public ResourceServer() { _httpServerV4 = new HttpServer.HttpServer(new HttpLogWriter()); _httpServerV6 = new HttpServer.HttpServer(new HttpLogWriter()); ResourceAccessModule module = new ResourceAccessModule(); AddHttpModule(module); }
public DefaultRackServer(int port,IPAddress ipAddress,ILogWriter logWriter) { _server = new HttpServer.HttpServer(logWriter); _ipAddress = ipAddress; _port = port; _logWriter = logWriter; }
private static string HandleCreateAccount(HttpServer server, HttpListenerRequest request, Dictionary<string, string> parameters) { if (!parameters.ContainsKey("username")) throw new Exception("Missing username."); if (!parameters.ContainsKey("password")) throw new Exception("Missing password."); string username = parameters["username"]; string password = parameters["password"]; if (Databases.AccountTable.Count(a => a.Username.ToLower() == username.ToLower()) > 0) return JsonEncode("Username already in use!"); System.Text.RegularExpressions.Regex invalidCharacterRegex = new System.Text.RegularExpressions.Regex("[^a-zA-Z0-9]"); if (invalidCharacterRegex.IsMatch(username)) return JsonEncode("Invalid characters detected in username!"); Random getrandom = new Random(); String token = getrandom.Next(10000000, 99999999).ToString(); AccountEntry entry = new AccountEntry(); entry.Index = Databases.AccountTable.GenerateIndex(); entry.Username = username; entry.Password = password; entry.Verifier = ""; entry.Salt = ""; entry.RTW_Points = 0; entry.IsAdmin = 0; entry.IsBanned = 0; entry.InUse = 0; entry.extrn_login = 0; entry.CanHostDistrict = 1; entry.Token = token; Databases.AccountTable.Add(entry); Log.Succes("HTTP", "Successfully created account '" + username + "'"); return JsonEncode("Account created!\n\nYour token is: " + token + ".\nCopy and paste given token in \"_rtoken.id\" file and put it in the same folder where your \"APB.exe\" is located."); }
public override bool Process(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session) { var path = this.GetPath(request.Uri); var html = System.IO.Path.Combine(path, "index.html"); var htm = System.IO.Path.Combine(path, "index.htm"); if (System.IO.Directory.Exists(path) && (System.IO.File.Exists(html) || System.IO.File.Exists(htm))) { if (!request.Uri.AbsolutePath.EndsWith("/")) { response.Redirect(request.Uri.AbsolutePath + "/"); return true; } response.Status = System.Net.HttpStatusCode.OK; response.Reason = "OK"; response.ContentType = "text/html; charset=utf-8"; using (var fs = System.IO.File.OpenRead(System.IO.File.Exists(html) ? html : htm)) { response.ContentLength = fs.Length; response.Body = fs; response.Send(); } return true; } return false; }
private void OnRequest(object sender, HttpServer.RequestEventArgs e) { string[] paramss = e.Request.UriParts; HttpServer.IHttpResponse resp = e.Request.CreateResponse((IHttpClientContext)sender); if (paramss[0] == "favicon.ico") { reactFavIco(resp); } if (paramss[0] == "fire") { reactFire(resp); } if (paramss[0] == "move") { reactMove(resp,paramss[1]); } if (paramss[0] == "laser") { reactLaser(resp); } if (paramss[0] == "reset") { reactReset(resp); } }
public void StartListening(IGablarskiServerContext context) { var sstore = new MemorySessionStore { ExpireTime = 15 }; server = new HttpServer.HttpServer(sstore); ConnectionManager cmanager = new ConnectionManager(sstore); cmanager.ConnectionProvider = this; cmanager.Server = server; server.Add(new QueryModule(cmanager)); WebServerConfiguration config = (WebServerConfiguration)ConfigurationManager.GetSection("webserver"); if (config != null && config.Theme != null) { server.Add(new FileResourceModule(config.Theme.Path)); server.Add(new LoginModule(cmanager)); server.Add(new ChannelModule(cmanager)); server.Add(new UserModule(cmanager)); } server.Start(IPAddress.Any, this.Port); }
public ObjectForScripting() { httpServer = new HttpServer.HttpServer(); ajaxObjectForScripting = new AjaxObjectForScripting(this); httpServer.Add(ajaxObjectForScripting); httpServer.Start(IPAddress.Any, 50505); httpServer.BackLog = 5; }
