public ResourceServer()
{
_httpServerV4 = new HttpServer.HttpServer(new HttpLogWriter());
_httpServerV6 = new HttpServer.HttpServer(new HttpLogWriter());
ResourceAccessModule module = new ResourceAccessModule();
AddHttpModule(module);
}
public DefaultRackServer(int port,IPAddress ipAddress,ILogWriter logWriter)
{
_server = new HttpServer.HttpServer(logWriter);
_ipAddress = ipAddress;
_port = port;
_logWriter = logWriter;
}
private static string HandleCreateAccount(HttpServer server, HttpListenerRequest request, Dictionary<string, string> parameters)
{
if (!parameters.ContainsKey("username")) throw new Exception("Missing username.");
if (!parameters.ContainsKey("password")) throw new Exception("Missing password.");
string username = parameters["username"];
string password = parameters["password"];
if (Databases.AccountTable.Count(a => a.Username.ToLower() == username.ToLower()) > 0) return JsonEncode("Username already in use!");
System.Text.RegularExpressions.Regex invalidCharacterRegex = new System.Text.RegularExpressions.Regex("[^a-zA-Z0-9]");
if (invalidCharacterRegex.IsMatch(username)) return JsonEncode("Invalid characters detected in username!");
Random getrandom = new Random();
String token = getrandom.Next(10000000, 99999999).ToString();
AccountEntry entry = new AccountEntry();
entry.Index = Databases.AccountTable.GenerateIndex();
entry.Username = username;
entry.Password = password;
entry.Verifier = "";
entry.Salt = "";
entry.RTW_Points = 0;
entry.IsAdmin = 0;
entry.IsBanned = 0;
entry.InUse = 0;
entry.extrn_login = 0;
entry.CanHostDistrict = 1;
entry.Token = token;
Databases.AccountTable.Add(entry);
Log.Succes("HTTP", "Successfully created account '" + username + "'");
return JsonEncode("Account created!\n\nYour token is: " + token + ".\nCopy and paste given token in \"_rtoken.id\" file and put it in the same folder where your \"APB.exe\" is located.");
}
public override bool Process(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session)
{
var path = this.GetPath(request.Uri);
var html = System.IO.Path.Combine(path, "index.html");
var htm = System.IO.Path.Combine(path, "index.htm");
if (System.IO.Directory.Exists(path) && (System.IO.File.Exists(html) || System.IO.File.Exists(htm)))
{
if (!request.Uri.AbsolutePath.EndsWith("/"))
{
response.Redirect(request.Uri.AbsolutePath + "/");
return true;
}
response.Status = System.Net.HttpStatusCode.OK;
response.Reason = "OK";
response.ContentType = "text/html; charset=utf-8";
using (var fs = System.IO.File.OpenRead(System.IO.File.Exists(html) ? html : htm))
{
response.ContentLength = fs.Length;
response.Body = fs;
response.Send();
}
return true;
}
return false;
}
private void OnRequest(object sender, HttpServer.RequestEventArgs e)
{
string[] paramss = e.Request.UriParts;
HttpServer.IHttpResponse resp = e.Request.CreateResponse((IHttpClientContext)sender);
if (paramss[0] == "favicon.ico")
{
reactFavIco(resp);
}
if (paramss[0] == "fire")
{
reactFire(resp);
}
if (paramss[0] == "move")
{
reactMove(resp,paramss[1]);
}
if (paramss[0] == "laser")
{
reactLaser(resp);
}
if (paramss[0] == "reset")
{
reactReset(resp);
}
}
public void StartListening(IGablarskiServerContext context)
{
var sstore = new MemorySessionStore {
