public ActionResult AddFilter()
{
AddFilterRequest request = ApiRequestBase.ParseRequest <AddFilterRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
using (DB db = new DB(p.Name))
{
Filter newFilter = new Filter();
newFilter.Name = request.name;
if (Enum.IsDefined(typeof(ConditionHandling), request.conditionHandling))
{
newFilter.ConditionHandling = request.conditionHandling;
}
if (db.AddFilter(newFilter, request.conditions, out string errorMessage))
{
Logger.Info("[" + p.Name + "] Filter " + newFilter.FilterId + " (\"" + newFilter.Name + "\") was added by \"" + session.userName + "\"");
return(Json(new ApiResponseBase(true)));
}
else
{
return(ApiError(errorMessage));
}
}
}
public static PackedApiRequest Pack(ApiRequestBase baseRequest)
{
#pragma warning disable CS0618 // Type or member is obsolete
return(new PackedApiRequest(baseRequest.RequestId, baseRequest.Query, baseRequest.ExpectedColumns));
#pragma warning restore CS0618 // Type or member is obsolete
}
/// <summary>
/// Gets all login records within a time range, ordered by Date descending. Session must have admin privilege.
/// </summary>
/// <returns></returns>
public ActionResult GeolocateIP()
{
GeolocateIPRequest request = ApiRequestBase.ParseRequest <GeolocateIPRequest>(this);
if (IPAddress.TryParse(request.ip, out IPAddress ip))
{
string url = Settings.data.geolocationWebServiceBaseUrl;
if (string.IsNullOrWhiteSpace(url))
{
return(ApiError("The geolocation web service endpoint is not configured."));
}
if (!url.EndsWith("/"))
{
url += "/";
}
url += "embed/" + ip.ToString();
BpWebResponse proxyResponse = proxyClient.GET(url);
return(Json(new GeolocateIPResponse()
{
html = proxyResponse.str
}));
}
else
{
return(ApiError("Invalid IP Address"));
}
}
public ActionResult FinishChange()
{
ChangePasswordRequest request = ApiRequestBase.ParseRequest <ChangePasswordRequest>(this);
byte[] challenge = session.authChallenge;
if (challenge == null || challenge.Length == 0)
{
return(ApiError("Missing session state. Please retry."));
}
User user = session.GetUser();
if (user.AuthenticateUser(request.oldPwToken, challenge))
{
byte[] newPwTokenBytes = Hex.ToByteArray(request.newPwToken);
byte[] encryptionKey = Hash.GetSHA512Bytes(user.PasswordHash, challenge);
byte[] decryptedNewPwHash = ByteUtil.XORByteArrays(encryptionKey, newPwTokenBytes);
user.PasswordHash = Hash.GetSHA512Bytes(decryptedNewPwHash);
Settings.data.Save();
session.authChallenge = null;
return(Json(new ApiResponseBase(true)));
}
else
{
return(ApiError("Old password was incorrect."));
}
}
/// <summary>
/// Gets a specific event by ID.
/// </summary>
/// <returns></returns>
public ActionResult GetEvent()
{
GetEventRequest request = ApiRequestBase.ParseRequest <GetEventRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
Event ev = null;
using (DB db = new DB(p.Name))
{
ev = db.GetEvent(request.eventId);
if (ev != null)
{
db.AddReadState(session.GetUser().UserId, ev.EventId);
}
}
if (ev != null)
{
GetEventDataResponse response = new GetEventDataResponse();
response.ev = ev;
response.eventListCustomTagKey = session.GetUser().GetEventListCustomTagKey(p.Name);
return(Json(response));
}
return(ApiError("Unable to find event with ID " + request.eventId));
}
public ActionResult AddProject()
{
ProjectRequest request = ApiRequestBase.ParseRequest <ProjectRequest>(this);
if (string.IsNullOrWhiteSpace(request.projectName) || !StringUtil.IsAlphaNumericOrUnderscore(request.projectName))
{
return(Json(new ApiResponseBase(false, "project name is invalid")));
}
request.projectName = request.projectName.Trim();
if (request.projectName.Length > 64)
{
return(Json(new ApiResponseBase(false, "project name is too long. Max length: 64 characters.")));
}
Project p = new Project();
p.Name = request.projectName;
p.InitializeSubmitKey();
if (Settings.data.TryAddProject(p))
{
Settings.data.Save();
Logger.Info("Project \"" + request.projectName + "\" was added by \"" + session.userName + "\"");
return(Json(new ApiResponseBase(true)));
}
else
{
return(Json(new ApiResponseBase(false, "project name is already taken")));
}
}
//public bool IsControllerThrottle { get { return isControllerThrottle; } set { isControllerThrottle = value; } }
