public static VHostOption Parse2Conf(this DomainEntity domain)
{
TranscodeOption transcodeOption = domain.TranscodeList?.Parse2Conf();
SecurityOption securityOption = domain.SecurePolicy?.Parse2Conf();
VHostOption vHostOption = new VHostOption(domain.SourceDomain);
vHostOption.TranscodeOptions = new List <TranscodeOption>();
if (transcodeOption != null)
{
vHostOption.TranscodeOptions.Add(transcodeOption);
}
vHostOption.security = securityOption;
vHostOption.http_hooks = domain.SecurePolicy?.Parse2HookConf();
if (domain.RecordTemplate != null)
{
if (vHostOption.http_hooks == null)
{
vHostOption.http_hooks = new HttpHookerOption();
}
vHostOption.dvr = domain.RecordTemplate?.Parse2Conf();
vHostOption.http_hooks.on_dvr += $" {ConfigurationValue.DefaultCallbackDomain}api/State/DvrCallback";
}
//todo:在这增加拉流设置拉流功能.
return(vHostOption);
}
/// <summary>
/// Initializes a new instance of the <see cref="EntityIterator" /> class.
/// </summary>
/// <param name="identifiers">The identifiers.</param>
/// <param name="writable">if set to <c>true</c> [writable].</param>
/// <param name="securityOption">The security options.</param>
/// <param name="retrievalFunction">The function to be performed when iteration starts.</param>
/// <param name="activationFunction">The activation function.</param>
/// <param name="bulkFieldLoadAction">The bulk field load action.</param>
/// <param name="sourceEntityIsWritable">The source entity is writable.</param>
/// <exception cref="System.ArgumentNullException">identifiers</exception>
public EntityIterator(IEnumerable <EntityRef> identifiers, bool writable, SecurityOption securityOption, Func <List <ActivationData> > retrievalFunction, Func <ActivationData, IEntity> activationFunction, Action <IEntity> bulkFieldLoadAction, bool?sourceEntityIsWritable = null)
{
if (identifiers == null)
{
throw new ArgumentNullException("identifiers");
}
if (retrievalFunction == null)
{
throw new ArgumentNullException("retrievalFunction");
}
if (activationFunction == null)
{
throw new ArgumentNullException("activationFunction");
}
if (bulkFieldLoadAction == null)
{
throw new ArgumentNullException("bulkFieldLoadAction");
}
/////
// Set constructor references.
/////
_identifiers = identifiers;
_writable = writable;
_retrievalFunction = retrievalFunction;
_activationFunction = activationFunction;
_bulkFieldLoadAction = bulkFieldLoadAction;
_securityOption = securityOption;
_sourceEntityIsWritable = sourceEntityIsWritable;
}
//[ChildActionOnly]
//public PartialViewResult _MemberList()
//{
// AllMembers am = new AllMembers();
// return PartialView(am.GetMembers());
//}
private bool UserCan(SecurityOption role)
{
ClaimsPrincipal claimsPrincipal = AuthenticationManager.User;
string id = claimsPrincipal.Identity.GetUserId();
if (UserManager.IsInRole(id, "SuperUser"))
{
return(true);
}
switch (role)
{
case SecurityOption.CanCreateUser:
if (UserManager.IsInRole(id, "MemberAdmin"))
{
return(true);
}
break;
case SecurityOption.CanCreateTrip:
if (UserManager.IsInRole(id, "TripAdmin"))
{
return(true);
}
break;
default:
return(false);
}
return(false);
}
public static void AddCustomAuthentication(this IServiceCollection services, IConfiguration configuration)
{
SecurityOption securityOption = new SecurityOption();
configuration.GetSection("Jwt").Bind(securityOption);
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
string maClef = securityOption.Key;
options.SaveToken = true;
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(maClef)),
ValidateAudience = false,
ValidateIssuer = false,
ValidateActor = false,
ValidateLifetime = true
};
});;
}
private TcpClientSession CreateSecureTcpSession()
{
SslStreamTcpSession sslStreamTcpSession = new SslStreamTcpSession();
SecurityOption securityOption2 = sslStreamTcpSession.Security = new SecurityOption();
securityOption2.EnabledSslProtocols = m_SecureProtocols;
return(sslStreamTcpSession);
}
public static SecurityOption Parse2Conf(this SecurePolicyEntity secureEntity)
{
SecurityOption option = new SecurityOption();
option.enabled = "off";
option.settings = new List <SecuritySetting>();
return(option);
}
/// <summary>
/// Initializes a new instance of the <see cref="EntityIterator" /> class.