ExpireTime = 15
};
server = new HttpServer.HttpServer(sstore);
ConnectionManager cmanager = new ConnectionManager(sstore);
cmanager.ConnectionProvider = this;
cmanager.Server = server;
server.Add(new QueryModule(cmanager));
WebServerConfiguration config = (WebServerConfiguration)ConfigurationManager.GetSection("webserver");
if (config != null && config.Theme != null)
{
server.Add(new FileResourceModule(config.Theme.Path));
server.Add(new LoginModule(cmanager));
server.Add(new ChannelModule(cmanager));
server.Add(new UserModule(cmanager));
}
server.Start(IPAddress.Any, this.Port);
}
public ObjectForScripting()
{
httpServer = new HttpServer.HttpServer();
ajaxObjectForScripting = new AjaxObjectForScripting(this);
httpServer.Add(ajaxObjectForScripting);
httpServer.Start(IPAddress.Any, 50505);
httpServer.BackLog = 5;
}
bool _streamingrequestbody; // indicates that request body can be streamed by user
#endregion Fields
#region Constructors
internal HttpRequest(HttpServer._Connection connection, HttpMethod method, string rawpath)
{
_connection = connection;
_method = method;
_rawpath = rawpath;
int iof = rawpath.IndexOf('?');
_path = iof >= 0 ? rawpath.Substring(0, iof) : rawpath;
}
public void Run(IBackgroundTaskInstance taskInstance)
{
// Get the deferral object from the task instance
serviceDeferral = taskInstance.GetDeferral();
httpServer = new HttpServer(8000);
httpServer.StartServer();
}
public ResourceServer()
{
_httpServerV4 = new HttpServer.HttpServer(new HttpLogWriter());
_httpServerV6 = new HttpServer.HttpServer(new HttpLogWriter());
ResourceAccessModule module = new ResourceAccessModule();
AddHttpModule(module);
}
private WebService()
{
this._server = new H.HttpServer();
var res = new ResourceFileModule();
res.AddResources("/", typeof(WebService).Assembly, "XSpect.Contributions.Solar.Resources.Documents");
this._server.Add(res);
this._server.Add(new RequestHandler());
this.Configuration = new ExpandoObject();
}
public PollServiceHttpRequest(
PollServiceEventArgs pPollServiceArgs, HttpServerLib.HttpClientContext pHttpContext, HttpServerLib.HttpRequest pRequest)
{
PollServiceArgs = pPollServiceArgs;
HttpContext = pHttpContext;
Request = pRequest;
RequestTime = System.Environment.TickCount;
RequestID = UUID.Random();
}
private void StopServer(HttpServer.HttpServer server)
{
try
{
server.Stop();
}
catch (SocketException e)
{
ServiceRegistration.Get <ILogger>().Warn("ResourceServer: Error stopping HTTP server", e);
}
}
public void DisposeServer(HttpServer.HttpServer server)
{
try
{
server.Dispose();
}
catch (SocketException e)
{
ServiceRegistration.Get <ILogger>().Warn("ResourceServer: Error stopping HTTP server", e);
}
}
private static void Main(string[] args)
{
var config = new DefaultHttpServerConfiguration() { Port = 8080, Handler = new DefaultHtmlRequestHandler("U:/CustomServer", new[] { "index.html", "default.html" }) };
var server = new HttpServer(config);
server.ConnectionEstablished += Server_ConnectionEstablished;
server.ConnectionLost += Server_ConnectionLost;
server.MessageSent += server_MessageSent;
server.MessageReceived += server_MessageReceived;
server.Start();
Thread.Sleep(new TimeSpan(0,5,0));
server.Stop();
}
static void Main(string[] args)
