public override HttpActionDescriptor SelectAction(HttpControllerContext controllerContext)
{
HttpActionDescriptor decriptor;
try
{
decriptor = base.SelectAction(controllerContext);
}
catch (HttpResponseException ex)
{
HttpStatusCode code = ex.Response.StatusCode;
if (code != HttpStatusCode.NotFound && code != HttpStatusCode.MethodNotAllowed)
{
throw;
}
System.Web.Http.Routing.IHttpRouteData routeData = controllerContext.RouteData;
routeData.Values["action"] = "Handle404";
IHttpController httpController = new ApiErrorController();
controllerContext.Controller = httpController;
controllerContext.ControllerDescriptor = new HttpControllerDescriptor(controllerContext.Configuration, "Error", httpController.GetType());
decriptor = base.SelectAction(controllerContext);
}
return(decriptor);
}
private void Log(System.Web.Http.Routing.IHttpRouteData httpRouteData)
{
var controllerName = "controller name";
var actionName = "action name";
var message = String.Format("controller:{0}, action:{1}", controllerName, actionName);
Debug.WriteLine(message, "Action Filter Log");
}
private static T GetRouteVariable <T>(System.Web.Http.Routing.IHttpRouteData routeData, string name)
{
object result = null;
if (routeData.Values.TryGetValue(name, out result))
{
return((T)result);
}
return(default(T));
}
public ICorsPolicyProvider GetCorsPolicyProvider(
HttpRequestMessage request)
{
System.Web.Http.Routing.IHttpRouteData route = request.GetRouteData();
string controller = (string)route.Values["controller"];
CorsRequestContext corsRequestContext = request.GetCorsRequestContext();
string originRequested = corsRequestContext.Origin;
CorsPolicy policy = GetPolicyForControllerAndOrigin(
controller, originRequested);
return(new CustomPolicyProvider(policy));
}
public HttpResponseMessage Get()
{
//Request.DumpToConsole();
System.Web.Http.Routing.IHttpRouteData routeData = Request.GetRouteData();
string path = routeData.Values.ContainsKey("path") ? routeData.Values["path"] as string : null;
//Console.WriteLine(String.Format("FILES PATH: {0}", path));
if (String.IsNullOrEmpty(path))
{
path = DEFAULT_URL;
}
return(ServeFile(path));
}
public static void DumpToConsole(this HttpRequestMessage request)
{
Console.WriteLine("------------- REQUEST --------------");
Console.WriteLine(DateTime.Now.ToString("u"));
System.Web.Http.Routing.IHttpRouteData routeData = request.GetRouteData();
Console.WriteLine(String.Format("CONTROLLER: {0}", routeData.Values["controller"]));
Console.WriteLine(String.Format("ACTION: {0}", routeData.Values.ContainsKey("action") ? routeData.Values["action"] : ""));
Console.WriteLine(String.Format("METHOD: {0}", request.Method));
int contentLength = request.Content.ReadAsStringAsync().Result.Length;
Console.WriteLine(String.Format("{0}\n\n{1}\n\nCONTENT LENGTH: {2}", request.RequestUri, request.Headers, contentLength));
if (contentLength <= 50)
{
Console.WriteLine(String.Format("CONTENT: {0}", request.Content.ReadAsStringAsync().Result));
}
Console.WriteLine("------------------------------------");
}
public HttpControllerDescriptor SelectController(System.Net.Http.HttpRequestMessage request)
{
System.Web.Http.Routing.IHttpRouteData routeData = request.GetRouteData();
if (routeData == null)
{
throw new HttpResponseException(System.Net.HttpStatusCode.NotFound);
}
string version = GetRouteVariable <string>(routeData, VersionKey);
if (string.IsNullOrEmpty(version))
{
version = GetVersionFromHTTPHeaderAndAcceptHeader(request);
}
string controllerName = GetRouteVariable <string>(routeData, ControllerKey);
if (controllerName == null)
{
throw new HttpResponseException(System.Net.HttpStatusCode.NotFound);
}
string key = String.Format(CultureInfo.InvariantCulture, "{0}", controllerName);
if (!string.IsNullOrEmpty(version))
{
key = String.Format(CultureInfo.InvariantCulture, "{0}.{1}", version, controllerName);
}
HttpControllerDescriptor controllerDescriptor;
if (_controllers.Value.TryGetValue(key, out controllerDescriptor))
{
return(controllerDescriptor);
}
else if (_duplicates.Contains(key))
