private async Task InvokeApi(HttpContext httpContext) { httpContext.Request.Headers.TryGetValue("Prefer", out StringValues preferHeader); OeRequestHeaders headers = OeRequestHeaders.Parse(httpContext.Request.Headers["Accept"], preferHeader); Uri baseUri = UriHelper.GetBaseUri(httpContext.Request); Uri requestUri = UriHelper.GetUri(httpContext.Request); if (HttpMethods.IsGet(httpContext.Request.Method)) { var parser = new OeParser(baseUri, EdmModel, GetModelBoundProvider(httpContext), OeParser.ServiceProvider); await parser.ExecuteGetAsync(requestUri, new OeHttpRequestHeaders(headers, httpContext.Response), httpContext.Response.Body, httpContext.RequestAborted).ConfigureAwait(false); } else if (HttpMethods.IsPost(httpContext.Request.Method) || HttpMethods.IsPut(httpContext.Request.Method) || HttpMethods.IsPatch(httpContext.Request.Method) || HttpMethods.IsDelete(httpContext.Request.Method)) { ODataUri odataUri = OeParser.ParseUri(EdmModel, baseUri, requestUri, OeParser.ServiceProvider); if (odataUri.Path.LastSegment is OperationImportSegment) { var parser = new OeParser(baseUri, EdmModel, GetModelBoundProvider(httpContext), OeParser.ServiceProvider); await parser.ExecuteOperationAsync(odataUri, new OeHttpRequestHeaders(headers, httpContext.Response), httpContext.Request.Body, httpContext.Response.Body, httpContext.RequestAborted).ConfigureAwait(false); } else { httpContext.Response.ContentType = httpContext.Request.ContentType; var batchParser = new OeBatchParser(baseUri, EdmModel, OeParser.ServiceProvider); await batchParser.ExecuteOperationAsync(requestUri, httpContext.Request.Body, httpContext.Response.Body, httpContext.Request.ContentType, httpContext.Request.Method, httpContext.RequestAborted).ConfigureAwait(false); } } }
public static async Task <(bool Exists, StringValues Value)> TryGetParamAsync(this HttpRequest httpRequest, string key, CancellationToken cancellationToken) { if (httpRequest == null) { throw new ArgumentNullException(nameof(httpRequest)); } if (key == null) { throw new ArgumentNullException(nameof(key)); } var hasForm = (HttpMethods.IsPost(httpRequest.Method) || HttpMethods.IsPut(httpRequest.Method) || HttpMethods.IsDelete(httpRequest.Method) || HttpMethods.IsPatch(httpRequest.Method)) && httpRequest.HasFormContentType; var exists = httpRequest.Query.TryGetValue(key, out var value); if (!exists && hasForm) { var form = await httpRequest.ReadFormAsync(cancellationToken).ConfigureAwaitFalse(); exists = form.TryGetValue(key, out value); } return(exists, value); }
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { try { _requestMethod = context.HttpContext.Request.Method; _apiRequestMethod = context.HttpContext.Request.Headers["ApiRequestMethod"].FirstOrDefault() ?? _requestMethod ?? "GET"; _cacheReadEnabled = HttpMethods.IsGet(_apiRequestMethod) || HttpMethods.IsPost(_apiRequestMethod); _cacheUpdateEnabled = HttpMethods.IsPut(_apiRequestMethod) || HttpMethods.IsPatch(_apiRequestMethod) || HttpMethods.IsDelete(_apiRequestMethod) || (HttpMethods.IsPost(_apiRequestMethod) && _updateMethodStartNames.Any(x => ((ControllerActionDescriptor)context.ActionDescriptor).ActionName.ToLower().StartsWith(x))); if (!_cacheUpdateEnabled) { _cacheKey = _cacheService.CreateCacheKey(context.HttpContext.Request.Path, _modelType.Name); _cacheKeyExists = _cacheService.ContainsKey(_cacheKey); } _cacheTypeExists = _cacheService.ContainsKeyType(_modelType.Name); } catch (Exception ex) { GeneralContext.Logger.Error(ex.GetApiMessageInfo()); _cacheKeyExists = false; } if ((_cacheReadEnabled && !_cacheKeyExists) || _cacheUpdateEnabled) { await next(); } }
