateResult.Succeeded is false)
{
eventContext.FailRequest(HttpStatusCode.Forbidden);
return;
}
var authorizeResult = await authService.AuthorizeAsync(eventContext.HttpContext.User, "ApiScope");
if (authorizeResult is null || authorizeResult.Succeeded is false)
{
eventContext.FailRequest(HttpStatusCode.Unauthorized);
return;
}
}
/// <summary>
/// Handle the upload authorization
/// </summary>
private async Task OnAuthorize(AuthorizeContext ctx)
{
var authResponse = await _fileMngClient.IsAuthorizedAsync(new gIsAuthorizedRequest());
if (authResponse == null)
{
ctx.FailRequest(HttpStatusCode.RequestTimeout);
return;
}
if (authResponse.Status.Status == Protos.RequestStatus.Failed)
{
ctx.HttpContext.Response.Headers.Add("WWW-Authenticate", new StringValues("Basic realm=XtraUpload"));
ctx.FailRequest(HttpStatusCode.Unauthorized);
return;
}
switch (ctx.Intent)
{
case IntentType.CreateFile:
break;
case IntentType.ConcatenateFiles:
break;
case IntentType.WriteFile:
break;
case IntentType.DeleteFile:
break;
case IntentType.GetFileInfo:
break;
case IntentType.GetOptions:
break;
default:
break;
}
return;
}
public Task OnAuthorizeAsync(AuthorizeContext context)
{
try
{
var user = context.HttpContext.User;
var userId = user.UserId();
_logger.LogInformation("user is authenticated, id: " + userId);
if (!user.IsAdmin())
{
_logger.LogInformation("user is not admin, admin right required for uploading");
context.FailRequest(HttpStatusCode.Forbidden);
}
return(Task.CompletedTask);
}
catch
{
_logger.LogInformation("user is not authenticated");
context.FailRequest(HttpStatusCode.Unauthorized);
return(Task.CompletedTask);
}
}