{
throw new HttpResponseException(
request.CreateErrorResponse(HttpStatusCode.InternalServerError,
"Multiple controllers were found that match this request."));
}
else
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
}
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
var IResourceServiceFactory = actionExecutedContext.ActionContext.ControllerContext.Configuration.DependencyResolver.GetService(typeof(IResourceServiceFactory)) as IResourceServiceFactory;
var IUnitOfWork = actionExecutedContext.ActionContext.ControllerContext.Configuration.DependencyResolver.GetService(typeof(IUnitOfWork)) as IUnitOfWork;
var IRequestMetaFactory = actionExecutedContext.ActionContext.ControllerContext.Configuration.DependencyResolver.GetService(typeof(IRequestMetaFactory)) as IRequestMetaFactory;
var IResourceServices = IResourceServiceFactory.Create <IResourceServices>();
var ICommonFactory = actionExecutedContext.ActionContext.ControllerContext.Configuration.DependencyResolver.GetService(typeof(ICommonFactory)) as ICommonFactory;
var IPyroRequestUriFactory = actionExecutedContext.ActionContext.ControllerContext.Configuration.DependencyResolver.GetService(typeof(IPyroRequestUriFactory)) as IPyroRequestUriFactory;
var IGlobalProperties = actionExecutedContext.ActionContext.ControllerContext.Configuration.DependencyResolver.GetService(typeof(IGlobalProperties)) as IGlobalProperties;
//var ILog = actionExecutedContext.ActionContext.ControllerContext.Configuration.DependencyResolver.GetService(typeof(ILog)) as ILog;
using (DbContextTransaction Transaction = IUnitOfWork.BeginTransaction())
{
try
{
DateTime dtStart = (DateTime)actionExecutedContext.Request.Properties[DateTimeKey];
System.Diagnostics.Stopwatch stopwatch = (System.Diagnostics.Stopwatch)actionExecutedContext.Request.Properties[StopwatchKey];
stopwatch.Stop();
TimeSpan duration = stopwatch.Elapsed;
IPyroRequestUri DtoRequestUri = IPyroRequestUriFactory.CreateFhirRequestUri();
DtoRequestUri.FhirRequestUri.Parse(actionExecutedContext.Request.RequestUri.OriginalString);
// use owin context so we can self host (i.e. avoid System.Web.HttpContext.Current)
var owinContext = actionExecutedContext.Request.GetOwinContext();
string machineName = System.Environment.MachineName;
string httpVerb = actionExecutedContext.Request.Method.ToString();
string ipAddress = owinContext.Request.RemoteIpAddress;
string controllerName = actionExecutedContext.ActionContext.ControllerContext.ControllerDescriptor.ControllerName;
string actionName = actionExecutedContext.ActionContext.ActionDescriptor.ActionName;
bool successfulRequest = (actionExecutedContext.Exception == null);
System.Web.Http.Routing.IHttpRouteData route = actionExecutedContext.ActionContext.ControllerContext.RouteData;
// Get the resource base
string baseUri = DtoRequestUri.FhirRequestUri.UriPrimaryServiceRoot.OriginalString;
// Create the Security Event Object
AuditEvent Audit = new AuditEvent();
if (actionExecutedContext.Request.Method == HttpMethod.Put)
{
Audit.Action = AuditEvent.AuditEventAction.U;
}
else if (actionExecutedContext.Request.Method == HttpMethod.Post)
{
Audit.Action = AuditEvent.AuditEventAction.C;
}
else if (actionExecutedContext.Request.Method == HttpMethod.Delete)
{
Audit.Action = AuditEvent.AuditEventAction.D;
}
else
{
Audit.Action = AuditEvent.AuditEventAction.R;
}
Audit.Recorded = DateTimeOffset.Now;
Audit.Outcome = AuditEvent.AuditEventOutcome.N0;
if (!successfulRequest)
{
// log error
if (actionExecutedContext.Exception is PyroException)
{
var fse = actionExecutedContext.Exception as PyroException;
if ((int)fse.HttpStatusCode >= 500)
{
Audit.Outcome = AuditEvent.AuditEventOutcome.N8;
}
else if ((int)fse.HttpStatusCode >= 400)
{
Audit.Outcome = AuditEvent.AuditEventOutcome.N4;
}
}
else
{
Audit.Outcome = AuditEvent.AuditEventOutcome.N8;
}
}
Audit.Type = new Coding()
{
System = "http://hl7.org/fhir/security-event-type", Code = "rest", Display = "Restful Operation"
};
Audit.Subtype = new List <Coding>();
if (actionExecutedContext.Request.Method == HttpMethod.Put)