public void Inspect(RequestAnalysisContext context, CancellationToken cancellationToken) { var method = context.Request.Method; if (!HttpMethods.IsGet(method) && !HttpMethods.IsHead(method) && !HttpMethods.IsOptions(method) && !HttpMethods.IsPost(method) && !HttpMethods.IsDelete(method) && !HttpMethods.IsPut(method) && !HttpMethods.IsPatch(method) && !HttpMethods.IsConnect(method) ) { // TRACE must be disabled if (HttpMethods.IsTrace(method)) { context.ReportDiagnostic(new Diagnostic(RuleTrace, Location.Method)); return; } // unknown method context.ReportDiagnostic(new Diagnostic(Rule, Location.Method)); // Apache directory listing exploit if (method.Equals("GETS", StringComparison.OrdinalIgnoreCase)) { context.ReportDiagnostic(new Diagnostic(RuleGets, Location.Method)); } } }
public virtual Task <IActionResult> HandleAsync(HttpRequest request) { if (HttpMethods.IsGet(request.Method)) { return(HandleGetAsync(request)); } if (HttpMethods.IsPost(request.Method)) { return(HandlePostAsync(request)); } if (HttpMethods.IsPut(request.Method)) { return(HandlePutAsync(request)); } if (HttpMethods.IsPatch(request.Method)) { return(HandlePatchAsync(request)); } if (HttpMethods.IsDelete(request.Method)) { return(HandleDeleteAsync(request)); } return(methodNotAllowed); }
static bool SetupMethodAndContent(HttpRequest request, HttpRequestMessage proxiedMessage) { var hasContent = false; var requestMethod = request.Method; // Try to use the static HttpMethods rather than creating a new one. if (HttpMethods.IsGet(requestMethod)) { proxiedMessage.Method = HttpMethod.Get; } else if (HttpMethods.IsHead(requestMethod)) { proxiedMessage.Method = HttpMethod.Head; } else if (HttpMethods.IsDelete(requestMethod)) { proxiedMessage.Method = HttpMethod.Delete; } else if (HttpMethods.IsTrace(requestMethod)) { proxiedMessage.Method = HttpMethod.Trace; } else { hasContent = true; if (HttpMethods.IsPost(requestMethod)) { proxiedMessage.Method = HttpMethod.Post; } else if (HttpMethods.IsOptions(requestMethod)) { proxiedMessage.Method = HttpMethod.Options; } else if (HttpMethods.IsPut(requestMethod)) { proxiedMessage.Method = HttpMethod.Put; } else if (HttpMethods.IsPatch(requestMethod)) { proxiedMessage.Method = HttpMethod.Patch; } else { proxiedMessage.Method = new HttpMethod(request.Method); } proxiedMessage.Content = new StreamContent(request.Body); } return(hasContent); }
/// <summary> /// Return a corresponding VerbsHttpMethod with the verb used in the request. /// </summary> /// <param name="context">ActionExecutingContext</param> /// <returns>Return VerbsHttpMethod corresponding to the request.</returns> public static VerbsHttpMethod GetVerbs(this ActionExecutingContext context) { var method = context.HttpContext.Request.Method; if (HttpMethods.IsGet(method)) { return(VerbsHttpMethod.Get); } if (HttpMethods.IsPost(method)) { return(VerbsHttpMethod.Post); } if (HttpMethods.IsDelete(method)) { return(VerbsHttpMethod.Delete); } if (HttpMethods.IsPut(method)) { return(VerbsHttpMethod.Put); } if (HttpMethods.IsHead(method)) { return(VerbsHttpMethod.Head); } if (HttpMethods.IsOptions(method)) { return(VerbsHttpMethod.Options); } if (HttpMethods.IsPatch(method)) { return(VerbsHttpMethod.Patch); } if (HttpMethods.IsTrace(method)) { return(VerbsHttpMethod.Trace); } if (HttpMethods.IsConnect(method)) { return(VerbsHttpMethod.Connect); } throw new HttpMethodNotFoundException($"Could not find the HttpMethod '{method}'"); }