{
if (!EasyServer.InitConfig("Configs/Database.xml", "Database")) return;
Databases.InitDB();
Databases.Load();
HttpServer.MapHandlers();
HttpServer server = new HttpServer();
server.Start();
Timer aTimer = new Timer(10000);
aTimer.Elapsed += OnTimedEvent;
aTimer.AutoReset = true;
aTimer.Enabled = true;
Console.ReadLine();
}
private bool AddXSRFTokenToRespone(HttpServer.IHttpResponse response)
{
if (m_activexsrf.Count > 500)
return false;
var buf = new byte[32];
var expires = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES);
m_prng.GetBytes(buf);
var token = Convert.ToBase64String(buf);
m_activexsrf.Add(token, expires);
response.Cookies.Add(new HttpServer.ResponseCookie(XSRF_COOKIE_NAME, token, expires));
return true;
}
private string FindAuthCookie(HttpServer.IHttpRequest request)
{
var authcookie = request.Cookies[AUTH_COOKIE_NAME] ?? request.Cookies[Library.Utility.Uri.UrlEncode(AUTH_COOKIE_NAME)];
var authform = request.Form["auth-token"] ?? request.Form[Library.Utility.Uri.UrlEncode("auth-token")];
var authquery = request.QueryString["auth-token"] ?? request.QueryString[Library.Utility.Uri.UrlEncode("auth-token")];
var auth_token = authcookie == null || string.IsNullOrWhiteSpace(authcookie.Value) ? null : authcookie.Value;
if (authquery != null && !string.IsNullOrWhiteSpace(authquery.Value))
auth_token = authquery["auth-token"].Value;
if (authform != null && !string.IsNullOrWhiteSpace(authform.Value))
auth_token = authform["auth-token"].Value;
return auth_token;
}
private void Form1_Load(object sender, EventArgs e)
{
client = new WebClient();
client.Encoding = Encoding.UTF8;
var info = new OBBInfo();
info.ip = IPAddress.Loopback.ToString();
info.notifyPort = Settings.Default.notifyPort;
info.servicePort = Settings.Default.servicePort;
info.serviceRoot = Settings.Default.serviceRoot;
if (String.IsNullOrWhiteSpace(info.serviceRoot))
info.serviceRoot = Environment.CurrentDirectory;
OBBContext.Current.Info = info;
OBBContext.Current.Mode = Settings.Default.mode;
server = new HttpServer.HttpServer();
var fileModule = new FileModule("/", OBBContext.Current.Info.serviceRoot);
var myModule = new MyModule();
fileModule.AddDefaultMimeTypes();
server.Add(myModule);
server.Add(fileModule);
server.Start(IPAddress.Any, OBBContext.Current.Info.servicePort);
if (OBBContext.Current.IsMaster)
{
OBBContext.Current.MasterInfo = OBBContext.Current.Info;
notifyIcon1.Icon = Resources.master;
var port = IPAddress.HostToNetworkOrder(OBBContext.Current.Info.servicePort);
byte[] portData = BitConverter.GetBytes(port);
notify = new UdpNotify(OBBContext.Current.Info.notifyPort, portData);
}
else
{
OBBContext.Current.LoadGameConfig();
notifyIcon1.Icon = Resources.slave;
notify = new UdpNotify(OBBContext.Current.Info.notifyPort);
notify.OnData += Notify_OnData;
}
this.Text = OBBContext.Current.Mode.ToString();
notifyIcon1.Text = OBBContext.Current.Mode.ToString();
refreshTimer.Start();
button1.Enabled = OBBContext.Current.IsMaster;
}
private void PluginThread(Object state)
{
if (_server == null)
{
_server = new HttpServer.HttpServer();
// Let's reuse our module from previous tutorial to handle pages.
_server.Add(new ZmaWebServer.Modules.MyModule(this));
// and start the server.