public override void OnActionExecuting(HttpActionContext actionContext)
{
ApiRequestBase request = actionContext.ActionArguments["request"] as ApiRequestBase;
string apiKey = request.sAPIKey;
SetName(actionContext);
string key = string.Concat(name, "-", apiKey);
if (DateTime.Now.Hour == Utils.GetConfigValue("HourBatchIsRunning"))
{
Execute(actionContext, request, true);
}
miliSeconds = Utils.GetConfigValue(name + "-Interval");
if (miliSeconds <= 0)
{
miliSeconds = Utils.GetConfigValue("Default-Interval");
if (miliSeconds <= 0)
{
return;
}
}
ExecuteOrNot(actionContext, request, apiKey, key);
}
public ActionResult Logout()
{
ApiRequestBase args = ApiRequestBase.ParseRequest <ApiRequestBase>(this);
SessionManager.RemoveSession(args.sid);
return(Json(new ApiResponseBase(true)));
}
private HttpWebRequest CreateRequest(ApiRequestBase request, string key = null)
{
var webRequest = WebRequest.Create(request.CreateRequestUrl(key ?? ApiKey)) as HttpWebRequest;
webRequest.Method = "GET";
webRequest.Proxy = Proxy;
webRequest.Accept = "application/json";
return(webRequest);
}
private void LogThrottle(ApiRequestBase request, bool isTotalShutdown, string shutDownMessage)
{
int auditId = 0;
auditId = this.InsertAudit(request.sAPIKey, request.iTradingPartnerID, request.sEmailAddress, name, auditId);
_logger.SetAuditId(auditId);
_logger.Error(name + " - " + (isTotalShutdown ? shutDownMessage : Message));
}
public ActionResult SetSettingsData()
{
SetSettingsRequest request = ApiRequestBase.ParseRequest <SetSettingsRequest>(this);
bool requiresRestart = false;
Settings.data.systemName = request.settings.systemName;
if (Settings.data.port_http != request.settings.port_http)
{
Settings.data.port_http = request.settings.port_http;
requiresRestart = true;
}
if (Settings.data.port_https != request.settings.port_https)
{
Settings.data.port_https = request.settings.port_https;
requiresRestart = true;
}
Settings.data.appPath = request.settings.appPath;
if (Settings.data.certificatePath != request.settings.certificatePath)
{
Settings.data.certificatePath = request.settings.certificatePath;
requiresRestart = true;
}
if (Settings.data.certificatePassword != request.settings.certificatePassword)
{
Settings.data.certificatePassword = request.settings.certificatePassword;
requiresRestart = true;
}
Settings.data.loginStyle = request.settings.loginStyle.ToString();
Settings.data.geolocationWebServiceBaseUrl = request.settings.geolocationWebServiceBaseUrl.ToString();
Settings.data.trustedProxyIPs = request.settings.trustedProxyIPs;
Settings.data.useXRealIP = request.settings.useXRealIP;
Settings.data.useXForwardedFor = request.settings.useXForwardedFor;
Settings.data.smtpHost = request.settings.smtpHost;
Settings.data.smtpPort = request.settings.smtpPort;
Settings.data.smtpSsl = request.settings.smtpSsl;
Settings.data.smtpUser = request.settings.smtpUser;
Settings.data.smtpPass = request.settings.smtpPass;
Settings.data.smtpSendFrom = request.settings.smtpSendFrom;
Settings.data.defaultErrorEmail = request.settings.defaultErrorEmail;
Settings.data.verboseSubmitLogging = request.settings.verboseSubmitLogging;
Settings.data.serviceWorkerEnabled = request.settings.serviceWorkerEnabled;
Settings.data.Save();
SetSettingsResponse response = new SetSettingsResponse(true, null);
if (requiresRestart)
{
response.message = "Some changes will take effect the next time the web server is restarted.";
}
return(Json(response));
}
public ActionResult RunEnabledFiltersAgainstAllEvents()
{
ProjectRequestBase request = ApiRequestBase.ParseRequest <ProjectRequestBase>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
using (FilterEngine fe = new FilterEngine(request.projectName))
fe.RunEnabledFiltersAgainstAllEvents();
return(Json(new ApiResponseBase(true)));
}
public ActionResult RunFilterAgainstAllEvents()
{
OneFilterRequest request = ApiRequestBase.ParseRequest <OneFilterRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
using (FilterEngine fe = new FilterEngine(request.projectName))
fe.RunFilterAgainstAllEvents(request.filterId, true);
return(Json(new ApiResponseBase(true)));
}
/// <summary>
/// Sets the custom tag to be included in event summaries provided to this user. Set null to unset the preference.
