protected virtual void AuthenticateRequest(WebSocketRequest request)
{
var singleUseToken = request.Token;
if (string.IsNullOrEmpty(singleUseToken) == false)
{
object msg;
HttpStatusCode code;
IPrincipal user;
if (authorizer.TryAuthorizeSingleUseAuthToken(singleUseToken, request.ResourceName, out msg, out code, out user) == false)
{
throw new WebSocketRequestValidationException(code, RavenJToken.FromObject(msg).ToString(Formatting.Indented));
}
request.User = user;
return;
}
switch (DatabasesLandlord.SystemDatabase.Configuration.AnonymousUserAccessMode)
{
case AnonymousUserAccessMode.Admin:
case AnonymousUserAccessMode.All:
case AnonymousUserAccessMode.Get:
// this is effectively a GET request, so we'll allow it
// under this circumstances
request.User = CurrentOperationContext.User.Value;
return;
case AnonymousUserAccessMode.None:
throw new WebSocketRequestValidationException(HttpStatusCode.Forbidden, "Single use token is required for authenticated web sockets connections.");
default:
throw new ArgumentOutOfRangeException(DatabasesLandlord.SystemDatabase.Configuration.AnonymousUserAccessMode.ToString());
}
}
protected override async Task ValidateRequest(WebSocketRequest request)
{
await base.ValidateRequest(request);
if (request.ResourceName != Constants.SystemDatabase)
{
throw new WebSocketRequestValidationException(HttpStatusCode.BadRequest, "Request should be without resource context, or with system database.");
}
}
protected virtual async Task ValidateRequest(WebSocketRequest request)
{
if (string.IsNullOrEmpty(request.Id))
{
throw new WebSocketRequestValidationException(HttpStatusCode.BadRequest, "Id is mandatory.");
}
request.ActiveResource = await GetActiveResource(request);
request.ResourceName = request.ActiveResource.ResourceName ?? Constants.SystemDatabase;
}
protected virtual async Task ValidateRequest(WebSocketRequest request)
{
if (string.IsNullOrEmpty(request.Id))
{
throw new WebSocketRequestValidationException(HttpStatusCode.BadRequest, "Id is mandatory.");
}
request.ActiveResource = await GetActiveResource(request);
request.ResourceName = request.ActiveResource.Name ?? Constants.SystemDatabase;
}
protected override void AuthenticateRequest(WebSocketRequest request)
{
base.AuthenticateRequest(request);
var oneTimetokenPrincipal = request.User as MixedModeRequestAuthorizer.OneTimetokenPrincipal;
if ((oneTimetokenPrincipal == null || !oneTimetokenPrincipal.IsAdministratorInAnonymouseMode) &&
DatabasesLandlord.SystemDatabase.Configuration.AnonymousUserAccessMode != AnonymousUserAccessMode.Admin)
{
throw new WebSocketRequestValidationException(HttpStatusCode.BadRequest, "Administrator user is required in order to trace the whole server.");
}
}
public async Task<WebSocketRequest> ParseWebSocketRequestAsync(Uri uri, string token)
{
var parameters = HttpUtility.ParseQueryString(uri.Query);
var request = new WebSocketRequest
{
Id = parameters["id"],
Uri = uri,
Token = token
};
await ValidateRequest(request);
AuthenticateRequest(request);
return request;
}
protected override void AuthenticateRequest(WebSocketRequest request)
{
base.AuthenticateRequest(request);
if (request.ResourceName == Constants.SystemDatabase)
{
var oneTimetokenPrincipal = request.User as OneTimeTokenPrincipal;
if ((oneTimetokenPrincipal == null || !oneTimetokenPrincipal.IsAdministratorInAnonymouseMode) &&
DatabasesLandlord.SystemDatabase.Configuration.AnonymousUserAccessMode != AnonymousUserAccessMode.Admin)
{
throw new WebSocketRequestValidationException(HttpStatusCode.Forbidden, "Administrator user is required in order to trace the whole server.");
}
}
}
public async Task <WebSocketRequest> ParseWebSocketRequestAsync(Uri uri, string token)
{
var parameters = HttpUtility.ParseQueryString(uri.Query);
var request = new WebSocketRequest
{
Id = parameters["id"],
Uri = uri,
Token = token
};
await ValidateRequest(request);
AuthenticateRequest(request);
return(request);
}
private async Task <IResourceStore> GetActiveResource(WebSocketRequest request)
{
try
{
var localPath = NormalizeLocalPath(request.Uri.LocalPath);
var resourcePath = localPath.Substring(0, localPath.Length - expectedRequestSuffix.Length);
var resourcePartsPathParts = resourcePath.Split('/');
if (expectedRequestSuffix.Equals(localPath))
{
return(DatabasesLandlord.SystemDatabase);
}
IResourceStore activeResource;
switch (resourcePartsPathParts[1])
{
case DatabasesUrlPrefix:
activeResource = await DatabasesLandlord.GetResourceInternal(resourcePath.Substring(DatabasesUrlPrefix.Length + 2)).ConfigureAwait(false);