bool _streamingrequestbody; // indicates that request body can be streamed by user #endregion Fields #region Constructors internal HttpRequest(HttpServer._Connection connection, HttpMethod method, string rawpath) { _connection = connection; _method = method; _rawpath = rawpath; int iof = rawpath.IndexOf('?'); _path = iof >= 0 ? rawpath.Substring(0, iof) : rawpath; }
public void Run(IBackgroundTaskInstance taskInstance) { // Get the deferral object from the task instance serviceDeferral = taskInstance.GetDeferral(); httpServer = new HttpServer(8000); httpServer.StartServer(); }
public ResourceServer() { _httpServerV4 = new HttpServer.HttpServer(new HttpLogWriter()); _httpServerV6 = new HttpServer.HttpServer(new HttpLogWriter()); ResourceAccessModule module = new ResourceAccessModule(); AddHttpModule(module); }
private WebService() { this._server = new H.HttpServer(); var res = new ResourceFileModule(); res.AddResources("/", typeof(WebService).Assembly, "XSpect.Contributions.Solar.Resources.Documents"); this._server.Add(res); this._server.Add(new RequestHandler()); this.Configuration = new ExpandoObject(); }
public PollServiceHttpRequest( PollServiceEventArgs pPollServiceArgs, HttpServerLib.HttpClientContext pHttpContext, HttpServerLib.HttpRequest pRequest) { PollServiceArgs = pPollServiceArgs; HttpContext = pHttpContext; Request = pRequest; RequestTime = System.Environment.TickCount; RequestID = UUID.Random(); }
private void StopServer(HttpServer.HttpServer server) { try { server.Stop(); } catch (SocketException e) { ServiceRegistration.Get <ILogger>().Warn("ResourceServer: Error stopping HTTP server", e); } }
public void DisposeServer(HttpServer.HttpServer server) { try { server.Dispose(); } catch (SocketException e) { ServiceRegistration.Get <ILogger>().Warn("ResourceServer: Error stopping HTTP server", e); } }
private static void Main(string[] args) { var config = new DefaultHttpServerConfiguration() { Port = 8080, Handler = new DefaultHtmlRequestHandler("U:/CustomServer", new[] { "index.html", "default.html" }) }; var server = new HttpServer(config); server.ConnectionEstablished += Server_ConnectionEstablished; server.ConnectionLost += Server_ConnectionLost; server.MessageSent += server_MessageSent; server.MessageReceived += server_MessageReceived; server.Start(); Thread.Sleep(new TimeSpan(0,5,0)); server.Stop(); }
static void Main(string[] args) { if (!EasyServer.InitConfig("Configs/Database.xml", "Database")) return; Databases.InitDB(); Databases.Load(); HttpServer.MapHandlers(); HttpServer server = new HttpServer(); server.Start(); Timer aTimer = new Timer(10000); aTimer.Elapsed += OnTimedEvent; aTimer.AutoReset = true; aTimer.Enabled = true; Console.ReadLine(); }
private bool AddXSRFTokenToRespone(HttpServer.IHttpResponse response) { if (m_activexsrf.Count > 500) return false; var buf = new byte[32]; var expires = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES); m_prng.GetBytes(buf); var token = Convert.ToBase64String(buf); m_activexsrf.Add(token, expires); response.Cookies.Add(new HttpServer.ResponseCookie(XSRF_COOKIE_NAME, token, expires)); return true; }
private string FindAuthCookie(HttpServer.IHttpRequest request) { var authcookie = request.Cookies[AUTH_COOKIE_NAME] ?? request.Cookies[Library.Utility.Uri.UrlEncode(AUTH_COOKIE_NAME)]; var authform = request.Form["auth-token"] ?? request.Form[Library.Utility.Uri.UrlEncode("auth-token")]; var authquery = request.QueryString["auth-token"] ?? request.QueryString[Library.Utility.Uri.UrlEncode("auth-token")]; var auth_token = authcookie == null || string.IsNullOrWhiteSpace(authcookie.Value) ? null : authcookie.Value; if (authquery != null && !string.IsNullOrWhiteSpace(authquery.Value)) auth_token = authquery["auth-token"].Value; if (authform != null && !string.IsNullOrWhiteSpace(authform.Value)) auth_token = authform["auth-token"].Value; return auth_token; }