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "update", Display = "update"
});
}
else if (actionExecutedContext.Request.Method == HttpMethod.Post)
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "create", Display = "create"
});
}
else if (actionExecutedContext.Request.Method == HttpMethod.Delete)
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "delete", Display = "delete"
});
}
else if (actionExecutedContext.Request.Method == HttpMethod.Options)
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "read", Display = "read"
});
}
else if (route.Values.ContainsKey("ResourceName") && route.Values.ContainsKey("id") && route.Values.ContainsKey("vid"))
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "vread", Display = "vread"
});
}
else if (route.Values.ContainsKey("ResourceName") && route.Values.ContainsKey("id"))
{
if (owinContext.Request.Uri.OriginalString.Contains("_history"))
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "history-instance", Display = "history-instance"
});
}
else
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "read", Display = "read"
});
}
}
else if (route.Values.ContainsKey("ResourceName"))
{
if (owinContext.Request.Uri.OriginalString.Contains("_history"))
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "history-type", Display = "history-type"
});
}
else
{
Audit.Subtype.Add(new Coding()
{
System = "http://hl7.org/fhir/restful-interaction", Code = "search-type", Display = "search-type"
});
}
}
Audit.Agent.Add(new AuditEvent.AgentComponent());
// se.Participant[0].UserId = "";
// se.Participant[0].AltId = owinContext.Authentication.;
if (owinContext.Authentication.User != null && owinContext.Authentication.User.Identity.IsAuthenticated)
{
Audit.Agent[0].Name = owinContext.Authentication.User.Identity.Name;
// read additional details from the identity claims
if (owinContext.Authentication.User.Identity is System.Security.Claims.ClaimsIdentity ci)
{
var claim = ci.Claims.Where(c => c.Type == "name").FirstOrDefault();
if (claim != null)
{
Audit.Agent[0].Name = claim.Value;
}
claim = ci.Claims.Where(c => c.Type == "sub").FirstOrDefault();
if (claim != null)
{
Audit.Agent[0].AltId = claim.Value;
}
if (ci.Claims.Any(c => c.Type == "author_only_access" && c.Value == "true"))
{
Audit.Agent[0].Role = new List <CodeableConcept>
{
new CodeableConcept(null, "author_only_access")
};
}
}
}
Audit.Agent[0].Requestor = true;
Audit.Agent[0].Network = new AuditEvent.NetworkComponent()
{
Address = ipAddress,
Type = AuditEvent.AuditEventAgentNetworkType.N2
};
Audit.Source = new AuditEvent.SourceComponent
{
Site = "Cloud",
Identifier = new Identifier(null, actionExecutedContext.Request.RequestUri.GetLeftPart(UriPartial.Authority))
};
Audit.Source.Type.Add(new Coding()
{
System = "http://hl7.org/fhir/ValueSet/audit-source-type", Code = "3", Display = "Web Server"
});
if (route.Values.ContainsKey("ResourceName") && route.Values.ContainsKey("id"))
{
string relativeUri = String.Format("{0}/{1}", route.Values["ResourceName"] as string, route.Values["id"] as string);
if (route.Values.ContainsKey("vid"))
{
relativeUri += "/_history/" + route.Values["vid"] as string;
}
Audit.Entity = new List <AuditEvent.EntityComponent>
{
new AuditEvent.EntityComponent()
{
Name = actionExecutedContext.Request.RequestUri.ToString(),
Reference = new ResourceReference()
{
Url = new Uri(relativeUri, UriKind.Relative)
},
Type = new Coding()
{
System = "http://hl7.org/fhir/object-type", Code = "1", Display = "Person"
}
}
};
if (actionExecutedContext.Request.Properties.ContainsKey(Attributes.ActionLogAttribute.ResourceIdentityKey))
{
string reference = actionExecutedContext.Request.Properties[Attributes.ActionLogAttribute.ResourceIdentityKey] as string;
if (!string.IsNullOrEmpty(reference))
{
Audit.Entity[0].Reference.Reference = reference;
}
}
}
else
{
Audit.Entity = new List <AuditEvent.EntityComponent>
{
new AuditEvent.EntityComponent()
{
Name = actionExecutedContext.Request.RequestUri.ToString(),
Description = baseUri == null ?