/// </summary>
/// <returns></returns>
public ActionResult SetEventListCustomTagKey()
{
SetEventListCustomTagKeyRequest request = ApiRequestBase.ParseRequest <SetEventListCustomTagKeyRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
session.GetUser().SetEventListCustomTagKey(p.Name, request.eventListCustomTagKey);
Settings.data.Save();
return(Json(new ApiResponseBase(true)));
}
/// <summary>
/// Gets all login records within a time range, ordered by Date descending. Session must have admin privilege.
/// </summary>
/// <returns></returns>
public ActionResult GetLoginRecordsGlobal()
{
if (!session.IsAdminValid)
{
return(ApiError("Not Authorized"));
}
LoginRecordsGlobalRequest request = ApiRequestBase.ParseRequest <LoginRecordsGlobalRequest>(this);
using (GlobalDb db = new GlobalDb())
return(Json(new LoginRecordsResponse()
{
records = db.GetLoginRecordsGlobal(request.startDate, request.endDate)
}));
}
/// <summary>
/// Gets all login records for the specified user, ordered by Date descending. Session must have admin privilege.
/// </summary>
/// <returns></returns>
public ActionResult GetLoginRecordsForUser()
{
if (!session.IsAdminValid)
{
return(ApiError("Not Authorized"));
}
LoginRecordsByUserNameRequest request = ApiRequestBase.ParseRequest <LoginRecordsByUserNameRequest>(this);
using (GlobalDb db = new GlobalDb())
return(Json(new LoginRecordsResponse()
{
records = db.GetLoginRecordsByUserName(request.userName)
}));
}
public ActionResult GetFolderStructure()
{
ProjectRequestBase request = ApiRequestBase.ParseRequest <ProjectRequestBase>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
GetFolderStructureResponse response = new GetFolderStructureResponse();
using (DB db = new DB(p.Name))
response.root = db.GetFolderStructure();
return(Json(response));
}
public ActionResult GetFilter()
{
OneFilterRequest request = ApiRequestBase.ParseRequest <OneFilterRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
GetFilterResponse response = new GetFilterResponse();
using (DB db = new DB(p.Name))
response.filter = db.GetFilter(request.filterId);
return(Json(response));
}
public ActionResult AddFolder()
{
AddFolderRequest request = ApiRequestBase.ParseRequest <AddFolderRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
using (DB db = new DB(p.Name))
{
if (db.AddFolder(request.folderName, request.parentFolderId, out string errorMessage, out Folder newFolder))
{
return(Json(new ApiResponseBase(true)));
}
private void Execute(HttpActionContext actionContext, ApiRequestBase request, bool isTotalShutdown = false)
{
if (string.IsNullOrEmpty(Message) && !isTotalShutdown)
{
Message = string.Format("You may only perform this action every {0} milisecond(s).", miliSeconds);
}
string shutDownMessage = string.Format("API is temporarily shutdown, please try again later");
LogThrottle(request, isTotalShutdown, shutDownMessage);
actionContext.Response = actionContext.Request.CreateResponse(
HttpStatusCode.Conflict,
isTotalShutdown ? shutDownMessage : Message
);
}
public ActionResult GetAllFilters()
{
ProjectRequestBase request = ApiRequestBase.ParseRequest <ProjectRequestBase>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
GetAllFiltersResponse response = new GetAllFiltersResponse();
using (DB db = new DB(p.Name))
response.filters = db.GetAllFiltersSummary();
return(Json(response));
}
/// <summary>
/// Gets the number of unread events in every folder that contains unread events.
