public CloudFoundryCorsHandler(CloudFoundryOptions options, IEnumerable <ISecurityService> securityServices, ILogger <CloudFoundryCorsHandler> logger = null)
: base(securityServices, new List <HttpMethod> {
HttpMethod.Options
}, false, logger)
{
_options = options;
}
public override void Configure(IEndpointOptions options)
{
base.Configure(options);
Log.LogDebug("TfsWorkItemEndPoint::Configure");
_Options = (TfsWorkItemEndPointOptions)options;
ValidateConfiguration(_Options);
}
public async Task <bool> IsAccessAllowed(HttpContextBase context, IEndpointOptions target)
{
#pragma warning disable CS0618 // Type or member is obsolete
bool isEnabled = _managementOptions == null ? _options.IsEnabled : _options.IsEnabled(_managementOptions);
#pragma warning restore CS0618 // Type or member is obsolete
// if running on Cloud Foundry, security is enabled, the path starts with /cloudfoundryapplication...
if (Platform.IsCloudFoundry && isEnabled)
{
_logger?.LogTrace("Beginning Cloud Foundry Security Processing");
if (context.Request.HttpMethod == "OPTIONS")
{
return(true);
}
var origin = context.Request.Headers.Get("Origin");
context.Response.Headers.Set("Access-Control-Allow-Origin", origin ?? "*");
// identify the application so we can confirm the user making the request has permission
if (string.IsNullOrEmpty(_options.ApplicationId))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.APPLICATION_ID_MISSING_MESSAGE)).ConfigureAwait(false);
return(false);
}
// make sure we know where to get user permissions
if (string.IsNullOrEmpty(_options.CloudFoundryApi))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.CLOUDFOUNDRY_API_MISSING_MESSAGE)).ConfigureAwait(false);
return(false);
}
_logger?.LogTrace("Getting user permissions");
var sr = await GetPermissions(context).ConfigureAwait(false);
if (sr.Code != HttpStatusCode.OK)
{
await ReturnError(context, sr).ConfigureAwait(false);
return(false);
}
_logger?.LogTrace("Applying user permissions to request");
var permissions = sr.Permissions;
if (!target.IsAccessAllowed(permissions))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.Forbidden, _base.ACCESS_DENIED_MESSAGE)).ConfigureAwait(false);
return(false);
}
_logger?.LogTrace("Access granted!");
}
return(true);
}
public CloudFoundryCorsHandler(IEndpointOptions options, IEnumerable <ISecurityService> securityServices, IEnumerable <IManagementOptions> mgmtOptions, ILogger <CloudFoundryCorsHandler> logger = null)
: base(securityServices, mgmtOptions, new List <HttpMethod> {
HttpMethod.Options
}, false, logger)
{
_options = options;
_mgmtOptions = mgmtOptions;
}
public void ConfigureEndpoint(IEndpointOptions endpointOptions)
{
var ep = (IWorkItemEndPoint)Services.GetRequiredService(endpointOptions.ToConfigure);
ep.Configure(endpointOptions);
Add(ep);
Log.LogInformation("ConfigureEndpoint: {EndPointName} {Direction} : Enrichers{EnrichersCount}: {EnrichersList} ", ep.GetType().Name, endpointOptions.Direction, endpointOptions.Enrichers?.Count, endpointOptions.Enrichers?.Select(x => x.GetType().Name));
}
public static void RegisterEndpointOptions(this IServiceCollection services, IEndpointOptions options)
{
var mgmtOptions = services.BuildServiceProvider().GetServices <IManagementOptions>();
foreach (var mgmtOption in mgmtOptions)
{
mgmtOption.EndpointOptions.Add(options);
}
}
public AbstractEndpoint(IEndpointOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
this.options = options;
}
public override void Configure(IEndpointOptions options)
{
_options = (FileSystemWorkItemEndpointOptions)options;
if (!System.IO.Directory.Exists(_options.FileStore))
{
System.IO.Directory.CreateDirectory(_options.FileStore);
}
LoadStore();
}
public async Task Invoke(HttpContext context)
{
_logger.LogDebug("Invoke({0}) contextPath: {1}", context.Request.Path.Value, _mgmtOptions.Path);
#pragma warning disable CS0618 // Type or member is obsolete
bool isEndpointEnabled = _mgmtOptions == null ? _options.IsEnabled : _options.IsEnabled(_mgmtOptions);
#pragma warning restore CS0618 // Type or member is obsolete
bool isEndpointExposed = _mgmtOptions == null ? true : _options.IsExposed(_mgmtOptions);
if (Platform.IsCloudFoundry &&
isEndpointEnabled &&
isEndpointExposed &&
_base.IsCloudFoundryRequest(context.Request.Path))
{
if (string.IsNullOrEmpty(_options.ApplicationId))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.APPLICATION_ID_MISSING_MESSAGE)).ConfigureAwait(false);
return;
}
if (string.IsNullOrEmpty(_options.CloudFoundryApi))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.CLOUDFOUNDRY_API_MISSING_MESSAGE)).ConfigureAwait(false);
return;
}
IEndpointOptions target = FindTargetEndpoint(context.Request.Path);
if (target == null)
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.ENDPOINT_NOT_CONFIGURED_MESSAGE)).ConfigureAwait(false);
return;
}
var sr = await GetPermissions(context).ConfigureAwait(false);
if (sr.Code != HttpStatusCode.OK)
{
