public static string GetMenuUrl(this UrlHelper urlHelper, Type treeType, string nodeId, FormDataCollection queryStrings)
{
var actionUrl = urlHelper.GetUmbracoApiService("GetMenu", treeType)
.EnsureEndsWith('?');
//now we need to append the query strings
actionUrl += "id=" + nodeId.EnsureEndsWith('&') + queryStrings.ToQueryString("id");
return(actionUrl);
}
public static string GetTreeUrl(this UrlHelper urlHelper, Type treeType, string nodeId, FormDataCollection queryStrings)
{
var actionUrl = urlHelper.GetUmbracoApiService("GetNodes", treeType)
.EnsureEndsWith('?');
//now we need to append the query strings
actionUrl += "id=" + nodeId.EnsureEndsWith('&') + queryStrings.ToQueryString("id");
return actionUrl;
}
public static string GetTreeUrl(this UrlHelper urlHelper, Type treeType, string nodeId, FormDataCollection queryStrings)
{
var actionUrl = urlHelper.GetUmbracoApiService("GetNodes", treeType)
.EnsureEndsWith('?');
//now we need to append the query strings
actionUrl += "id=" + nodeId.EnsureEndsWith('&') + queryStrings.ToQueryString("id",
//Always ignore the custom start node id when generating URLs for tree nodes since this is a custom once-only parameter
// that should only ever be used when requesting a tree to render (root), not a tree node
TreeQueryStringParameters.StartNodeId);
return(actionUrl);
}
/// <summary>
/// This will go and get the root node from a controller tree by executing the tree's GetRootNode method
/// </summary>
/// <param name="appTree"></param>
/// <param name="formCollection"></param>
/// <param name="controllerContext"></param>
/// <returns></returns>
/// <remarks>
/// This ensures that authorization filters are applied to the sub request
/// </remarks>
internal static async Task<Attempt<TreeNode>> TryGetRootNodeFromControllerTree(this ApplicationTree appTree, FormDataCollection formCollection, HttpControllerContext controllerContext)
{
var foundControllerTreeAttempt = appTree.TryGetControllerTree();
if (foundControllerTreeAttempt.Success == false)
{
return Attempt<TreeNode>.Fail(foundControllerTreeAttempt.Exception);
}
var foundControllerTree = foundControllerTreeAttempt.Result;
//instantiate it, since we are proxying, we need to setup the instance with our current context
var instance = (TreeController)DependencyResolver.Current.GetService(foundControllerTree);
//NOTE: This is all required in order to execute the auth-filters for the sub request, we
// need to "trick" web-api into thinking that it is actually executing the proxied controller.
var urlHelper = controllerContext.Request.GetUrlHelper();
//create the proxied URL for the controller action
var proxiedUrl = controllerContext.Request.RequestUri.GetLeftPart(UriPartial.Authority) +
urlHelper.GetUmbracoApiService("GetRootNode", instance.GetType());
//add the query strings to it
proxiedUrl += "?" + formCollection.ToQueryString();
//create proxy route data specifying the action / controller to execute
var proxiedRouteData = new HttpRouteData(
controllerContext.RouteData.Route,
new HttpRouteValueDictionary(new {action = "GetRootNode", controller = ControllerExtensions.GetControllerName(instance.GetType())}));
//create a proxied controller context
var proxiedControllerContext = new HttpControllerContext(
controllerContext.Configuration,
proxiedRouteData,
new HttpRequestMessage(HttpMethod.Get, proxiedUrl))
{
ControllerDescriptor = new HttpControllerDescriptor(controllerContext.ControllerDescriptor.Configuration, ControllerExtensions.GetControllerName(instance.GetType()), instance.GetType())
};
instance.ControllerContext = proxiedControllerContext;
instance.Request = controllerContext.Request;
//invoke auth filters for this sub request
var result = await instance.ControllerContext.InvokeAuthorizationFiltersForRequest();
//if a result is returned it means they are unauthorized, just throw the response.
if (result != null)
{
throw new HttpResponseException(result);
}
//return the root
var node = instance.GetRootNode(formCollection);
return node == null
? Attempt<TreeNode>.Fail(new InvalidOperationException("Could not return a root node for tree " + appTree.Type))
: Attempt<TreeNode>.Succeed(node);
}
/// <summary>
/// Gets a proxy to a controller for a specified action.
/// </summary>
/// <param name="controllerType">The type of the controller.</param>
/// <param name="action">The action.</param>
/// <param name="querystring">The querystring.</param>
/// <returns>An instance of the controller.</returns>
/// <remarks>
/// <para>Creates an instance of the <paramref name="controllerType"/> and initializes it with a route
/// and context etc. so it can execute the specified <paramref name="action"/>. Runs the authorization
/// filters for that action, to ensure that the user has permission to execute it.</para>
/// </remarks>
private async Task <object> GetApiControllerProxy(Type controllerType, string action, FormDataCollection querystring)
{
// note: this is all required in order to execute the auth-filters for the sub request, we
// need to "trick" web-api into thinking that it is actually executing the proxied controller.