owinContext.Request.Uri.OriginalString
: owinContext.Request.Uri.OriginalString.Replace(baseUri, ""),
Type = new Coding()
{
System = "http://hl7.org/fhir/object-type", Code = "1", Display = "Person"
}
}
};
if (actionExecutedContext.Request.Properties.ContainsKey(Attributes.ActionLogAttribute.ResourceIdentityKey))
{
string reference = actionExecutedContext.Request.Properties[Attributes.ActionLogAttribute.ResourceIdentityKey] as string;
if (!string.IsNullOrEmpty(reference))
{
Audit.Entity[0].Reference = new ResourceReference()
{
Reference = reference
}
}
;
}
}
IHtmlGenerationSupport Narative = ICommonFactory.CreateFhirNarativeGenerationSupport();
Narative.NewValuePairList("Time", string.Format("{0} ({1:f3} sec)", dtStart, duration.TotalSeconds));
Narative.AppendValuePairList(actionExecutedContext.Request.Method.ToString(), string.Format("{0}", HttpUtility.HtmlEncode(baseUri == null ?
owinContext.Request.Uri.OriginalString
: owinContext.Request.Uri.OriginalString.Replace(baseUri, ""))));
Narative.AppendValuePairList("BaseUri", baseUri);
Narative.AppendValuePairList("From", ipAddress);
if (owinContext.Authentication.User != null && owinContext.Authentication.User.Identity.IsAuthenticated)
{
Narative.AppendValuePairList("User", owinContext.Authentication.User.ToString());
}
else
{
Narative.AppendValuePairList("User", "(anonymous)");
}
if (Audit.Outcome != AuditEvent.AuditEventOutcome.N0)
{
Audit.OutcomeDesc = actionExecutedContext.Exception.Message;
Narative.AppendValuePairList("Error", actionExecutedContext.Exception.Message);
}
Audit.Text = new Narrative
{
Div = Narative.Generate()
};
// Add custom PyroHealth event data
Audit.AddExtension("http://pyrohealth.net/extention/AuditEvent/TimeTaken", new FhirDecimal((decimal)duration.TotalMilliseconds));
if (IGlobalProperties.FhirAuditEventLogRequestData)
{
var requestDataObj = new AuditEvent.EntityComponent
{
Identifier = new Identifier(null, "RequestData"),
Name = actionExecutedContext.Request.RequestUri.ToString(),
Description = "Orginial Request Data",
Type = new Coding()
{
System = "http://hl7.org/fhir/object-type", Code = "4", Display = "RequestData"
},
Detail = new List <AuditEvent.DetailComponent>()
};
var DetailComponent = new AuditEvent.DetailComponent();
requestDataObj.Detail.Add(DetailComponent);
string RequestData = GetRequestData(actionExecutedContext);
if (!string.IsNullOrWhiteSpace(RequestData))
{
DetailComponent.Value = Encoding.UTF8.GetBytes(RequestData);
Audit.Entity.Add(requestDataObj);
}
}
if (IGlobalProperties.FhirAuditEventLogResponseData)
{
var responseDataObj = new AuditEvent.EntityComponent
{
Identifier = new Identifier(null, "ResponseData"),
Name = actionExecutedContext.Request.RequestUri.ToString(),
Description = "Orginial Response Data",
Type = new Coding()
{
System = "http://hl7.org/fhir/object-type", Code = "4", Display = "ResponseData"
},
Detail = new List <AuditEvent.DetailComponent>()
};
var DetailComponent = new AuditEvent.DetailComponent();
responseDataObj.Detail.Add(DetailComponent);
string ResponseData = GetResponseData(actionExecutedContext);
if (!string.IsNullOrWhiteSpace(ResponseData))
{
DetailComponent.Value = Encoding.UTF8.GetBytes(ResponseData);
Audit.Entity.Add(responseDataObj);
}
}
//Will only log if Debug logging is enabled.