_server.Start(System.Net.IPAddress.Any, 8080);
}
while (mc.Started)
{
Thread.Sleep(100);
}
_server.Stop(); // stop the web server
_server = null; // set null or else its impossible to restart it :)
}
internal HttpServer.HttpServer GetCore()
{
if(core == null)
{
// create my dispatcher module
var testModule = new DispatcherModule(GetClassList());
// create session handling
var customComponents = new ComponentProvider();
var sessionStore = new MemorySessionStore();
sessionStore.ExpireTime = 5;
customComponents.AddInstance<IHttpSessionStore>(sessionStore);
core = new HttpServer.HttpServer(customComponents);
core.Add(new HttpModuleWrapper(testModule));
}
return core;
}
private bool AddXSRFTokenToRespone(HttpServer.IHttpResponse response)
{
if (m_activexsrf.Count > 500)
return false;
var buf = new byte[32];
var expires = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES);
m_prng.GetBytes(buf);
var token = Convert.ToBase64String(buf);
m_activexsrf.AddOrUpdate(token, key => expires, (key, existingExpires) =>
{
// Simulate the original behavior => if the random token, against all odds, is already used
// we throw an ArgumentException
throw new ArgumentException("An element with the same key already exists in the dictionary.");
});
response.Cookies.Add(new HttpServer.ResponseCookie(XSRF_COOKIE_NAME, token, expires));
return true;
}
public override bool Process(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session)
{
if ((request.Uri.AbsolutePath == "/" || request.Uri.AbsolutePath == "/index.html" || request.Uri.AbsolutePath == "/index.htm") && System.IO.File.Exists(m_defaultdoc))
{
response.Status = System.Net.HttpStatusCode.OK;
response.Reason = "OK";
response.ContentType = "text/html";
using (var fs = System.IO.File.OpenRead(m_defaultdoc))
{
response.ContentLength = fs.Length;
response.Body = fs;
response.Send();
}
return true;
}
return false;
}
public void StartTutorial()
{
_server = new HttpServer.HttpServer();
// Let's use Digest authentication which is superior to basic auth since it
// never sends password in clear text.
DigestAuthentication auth = new DigestAuthentication(OnAuthenticate, OnAuthenticationRequired);
_server.AuthenticationModules.Add(auth);
// simple example of an regexp redirect rule. Go to http://localhost:8081/profile/arne to get redirected.
_server.Add(new RegexRedirectRule("/profile/(?<first>[a-zA-Z0-9]+)", "/user/view/${first}"));
// Let's reuse our module from previous tutorial to handle pages.
_server.Add(new Tutorial3.MyModule());
// and start the server.
_server.Start(IPAddress.Any, 8081);
Console.WriteLine("Goto http://localhost:8081/membersonly to get authenticated.");
Console.WriteLine("Password is 'morsOlle', and userName is 'arne'");
}
private void CreateServers()
{
ServerSettings settings = ServiceRegistration.Get <ISettingsManager>().Load <ServerSettings>();
List <string> filters = settings.IPAddressBindingsList;
List <IPAddress> validAddresses = new List <IPAddress>();
if (settings.UseIPv4)
{
validAddresses.AddRange(NetworkHelper.GetBindableIPAddresses(AddressFamily.InterNetwork, filters));
}
if (settings.UseIPv6)
{
validAddresses.AddRange(NetworkHelper.GetBindableIPAddresses(AddressFamily.InterNetworkV6, filters));
}
foreach (IPAddress address in validAddresses)
{
HttpServer.HttpServer httpServer = new HttpServer.HttpServer(new HttpLogWriter());
_httpServers[address] = httpServer;
}
}
private string FindXSRFToken(HttpServer.IHttpRequest request)
{
string xsrftoken = request.Headers[XSRF_HEADER_NAME] ?? "";
if (string.IsNullOrWhiteSpace(xsrftoken))
xsrftoken = Duplicati.Library.Utility.Uri.UrlDecode(xsrftoken);
if (string.IsNullOrWhiteSpace(xsrftoken))
{
var xsrfq = request.Form[XSRF_HEADER_NAME] ?? request.Form[Duplicati.Library.Utility.Uri.UrlEncode(XSRF_HEADER_NAME)];
xsrftoken = (xsrfq == null || string.IsNullOrWhiteSpace(xsrfq.Value)) ? "" : xsrfq.Value;
}
if (string.IsNullOrWhiteSpace(xsrftoken))
{
var xsrfq = request.QueryString[XSRF_HEADER_NAME] ?? request.QueryString[Duplicati.Library.Utility.Uri.UrlEncode(XSRF_HEADER_NAME)];
xsrftoken = (xsrfq == null || string.IsNullOrWhiteSpace(xsrfq.Value)) ? "" : xsrfq.Value;
}
return xsrftoken;
}
public void StartTutorial()
{
_server = new HttpServer.HttpServer();
// Let's use Digest authentication which is superior to basic auth since it
// never sends password in clear text.