/// <summary> /// Converts the given HTTP method (usually obtained from <see cref="HttpRequest.Method"/>) /// into the corresponding <see cref="HttpMethod"/> static instance. /// </summary> public static HttpMethod GetHttpMethod(string method) { if (HttpMethods.IsGet(method)) { return(HttpMethod.Get); } if (HttpMethods.IsPost(method)) { return(HttpMethod.Post); } if (HttpMethods.IsPut(method)) { return(HttpMethod.Put); } if (HttpMethods.IsDelete(method)) { return(HttpMethod.Delete); } if (HttpMethods.IsOptions(method)) { return(HttpMethod.Options); } if (HttpMethods.IsHead(method)) { return(HttpMethod.Head); } if (HttpMethods.IsPatch(method)) { return(HttpMethod.Patch); } if (HttpMethods.IsTrace(method)) { return(HttpMethod.Trace); } // NOTE: Proxying "CONNECT" is not supported (by design!) //if (HttpMethods.IsConnect(method)) //{ // return new HttpMethod("CONNECT"); //} throw new InvalidOperationException($"Unsupported request method '{method}'."); }
public async Task Invoke(HttpContext context, IIdentityService identityService) { var method = context.Request.Method; _telemetry.TrackTrace(new TraceTelemetry(identityService.GetScope(), SeverityLevel.Information)); if (HttpMethods.IsPost(method) || HttpMethods.IsPut(method) || HttpMethods.IsPatch(method)) { var body = await FormatRequestBody(context.Request); _telemetry.TrackTrace(new TraceTelemetry(body, SeverityLevel.Information)); } await _next(context); }
public async Task Invoke(HttpContext context, IIdentityService identityService) { var method = context.Request.Method; var telemetry = new TelemetryClient(new TelemetryConfiguration(_applicationInsights.InstrumentationKey)); telemetry.TrackTrace(new TraceTelemetry(identityService.GetScope(), SeverityLevel.Information)); if (HttpMethods.IsPost(method) || HttpMethods.IsPut(method) || HttpMethods.IsPatch(method)) { var body = await FormatRequestBody(context.Request); telemetry.TrackTrace(new TraceTelemetry(body, SeverityLevel.Information)); } await _next(context); }
internal static List <ActionDescriptor> SelectCandidates(IReadOnlyList <ActionDescriptor> actionDescriptors, HttpContext httpContext, RouteValueDictionary values, String path, String httpMethod) { var selectCandidates = new List <ActionDescriptor>(); for (int i = 0; i < actionDescriptors.Count; i++) { ActionDescriptor actionDescriptor = actionDescriptors[i]; if (actionDescriptor.AttributeRouteInfo != null && actionDescriptor.AttributeRouteInfo.Template != null) { RouteTemplate template = TemplateParser.Parse(actionDescriptor.AttributeRouteInfo.Template); var matcher = new TemplateMatcher(template, new RouteValueDictionary()); if (matcher.TryMatch(path, values) && ActionConstaint(actionDescriptor, httpContext, values, httpMethod)) { selectCandidates.Add(actionDescriptor); } } } if (selectCandidates.Count == 0) { if (HttpMethods.IsGet(httpMethod)) { for (int i = 0; i < actionDescriptors.Count; i++) { ActionDescriptor actionDescriptor = actionDescriptors[i]; if (actionDescriptor.AttributeRouteInfo != null && actionDescriptor.AttributeRouteInfo.Template != null && path != null && path.IndexOf(actionDescriptor.AttributeRouteInfo.Template, StringComparison.OrdinalIgnoreCase) == 1 && path[actionDescriptor.AttributeRouteInfo.Template.Length + 1] == '/' && ActionConstaint(actionDescriptor, httpContext, values, httpMethod)) { selectCandidates.Add(actionDescriptor); break; } } return(selectCandidates); } if (HttpMethods.IsPatch(httpMethod) || HttpMethods.IsDelete(httpMethod) || HttpMethods.IsPut(httpMethod)) { return(SelectCandidates(actionDescriptors, httpContext, values, path, HttpMethods.Post)); } } return(selectCandidates); }