/// </summary>
/// <param name="identifiers">The identifiers.</param>
/// <param name="writable">
/// if set to <c>true</c> [writable].
/// </param>
/// <param name="securityOption">The security options.</param>
/// <param name="retrievalFunction">The function to be performed when iteration starts.</param>
/// <exception cref="System.ArgumentNullException">identifiers</exception>
public BulkEntityIterator(IEnumerable <EntityRef> identifiers, bool writable, SecurityOption securityOption, Func <List <IEntity> > retrievalFunction)
{
if (identifiers == null)
{
throw new ArgumentNullException("identifiers");
}
if (retrievalFunction == null)
{
throw new ArgumentNullException("retrievalFunction");
}
/////
// Set constructor references.
/////
_identifiers = identifiers;
_writable = writable;
_retrievalFunction = retrievalFunction;
_securityOption = securityOption;
}
/// <summary>
/// Loads structured data for the specified entity.
/// </summary>
/// <param name="entityIds">The IDs of the entities to load.</param>
/// <param name="request">The description of fields and related entities to load.</param>
/// <param name="securityOption">How to handle access denied situations.</param>
/// <returns>The requested data.</returns>
/// <exception cref="PlatformSecurityException">
/// Thrown if the user lacks read access to the given entities and <paramref name="securityOption"/> is <see cref="SecurityOption.DemandAll"/>.
/// </exception>
public IEnumerable <EntityData> GetEntitiesData(IEnumerable <EntityRef> entityIds, EntityMemberRequest request, SecurityOption securityOption = SecurityOption.SkipDenied)
{
try
{
if (entityIds == null)
{
throw new ArgumentNullException("entityIds");
}
if (entityIds.Any(e => e == null))
{
throw new ArgumentNullException("entityIds", "One of the entityIds was null.");
}
request = ValidateRequest(request);
// Create context
Context context = new Context();
// Load top-level entities
IEntityRef[] members = RequestedMembers(request, context);
IEnumerable <IEntity> entities = Entity.Get(entityIds, false, securityOption, true, members);
// Fill data
IEnumerable <EntityData> result = PackageEntities(context, request, entities, true);
var list = result.Where(e => e != null).ToList();
return(list);
}
catch (Exception ex)
{
if (entityIds != null)
{
string.Join(", ", entityIds);
}
EventLog.Application.WriteError("Failed GetEntitiesData:\n{0}\nRequest:\n{1}\n\nException:\n{2}",
entityIds, request == null ? "null" : request.Debug(), ex);
throw;
}
}
/// <summary>
/// Converts an unsecured BulkRequestResult to a secured EntityData structure.
/// </summary>
public static IEnumerable <EntityData> BuildAndSecureResults(BulkRequestResult data, IEnumerable <long> entities, SecurityOption securityOption)
{
// Get readability (security) for all entities in the unsecured result set
var readability = BulkRequestResultSecurityHelper.GetEntityReadability(Factory.EntityAccessControlService, data);
// Prepare for recursive walk
var context = new Context
{
Readability = readability,
RawData = data,
BulkSqlQuery = data.BulkSqlQuery
};
if (securityOption == SecurityOption.DemandAll)
{
if (context.RawData.RootEntitiesList.Any(id => !context.Readability(id)))
{
throw new PlatformSecurityException(
RequestContext.GetContext().Identity.Name,
new [] { Permissions.Read },
context.RawData.RootEntitiesList
.Where(id => !context.Readability(id))
.Select(id => new EntityRef(id)));
}
}
else if (securityOption != SecurityOption.SkipDenied)
{
throw new ArgumentException(
string.Format("Unknown security option {0}", securityOption),
"securityOption");
}
IEnumerable <EntityData> result = GetRootEntities(context, entities);
return(result);
}
public JwtTokenGenerator(IOptions <SecurityOption> option)
{
this.securityOption = option.Value;
}
/// <summary>
/// Loads a graph of entities and returns the root.