DigestAuthentication auth = new DigestAuthentication(OnAuthenticate, OnAuthenticationRequired);
_server.AuthenticationModules.Add(auth);
// simple example of an regexp redirect rule. Go to http://localhost:8081/profile/arne to get redirected.
_server.Add(new RegexRedirectRule("/profile/(?<first>[a-zA-Z0-9]+)", "/user/view/${first}"));
// Let's reuse our module from previous tutorial to handle pages.
_server.Add(new Tutorial3.MyModule());
// and start the server.
_server.Start(IPAddress.Any, 8081);
Console.WriteLine("Goto http://localhost:8081/membersonly to get authenticated.");
Console.WriteLine("Password is 'morsOlle', and userName is 'arne'");
}
/// <summary>
/// Received from a <see cref="IHttpClientContext"/> when a request have been parsed successfully.
/// </summary>
/// <param name="source"><see cref="IHttpClientContext"/> that received the request.</param>
/// <param name="args">The request.</param>
private void OnRequest(object source, RequestEventArgs args)
{
_current = this;
IHttpClientContext context = (IHttpClientContext) source;
IHttpRequest request = args.Request;
if (_requestQueue.ShouldQueue)
{
_requestQueue.Enqueue(context, request);
return;
}
ProcessRequestWrapper(context, request);
// no need to lock, if all threads are busy,
// someone is bound to trigger the thread correctly =)
_requestQueue.Trigger();
}
private bool HasXSRFCookie(HttpServer.IHttpRequest request)
{
DateTime tmpExpirationTimeHolder;
// Clean up expired XSRF cookies
foreach (var k in (from n in m_activexsrf where DateTime.UtcNow > n.Value select n.Key))
m_activexsrf.TryRemove(k, out tmpExpirationTimeHolder);
var xsrfcookie = request.Cookies[XSRF_COOKIE_NAME] ?? request.Cookies[Library.Utility.Uri.UrlEncode(XSRF_COOKIE_NAME)];
var value = xsrfcookie == null ? null : xsrfcookie.Value;
if (string.IsNullOrWhiteSpace(value))
return false;
if (m_activexsrf.ContainsKey(value))
{
m_activexsrf[value] = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES);
return true;
}
else if (m_activexsrf.ContainsKey(Library.Utility.Uri.UrlDecode(value)))
{
m_activexsrf[Library.Utility.Uri.UrlDecode(value)] = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES);
return true;
}
return false;
}
private static int MAX_POST_SIZE = 10 * 1024 * 1024; // 10MB
public HttpProcessor(TcpClient s, HttpServer srv)
{
this.socket = s;
this.srv = srv;
}
public void Start(int aPort)
{
HttpServer = new HttpServer.HttpServer();
HttpServer.Add(this);
HttpServer.Start(IPAddress.Any, aPort);
}
public void Stop()
{
HttpServer?.Stop();
HttpServer = null;
}
public AjaxLifeHttpServer(IpAddress addr, int port)
{
Address = addr;
Port = port;
server = new HttpServer.HttpServer();
}
private void SendCommand(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw)
{
HttpServer.HttpInput input = request.Method.ToUpper() == "POST" ? request.Form : request.QueryString;
string command = input["command"].Value ?? "";
switch (command.ToLowerInvariant())
{
case "check-update":
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Updates).Name.ToLowerInvariant(), "check");
return;
case "install-update":
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Updates).Name.ToLowerInvariant(), "install");
return;
case "activate-update":
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Updates).Name.ToLowerInvariant(), "activate");
return;
case "pause":
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.ServerState).Name.ToLowerInvariant(), "pause");
return;
case "resume":
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.ServerState).Name.ToLowerInvariant(), "resume");