internal static List <ActionDescriptor> SelectCandidates(IReadOnlyList <ActionDescriptor> actionDescriptors, String[] segments, String httpMethod) { var selectCandidates = new List <ActionDescriptor>(); for (int i = 0; i < actionDescriptors.Count; i++) { ActionDescriptor actionDescriptor = actionDescriptors[i]; if (actionDescriptor.AttributeRouteInfo == null) { actionDescriptor.RouteValues.TryGetValue("controller", out String value); if (String.Compare(value, segments[0], StringComparison.OrdinalIgnoreCase) == 0 && ActionConstaint(actionDescriptor, httpMethod)) { selectCandidates.Add(actionDescriptor); } } else { String[] controllerSegments = actionDescriptor.AttributeRouteInfo.Template.Split('/'); if (controllerSegments.Length != segments.Length) { continue; } bool match = false; for (int j = 0; j < controllerSegments.Length; j++) { match = String.Compare(controllerSegments[j], segments[j], StringComparison.OrdinalIgnoreCase) == 0; if (!match) { break; } } if (match && ActionConstaint(actionDescriptor, httpMethod)) { selectCandidates.Add(actionDescriptor); } } } if (selectCandidates.Count == 0 && (HttpMethods.IsPatch(httpMethod) || HttpMethods.IsDelete(httpMethod) || HttpMethods.IsPut(httpMethod))) { return(SelectCandidates(actionDescriptors, segments, HttpMethods.Post)); } return(selectCandidates); }
internal static HttpRequestConditions GetRequestConditions(this HttpRequest request) { HttpRequestConditions requestConditions = new HttpRequestConditions(); RequestHeaders requestHeaders = request.GetTypedHeaders(); if (HttpMethods.IsGet(request.Method) || HttpMethods.IsHead(request.Method)) { requestConditions.IfNoneMatch = requestHeaders.IfNoneMatch?.Select(v => v.Tag.ToString()); requestConditions.IfModifiedSince = requestHeaders.IfModifiedSince; } else if (HttpMethods.IsPut(request.Method) || HttpMethods.IsPatch(request.Method)) { requestConditions.IfMatch = requestHeaders.IfMatch?.Select(v => v.Tag.ToString()); requestConditions.IfUnmodifiedSince = requestHeaders.IfUnmodifiedSince; } return(requestConditions); }
private static Method GetMethod(string method) { if (HttpMethods.IsDelete(method)) { return(Method.DELETE); } if (HttpMethods.IsGet(method)) { return(Method.GET); } if (HttpMethods.IsHead(method)) { return(Method.HEAD); } if (HttpMethods.IsOptions(method)) { return(Method.OPTIONS); } if (HttpMethods.IsPatch(method)) { return(Method.PATCH); } if (HttpMethods.IsPost(method)) { return(Method.POST); } if (HttpMethods.IsPut(method)) { return(Method.PUT); } throw new NotSupportedException($"Http Method {method} is not supported in {typeof(Method)}."); }
private static HttpMethod GetHttpMethod(string method, out bool?hasBody) { if (HttpMethods.IsDelete(method)) { hasBody = null; return(HttpMethod.Delete); } else if (HttpMethods.IsGet(method)) { hasBody = false; return(HttpMethod.Get); } else if (HttpMethods.IsHead(method)) { hasBody = false; return(HttpMethod.Head); } else if (HttpMethods.IsOptions(method)) { hasBody = null; return(HttpMethod.Options); } else if (HttpMethods.IsPost(method)) { hasBody = true; return(HttpMethod.Post); } else if (HttpMethods.IsPut(method)) { hasBody = true; return(HttpMethod.Put); } else if (HttpMethods.IsPatch(method)) { hasBody = true; return(HttpMethod.Patch); } else if (HttpMethods.IsTrace(method)) { hasBody = null; return(HttpMethod.Trace); } hasBody = null; return(new HttpMethod(method)); }
