コード例 #1
0
        public Bootstrapper(IDbConnectionFactory connectionFactory)
        {
            _connectionFactory = connectionFactory;

            StaticConfiguration.DisableErrorTraces   = false;
            StaticConfiguration.EnableRequestTracing = true;

            //Cross origin resource sharing
            ApplicationPipelines.AfterRequest.AddItemToEndOfPipeline(x => x.Response.WithHeader("Access-Control-Allow-Origin", "*"));
            ApplicationPipelines.AfterRequest.AddItemToEndOfPipeline(x => x.Response.WithHeader("Access-Control-Allow-Methods", "DELETE, GET, HEAD, POST, PUT, OPTIONS, PATCH"));
            ApplicationPipelines.AfterRequest.AddItemToEndOfPipeline(x => x.Response.WithHeader("Access-Control-Allow-Headers", "Content-Type"));
            ApplicationPipelines.AfterRequest.AddItemToEndOfPipeline(x => x.Response.WithHeader("Accept", "application/json"));

            //Default format to JSON (very low priority)
            ApplicationPipelines.BeforeRequest.AddItemToStartOfPipeline(x => {
                x.Request.Headers.Accept = x.Request.Headers.Accept.Concat(new Tuple <string, decimal>("application/json", 0.01m));
                return(null);
            });

            //Make sure this is being accessed over a secure connection
            var httpsRedirect = SecurityHooks.RequiresHttps(redirect: false);

            ApplicationPipelines.BeforeRequest.AddItemToEndOfPipeline(x => {
                if (!IsSecure(x))
                {
                    return(httpsRedirect(x));
                }
                return(null);
            });
        }
コード例 #2
0
        protected override void ApplicationStartup(Nancy.TinyIoc.TinyIoCContainer container, Nancy.Bootstrapper.IPipelines pipelines)
        {
            base.ApplicationStartup(container, pipelines);

#if !DEBUG
            pipelines.BeforeRequest.AddItemToEndOfPipeline(SecurityHooks.RequiresHttps(true));
#endif

            var statelessAuthenticationConfiguration = new StatelessAuthenticationConfiguration(context =>
            {
                string token = context.Request.Headers["X-AUTH-TOKEN"].FirstOrDefault();
                if (token == null && context.Request.Query.token.HasValue)
                {
                    token = context.Request.Query.token.Value;
                }
                if (token == null && context.Request.Cookies.ContainsKey("TOKEN"))
                {
                    token = context.Request.Cookies["TOKEN"];
                }

#if DEBUG
                var ip = System.Net.IPAddress.Parse(context.Request.UserHostAddress);
                if (token == null && System.Net.IPAddress.IsLoopback(ip))
                {
                    return(new User
                    {
                        UserName = "******",
                        Claims = new string[] { "Garage", "Tag", "HVAC", "GroupMe", "Torrent", "ChoreBotNag" }
                    });
                }
#endif

                if (!String.IsNullOrWhiteSpace(token))
                {
                    using (var sql = new SqlConnection(CloudConfigurationManager.GetSetting("DatabaseConnection")))
                    {
                        sql.Open();
                        var check         = sql.CreateCommand();
                        check.CommandText = "SELECT [User].UserName, Claim.Name FROM Token JOIN [User] on [User].Id = Token.UserId LEFT JOIN Claim on Claim.UserId = [User].Id WHERE Token.Value = @token";
                        check.Parameters.AddWithValue("token", token);

                        var user = new User();
                        using (var reader = check.ExecuteReader())
                        {
                            while (reader.Read())
                            {
                                user.UserName = reader.GetString(0);

                                // Don't add a NULL claim if user doesn't have any claims
                                if (!reader.IsDBNull(1))
                                {
                                    ((List <String>)user.Claims).Add(reader.GetString(1));
                                }
                            }
                        }

                        if (user.UserName != null)
                        {
                            return(user);
                        }
                    }
                }

                return(null);
            });

            StatelessAuthentication.Enable(pipelines, statelessAuthenticationConfiguration);
        }