public void Process(ISemanticProcessor proc, IMembrane membrane, UpdateAccountInfo acctInfo) { IWebSessionService session = proc.ServiceManager.Get <IWebSessionService>(); UserAccount ua = session.GetSessionObject <UserAccount>(acctInfo.Context, "UserAccount"); ua.FirstName = acctInfo.FirstName; ua.LastName = acctInfo.LastName; ua.Email = acctInfo.Email; session.SetSessionObject(acctInfo.Context, "UserName", ua.FullName); if (!String.IsNullOrEmpty(acctInfo.Password)) { ua.PasswordHash = PasswordHash.CreateHash(acctInfo.Password); } IDbContextService db = proc.ServiceManager.Get <IDbContextService>(); db.Context.Update(ua); proc.ServiceManager.Get <IWebSessionService>().SetSessionObject(acctInfo.Context, "OneTimeAlert", "Your account information has been updated."); JsonResponse(proc, acctInfo, "{'state': 'OK'}"); }
public void Process(ISemanticProcessor proc, IMembrane membrane, Route route) { IAuthenticatingRouterService routerService = proc.ServiceManager.Get <IAuthenticatingRouterService>(); HttpListenerContext context = route.Context; HttpVerb verb = context.Verb(); UriPath path = context.Path(); string searchRoute = GetSearchRoute(verb, path); string data = route.Data; RouteInfo routeInfo; // TODO: Session manager may not exist. How do we handle services that are missing? IWebSessionService session = proc.ServiceManager.Get <IWebSessionService>(); // Semantic routes can be either public or authenticated. if (routerService.Routes.TryGetValue(searchRoute, out routeInfo)) { // Public routes always authenticate. bool authenticatedRoute = true; bool authorizedRoute = true; if (routeInfo.RouteType == RouteType.AuthenticatedRoute) { session.UpdateState(context); authenticatedRoute = session.IsAuthenticated(context); } if (routeInfo.RouteType == RouteType.RoleRoute) { session.UpdateState(context); authenticatedRoute = session.IsAuthenticated(context); // User must be authenticated and have the correct role setting. if (authenticatedRoute) { // Any bits that are set with a binary "and" of the route's role mask and the current role passes the authorization test. uint mask = session.GetSessionObject <uint>(context, "RoleMask"); authorizedRoute = (mask & routeInfo.RoleMask) != 0; } } if (authenticatedRoute && authorizedRoute) { Type receptorSemanticType = routeInfo.ReceptorSemanticType; SemanticRoute semanticRoute = (SemanticRoute)Activator.CreateInstance(receptorSemanticType); semanticRoute.PostData = data; if (!String.IsNullOrEmpty(data)) { // Is it JSON? // NOTE: "JSON" is passed in as a string, not object. So this is what it looks like in the Javascript: // $.post("/geeks/createProfile", '{ "profileName": "foobar" }' // Note the surrounding ' marks if (data[0] == '{') { JsonConvert.PopulateObject(data, semanticRoute); } else { // Instead here, the data is passed in as an object, which comes in as params. The Javascript for this looks like: // $.post("/geeks/createProfile", { "profileName": profileName } // Note the lack of surrounding ' around the { } // Example: "username=sdfsf&password=sdfsdf&LoginButton=Login" string[] parms = data.Split('&'); foreach (string parm in parms) { string[] keyVal = parm.Split('='); PropertyInfo pi = receptorSemanticType.GetProperty(keyVal[0], BindingFlags.Public | BindingFlags.Instance | BindingFlags.IgnoreCase); if (pi != null) { // TODO: Should handling of "+" be before or after the UnescapedDataString call? object valOfType = Converter.Convert(Uri.UnescapeDataString(keyVal[1].Replace('+', ' ')), pi.PropertyType); pi.SetValue(semanticRoute, valOfType); } } } } else if (verb.Value == "GET") { // Parse parameters NameValueCollection nvc = context.Request.QueryString; foreach (string key in nvc.AllKeys) { PropertyInfo pi = receptorSemanticType.GetProperty(key, BindingFlags.Public | BindingFlags.Instance | BindingFlags.IgnoreCase); if (pi != null) { // pi.SetValue(semanticRoute, Uri.UnescapeDataString(nvc[key].Replace('+', ' '))); // TODO: Should handling of "+" be before or after the UnescapedDataString call? object valOfType = Converter.Convert(Uri.UnescapeDataString(nvc[key].Replace('+', ' ')), pi.PropertyType); pi.SetValue(semanticRoute, valOfType); } } } // Must be done AFTER populating the object -- sometimes the json converter nulls the base class! semanticRoute.Context = context; proc.ProcessInstance <WebServerMembrane>(semanticRoute, true); } else { // Deal with expired or requires authentication. switch (session.GetState(context)) { case SessionState.New: // TODO: Oh man, this is application specific!!! session.SetSessionObject(context, "OneTimeBadAlert", "Please Sign In"); context.Redirect("/account/login"); //proc.ProcessInstance<WebServerMembrane, StringResponse>(r => //{ // r.Context = context; // r.Message = "authenticationRequired"; // used in clifton.spa.js to handle SPA error responses // r.StatusCode = 403; //}); break; case SessionState.Authenticated: proc.ProcessInstance <WebServerMembrane, StringResponse>(r => { r.Context = context; r.Message = "notAuthorized"; // used in clifton.spa.js to handle SPA error responses r.StatusCode = 401; }); break; case SessionState.Expired: session.SetSessionObject(context, "OneTimeBadAlert", "Session expired. Please sign in again."); context.Redirect("/account/login"); //proc.ProcessInstance<WebServerMembrane, StringResponse>(r => //{ // r.Context = context; // r.Message = "sessionExpired"; // used in clifton.spa.js to handle SPA error responses // r.StatusCode = 401; //}); break; } } } else { proc.ProcessInstance <LoggerMembrane, ST_Log>(msg => msg.Message = "Using default handler: " + verb.Value + ": " + path.Value); // Put the context on the bus for some service to pick up. // All unhandled context are assumed to be public routes. proc.ProcessInstance <WebServerMembrane, UnhandledContext>(c => c.Context = context); } }
public void Process(ISemanticProcessor proc, IMembrane membrane, Route route) { IAuthenticatingRouterService routerService = proc.ServiceManager.Get <IAuthenticatingRouterService>(); IContext context = route.Context; HttpVerb verb = context.Verb(); UriPath path = context.Path(); string searchRoute = GetSearchRoute(verb, path); string data = route.Data; RouteInfo routeInfo; IPAddress addr = context.Request.RemoteEndPoint.Address; string ip = addr.ToString(); // Handle localhost format. if (ip == "::1") { addr = new IPAddress(new byte[] { 127, 0, 0, 1 }); } Console.WriteLine(DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss tt ") + "IP: " + addr.ToString() + " URL: " + route.Context.Request.Url); // TODO: Session manager may not exist. How do we handle services that are missing? IWebSessionService session = proc.ServiceManager.Get <IWebSessionService>(); // Semantic routes can be either public or authenticated. if (routerService.Routes.TryGetValue(searchRoute, out routeInfo)) { // Public routes always authenticate. bool authenticatedRoute = true; bool authorizedRoute = true; if (routeInfo.RouteType == RouteType.AuthenticatedRoute) { session.UpdateState(context); authenticatedRoute = session.IsAuthenticated(context); } if (routeInfo.RouteType == RouteType.RoleRoute) { session.UpdateState(context); authenticatedRoute = session.IsAuthenticated(context); // User must be authenticated and have the correct role setting. if (authenticatedRoute) { // Any bits that are set with a binary "and" of the route's role mask and the current role passes the authorization test. uint mask = session.GetSessionObject <uint>(context, "RoleMask"); authorizedRoute = (mask & routeInfo.RoleMask) != 0; } } if (authenticatedRoute) // user is authenticated { session.UpdateLastTransaction(context); } if (authenticatedRoute && authorizedRoute) { Type receptorSemanticType = routeInfo.ReceptorSemanticType; SemanticRoute semanticRoute = (SemanticRoute)Activator.CreateInstance(receptorSemanticType); semanticRoute.PostData = data; if (!String.IsNullOrEmpty(data)) { // Is it JSON? // NOTE: "JSON" is passed in as a string, not object. So this is what it looks like in the Javascript: // $.post("/geeks/createProfile", '{ "profileName": "foobar" }' // Note the surrounding ' marks if (data[0] == '{') { JsonConvert.PopulateObject(data, semanticRoute); SetUrlParameters(context.Request.Url.ToString(), semanticRoute, receptorSemanticType); } else if (MultiPartParser.IsMultiPart(data)) { MultiPartParser.ContentType ct = MultiPartParser.GetContentType(data); string content = MultiPartParser.GetContent(data); if (!(semanticRoute is IFileUpload)) { throw new RouterException("Semantic route class must implement IFileUpload"); } ((IFileUpload)semanticRoute).Content = content; } else { // Instead here, the data is passed in as an object, which comes in as params. The Javascript for this looks like: // $.post("/geeks/createProfile", { "profileName": profileName } // Note the lack of surrounding ' around the { } // Example: "username=sdfsf&password=sdfsdf&LoginButton=Login" // Use $.post(url, JSON.stringify(data) to convert to JSON string[] parms = data.Split('&'); foreach (string parm in parms) { string[] keyVal = parm.Split('='); PropertyInfo pi = receptorSemanticType.GetProperty(keyVal[0], BindingFlags.Public | BindingFlags.Instance | BindingFlags.IgnoreCase); if (pi != null) { // TODO: Should handling of "+" be before or after the UnescapedDataString call? object valOfType = Converter.Convert(Uri.UnescapeDataString(keyVal[1].Replace('+', ' ')), pi.PropertyType); pi.SetValue(semanticRoute, valOfType); } } } } else if (verb.Value == "GET") { SetUrlParameters(context.Request.Url.ToString(), semanticRoute, receptorSemanticType); } // Must be done AFTER populating the object -- sometimes the json converter nulls the base class! semanticRoute.Context = context; // TODO: Why are we doing this on the caller thread, except for debugging??? proc.ProcessInstance <WebServerMembrane>(semanticRoute, true); } else { // Deal with expired or requires authentication. switch (session.GetState(context)) { case SessionState.New: // TODO: Oh man, this is application specific!!! session.SetSessionObject(context, "OneTimeBadAlert", "Please Sign In"); context.Redirect("/account/login"); //proc.ProcessInstance<WebServerMembrane, StringResponse>(r => //{ // r.Context = context; // r.Message = "authenticationRequired"; // used in clifton.spa.js to handle SPA error responses // r.StatusCode = 403; //}); break; case SessionState.Authenticated: proc.ProcessInstance <WebServerMembrane, StringResponse>(r => { r.Context = context; r.Message = "notAuthorized"; // used in clifton.spa.js to handle SPA error responses r.StatusCode = 401; }); break; case SessionState.Expired: session.SetSessionObject(context, "OneTimeBadAlert", "Session expired. Please sign in again."); context.Redirect("/account/login"); //proc.ProcessInstance<WebServerMembrane, StringResponse>(r => //{ // r.Context = context; // r.Message = "sessionExpired"; // used in clifton.spa.js to handle SPA error responses // r.StatusCode = 401; //}); break; } } } else { // proc.ProcessInstance<LoggerMembrane, ST_Log>(msg => msg.Message = "Using default handler: " + verb.Value + ": " + path.Value); // Put the context on the bus for some service to pick up. // All unhandled context are assumed to be public routes. proc.ProcessInstance <WebServerMembrane, UnhandledContext>(c => c.Context = context); } }