Esempio n. 1
0
        public GuardAppTests()
        {
            A.CallTo(() => apps.FindAppByNameAsync("new-app"))
            .Returns(Task.FromResult <IAppEntity>(null));

            A.CallTo(() => users.FindByIdAsync(A <string> .Ignored))
            .Returns(A.Fake <IUser>());

            A.CallTo(() => appPlans.GetPlan("free"))
            .Returns(A.Fake <IAppLimitsPlan>());
        }
Esempio n. 2
0
        public async Task <Client> FindClientByIdAsync(string clientId)
        {
            var client = staticClients.GetOrDefault(clientId);

            if (client != null)
            {
                return(client);
            }

            var token = clientId.Split(':');

            if (token.Length != 2)
            {
                return(null);
            }

            var app = await appProvider.FindAppByNameAsync(token[0]);

            var appClient = app?.Clients.FirstOrDefault(x => x.Id == token[1]);

            if (appClient == null)
            {
                return(null);
            }

            client = CreateClientFromApp(clientId, appClient);

            return(client);
        }
Esempio n. 3
0
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            var appName = context.RouteData.Values["app"]?.ToString();

            if (!string.IsNullOrWhiteSpace(appName))
            {
                var app = await appProvider.FindAppByNameAsync(appName);

                if (app == null)
                {
                    context.Result = new NotFoundResult();
                    return;
                }

                var plan = appPlanProvider.GetPlanForApp(app);

                var usage = await usageTracker.GetMonthlyCalls(app.Id.ToString(), DateTime.Today);

                if (plan.MaxApiCalls >= 0 && (usage * 1.1) > plan.MaxApiCalls)
                {
                    context.Result = new StatusCodeResult(429);
                    return;
                }

                context.HttpContext.Features.Set <IAppFeature>(new AppFeature(app));
            }

            await next();
        }
Esempio n. 4
0
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            var appName = context.RouteData.Values["app"]?.ToString();

            if (!string.IsNullOrWhiteSpace(appName))
            {
                var app = await appProvider.FindAppByNameAsync(appName);

                if (app == null)
                {
                    context.Result = new NotFoundResult();
                    return;
                }

                var user = context.HttpContext.User;

                var permission =
                    FindByOpenIdSubject(app, user) ??
                    FindByOpenIdClient(app, user);

                if (permission == null)
                {
                    context.Result = new NotFoundResult();
                    return;
                }

                var plan = appPlanProvider.GetPlanForApp(app);

                var usage = await usageTracker.GetMonthlyCalls(app.Id.ToString(), DateTime.Today);

                if (plan.MaxApiCalls >= 0 && (usage * 1.1) > plan.MaxApiCalls)
                {
                    context.Result = new StatusCodeResult(429);
                    return;
                }

                var defaultIdentity = context.HttpContext.User.Identities.First();

                switch (permission.Value)
                {
                case PermissionLevel.Owner:
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppOwner));
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppDeveloper));
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppEditor));
                    break;

                case PermissionLevel.Developer:
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppDeveloper));
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppEditor));
                    break;

                case PermissionLevel.Editor:
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppEditor));
                    break;
                }

                context.HttpContext.Features.Set <IAppFeature>(new AppFeature(app));
            }
        }
Esempio n. 5
0
        public AppCommandMiddlewareTests()
        {
            app = new AppDomainObject(AppId, -1);

            A.CallTo(() => appProvider.FindAppByNameAsync(AppName))
            .Returns((IAppEntity)null);

            A.CallTo(() => userResolver.FindByIdAsync(contributorId))
            .Returns(A.Fake <IUser>());

            sut = new AppCommandMiddleware(Handler, appProvider, appPlansProvider, appPlansBillingManager, userResolver);
        }
Esempio n. 6
0
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            var appName = context.RouteData.Values["app"]?.ToString();

            if (!string.IsNullOrWhiteSpace(appName))
            {
                var app = await appProvider.FindAppByNameAsync(appName);

                if (app == null)
                {
                    context.Result = new NotFoundResult();
                    return;
                }

                var user = context.HttpContext.User;

                var permission =
                    FindByOpenIdSubject(app, user) ??
                    FindByOpenIdClient(app, user);

                if (permission == null)
                {
                    context.Result = new NotFoundResult();
                    return;
                }

                var defaultIdentity = context.HttpContext.User.Identities.First();

                switch (permission.Value)
                {
                case PermissionLevel.Owner:
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppOwner));
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppDeveloper));
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppEditor));
                    break;

                case PermissionLevel.Editor:
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppDeveloper));
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppEditor));
                    break;

                case PermissionLevel.Developer:
                    defaultIdentity.AddClaim(new Claim(defaultIdentity.RoleClaimType, SquidexRoles.AppEditor));
                    break;
                }

                context.HttpContext.Features.Set <IAppFeature>(new AppFeature(app));
            }
        }
        public async Task <IActionResult> GetSwagger(string app)
        {
            var appEntity = await appProvider.FindAppByNameAsync(app);

            if (appEntity == null)
            {
                return(NotFound());
            }

            var schemas = await schemaRepository.QueryAllWithSchemaAsync(appEntity.Id);

            var swaggerDocument = await schemasSwaggerGenerator.Generate(appEntity, schemas);

            return(Content(swaggerDocument.ToJson(), "application/json"));
        }
Esempio n. 8
0
        public async Task <IActionResult> GetHistory(string app, string channel)
        {
            var entity = await appProvider.FindAppByNameAsync(app);

            if (entity == null)
            {
                return(NotFound());
            }

            var schemas = await historyEventRepository.QueryByChannelAsync(entity.Id, channel, 100);

            var response = schemas.Select(x => SimpleMapper.Map(x, new HistoryEventDto())).ToList();

            return(Ok(response));
        }
        public async Task <IActionResult> GetContributors(string app)
        {
            var entity = await appProvider.FindAppByNameAsync(app);

            if (entity == null)
            {
                return(NotFound());
            }

            var response = entity.Contributors.Select(x => SimpleMapper.Map(x, new ContributorDto())).ToList();

            Response.Headers["ETag"] = new StringValues(entity.Version.ToString());

            return(Ok(response));
        }
Esempio n. 10
0
        public static Task CanCreate(CreateApp command, IAppProvider apps)
        {
            Guard.NotNull(command, nameof(command));

            return(Validate.It(() => "Cannot create app.", async error =>
            {
                if (await apps.FindAppByNameAsync(command.Name) != null)
                {
                    error(new ValidationError($"An app with name '{command.Name}' already exists", nameof(command.Name)));
                }

                if (!command.Name.IsSlug())
                {
                    error(new ValidationError("Name must be a valid slug.", nameof(command.Name)));
                }
            }));
        }
        public async Task <IActionResult> GetLanguages(string app)
        {
            var entity = await appProvider.FindAppByNameAsync(app);

            if (entity == null)
            {
                return(NotFound());
            }

            var model = entity.Languages.Select(x =>
            {
                var isMasterLanguage = x.Equals(entity.MasterLanguage);

                return(SimpleMapper.Map(x, new AppLanguageDto {
                    IsMasterLanguage = isMasterLanguage
                }));
            }).ToList();

            Response.Headers["ETag"] = new StringValues(entity.Version.ToString());

            return(Ok(model));
        }