var context = ControllerContext;
// get the controller
var controller = (ApiController)DependencyResolver.Current.GetService(controllerType)
?? throw new Exception($"Failed to create controller of type {controllerType.FullName}.");
// create the proxy URL for the controller action
var proxyUrl = context.Request.RequestUri.GetLeftPart(UriPartial.Authority)
+ context.Request.GetUrlHelper().GetUmbracoApiService(action, controllerType)
+ "?" + querystring.ToQueryString();
// create proxy route data specifying the action & controller to execute
var proxyRoute = new HttpRouteData(
context.RouteData.Route,
new HttpRouteValueDictionary(new { action, controller = ControllerExtensions.GetControllerName(controllerType) }));
// create a proxy request
var proxyRequest = new HttpRequestMessage(HttpMethod.Get, proxyUrl);
// create a proxy controller context
var proxyContext = new HttpControllerContext(context.Configuration, proxyRoute, proxyRequest)
{
ControllerDescriptor = new HttpControllerDescriptor(context.ControllerDescriptor.Configuration, ControllerExtensions.GetControllerName(controllerType), controllerType),
RequestContext = context.RequestContext,
Controller = controller
};
// wire everything
controller.ControllerContext = proxyContext;
controller.Request = proxyContext.Request;
controller.RequestContext.RouteData = proxyRoute;
// auth
var authResult = await controller.ControllerContext.InvokeAuthorizationFiltersForRequest();
if (authResult != null)
{
throw new HttpResponseException(authResult);
}
return(controller);
}
/// <summary>
/// This will go and get the root node from a controller tree by executing the tree's GetRootNode method
/// </summary>
/// <param name="appTree"></param>
/// <param name="formCollection"></param>
/// <param name="controllerContext"></param>
/// <returns></returns>
/// <remarks>
/// This ensures that authorization filters are applied to the sub request
/// </remarks>
internal static async Task <Attempt <TreeNode> > TryGetRootNodeFromControllerTree(this ApplicationTree appTree, FormDataCollection formCollection, HttpControllerContext controllerContext)
{
var foundControllerTreeAttempt = appTree.TryGetControllerTree();
if (foundControllerTreeAttempt.Success == false)
{
return(Attempt <TreeNode> .Fail(foundControllerTreeAttempt.Exception));
}
var foundControllerTree = foundControllerTreeAttempt.Result;
//instantiate it, since we are proxying, we need to setup the instance with our current context
var instance = (TreeController)DependencyResolver.Current.GetService(foundControllerTree);
//NOTE: This is all required in order to execute the auth-filters for the sub request, we
// need to "trick" web-api into thinking that it is actually executing the proxied controller.
var urlHelper = controllerContext.Request.GetUrlHelper();
//create the proxied URL for the controller action
var proxiedUrl = controllerContext.Request.RequestUri.GetLeftPart(UriPartial.Authority) +
urlHelper.GetUmbracoApiService("GetRootNode", instance.GetType());
//add the query strings to it
proxiedUrl += "?" + formCollection.ToQueryString();
//create proxy route data specifying the action / controller to execute
var proxiedRouteData = new HttpRouteData(
controllerContext.RouteData.Route,
new HttpRouteValueDictionary(new { action = "GetRootNode", controller = ControllerExtensions.GetControllerName(instance.GetType()) }));
//create a proxied controller context
var proxiedControllerContext = new HttpControllerContext(
controllerContext.Configuration,
proxiedRouteData,
new HttpRequestMessage(HttpMethod.Get, proxiedUrl))
{
ControllerDescriptor = new HttpControllerDescriptor(controllerContext.ControllerDescriptor.Configuration, ControllerExtensions.GetControllerName(instance.GetType()), instance.GetType())
};
if (WebApiVersionCheck.WebApiVersion >= Version.Parse("5.0.0"))
{
//In WebApi2, this is required to be set:
// proxiedControllerContext.RequestContext = controllerContext.RequestContext
// but we need to do this with reflection because of codebase changes between version 4/5
//NOTE: Use TypeHelper here since the reflection is cached
var controllerContextRequestContext = TypeHelper.GetProperty(controllerContext.GetType(), "RequestContext").GetValue(controllerContext);
TypeHelper.GetProperty(proxiedControllerContext.GetType(), "RequestContext").SetValue(proxiedControllerContext, controllerContextRequestContext);
}
instance.ControllerContext = proxiedControllerContext;
instance.Request = controllerContext.Request;
if (WebApiVersionCheck.WebApiVersion >= Version.Parse("5.0.0"))
{
//now we can change the request context's route data to be the proxied route data - NOTE: we cannot do this directly above
// because it will detect that the request context is different throw an exception. This is a change in webapi2 and we need to set
// this with reflection due to codebase changes between version 4/5
// instance.RequestContext.RouteData = proxiedRouteData;
//NOTE: Use TypeHelper here since the reflection is cached
var instanceRequestContext = TypeHelper.GetProperty(typeof(ApiController), "RequestContext").GetValue(instance);
TypeHelper.GetProperty(instanceRequestContext.GetType(), "RouteData").SetValue(instanceRequestContext, proxiedRouteData);
}
//invoke auth filters for this sub request
var result = await instance.ControllerContext.InvokeAuthorizationFiltersForRequest();
//if a result is returned it means they are unauthorized, just throw the response.
if (result != null)
{
throw new HttpResponseException(result);
}
//return the root
var node = instance.GetRootNode(formCollection);
return(node == null
? Attempt <TreeNode> .Fail(new InvalidOperationException("Could not return a root node for tree " + appTree.Type))
: Attempt <TreeNode> .Succeed(node));
}