private void Form1_Load(object sender, EventArgs e) { client = new WebClient(); client.Encoding = Encoding.UTF8; var info = new OBBInfo(); info.ip = IPAddress.Loopback.ToString(); info.notifyPort = Settings.Default.notifyPort; info.servicePort = Settings.Default.servicePort; info.serviceRoot = Settings.Default.serviceRoot; if (String.IsNullOrWhiteSpace(info.serviceRoot)) info.serviceRoot = Environment.CurrentDirectory; OBBContext.Current.Info = info; OBBContext.Current.Mode = Settings.Default.mode; server = new HttpServer.HttpServer(); var fileModule = new FileModule("/", OBBContext.Current.Info.serviceRoot); var myModule = new MyModule(); fileModule.AddDefaultMimeTypes(); server.Add(myModule); server.Add(fileModule); server.Start(IPAddress.Any, OBBContext.Current.Info.servicePort); if (OBBContext.Current.IsMaster) { OBBContext.Current.MasterInfo = OBBContext.Current.Info; notifyIcon1.Icon = Resources.master; var port = IPAddress.HostToNetworkOrder(OBBContext.Current.Info.servicePort); byte[] portData = BitConverter.GetBytes(port); notify = new UdpNotify(OBBContext.Current.Info.notifyPort, portData); } else { OBBContext.Current.LoadGameConfig(); notifyIcon1.Icon = Resources.slave; notify = new UdpNotify(OBBContext.Current.Info.notifyPort); notify.OnData += Notify_OnData; } this.Text = OBBContext.Current.Mode.ToString(); notifyIcon1.Text = OBBContext.Current.Mode.ToString(); refreshTimer.Start(); button1.Enabled = OBBContext.Current.IsMaster; }
private void PluginThread(Object state) { if (_server == null) { _server = new HttpServer.HttpServer(); // Let's reuse our module from previous tutorial to handle pages. _server.Add(new ZmaWebServer.Modules.MyModule(this)); // and start the server. _server.Start(System.Net.IPAddress.Any, 8080); } while (mc.Started) { Thread.Sleep(100); } _server.Stop(); // stop the web server _server = null; // set null or else its impossible to restart it :) }
internal HttpServer.HttpServer GetCore() { if(core == null) { // create my dispatcher module var testModule = new DispatcherModule(GetClassList()); // create session handling var customComponents = new ComponentProvider(); var sessionStore = new MemorySessionStore(); sessionStore.ExpireTime = 5; customComponents.AddInstance<IHttpSessionStore>(sessionStore); core = new HttpServer.HttpServer(customComponents); core.Add(new HttpModuleWrapper(testModule)); } return core; }
private bool AddXSRFTokenToRespone(HttpServer.IHttpResponse response) { if (m_activexsrf.Count > 500) return false; var buf = new byte[32]; var expires = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES); m_prng.GetBytes(buf); var token = Convert.ToBase64String(buf); m_activexsrf.AddOrUpdate(token, key => expires, (key, existingExpires) => { // Simulate the original behavior => if the random token, against all odds, is already used // we throw an ArgumentException throw new ArgumentException("An element with the same key already exists in the dictionary."); }); response.Cookies.Add(new HttpServer.ResponseCookie(XSRF_COOKIE_NAME, token, expires)); return true; }
public override bool Process(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session) { if ((request.Uri.AbsolutePath == "/" || request.Uri.AbsolutePath == "/index.html" || request.Uri.AbsolutePath == "/index.htm") && System.IO.File.Exists(m_defaultdoc)) { response.Status = System.Net.HttpStatusCode.OK; response.Reason = "OK"; response.ContentType = "text/html"; using (var fs = System.IO.File.OpenRead(m_defaultdoc)) { response.ContentLength = fs.Length; response.Body = fs; response.Send(); } return true; } return false; }
public void StartTutorial() { _server = new HttpServer.HttpServer(); // Let's use Digest authentication which is superior to basic auth since it // never sends password in clear text. DigestAuthentication auth = new DigestAuthentication(OnAuthenticate, OnAuthenticationRequired); _server.AuthenticationModules.Add(auth); // simple example of an regexp redirect rule. Go to http://localhost:8081/profile/arne to get redirected. _server.Add(new RegexRedirectRule("/profile/(?<first>[a-zA-Z0-9]+)", "/user/view/${first}")); // Let's reuse our module from previous tutorial to handle pages. _server.Add(new Tutorial3.MyModule()); // and start the server. _server.Start(IPAddress.Any, 8081); Console.WriteLine("Goto http://localhost:8081/membersonly to get authenticated."); Console.WriteLine("Password is 'morsOlle', and userName is 'arne'"); }
