public DynDatabaseRequest ValidateAccess(DynDatabaseRequest dbRequest) { // Check permissions dbRequest.State = PermissionState.Denied; if (Context.DbServiceState.SecurityRuleTable.ContainsKey(dbRequest.DatabaseId)) { foreach (var rule in Context.DbServiceState.SecurityRuleTable[dbRequest.DatabaseId] .OrderBy(x => x.Priority)) { if (rule.PathRegex.Match($"/{dbRequest.Path}").Success) { if (rule.Actions.HasFlag(dbRequest.RequestedAction)) { dbRequest.State = rule.Allow ? PermissionState.Granted : PermissionState.Denied; break; } } } } // If denied by rules, check auth token if (dbRequest.State == PermissionState.Denied) { if (AuthTokenValidator != null) { if (AuthTokenValidator(dbRequest)) { dbRequest.State = PermissionState.Granted; } } } return(dbRequest); }
public DynDatabaseRequest Process(dynamic args, dynamic query, DatabaseAction dbAction) { // Read basic parameters var path = (string)args.path ?? ""; // null paths aren't valid var databaseId = (string)args.dbid; // database ID is required! var authItem = (string)query.auth; // Create request shell // Add trailing slash if (path.Length > 1 && !path.EndsWith("/", StringComparison.Ordinal)) { path += "/"; } var dbRequest = new DynDatabaseRequest { AuthToken = authItem, Path = path, DatabaseId = databaseId, Valid = databaseId != null, State = PermissionState.Denied, RequestedAction = dbAction }; return(ValidateAccess(dbRequest)); }
/// <summary> /// Used to validate additional security rules in the post-processing stage (key-specific rules for example) /// </summary> /// <returns></returns> public DynDatabaseRequest ValidateAdditionalRules(DynDatabaseRequest dbRequest, IEnumerable <SecurityRule> rules) { // Rules are sorted in ascending priority order foreach (var rule in rules.OrderBy(x => x.Priority)) { if (rule.PathRegex.Match($"/{dbRequest.Path}").Success) { if (rule.Actions.HasFlag(dbRequest.RequestedAction)) { dbRequest.State = rule.Allow ? PermissionState.Granted : PermissionState.Denied; break; } } } return(dbRequest); }