/// </summary>
/// <param name="ids">The root entity of the graph.</param>
/// <param name="preloadQuery">The entity member request of what related content to load.</param>
/// <param name="securityOption"></param>
/// <returns>An IEntity that represents the root node, or null if it could not be found.</returns>
private IEnumerable <IEntity> GetImpl(IEnumerable <long> ids, string preloadQuery, SecurityOption securityOption)
{
CheckActivation( );
if (ids == null)
{
throw new ArgumentNullException("ids");
}
if (preloadQuery == null)
{
throw new ArgumentNullException("preloadQuery");
}
// Check IDs
// (implemented within 'select' to participate in the single-pass only)
Func <long, EntityRef> checkAndConvertId = id =>
{
if (EntityId.IsTemporary(id))
{
throw new InvalidOperationException("GraphEntityRepository cannot load temporary entities.");
}
return(new EntityRef(id));
};
var entityRefs = ids.Select(checkAndConvertId);
EntityRequest request = new EntityRequest(entityRefs, preloadQuery, "GraphEntityRepository");
// Load data, unsecured, via EntityInfoService cache
BulkRequestResult unsecuredResult = BulkResultCache.GetBulkResult(request);
List <long> loadedRootEntities = unsecuredResult.RootEntitiesList;
if (loadedRootEntities.Count == 0)
{
return(EmptyEntityList);
}
// Create the graph
long tenantId = RequestContext.TenantId;
var graph = new SecuredGraphEntityDataRepository(tenantId, unsecuredResult, EntityAccessControlService);
// Secure the root entities
IReadOnlyCollection <long> securedRootEntityIds = graph.SecureList(loadedRootEntities, securityOption);
// Create wrappers
IEnumerable <IEntity> result = securedRootEntityIds.Select(id => new GraphEntity(id, graph));
return(result);
}
/// <summary>
/// Returns a secured version of the list of entity IDs.
/// </summary>
/// <remarks>
/// The first instance of an actual security check will result in security being calculated for the entire graph.
/// The applicable user is noted, and if a different user attempts to access, then an exception is thrown.
/// Note: this does not affect the cacheability, as caching happens at BulkRequestResult, which is unsecured.
/// </remarks>
/// <param name="list">The entities to secure</param>
/// <param name="securityOption"></param>
/// <param name="relTypeAndDir">Optionally, the relationship along which the entities were reached. Use negative for reverse.</param>
/// <returns>The list to which the user has read permission.</returns>
internal IReadOnlyCollection <long> SecureList(IReadOnlyCollection <long> list, SecurityOption securityOption, long relTypeAndDir = 0)
{
// Apply security bypass context
if (SecurityBypassContext.IsActive)
{
return(list);
}
// If this relationship implies security, then immediately return results
if (relTypeAndDir != 0)
{
RelationshipInfo relationshipInfo;
if (_unsecuredGraphData.BulkSqlQuery.Relationships.TryGetValue(relTypeAndDir, out relationshipInfo))
{
if (relationshipInfo.ImpliesSecurity)
{
return(list);
}
}
// else assert false
}
// Determine if we have pre-calculated security
if (_canRead == null)
{
// Security check on entire graph excluding implicitly secured)
// Results returned as a predicate that performs fast lookup
_canRead = BulkRequestResultSecurityHelper.GetEntityReadability(_entityAccessControlService, _unsecuredGraphData);
_securedForUser = RequestContext.GetContext( ).Identity.Id;
}
else
{
// Ensure we are still accessing as the same user.
long currentUser = RequestContext.GetContext( ).Identity.Id;
if (currentUser != _securedForUser)
{
throw new InvalidOperationException("An entity graph may only be accessed by a single user.");
}
}
if (securityOption == SecurityOption.DemandAll)
{
if (list.Any(id => !_canRead(id)))
{
// Security access has already failed, but for consistency of code paths, let Demand throw the exception.
var ids = list.Select(id => new EntityRef(id)).ToList();
_entityAccessControlService.Demand(ids, new [] { Permissions.Read });
throw new Exception("Assert false - Demand should have thrown PlatformSecurityException");
}
return(list);
}
else
{
List <long> result = list.Where(id => _canRead(id)).ToList( );
return(result);
}
}
public IEnumerable <EntityData> GetEntitiesData(IEnumerable <EntityRef> entities, EntityMemberRequest request, SecurityOption securityOption = SecurityOption.SkipDenied)
{
EntityRequest entityRequest = new EntityRequest
{
QueryType = QueryType.Basic,
IgnoreResultCache = true,
Entities = entities,
Request = request
};
return(BulkRequestRunner.GetEntitiesData(entityRequest));
}