private void CreateServers() { ServerSettings settings = ServiceRegistration.Get <ISettingsManager>().Load <ServerSettings>(); List <string> filters = settings.IPAddressBindingsList; List <IPAddress> validAddresses = new List <IPAddress>(); if (settings.UseIPv4) { validAddresses.AddRange(NetworkHelper.GetBindableIPAddresses(AddressFamily.InterNetwork, filters)); } if (settings.UseIPv6) { validAddresses.AddRange(NetworkHelper.GetBindableIPAddresses(AddressFamily.InterNetworkV6, filters)); } foreach (IPAddress address in validAddresses) { HttpServer.HttpServer httpServer = new HttpServer.HttpServer(new HttpLogWriter()); _httpServers[address] = httpServer; } }
private string FindXSRFToken(HttpServer.IHttpRequest request) { string xsrftoken = request.Headers[XSRF_HEADER_NAME] ?? ""; if (string.IsNullOrWhiteSpace(xsrftoken)) xsrftoken = Duplicati.Library.Utility.Uri.UrlDecode(xsrftoken); if (string.IsNullOrWhiteSpace(xsrftoken)) { var xsrfq = request.Form[XSRF_HEADER_NAME] ?? request.Form[Duplicati.Library.Utility.Uri.UrlEncode(XSRF_HEADER_NAME)]; xsrftoken = (xsrfq == null || string.IsNullOrWhiteSpace(xsrfq.Value)) ? "" : xsrfq.Value; } if (string.IsNullOrWhiteSpace(xsrftoken)) { var xsrfq = request.QueryString[XSRF_HEADER_NAME] ?? request.QueryString[Duplicati.Library.Utility.Uri.UrlEncode(XSRF_HEADER_NAME)]; xsrftoken = (xsrfq == null || string.IsNullOrWhiteSpace(xsrfq.Value)) ? "" : xsrfq.Value; } return xsrftoken; }
public void StartTutorial() { _server = new HttpServer.HttpServer(); // Let's use Digest authentication which is superior to basic auth since it // never sends password in clear text. DigestAuthentication auth = new DigestAuthentication(OnAuthenticate, OnAuthenticationRequired); _server.AuthenticationModules.Add(auth); // simple example of an regexp redirect rule. Go to http://localhost:8081/profile/arne to get redirected. _server.Add(new RegexRedirectRule("/profile/(?<first>[a-zA-Z0-9]+)", "/user/view/${first}")); // Let's reuse our module from previous tutorial to handle pages. _server.Add(new Tutorial3.MyModule()); // and start the server. _server.Start(IPAddress.Any, 8081); Console.WriteLine("Goto http://localhost:8081/membersonly to get authenticated."); Console.WriteLine("Password is 'morsOlle', and userName is 'arne'"); }
/// <summary> /// Received from a <see cref="IHttpClientContext"/> when a request have been parsed successfully. /// </summary> /// <param name="source"><see cref="IHttpClientContext"/> that received the request.</param> /// <param name="args">The request.</param> private void OnRequest(object source, RequestEventArgs args) { _current = this; IHttpClientContext context = (IHttpClientContext) source; IHttpRequest request = args.Request; if (_requestQueue.ShouldQueue) { _requestQueue.Enqueue(context, request); return; } ProcessRequestWrapper(context, request); // no need to lock, if all threads are busy, // someone is bound to trigger the thread correctly =) _requestQueue.Trigger(); }
private bool HasXSRFCookie(HttpServer.IHttpRequest request) { DateTime tmpExpirationTimeHolder; // Clean up expired XSRF cookies foreach (var k in (from n in m_activexsrf where DateTime.UtcNow > n.Value select n.Key)) m_activexsrf.TryRemove(k, out tmpExpirationTimeHolder); var xsrfcookie = request.Cookies[XSRF_COOKIE_NAME] ?? request.Cookies[Library.Utility.Uri.UrlEncode(XSRF_COOKIE_NAME)]; var value = xsrfcookie == null ? null : xsrfcookie.Value; if (string.IsNullOrWhiteSpace(value)) return false; if (m_activexsrf.ContainsKey(value)) { m_activexsrf[value] = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES); return true; } else if (m_activexsrf.ContainsKey(Library.Utility.Uri.UrlDecode(value))) { m_activexsrf[Library.Utility.Uri.UrlDecode(value)] = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES); return true; } return false; }
