internal static async Task <(string, AuthorizationLevel)> GetAuthorizationLevelAsync(ISecretManager secretManager, string keyValue, string functionName = null)
{
// see if the key specified is the master key
HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync();
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin);
}
if (HasMatchingKey(hostSecrets.SystemKeys, keyValue, out string keyName))
{
return(keyName, AuthorizationLevel.System);
}
// see if the key specified matches the host function key
if (HasMatchingKey(hostSecrets.FunctionKeys, keyValue, out keyName))
{
return(keyName, AuthorizationLevel.Function);
}
// If there is a function specific key specified try to match against that
if (functionName != null)
{
IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
if (HasMatchingKey(functionSecrets, keyValue, out keyName))
{
return(keyName, AuthorizationLevel.Function);
}
}
return(null, AuthorizationLevel.Anonymous);
}
private async Task <IDictionary <string, string> > GetFunctionKeys(string functionName)
{
if (!IsFunction(functionName))
{
return(null);
}
return(await _secretManager.GetFunctionSecretsAsync(functionName));
}
private async Task <IDictionary <string, string> > GetFunctionKeys(string functionName)
{
if (!_scriptHostManager.Instance.IsFunction(functionName))
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
return(await _secretManager.GetFunctionSecretsAsync(functionName));
}
internal static async Task <KeyAuthorizationResult> GetAuthorizationResultAsync(HttpRequestMessage request, ISecretManager secretManager,
Func <IDictionary <string, string>, string, string, string> matchEvaluator, string keyName = null, string functionName = null)
{
// first see if a key value is specified via headers or query string (header takes precedence)
IEnumerable <string> values;
string keyValue = null;
if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
{
keyValue = values.FirstOrDefault();
}
else
{
var queryParameters = request.GetQueryParameterDictionary();
queryParameters.TryGetValue("code", out keyValue);
}
if (!string.IsNullOrEmpty(keyValue))
{
// see if the key specified is the master key
HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(new KeyAuthorizationResult(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin));
}
string matchedKeyName = matchEvaluator(hostSecrets.SystemKeys, keyName, keyValue);
if (matchedKeyName != null)
{
return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.System));
}
// see if the key specified matches the host function key
matchedKeyName = matchEvaluator(hostSecrets.FunctionKeys, keyName, keyValue);
if (matchedKeyName != null)
{
return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.Function));
}
// if there is a function specific key specified try to match against that
if (functionName != null)
{
var functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
matchedKeyName = matchEvaluator(functionSecrets, keyName, keyValue);
if (matchedKeyName != null)
{
return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.Function));
}
}
}
return(new KeyAuthorizationResult(null, AuthorizationLevel.Anonymous));
}
public async Task <IHttpActionResult> Get(string name)
{
if (!_scriptHostManager.Instance.IsFunction(name))
{
return(NotFound());
}
var functionKeys = await _secretManager.GetFunctionSecretsAsync(name);
return(GetKeysResult(functionKeys));
}
public async Task <IHttpActionResult> Get(string name)
{
if (!_scriptHostManager.Instance.Functions.Any(f => string.Equals(f.Name, name, StringComparison.OrdinalIgnoreCase)))
{
return(NotFound());
}
var functionKeys = await _secretManager.GetFunctionSecretsAsync(name);
return(GetKeysResult(functionKeys));
}
internal static async Task <(string, AuthorizationLevel)> GetAuthorizationKeyInfoAsync(HttpRequest request, ISecretManagerProvider secretManagerProvider)
{
// first see if a key value is specified via headers or query string (header takes precedence)
string keyValue = null;
if (request.Headers.TryGetValue(FunctionsKeyHeaderName, out StringValues values))
{
keyValue = values.First();
}
else if (request.Query.TryGetValue("code", out values))
{
keyValue = values.First();
}
if (!string.IsNullOrEmpty(keyValue))
{
ISecretManager secretManager = secretManagerProvider.Current;
// see if the key specified is the master key
HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin);
}
if (HasMatchingKey(hostSecrets.SystemKeys, keyValue, out string keyName))
{
return(keyName, AuthorizationLevel.System);
}
// see if the key specified matches the host function key
if (HasMatchingKey(hostSecrets.FunctionKeys, keyValue, out keyName))
{
return(keyName, AuthorizationLevel.Function);
}
// If there is a function specific key specified try to match against that
IFunctionExecutionFeature executionFeature = request.HttpContext.Features.Get <IFunctionExecutionFeature>();
if (executionFeature != null)
{
IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(executionFeature.Descriptor.Name);
if (HasMatchingKey(functionSecrets, keyValue, out keyName))
{
return(keyName, AuthorizationLevel.Function);
}
}
}
return(null, AuthorizationLevel.Anonymous);
}
internal static async Task <AuthorizationLevel> GetAuthorizationLevelAsync(HttpRequestMessage request, ISecretManager secretManager, string functionName = null)
{
// TODO: Add support for validating "EasyAuth" headers
// first see if a key value is specified via headers or query string (header takes precedence)
IEnumerable <string> values;
string keyValue = null;
if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
{
keyValue = values.FirstOrDefault();
}
else
{
var queryParameters = request.GetQueryParameterDictionary();
queryParameters.TryGetValue("code", out keyValue);
}
if (!string.IsNullOrEmpty(keyValue))
{
// see if the key specified is the master key
HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(AuthorizationLevel.Admin);
}
// see if the key specified matches the host function key
if (hostSecrets.FunctionKeys != null &&
hostSecrets.FunctionKeys.Any(k => Key.SecretValueEquals(keyValue, k.Value)))
{
return(AuthorizationLevel.Function);
}
// if there is a function specific key specified try to match against that
if (functionName != null)
{
IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
if (functionSecrets != null &&
functionSecrets.Values.Any(s => Key.SecretValueEquals(keyValue, s)))
{
return(AuthorizationLevel.Function);
}
}
}
return(AuthorizationLevel.Anonymous);
}
public async Task <string> GetReceiverConfigAsync(string name, string id)
{
// "id" will be a comma delimited string with the function name
// and an optional client ID. We ignore the "name" parameter since
// we only allow a function to be mapped to a single receiver
string[] webhookIdParts = id.Split(new[] { ',' }, 2, StringSplitOptions.RemoveEmptyEntries);
IDictionary <string, string> functionSecrets = await _secretManager.GetFunctionSecretsAsync(webhookIdParts.FirstOrDefault(), true);
string clientId = webhookIdParts.Skip(1).FirstOrDefault() ?? ScriptConstants.DefaultFunctionKeyName;
string functionSecret = null;
functionSecrets.TryGetValue(clientId, out functionSecret);
return(functionSecret);
}
public async Task <string> GetFunctionSecretAsync(string functionName)
{
var secrets = await SecretManager.GetFunctionSecretsAsync(functionName);
return(secrets.First().Value);
}
