public static async Task <IActionResult> DfmServeStaticsFunction( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = StaticsRoute)] HttpRequest req, string p1, string p2, string p3, ExecutionContext context, ILogger log ) { return(await req.HandleErrors(log, async() => { // Checking nonce, if it was set as an env variable. // Don't care about return value of this method here. Auth.IsNonceSetAndValid(req.Headers); // Two bugs away. Making sure none of these segments ever contain any path separators and/or relative paths string path = Path.Join(Path.GetFileName(p1), Path.GetFileName(p2), Path.GetFileName(p3)); string root = Path.Join(context.FunctionAppDirectory, "DfmStatics"); var contentType = FileMap.FirstOrDefault((kv => path.StartsWith(kv[0]))); if (contentType != null) { string fullPath = Path.Join(root, path); if (!File.Exists(fullPath)) { return new NotFoundResult(); } return new FileStreamResult(File.OpenRead(fullPath), contentType[1]) { LastModified = File.GetLastWriteTimeUtc(fullPath) }; } // Adding anti-forgery token using (var generator = RandomNumberGenerator.Create()) { var bytes = new byte[64]; generator.GetBytes(bytes); string token = Convert.ToBase64String(bytes); req.HttpContext.Response.Cookies .Append(Globals.XsrfTokenCookieAndHeaderName, token, new CookieOptions { HttpOnly = false }); } // Returning index.html by default, to support client routing return await ReturnIndexHtml(context, log, root, p1); })); }
public static Task <IActionResult> DfmGetEasyAuthConfigFunction( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "a/p/i/easyauth-config")] HttpRequest req, ILogger log ) { return(req.HandleErrors(log, async() => { // Checking nonce, if it was set as an env variable. // Don't care about return value of this method here. Auth.IsNonceSetAndValid(req.Headers); string siteName = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_SITE_NAME); string clientId = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_CLIENT_ID); // When deployed to Azure, this tool should always be protected by EasyAuth if (!string.IsNullOrEmpty(siteName) && string.IsNullOrEmpty(clientId) && !DfmEndpoint.Settings.DisableAuthentication) { log.LogError($"You need to configure EasyAuth for your '{siteName}' instance. This tool should never be exposed to the world without authentication."); return new UnauthorizedResult(); } string unauthenticatedAction = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_UNAUTHENTICATED_ACTION); if (unauthenticatedAction == Auth.UnauthenticatedActionRedirectToLoginPage) { // Assuming it is the server-directed login flow to be used // and returning just the user name (to speed up login process) var userNameClaim = req.HttpContext.User?.FindFirst(DfmEndpoint.Settings.UserNameClaimName); return new { userName = userNameClaim?.Value }.ToJsonContentResult(); } // Trying to get tenantId from WEBSITE_AUTH_OPENID_ISSUER environment variable string tenantId = "common"; string openIdIssuer = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_OPENID_ISSUER); if (!string.IsNullOrEmpty(openIdIssuer)) { var match = GuidRegex.Match(openIdIssuer); if (match.Success) { tenantId = match.Groups[1].Value; } } return new { clientId, authority = "https://login.microsoftonline.com/" + tenantId }.ToJsonContentResult(); })); }