protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms, IRequest request, IHttpContext context) { if (!cmd.RequiresToken) { return(base.ExecuteCommand(cmd, verbs, parms, request, context)); } var token = parms["token"]; if (token == null) { return new RestObject("401") { Error = "Not authorized. The specified API endpoint requires a token." } } ; SecureRestCommand secureCmd = (SecureRestCommand)cmd; TokenData tokenData; if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData)) { return new RestObject("403") { Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid." } } ; Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName); if (userGroup == null) { Tokens.Remove(token); return(new RestObject("403") { Error = "Not authorized. The provided token became invalid due to group changes, please create a new token." }); } if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm))) { return(new RestObject("403") { Error = string.Format("Not authorized. User \"{0}\" has no access to use the specified API endpoint.", tokenData.Username) }); } //Main.rand being null can cause issues in command execution. //This should solve that if (Main.rand == null) { Main.rand = new Terraria.Utilities.UnifiedRandom(); } object result = secureCmd.Execute(verbs, parms, tokenData, request, context); if (cmd.DoLog && TShock.Config.Settings.LogRest) { TShock.Utils.SendLogs(string.Format( "\"{0}\" requested REST endpoint: {1}", tokenData.Username, this.BuildRequestUri(cmd, verbs, parms, false)), Color.PaleVioletRed); } return(result); } } }
protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms, IRequest request) { if (!cmd.RequiresToken) { return(base.ExecuteCommand(cmd, verbs, parms, request)); } var token = parms["token"]; if (token == null) { return new RestObject("401") { Error = "Not authorized. The specified API endpoint requires a token." } } ; SecureRestCommand secureCmd = (SecureRestCommand)cmd; TokenData tokenData; if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData)) { return new RestObject("403") { Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid." } } ; // TODO: Get rid of this when the old REST permission model is removed. if (TShock.Config.RestUseNewPermissionModel) { Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName); if (userGroup == null) { Tokens.Remove(token); return(new RestObject("403") { Error = "Not authorized. The provided token became invalid due to group changes, please create a new token." }); } if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm))) { return(new RestObject("403") { Error = string.Format("Not authorized. User \"{0}\" has no access to use the specified API endpoint.", tokenData.Username) }); } } object result = secureCmd.Execute(verbs, parms, tokenData, request); if (cmd.DoLog && TShock.Config.LogRest) { TShock.Utils.SendLogs(string.Format( "\"{0}\" requested REST endpoint: {1}", tokenData.Username, this.BuildRequestUri(cmd, verbs, parms, false)), Color.PaleVioletRed); } return(result); } } }