return;
case "stop":
case "abort":
{
var key = string.Format("{0}/{1}", input["taskid"].Value, command);
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Task).Name.ToLowerInvariant(), key);
}
return;
case "is-backup-active":
{
var key = string.Format("{0}/isactive", Library.Utility.Uri.UrlPathEncode(input["id"].Value));
RESTHandler.DoProcess(request, response, session, "GET", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key);
}
return;
case "run":
case "run-backup":
{
var key = string.Format("{0}/start", Library.Utility.Uri.UrlPathEncode(input["id"].Value));
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key);
}
return;
case "run-verify":
{
var key = string.Format("{0}/verify", Library.Utility.Uri.UrlPathEncode(input["id"].Value));
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key);
}
return;
case "run-repair-update":
{
var key = string.Format("{0}/repairupdate", Library.Utility.Uri.UrlPathEncode(input["id"].Value));
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key);
}
return;
case "run-repair":
{
var key = string.Format("{0}/repair", Library.Utility.Uri.UrlPathEncode(input["id"].Value));
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key);
}
return;
case "create-report":
{
var key = string.Format("{0}/createreport", Library.Utility.Uri.UrlPathEncode(input["id"].Value));
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.Backup).Name.ToLowerInvariant(), key);
}
return;
default:
{
var key = string.Format("{0}", Library.Utility.Uri.UrlPathEncode(input["command"].Value));
RESTHandler.DoProcess(request, response, session, "POST", typeof(RESTMethods.WebModule).Name.ToLowerInvariant(), key);
return;
}
}
}
public override bool Process (HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session)
{
//We use the fake entry point /control.cgi to listen for requests
//This ensures that the rest of the webserver can just serve plain files
if (!request.Uri.AbsolutePath.Equals(CONTROL_HANDLER_URI, StringComparison.InvariantCultureIgnoreCase))
return false;
HttpServer.HttpInput input = request.Method.ToUpper() == "POST" ? request.Form : request.QueryString;
string action = input["action"].Value ?? "";
//Lookup the actual handler method
ProcessSub method;
SUPPORTED_METHODS.TryGetValue(action, out method);
if (method == null) {
response.Status = System.Net.HttpStatusCode.NotImplemented;
response.Reason = "Unsupported action: " + (action == null ? "<null>" : "");
response.Send();
} else {
//Default setup
response.Status = System.Net.HttpStatusCode.OK;
response.Reason = "OK";
#if DEBUG
response.ContentType = "text/plain";
#else
response.ContentType = "text/json";
#endif
using (BodyWriter bw = new BodyWriter(response, request))
{
try
{
method(request, response, session, bw);
}
catch (Exception ex)
{
Program.DataConnection.LogError("", string.Format("Request for {0} gave error", action), ex);
Console.WriteLine(ex.ToString());
try
{
if (!response.HeadersSent)
{
response.Status = System.Net.HttpStatusCode.InternalServerError;
response.Reason = "Error";
response.ContentType = "text/plain";
bw.WriteJsonObject(new
{
Message = ex.Message,
Type = ex.GetType().Name,
#if DEBUG
Stacktrace = ex.ToString()
#endif
});
bw.Flush();
}
}
catch (Exception flex)
{
Program.DataConnection.LogError("", "Reporting error gave error", flex);
}
}
}
}
return true;
}
private void PollLogMessages(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw)
{
RESTHandler.DoProcess(request, response, session, "GET", typeof(RESTMethods.LogData).Name.ToLowerInvariant(), "poll");
}
static void Main(string[] args)
{