break;
case FileSystemsUrlPrefix:
activeResource = await fileSystemsLandlord.GetResourceInternal(resourcePath.Substring(FileSystemsUrlPrefix.Length + 2)).ConfigureAwait(false);
break;
case CountersUrlPrefix:
activeResource = await countersLandlord.GetResourceInternal(resourcePath.Substring(CountersUrlPrefix.Length + 2)).ConfigureAwait(false);
break;
case TimeSeriesUrlPrefix:
activeResource = await timeSeriesLandlord.GetResourceInternal(resourcePath.Substring(TimeSeriesUrlPrefix.Length + 2)).ConfigureAwait(false);
break;
default:
throw new WebSocketRequestValidationException(HttpStatusCode.BadRequest, "Illegal websocket path.");
}
return(activeResource);
}
catch (Exception e)
{
throw new WebSocketRequestValidationException(HttpStatusCode.InternalServerError, e.Message);
}
}
protected virtual void AuthenticateRequest(WebSocketRequest request)
{
var singleUseToken = request.Token;
if (string.IsNullOrEmpty(singleUseToken) == false)
{
object msg;
HttpStatusCode code;
IPrincipal user;
if (authorizer.TryAuthorizeSingleUseAuthToken(singleUseToken, request.ResourceName, out msg, out code, out user) == false)
{
throw new WebSocketRequestValidationException(code, RavenJToken.FromObject(msg).ToString(Formatting.Indented));
}
request.User = user;
return;
}
switch (DatabasesLandlord.SystemDatabase.Configuration.AnonymousUserAccessMode)
{
case AnonymousUserAccessMode.Admin:
case AnonymousUserAccessMode.All:
case AnonymousUserAccessMode.Get:
// this is effectively a GET request, so we'll allow it
// under this circumstances
request.User = CurrentOperationContext.User.Value;
return;
case AnonymousUserAccessMode.None:
throw new WebSocketRequestValidationException(HttpStatusCode.Forbidden, "Single use token is required for authenticated web sockets connections.");
default:
throw new ArgumentOutOfRangeException(DatabasesLandlord.SystemDatabase.Configuration.AnonymousUserAccessMode.ToString());
}
}
protected override void AuthenticateRequest(WebSocketRequest request)
{
base.AuthenticateRequest(request);
var oneTimetokenPrincipal = request.User as OneTimeTokenPrincipal;
if ((oneTimetokenPrincipal == null || !oneTimetokenPrincipal.IsAdministratorInAnonymouseMode) &&
DatabasesLandlord.SystemDatabase.Configuration.AnonymousUserAccessMode != AnonymousUserAccessMode.Admin)
{
throw new WebSocketRequestValidationException(HttpStatusCode.BadRequest, "Administrator user is required in order to trace the whole server.");
}
}
protected override async Task ValidateRequest(WebSocketRequest request)
{
await base.ValidateRequest(request);
if (request.ResourceName != Constants.SystemDatabase)
throw new WebSocketRequestValidationException(HttpStatusCode.BadRequest, "Request should be without resource context, or with system database.");
}
private async Task<IResourceStore> GetActiveResource(WebSocketRequest request)
{
try
{
var localPath = NormalizeLocalPath(request.Uri.LocalPath);
var resourcePath = localPath.Substring(0, localPath.Length - expectedRequestSuffix.Length);
var resourcePartsPathParts = resourcePath.Split('/');
if (expectedRequestSuffix.Equals(localPath))
{
return DatabasesLandlord.SystemDatabase;
}
IResourceStore activeResource;
switch (resourcePartsPathParts[1])
{
case CountersUrlPrefix:
activeResource = await countersLandlord.GetCounterInternal(resourcePath.Substring(CountersUrlPrefix.Length + 2));
break;
case DatabasesUrlPrefix:
activeResource = await DatabasesLandlord.GetDatabaseInternal(resourcePath.Substring(DatabasesUrlPrefix.Length + 2));
break;
case FileSystemsUrlPrefix:
activeResource = await fileSystemsLandlord.GetFileSystemInternalAsync(resourcePath.Substring(FileSystemsUrlPrefix.Length + 2));
break;
default:
throw new WebSocketRequestValidationException(HttpStatusCode.BadRequest, "Illegal websocket path.");
}
return activeResource;
}
catch (Exception e)
{
throw new WebSocketRequestValidationException(HttpStatusCode.InternalServerError, e.Message);
}
}
protected override void AuthenticateRequest(WebSocketRequest request)
{
base.AuthenticateRequest(request);
if (request.ResourceName == Constants.SystemDatabase)
{
var oneTimetokenPrincipal = request.User as MixedModeRequestAuthorizer.OneTimetokenPrincipal;
if ((oneTimetokenPrincipal == null || !oneTimetokenPrincipal.IsAdministratorInAnonymouseMode) &&
DatabasesLandlord.SystemDatabase.Configuration.AnonymousUserAccessMode != AnonymousUserAccessMode.Admin)
{
throw new WebSocketRequestValidationException(HttpStatusCode.Forbidden, "Administrator user is required in order to trace the whole server.");
}
}
}