private static int MAX_POST_SIZE = 10 * 1024 * 1024; // 10MB public HttpProcessor(TcpClient s, HttpServer srv) { this.socket = s; this.srv = srv; }
public void Start(int aPort) { HttpServer = new HttpServer.HttpServer(); HttpServer.Add(this); HttpServer.Start(IPAddress.Any, aPort); }
public void Stop() { HttpServer?.Stop(); HttpServer = null; }
public AjaxLifeHttpServer(IpAddress addr, int port) { Address = addr; Port = port; server = new HttpServer.HttpServer(); }
private void SendCommand(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw) { HttpServer.HttpInput input = request.Method.ToUpper() == "POST" ? request.Form : request.QueryString; string command = input["command"].Value ?? ""; switch (command.ToLowerInvariant()) { case "check-update": RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Updates).Name.ToLowerInvariant(), "check"); return; case "install-update": RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Updates).Name.ToLowerInvariant(), "install"); return; case "activate-update": RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Updates).Name.ToLowerInvariant(), "activate"); return; case "pause": RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.ServerState).Name.ToLowerInvariant(), "pause"); return; case "resume": RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.ServerState).Name.ToLowerInvariant(), "resume"); return; case "stop": case "abort": { var key = string.Format("{0}/{1}", input["taskid"].Value, command); RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Task).Name.ToLowerInvariant(), key); } return; case "is-backup-active": { var key = string.Format("{0}/isactive", Library.Utility.Uri.UrlPathEncode(input["id"].Value)); RESTHandler.DoProcess(request, response, session, "GET", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key); } return; case "run": case "run-backup": { var key = string.Format("{0}/start", Library.Utility.Uri.UrlPathEncode(input["id"].Value)); RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key); } return; case "run-verify": { var key = string.Format("{0}/verify", Library.Utility.Uri.UrlPathEncode(input["id"].Value)); RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key); } return; case "run-repair-update": { var key = string.Format("{0}/repairupdate", Library.Utility.Uri.UrlPathEncode(input["id"].Value)); RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key); } return; case "run-repair": { var key = string.Format("{0}/repair", Library.Utility.Uri.UrlPathEncode(input["id"].Value)); RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key); } return; case "create-report": { var key = string.Format("{0}/createreport", Library.Utility.Uri.UrlPathEncode(input["id"].Value)); RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key); } return; default: { var key = string.Format("{0}", Library.Utility.Uri.UrlPathEncode(input["command"].Value)); RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.WebModule).Name.ToLowerInvariant(), key); return; } } }
public override bool Process (HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session) { //We use the fake entry point /control.cgi to listen for requests //This ensures that the rest of the webserver can just serve plain files if (!request.Uri.AbsolutePath.Equals(CONTROL_HANDLER_URI, StringComparison.InvariantCultureIgnoreCase)) return false; HttpServer.HttpInput input = request.Method.ToUpper() == "POST" ? request.Form : request.QueryString; string action = input["action"].Value ?? ""; //Lookup the actual handler method ProcessSub method; SUPPORTED_METHODS.TryGetValue(action, out method); if (method == null) { response.Status = System.Net.HttpStatusCode.NotImplemented; response.Reason = "Unsupported action: " + (action == null ? "<null>" : ""); response.Send(); } else { //Default setup response.Status = System.Net.HttpStatusCode.OK; response.Reason = "OK"; #if DEBUG response.ContentType = "text/plain"; #else response.ContentType = "text/json"; #endif using (BodyWriter bw = new BodyWriter(response, request)) { try { method(request, response, session, bw); } catch (Exception ex) { Program.DataConnection.LogError("", string.Format("Request for {0} gave error", action), ex); Console.WriteLine(ex.ToString()); try { if (!response.HeadersSent) { response.Status = System.Net.HttpStatusCode.InternalServerError; response.Reason = "Error"; response.ContentType = "text/plain"; bw.WriteJsonObject(new { Message = ex.Message, Type = ex.GetType().Name, #if DEBUG Stacktrace = ex.ToString() #endif }); bw.Flush(); } } catch (Exception flex) { Program.DataConnection.LogError("", "Reporting error gave error", flex); } } } } return true; }
private void PollLogMessages(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw) { RESTHandler.DoProcess(request, response, session, "GET", typeof(RESTMethods.LogData).Name.ToLowerInvariant(), "poll"); }
static void Main(string[] args) { HttpServer server = new HttpServer(ConfigurationManager.AppSettings["serverUrl"], ConfigurationManager.AppSettings["baseFolder"]); server.Start(); }
static void Main(string[] args) { var server = new HttpServer(@"C:\Users\Chris\Documents\public"); server.StartAsync().Wait(); }
public override bool Process(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session) { HttpServer.HttpInput input = request.Method.ToUpper() == "POST" ? request.Form : request.QueryString; var auth_token = FindAuthCookie(request); var xsrf_token = FindXSRFToken(request); if (!HasXSRFCookie(request)) { var cookieAdded = AddXSRFTokenToRespone(response); if (!cookieAdded) { response.Status = System.Net.HttpStatusCode.ServiceUnavailable; response.Reason = "Too Many Concurrent Request, try again later"; return true; } } Tuple<DateTime, string> tmpTuple; DateTime tmpDateTime; if (LOGOUT_SCRIPT_URI.Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase)) { if (!string.IsNullOrWhiteSpace(auth_token)) { // Remove the active auth token m_activeTokens.TryRemove(auth_token, out tmpDateTime); } response.Status = System.Net.HttpStatusCode.NoContent; response.Reason = "OK"; return true; } else if (LOGIN_SCRIPT_URI.Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase)) { // Remove expired nonces foreach(var k in (from n in m_activeNonces where DateTime.UtcNow > n.Value.Item1 select n.Key)) m_activeNonces.TryRemove(k, out tmpTuple); if (input["get-nonce"] != null && !string.IsNullOrWhiteSpace(input["get-nonce"].Value)) { if (m_activeNonces.Count > 50) { response.Status = System.Net.HttpStatusCode.ServiceUnavailable; response.Reason = "Too many active login attempts"; return true; } var buf = new byte[32]; var expires = DateTime.UtcNow.AddMinutes(AUTH_TIMEOUT_MINUTES); m_prng.GetBytes(buf); var nonce = Convert.ToBase64String(buf); var sha256 = System.Security.Cryptography.SHA256.Create(); sha256.TransformBlock(buf, 0, buf.Length, buf, 0); buf = Convert.FromBase64String(Program.DataConnection.ApplicationSettings.WebserverPassword); sha256.TransformFinalBlock(buf, 0, buf.Length); var pwd = Convert.ToBase64String(sha256.Hash); m_activeNonces.AddOrUpdate(nonce, key => new Tuple<DateTime, string>(expires, pwd), (key, existingValue) => { // Simulate the original behavior => if the nonce, against all odds, is already used // we throw an ArgumentException throw new ArgumentException("An element with the same key already exists in the dictionary."); }); response.Cookies.Add(new HttpServer.ResponseCookie(NONCE_COOKIE_NAME, nonce, expires)); using(var bw = new BodyWriter(response, request)) { bw.OutputOK(new { Status = "OK", Nonce = nonce, Salt = Program.DataConnection.ApplicationSettings.WebserverPasswordSalt }); } return true; } else { if (input["password"] != null && !string.IsNullOrWhiteSpace(input["password"].Value)) { var nonce_el = request.Cookies[NONCE_COOKIE_NAME] ?? request.Cookies[Library.Utility.Uri.UrlEncode(NONCE_COOKIE_NAME)]; var nonce = nonce_el == null || string.IsNullOrWhiteSpace(nonce_el.Value) ? "" : nonce_el.Value; var