DebugLogRequestResource(actionExecutedContext);
//Commit to Database
Pyro.Common.RequestMetadata.IRequestMeta IRequestMeta = IRequestMetaFactory.CreateRequestMeta().Set($"{ResourceType.AuditEvent}");
IResourceServiceOutcome ResourceServiceOutcome = IResourceServices.Post(Audit, IRequestMeta);
//IResourceServiceOutcome ResourceServiceOutcome = IResourceServices.SetResource(Audit, DtoRequestUri, RestEnum.CrudOperationType.Create);
Transaction.Commit();
}
catch (Exception Exec)
{
Logger.Log.Error(Exec, "ActionLogAttribute");
Transaction.Rollback();
}
base.OnActionExecuted(actionExecutedContext);
}
}
public HttpResponseMessage Get()
{
System.Web.Http.Routing.IHttpRouteData routeData = Request.GetRouteData();
//var req = HttpUtility.ParseQueryString(Request.RequestUri.Query);
var reqOptions = Request.GetQueryNameValuePairs();
var controllerName = (string)routeData.Values["controller_name"];
var controllers = ApiRepository.GetViews();
if (!controllers.Contains(controllerName.ToUpper()))
{
var message = $"'{controllerName}' not found";
var err = new HttpError(message);
return(Request.CreateResponse(HttpStatusCode.NotFound, err));
}
var colList = ApiRepository.GetColumns(controllerName);
var colsStr = string.Join(", ", colList.ToArray());
var parmCount = routeData.Route.Defaults.Keys.Count(p => p.Contains("parm"));
var condition = "";
if (routeData.Values.Count > 2)
{
for (var i = 0; i <= parmCount - 1; i++)
{
if (colList.Count < i + 1)
{
continue;
}
var col = colList[i];
var parm = "parm" + (i).ToString();
if (!routeData.Values.ContainsKey(parm))
{
continue;
}
var val = (string)routeData.Values["parm" + (i).ToString()];
val = val.Replace("'", "''");
if (string.IsNullOrEmpty(val) || val.ToUpper().Trim() == "ANY")
{
continue;
}
var sign = "=";
val = string.Join(",", val.Split(',').Select(v => $"'{v}'"));
if (val.Contains(","))
{
sign = " in ";
val = $"({val})";
}
condition += $" and {col}{sign}{val}";
}
}
if (colList.Contains("[PRICE]"))
{
int val;
string sVal;
if (routeData.Values.ContainsKey("min_price"))
{
sVal = (string)routeData.Values["min_price"];
if (!string.IsNullOrEmpty(sVal) && sVal.ToUpper().Trim() != "ANY")
{
if (int.TryParse(sVal, out val))
{
condition += $" and price>={val.ToString()}";
}
}
}
if (routeData.Values.ContainsKey("max_price"))
{
sVal = (string)routeData.Values["max_price"];
if (!string.IsNullOrEmpty(sVal) && sVal.ToUpper().Trim() != "ANY")
{
if (int.TryParse(sVal, out val))
{
condition += $" and price<={val}";
}
}
}
}
foreach (var reqParm in reqOptions)
{
var col = "[" + reqParm.Key.ToUpper() + "]";
var val = reqParm.Value.Replace("'", "''");
var sign = "=";
if (col.Contains("MIN_"))
{
col = col.Replace("MIN_", "");
sign = ">=";
}
if (col.Contains("MAX_"))
{
col = col.Replace("MAX_", "");
sign = "<=";
}
val = string.Join(",", val.Split(',').Select(v => $"'{v}'"));
if (val.Contains(","))
{
sign = " in ";
val = $"({val})";
}
if (colList.Contains(col))
{
condition += $" and {col}{sign}{val}";
}
}
var q = $"select {colsStr} from v_api_{controllerName.Trim()} where 1=1 {condition}";
var dynamicContext = ApiRepository.GetDynData(q).Cast <DynamicContext>().ToArray();
var response = Request.CreateResponse(HttpStatusCode.OK, dynamicContext);
return(response);
}