await ReturnError(context, sr).ConfigureAwait(false);
return;
}
var permissions = sr.Permissions;
if (!target.IsAccessAllowed(permissions))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.Forbidden, _base.ACCESS_DENIED_MESSAGE)).ConfigureAwait(false);
return;
}
}
await _next(context).ConfigureAwait(false);
}
public override void Configure(IEndpointOptions options)
{
base.Configure(options);
Log.LogDebug("TfsWorkItemEndPoint::Configure");
_Options = (TfsWorkItemEndpointOptions)options;
if (string.IsNullOrEmpty(_Options.Query?.Query))
{
throw new ArgumentNullException(nameof(_Options.Query));
}
}
public async Task Invoke(HttpContext context)
{
_logger.LogDebug("Invoke({0})", context.Request.Path.Value);
if (Platform.IsCloudFoundry && _options.IsEnabled && _base.IsCloudFoundryRequest(context.Request.Path))
{
if (string.IsNullOrEmpty(_options.ApplicationId))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.APPLICATION_ID_MISSING_MESSAGE));
return;
}
if (string.IsNullOrEmpty(_options.CloudFoundryApi))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.CLOUDFOUNDRY_API_MISSING_MESSAGE));
return;
}
IEndpointOptions target = FindTargetEndpoint(context.Request.Path);
if (target == null)
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.ENDPOINT_NOT_CONFIGURED_MESSAGE));
return;
}
var sr = await GetPermissions(context);
if (sr.Code != HttpStatusCode.OK)
{
await ReturnError(context, sr);
return;
}
var permissions = sr.Permissions;
if (!target.IsAccessAllowed(permissions))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.Forbidden, _base.ACCESS_DENIED_MESSAGE));
return;
}
}
await _next(context);
}
public static bool IsEnabled(this IEndpointOptions options, IManagementOptions mgmtOptions)
{
var endpointOptions = (AbstractEndpointOptions)options;
if (endpointOptions.Enabled.HasValue)
{
return(endpointOptions.Enabled.Value);
}
if (mgmtOptions.Enabled.HasValue)
{
return(mgmtOptions.Enabled.Value);
}
return(endpointOptions.DefaultEnabled);
}
public override void Configure(IEndpointOptions options)
{
base.Configure(options);
Log.LogDebug("TfsEndpoint::Configure");
_Options = (ITfsEndpointOptions)options;
if (string.IsNullOrEmpty(_Options.Organisation))
{
throw new ArgumentNullException(nameof(_Options.Organisation));
}
if (string.IsNullOrEmpty(_Options.Project))
{
throw new ArgumentNullException(nameof(_Options.Project));
}
if (string.IsNullOrEmpty(_Options.AccessToken) && _Options.AuthenticationMode == AuthenticationMode.AccessToken)
{
throw new ArgumentNullException(nameof(_Options.AccessToken));
}
}
public static bool IsExposed(this IEndpointOptions options, IManagementOptions mgmtOptions)
{
var actOptions = mgmtOptions as ActuatorManagementOptions;
if (!string.IsNullOrEmpty(options.Id) && actOptions != null && actOptions.Exposure != null)
{
var exclude = actOptions.Exposure.Exclude;
if (exclude != null && (exclude.Contains("*") || exclude.Contains(options.Id)))
{
return(false);
}
var include = actOptions.Exposure.Include;
if (include != null && (include.Contains("*") || include.Contains(options.Id)))
{
return(true);
}
return(false);
}
return(true);
}
public static string GetContextPath(this IEndpointOptions options, IManagementOptions mgmtContext)
{
var contextPath = mgmtContext.Path;
if (!contextPath.EndsWith("/") && !string.IsNullOrEmpty(options.Path))
{
contextPath += "/";
}
contextPath += options.Path;
if (!options.ExactMatch)
{
if (!contextPath.EndsWith("/"))
{
contextPath += "/";
}
contextPath += "{**_}";
}
return(contextPath);
}
public void ConfigureEndpoints(IEndpointOptions source, IEndpointOptions target)
{
Log.LogDebug("EndpointContainer::ConfigureEndpoints");
if (_Configured)
{
Log.LogError("EndpointContainer::ConfigureEndpoints: You cant configure Endpoints twice");
throw new Exception("You cant configure Endpoints twice");
}
_SourceOptions = source ?? throw new ArgumentNullException(nameof(source));
_TargetOptions = target ?? throw new ArgumentNullException(nameof(target));
if (source is RefEndpointOptions)
{
// Must load from catalog
throw new NotImplementedException("RefEndpointOptions has not yet been implemnted");
}
else
{
var sourceEp = (IEndpoint)Services.GetRequiredService(_SourceOptions.ToConfigure);
sourceEp.Configure(_SourceOptions);
_Source = sourceEp;
}
if (target is RefEndpointOptions)
{
// Must load from catalog
throw new NotImplementedException("RefEndpointOptions has not yet been implemnted");
}
else
{
var targetEp = (IEndpoint)Services.GetRequiredService(_TargetOptions.ToConfigure);
targetEp.Configure(_TargetOptions);
_Target = targetEp;
}
_Configured = true;
}
public override async Task Invoke(IOwinContext context)
{
#pragma warning disable CS0612 // Type or member is obsolete
bool isEnabled = _mgmtOptions == null ? _options.IsEnabled : _options.IsEnabled(_mgmtOptions);
#pragma warning restore CS0612 // Type or member is obsolete
// if running on Cloud Foundry, security is enabled, the path starts with /cloudfoundryapplication...