HttpServer server = new HttpServer(ConfigurationManager.AppSettings["serverUrl"], ConfigurationManager.AppSettings["baseFolder"]);
server.Start();
}
static void Main(string[] args)
{
var server = new HttpServer(@"C:\Users\Chris\Documents\public");
server.StartAsync().Wait();
}
public override bool Process(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session)
{
HttpServer.HttpInput input = request.Method.ToUpper() == "POST" ? request.Form : request.QueryString;
var auth_token = FindAuthCookie(request);
var xsrf_token = FindXSRFToken(request);
if (!HasXSRFCookie(request))
{
var cookieAdded = AddXSRFTokenToRespone(response);
if (!cookieAdded)
{
response.Status = System.Net.HttpStatusCode.ServiceUnavailable;
response.Reason = "Too Many Concurrent Request, try again later";
return true;
}
}
Tuple<DateTime, string> tmpTuple;
DateTime tmpDateTime;
if (LOGOUT_SCRIPT_URI.Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase))
{
if (!string.IsNullOrWhiteSpace(auth_token))
{
// Remove the active auth token
m_activeTokens.TryRemove(auth_token, out tmpDateTime);
}
response.Status = System.Net.HttpStatusCode.NoContent;
response.Reason = "OK";
return true;
}
else if (LOGIN_SCRIPT_URI.Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase))
{
// Remove expired nonces
foreach(var k in (from n in m_activeNonces where DateTime.UtcNow > n.Value.Item1 select n.Key))
m_activeNonces.TryRemove(k, out tmpTuple);
if (input["get-nonce"] != null && !string.IsNullOrWhiteSpace(input["get-nonce"].Value))
{
if (m_activeNonces.Count > 50)
{
response.Status = System.Net.HttpStatusCode.ServiceUnavailable;
response.Reason = "Too many active login attempts";
return true;
}
var buf = new byte[32];
var expires = DateTime.UtcNow.AddMinutes(AUTH_TIMEOUT_MINUTES);
m_prng.GetBytes(buf);
var nonce = Convert.ToBase64String(buf);
var sha256 = System.Security.Cryptography.SHA256.Create();
sha256.TransformBlock(buf, 0, buf.Length, buf, 0);
buf = Convert.FromBase64String(Program.DataConnection.ApplicationSettings.WebserverPassword);
sha256.TransformFinalBlock(buf, 0, buf.Length);
var pwd = Convert.ToBase64String(sha256.Hash);
m_activeNonces.AddOrUpdate(nonce, key => new Tuple<DateTime, string>(expires, pwd), (key, existingValue) =>
{
// Simulate the original behavior => if the nonce, against all odds, is already used
// we throw an ArgumentException
throw new ArgumentException("An element with the same key already exists in the dictionary.");
});
response.Cookies.Add(new HttpServer.ResponseCookie(NONCE_COOKIE_NAME, nonce, expires));
using(var bw = new BodyWriter(response, request))
{
bw.OutputOK(new {
Status = "OK",
Nonce = nonce,
Salt = Program.DataConnection.ApplicationSettings.WebserverPasswordSalt
});
}
return true;
}
else
{
if (input["password"] != null && !string.IsNullOrWhiteSpace(input["password"].Value))
{
var nonce_el = request.Cookies[NONCE_COOKIE_NAME] ?? request.Cookies[Library.Utility.Uri.UrlEncode(NONCE_COOKIE_NAME)];
var nonce = nonce_el == null || string.IsNullOrWhiteSpace(nonce_el.Value) ? "" : nonce_el.Value;
var urldecoded = nonce == null ? "" : Duplicati.Library.Utility.Uri.UrlDecode(nonce);
if (m_activeNonces.ContainsKey(urldecoded))
nonce = urldecoded;
if (!m_activeNonces.ContainsKey(nonce))
{
response.Status = System.Net.HttpStatusCode.Unauthorized;
response.Reason = "Unauthorized";
response.ContentType = "application/json";
return true;
}
var pwd = m_activeNonces[nonce].Item2;
// Remove the nonce
m_activeNonces.TryRemove(nonce, out tmpTuple);
if (pwd != input["password"].Value)
{
response.Status = System.Net.HttpStatusCode.Unauthorized;