/// </summary>
/// <returns></returns>
public ActionResult CountUnreadEventsByFolder()
{
ProjectRequestBase request = ApiRequestBase.ParseRequest <ProjectRequestBase>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
using (DB db = new DB(p.Name))
{
Dictionary <int, uint> folderIdToUnreadEventCount = db.CountUnreadEventsByFolder(session.GetUser().UserId);
return(Json(new CountUnreadEventsByFolderResponse(folderIdToUnreadEventCount)));
}
}
public ActionResult GetRegistrationStatus()
{
PushRegistrationRequest request = ApiRequestBase.ParseRequest <PushRegistrationRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
User user = session.GetUser();
string[] keys = user.GetPushNotificationSubscriptions(request.projectName, request.folderId);
bool subscribed = keys.Contains(request.subscriptionKey);
return(Json(new GetRegistrationStatusResponse(subscribed)));
}
public ActionResult UnregisterForPush()
{
PushRegistrationRequest request = ApiRequestBase.ParseRequest <PushRegistrationRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
User user = session.GetUser();
user.SetPushNotificationSubscription(request.projectName, request.folderId, request.subscriptionKey, false);
Settings.data.Save();
return(Json(new ApiResponseBase(true)));
}
public ActionResult ReorderFilters()
{
ReorderFiltersRequest request = ApiRequestBase.ParseRequest <ReorderFiltersRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
using (DB db = new DB(p.Name))
{
db.ReorderFilters(request.newOrder);
}
Logger.Info("[" + p.Name + "] Filters reordered by \"" + session.userName + "\"");
return(Json(new ApiResponseBase(true)));
}
public ActionResult ReplaceSubmitKey()
{
ProjectRequest request = ApiRequestBase.ParseRequest <ProjectRequest>(this);
Project p = Settings.data.GetProject(request.projectName);
if (p == null)
{
return(Json(new ApiResponseBase(false, "project could not be found")));
}
p.InitializeSubmitKey();
Settings.data.Save();
Logger.Info("Project \"" + request.projectName + "\" had its submit key replaced by \"" + session.userName + "\"");
return(Json(new ApiResponseBase(true)));
}
/// <summary>
/// Move events by ID to a new folder by ID.
/// </summary>
/// <returns></returns>
public ActionResult MoveEvents()
{
MoveEventsRequest request = ApiRequestBase.ParseRequest <MoveEventsRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
using (DB db = new DB(p.Name))
{
if (db.MoveEvents(request.eventIds, request.newFolderId))
{
return(Json(new ApiResponseBase(true)));
}
return(ApiError("Unable to move all events with IDs " + string.Join(",", request.eventIds)));
}
}
/// <summary>
/// Sets the color of events by ID.
/// </summary>
/// <returns></returns>
public ActionResult SetEventsColor()
{
SetEventsColorRequest request = ApiRequestBase.ParseRequest <SetEventsColorRequest>(this);
if (!request.Validate(out Project p, out ApiResponseBase error))
{
return(Json(error));
}
using (DB db = new DB(p.Name))
{
if (db.SetEventsColor(request.eventIds, request.color))
{
return(Json(new ApiResponseBase(true)));
}
return(ApiError("Unable to delete all events with IDs " + string.Join(",", request.eventIds)));
}
}
protected void BuildApiRequest()
{
this.requestParameters = GetRequestParameters(actionContext.Request);
string accessId, signType, sign, version;
this.requestParameters.TryGetRequireValue(FilterConstants.ParamAppId, out accessId);
this.requestParameters.TryGetRequireValue(FilterConstants.ParamSignType, out signType);
this.requestParameters.TryGetRequireValue(FilterConstants.ParamSignature, out sign);
this.requestParameters.TryGetRequireValue(FilterConstants.ParamVersion, out version);
this.apiRequest = new ApiRequestModel()
{
accessId = accessId,
signType = signType,
sign = sign,
v = version
};
}
/// <summary>
/// May allow or disallow access to the controller. This is called before the client-specified action method is called.
/// </summary>
/// <param name="result">If authorization fails, this should be set to an appropriate result such as an HTTP 403 Forbidden response. If null, authorization will be assumed to have succeeded.</param>
public override void OnAuthorization(ref ActionResult result)
{
base.OnAuthorization(ref result);
if (result != null)
{
return;
}
ApiRequestBase args = ApiRequestBase.ParseRequest <ApiRequestBase>(this);
session = args.GetSession();
if (session == null)
{
result = StatusCode("403 Forbidden");
}
else if (!session.IsAuthValid)
{
result = StatusCode("418 Insufficient Privilege");
}
}