if (Platform.IsCloudFoundry && isEnabled && _base.IsCloudFoundryRequest(context.Request.Path.ToString()))
{
context.Response.Headers.Set("Access-Control-Allow-Credentials", "true");
context.Response.Headers.Set("Access-Control-Allow-Origin", context.Request.Headers.Get("origin"));
context.Response.Headers.Set("Access-Control-Allow-Headers", "Authorization,X-Cf-App-Instance,Content-Type");
// don't run security for a CORS request, do return 204
if (context.Request.Method == "OPTIONS")
{
context.Response.StatusCode = (int)HttpStatusCode.NoContent;
return;
}
_logger?.LogTrace("Beginning Cloud Foundry Security Processing");
// identify the application so we can confirm the user making the request has permission
if (string.IsNullOrEmpty(_options.ApplicationId))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.APPLICATION_ID_MISSING_MESSAGE));
return;
}
// make sure we know where to get user permissions
if (string.IsNullOrEmpty(_options.CloudFoundryApi))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.CLOUDFOUNDRY_API_MISSING_MESSAGE));
return;
}
_logger?.LogTrace("Identifying which endpoint the request at {EndpointRequestPath} is for", context.Request.Path);
IEndpointOptions target = FindTargetEndpoint(context.Request.Path);
if (target == null)
{
await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.ENDPOINT_NOT_CONFIGURED_MESSAGE));
return;
}
_logger?.LogTrace("Getting user permissions");
var sr = await GetPermissions(context);
if (sr.Code != HttpStatusCode.OK)
{
await ReturnError(context, sr);
return;
}
_logger?.LogTrace("Applying user permissions to request");
var permissions = sr.Permissions;
if (!target.IsAccessAllowed(permissions))
{
await ReturnError(context, new SecurityResult(HttpStatusCode.Forbidden, _base.ACCESS_DENIED_MESSAGE));
return;
}
_logger?.LogTrace("Access granted!");
}
await Next.Invoke(context);
}
public override void Configure(IEndpointOptions options)
{
Log.LogDebug("TfsWorkItemEndPoint::Configure");
_Options = (TfsWorkItemEndPointOptions)options;
}
public static async Task <bool> IsAccessAllowed(this IEnumerable <ISecurityService> securityChecks, HttpContextBase context, IEndpointOptions options)
{
IEnumerable <Task <bool> > allTasks = securityChecks.Select(service => service.IsAccessAllowed(context, options));
bool[] returnValues = await Task.WhenAll(allTasks);
return(returnValues.All(isAccessAllowed => isAccessAllowed == true));
}
public HypermediaService(IManagementOptions mgmtOptions, IEndpointOptions options, ILogger logger = null)
{
_logger = logger;
_mgmtOptions = mgmtOptions ?? throw new ArgumentNullException(nameof(mgmtOptions));
_options = options ?? throw new ArgumentNullException(nameof(options));
}
public abstract void Configure(IEndpointOptions options);
public override void Configure(IEndpointOptions options)
{
base.Configure(options);
_Options = (InMemoryWorkItemEndpointOptions)options;
}
private static void RegisterEndpointOptions(this IEnumerable <IManagementOptions> mgmtOptions, IConfiguration configuration, IEndpointOptions options)
{
if (mgmtOptions.Count() < 1)
{
_mgmtOptions.Add(new CloudFoundryManagementOptions(configuration));
_mgmtOptions.Add(new ActuatorManagementOptions(configuration));
}
foreach (var mgmt in mgmtOptions)
{
if (!mgmt.EndpointOptions.Contains(options))
{
mgmt.EndpointOptions.Add(options);
}
}
}
public static void RegisterEndpointOptions(this IServiceCollection services, IEndpointOptions options)
{
// the code that was running here is now handled in ActuatorRouteBuilderExtensions
}
public TestEndpoint(IEndpointOptions opts)
: base(opts)
{
}
public virtual void Configure(IEndpointOptions options)
{
Log.LogDebug("Endpoint::Configure");
_InnerOptions = options;
EndpointEnrichers.ConfigureEnrichers(_InnerOptions.EndpointEnrichers);
}
public void Configure(IEndpointOptions options)
{
throw new NotImplementedException();
}