urldecoded = nonce == null ? "" : Duplicati.Library.Utility.Uri.UrlDecode(nonce); if (m_activeNonces.ContainsKey(urldecoded)) nonce = urldecoded; if (!m_activeNonces.ContainsKey(nonce)) { response.Status = System.Net.HttpStatusCode.Unauthorized; response.Reason = "Unauthorized"; response.ContentType = "application/json"; return true; } var pwd = m_activeNonces[nonce].Item2; // Remove the nonce m_activeNonces.TryRemove(nonce, out tmpTuple); if (pwd != input["password"].Value) { response.Status = System.Net.HttpStatusCode.Unauthorized; response.Reason = "Unauthorized"; response.ContentType = "application/json"; return true; } var buf = new byte[32]; var expires = DateTime.UtcNow.AddHours(1); m_prng.GetBytes(buf); var token = Duplicati.Library.Utility.Utility.Base64UrlEncode(buf); while (token.Length > 0 && token.EndsWith("=")) token = token.Substring(0, token.Length - 1); m_activeTokens.AddOrUpdate(token, key => expires, (key, existingValue) => { // Simulate the original behavior => if the token, against all odds, is already used // we throw an ArgumentException throw new ArgumentException("An element with the same key already exists in the dictionary."); }); response.Cookies.Add(new HttpServer.ResponseCookie(AUTH_COOKIE_NAME, token, expires)); using(var bw = new BodyWriter(response, request)) bw.OutputOK(); return true; } } } var limitedAccess = ControlHandler.CONTROL_HANDLER_URI.Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase) || request.Uri.AbsolutePath.StartsWith(RESTHandler.API_URI_PATH, StringComparison.InvariantCultureIgnoreCase) ; if (limitedAccess) { if (xsrf_token != null && m_activexsrf.ContainsKey(xsrf_token)) { var expires = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES); m_activexsrf[xsrf_token] = expires; response.Cookies.Add(new ResponseCookie(XSRF_COOKIE_NAME, xsrf_token, expires)); } else { response.Status = System.Net.HttpStatusCode.BadRequest; response.Reason = "Missing XSRF Token"; return true; } } if (string.IsNullOrWhiteSpace(Program.DataConnection.ApplicationSettings.WebserverPassword)) return false; foreach(var k in (from n in m_activeTokens where DateTime.UtcNow > n.Value select n.Key)) m_activeTokens.TryRemove(k, out tmpDateTime); // If we have a valid token, proceed if (!string.IsNullOrWhiteSpace(auth_token)) { DateTime expires; var found = m_activeTokens.TryGetValue(auth_token, out expires); if (!found) { auth_token = Duplicati.Library.Utility.Uri.UrlDecode(auth_token); found = m_activeTokens.TryGetValue(auth_token, out expires); } if (found && DateTime.UtcNow < expires) { expires = DateTime.UtcNow.AddHours(1); m_activeTokens[auth_token] = expires; response.Cookies.Add(new ResponseCookie(AUTH_COOKIE_NAME, auth_token, expires)); return false; } } if ("/".Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase) || "/index.html".Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase)) { response.Redirect("/login.html"); return true; } if (limitedAccess) { response.Status = System.Net.HttpStatusCode.Unauthorized; response.Reason = "Not logged in"; response.AddHeader("Location", "login.html"); return true; } return false; }
private void GetNotifications(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw) { RESTHandler.HandleControlCGI(request, response, session, bw, typeof(RESTMethods.Notifications)); }
private void GetUISettingSchemes(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw) { RESTHandler.HandleControlCGI(request, response, session, bw, typeof(RESTMethods.UISettings)); }
private void GetBackupDefaults(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw) { RESTHandler.HandleControlCGI(request, response, session, bw, typeof(RESTMethods.BackupDefaults)); }
private void DismissNotification(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw) { request.Method = "DELETE"; RESTHandler.HandleControlCGI(request, response, session, bw, typeof(RESTMethods.Notification)); }
static void Main(string[] args) { HttpServer server = new HttpServer("http://localhost:8888/"); server.Start(); }