response.Reason = "Unauthorized";
response.ContentType = "application/json";
return true;
}
var buf = new byte[32];
var expires = DateTime.UtcNow.AddHours(1);
m_prng.GetBytes(buf);
var token = Duplicati.Library.Utility.Utility.Base64UrlEncode(buf);
while (token.Length > 0 && token.EndsWith("="))
token = token.Substring(0, token.Length - 1);
m_activeTokens.AddOrUpdate(token, key => expires, (key, existingValue) =>
{
// Simulate the original behavior => if the token, against all odds, is already used
// we throw an ArgumentException
throw new ArgumentException("An element with the same key already exists in the dictionary.");
});
response.Cookies.Add(new HttpServer.ResponseCookie(AUTH_COOKIE_NAME, token, expires));
using(var bw = new BodyWriter(response, request))
bw.OutputOK();
return true;
}
}
}
var limitedAccess =
ControlHandler.CONTROL_HANDLER_URI.Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase)
||
request.Uri.AbsolutePath.StartsWith(RESTHandler.API_URI_PATH, StringComparison.InvariantCultureIgnoreCase)
;
if (limitedAccess)
{
if (xsrf_token != null && m_activexsrf.ContainsKey(xsrf_token))
{
var expires = DateTime.UtcNow.AddMinutes(XSRF_TIMEOUT_MINUTES);
m_activexsrf[xsrf_token] = expires;
response.Cookies.Add(new ResponseCookie(XSRF_COOKIE_NAME, xsrf_token, expires));
}
else
{
response.Status = System.Net.HttpStatusCode.BadRequest;
response.Reason = "Missing XSRF Token";
return true;
}
}
if (string.IsNullOrWhiteSpace(Program.DataConnection.ApplicationSettings.WebserverPassword))
return false;
foreach(var k in (from n in m_activeTokens where DateTime.UtcNow > n.Value select n.Key))
m_activeTokens.TryRemove(k, out tmpDateTime);
// If we have a valid token, proceed
if (!string.IsNullOrWhiteSpace(auth_token))
{
DateTime expires;
var found = m_activeTokens.TryGetValue(auth_token, out expires);
if (!found)
{
auth_token = Duplicati.Library.Utility.Uri.UrlDecode(auth_token);
found = m_activeTokens.TryGetValue(auth_token, out expires);
}
if (found && DateTime.UtcNow < expires)
{
expires = DateTime.UtcNow.AddHours(1);
m_activeTokens[auth_token] = expires;
response.Cookies.Add(new ResponseCookie(AUTH_COOKIE_NAME, auth_token, expires));
return false;
}
}
if ("/".Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase) || "/index.html".Equals(request.Uri.AbsolutePath, StringComparison.InvariantCultureIgnoreCase))
{
response.Redirect("/login.html");
return true;
}
if (limitedAccess)
{
response.Status = System.Net.HttpStatusCode.Unauthorized;
response.Reason = "Not logged in";
response.AddHeader("Location", "login.html");
return true;
}
return false;
}
private void GetNotifications(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw)
{
RESTHandler.HandleControlCGI(request, response, session, bw, typeof(RESTMethods.Notifications));
}
private void GetUISettingSchemes(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw)
{
RESTHandler.HandleControlCGI(request, response, session, bw, typeof(RESTMethods.UISettings));
}
private void GetBackupDefaults(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw)
{
RESTHandler.HandleControlCGI(request, response, session, bw, typeof(RESTMethods.BackupDefaults));
}
private void DismissNotification(HttpServer.IHttpRequest request, HttpServer.IHttpResponse response, HttpServer.Sessions.IHttpSession session, BodyWriter bw)
{
request.Method = "DELETE";
RESTHandler.HandleControlCGI(request, response, session, bw, typeof(RESTMethods.Notification));
}
static void Main(string[] args)
{
HttpServer server = new HttpServer("http://localhost:8888/");
server.Start();
}
