public override DecodeTokenResponse Query(DecodeTokenRequest request, IServiceRouter router, RequestContext context)
{
DecodeTokenResponse response = new DecodeTokenResponse();
DecryptResponse decrypt = router.Query <DecryptRequest, DecryptResponse>(new DecryptRequest()
{
Key = request.Key,
CipherText = request.Data,
IV = request.IV,
Algorithm = request.Algorithm
});
string tokenStr = Encoding.ASCII.GetString(decrypt.ClearText);
Dictionary <string, string> parts = tokenStr.Split('|').Select(x => x.Split(new[] { ':' }, 1)).ToDictionary(x => x[0], x => x[1]);
Token token = new Token()
{
Type = (TokenType)Enum.Parse(typeof(TokenType), parts["type"], true),
PrincipalId = Guid.Parse(parts["prin"]),
Data = Convert.ToBase64String(request.Data),
Expiration = DateTime.ParseExact(parts["expire"], "yyyyMMddHHmmss", CultureInfo.CurrentCulture),
Issued = DateTime.ParseExact(parts["issued"], "yyyyMMddHHmmss", CultureInfo.CurrentCulture)
};
response.Token = token;
return(response);
}
public HttpResponseMessage Login(LoginRequest model)
{
CheckCredentialResponse checkResp = _router.Query <CheckCredentialRequest, CheckCredentialResponse>(new CheckCredentialRequest()
{
Username = model.Username,
Password = model.Password
});
if (checkResp.PrincipalId != default(Guid))
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
if (!checkResp.Success)
{
_router.Push <LoginAttemptEvent>(evt =>
{
evt.PrincipalId = checkResp.PrincipalId;
evt.Browser = Context.Client.UA.Family;
evt.System = Context.Client.OS.Family;
evt.Device = $"{Context.Client.Device.Family} {Context.Client.Device.Brand} {Context.Client.Device.Model}";
evt.RemoteAddress = Request.GetOwinContext().Request.RemoteIpAddress;
});
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
GenerateTokenResponse tokenResp = _router.Query <GenerateTokenRequest, GenerateTokenResponse>(new GenerateTokenRequest()
{
Key = Context.ServerConfig.AuthConfig.TokenKey,
Algorithm = Context.ServerConfig.AuthConfig.TokenAlgorithm,
Tokens = Context.ServerConfig.AuthConfig.TokenSpecs.Select(x => new Token()
{
Type = x.Type,
Expiration = Context.Clock.UtcNow.Add(x.Duration).UtcDateTime
})
});
return(Request.CreateResponse(HttpStatusCode.OK, new LoginResponse()
{
Tokens = tokenResp.Tokens.Select(x => x.ToString())
}));
}
public override GenerateTokenResponse Query(GenerateTokenRequest request, IServiceRouter router, RequestContext context)
{
List <Token> tokens = new List <Token>();
foreach (var token in request.Tokens)
{
DateTime issued = _clock.GetCurrentInstant().ToDateTimeUtc();
string composite = $"prin:{token.PrincipalId : N}|issued:{issued : yyyyMMddHHmmss}|expire:{token.Expiration: yyyyMMddHHmmss}|type:{token.Type : G}";
byte[] bytes = Encoding.ASCII.GetBytes(composite);
EncryptResponse response = router.Query <EncryptRequest, EncryptResponse>(new EncryptRequest()
{
Algorithm = request.Algorithm,
ClearText = bytes,
Key = request.Key
});
Token newToken = new Token()
{
Data = Convert.ToBase64String(response.CipherText),
Type = token.Type,
Expiration = token.Expiration,
Issued = issued,
PrincipalId = token.PrincipalId
};
tokens.Add(newToken);
}
return(new GenerateTokenResponse()
{
Tokens = tokens
});
}
public HttpResponseMessage GetIdentities()
{
if (Context.Principal == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
GetCollectionResponse <Identity> response = _router.Query <GetIdentitiesByPrincipalRequest, GetCollectionResponse <Identity> >(new GetIdentitiesByPrincipalRequest()
{
PrincipalId = Context.Principal.Id
});
if (response.Results == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
return(Request.CreateResponse(HttpStatusCode.OK, response.Results.Select(x => new
{
x.Id,
x.Name,
x.Kind
})));
}
public HttpResponseMessage GetFiles(Guid subjectId, Guid directoryId, string filter = "*", bool showHidden = false, bool showSystem = false)
{
HashSet <FileFlag> flags = new HashSet <FileFlag>();
if (!Context.Identity.Flags.Contains(IdentityFlag.SysAdmin) || !showSystem)
{
flags.Add(FileFlag.System);
}
CheckPermissionResponse permissionResponse = _router.Query <CheckPermissionRequest, CheckPermissionResponse>(new CheckPermissionRequest()
{
IdentityId = Context.Identity.Id,
OwnerId = subjectId,
FileId = directoryId
});
bool canSee = false;
if (!permissionResponse.EffectivePermissions.TryGetValue(FilePermissionAction.Read, out canSee) || !canSee)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
if (!showHidden)
{
flags.Add(FileFlag.Hidden);
}
EnumerateDirectoryResponse enumerateResponse = _router.Query <EnumerateDirectoryRequest, EnumerateDirectoryResponse>(
new EnumerateDirectoryRequest()
{
RequesterId = Context.Identity.Id,
SubjectId = subjectId,
DirectoryId = directoryId,
ExcludeFlags = flags,
IncludeFlags = new HashSet <FileFlag>(),
Filter = filter
});
BuildPathResponse pathResponse = _router.Query <BuildPathRequest, BuildPathResponse>(new BuildPathRequest()
{
SubjectId = subjectId,
FileId = directoryId
});
return(Request.CreateResponse(HttpStatusCode.OK, new
{
Path = pathResponse.Path,
Contents = enumerateResponse.Contents.Select(x => new
{
x.Id,
x.Name,
x.Type,
x.Flags,
x.Length,
x.Created,
x.Updated
})
}));
}