public IHttpActionResult Get(string name)
{
if (!_scriptHostManager.Instance.Functions.Any(f => string.Equals(f.Name, name, StringComparison.OrdinalIgnoreCase)))
{
return(NotFound());
}
var functionKeys = _secretManager.GetFunctionSecrets(name);
return(GetKeysResult(functionKeys));
}
internal static AuthorizationLevel GetAuthorizationLevel(HttpRequestMessage request, ISecretManager secretManager, string functionName = null)
{
// TODO: Add support for validating "EasyAuth" headers
// first see if a key value is specified via headers or query string (header takes precidence)
IEnumerable <string> values;
string keyValue = null;
if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
{
keyValue = values.FirstOrDefault();
}
else
{
var queryParameters = request.GetQueryNameValuePairs().ToDictionary(p => p.Key, p => p.Value, StringComparer.OrdinalIgnoreCase);
queryParameters.TryGetValue("code", out keyValue);
}
if (!string.IsNullOrEmpty(keyValue))
{
// see if the key specified is the master key
HostSecretsInfo hostSecrets = secretManager.GetHostSecrets();
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(AuthorizationLevel.Admin);
}
// see if the key specified matches the host function key
if (hostSecrets.FunctionKeys != null &&
hostSecrets.FunctionKeys.Any(k => Key.SecretValueEquals(keyValue, k.Value)))
{
return(AuthorizationLevel.Function);
}
// if there is a function specific key specified try to match against that
if (functionName != null)
{
IDictionary <string, string> functionSecrets = secretManager.GetFunctionSecrets(functionName);
if (functionSecrets != null &&
functionSecrets.Values.Any(s => Key.SecretValueEquals(keyValue, s)))
{
return(AuthorizationLevel.Function);
}
}
}
return(AuthorizationLevel.Anonymous);
}
public Task <string> GetReceiverConfigAsync(string name, string id)
{
// "id" will be a comma delimited string with the function name
// and an optional client ID. We ignore the "name" parameter since
// we only allow a function to be mapped to a single receiver
string[] webhookIdParts = id.Split(new[] { ',' }, 2, StringSplitOptions.RemoveEmptyEntries);
IDictionary <string, string> functionSecrets = _secretManager.GetFunctionSecrets(webhookIdParts.FirstOrDefault(), true);
string clientId = webhookIdParts.Skip(1).FirstOrDefault() ?? ScriptConstants.DefaultFunctionKeyName;
string functionSecret = null;
functionSecrets.TryGetValue(clientId, out functionSecret);
return(Task.FromResult(functionSecret));
}
internal static AuthorizationLevel GetAuthorizationLevel(HttpRequestMessage request, ISecretManager secretManager, string functionName = null)
{
// TODO: Add support for validating "EasyAuth" headers
// first see if a key value is specified via headers or query string (header takes precidence)
IEnumerable<string> values;
string keyValue = null;
if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
{
keyValue = values.FirstOrDefault();
}
else
{
var queryParameters = request.GetQueryNameValuePairs().ToDictionary(p => p.Key, p => p.Value, StringComparer.OrdinalIgnoreCase);
queryParameters.TryGetValue("code", out keyValue);
}
if (!string.IsNullOrEmpty(keyValue))
{
// see if the key specified is the master key
HostSecretsInfo hostSecrets = secretManager.GetHostSecrets();
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return AuthorizationLevel.Admin;
}
// see if the key specified matches the host function key
if (hostSecrets.FunctionKeys != null &&
hostSecrets.FunctionKeys.Any(k => Key.SecretValueEquals(keyValue, k.Value)))
{
return AuthorizationLevel.Function;
}
// if there is a function specific key specified try to match against that
if (functionName != null)
{
IDictionary<string, string> functionSecrets = secretManager.GetFunctionSecrets(functionName);
if (functionSecrets != null &&
functionSecrets.Values.Any(s => Key.SecretValueEquals(keyValue, s)))
{
return AuthorizationLevel.Function;
}
}
}
return AuthorizationLevel.Anonymous;
}