private string SelectActionImpl(RouteContext routeContext, SelectControllerResult controllerResult, IEnumerable <ControllerActionDescriptor> actionDescriptors) { Microsoft.AspNet.OData.Routing.ODataPath odataPath = routeContext.HttpContext.ODataFeature().Path; HttpRequest request = routeContext.HttpContext.Request; if (odataPath.PathTemplate.EndsWith("$ref")) { if (HttpMethods.IsDelete(request.Method)) { return(actionDescriptors.FindMatchingAction("DeleteRef")); } else if (HttpMethods.IsPost("$ref") || HttpMethods.IsPut("$ref")) { return(actionDescriptors.FindMatchingAction("CreateRef")); } } else if (odataPath.PathTemplate.EndsWith("$count")) { // $count is only supported for GET requests if (HttpMethods.IsGet(request.Method)) { return(actionDescriptors.FindMatchingAction("Get")); } } else if (HttpMethods.IsGet(request.Method)) { // A single Get method will handle all Get requests. // It should contain the logic for traversing potenially nested path // and extract the relevant keys and navigation properties return(actionDescriptors.FindMatchingAction("Get")); } // TODO: we currently do not support nested paths for Create/Update/Delete requests // TODO: verify whether we support casts else if (HttpMethods.IsPost(request.Method)) { if (odataPath.PathTemplate == "~/entityset" || odataPath.PathTemplate == "~/entityset/cast") { return(actionDescriptors.FindMatchingAction("Post")); } } else if (odataPath.PathTemplate == "~/entityset/key" || odataPath.PathTemplate == "~/entityset/key/cast" || odataPath.PathTemplate == "~/singleton" || odataPath.PathTemplate == "~/singleton/cast") { if (HttpMethods.IsPut(request.Method)) { return(actionDescriptors.FindMatchingAction("Put")); } else if (HttpMethods.IsPatch(request.Method)) { // TODO: we should filter support for navigation properties / nested paths return(actionDescriptors.FindMatchingAction("Patch")); } else if (HttpMethods.IsDelete(request.Method)) { // TODO: we should filter support for navigation properties / nested paths return(actionDescriptors.FindMatchingAction("Delete")); } } return(null); }
private string SelectActionImpl(RouteContext routeContext, SelectControllerResult controllerResult, IEnumerable <ControllerActionDescriptor> actionDescriptors) { Microsoft.AspNet.OData.Routing.ODataPath odataPath = routeContext.HttpContext.ODataFeature().Path; HttpRequest request = routeContext.HttpContext.Request; if (odataPath.PathTemplate == "~/entityset") { EntitySetSegment entitySetSegment = (EntitySetSegment)odataPath.Segments[0]; IEdmEntitySetBase entitySet = entitySetSegment.EntitySet; if (HttpMethods.IsGet(request.Method)) { // e.g. Try GetCustomers first, then fall back to Get action name return(actionDescriptors.FindMatchingAction( "Get" + entitySet.Name, "Get")); } else if (HttpMethods.IsPost(request.Method)) { // e.g. Try PostCustomer first, then fall back to Post action name return(actionDescriptors.FindMatchingAction( "Post" + entitySet.EntityType().Name, "Post")); } } else if (odataPath.PathTemplate == "~/entityset/key" || odataPath.PathTemplate == "~/entityset/key/cast") { string httpMethodName; if (HttpMethods.IsGet(request.Method)) { httpMethodName = "Get"; } else if (HttpMethods.IsPut(request.Method)) { httpMethodName = "Put"; } else if (HttpMethods.IsPatch(request.Method)) { httpMethodName = "Patch"; } else if (HttpMethods.IsDelete(request.Method)) { httpMethodName = "Delete"; } else { return(null); } Contract.Assert(httpMethodName != null); IEdmEntityType entityType = (IEdmEntityType)odataPath.EdmType; // e.g. Try GetCustomer first, then fallback on Get action name string actionName = actionDescriptors.FindMatchingAction( httpMethodName + entityType.Name, httpMethodName); if (actionName != null) { KeySegment keySegment = (KeySegment)odataPath.Segments[1]; // TODO: Add key/value to RouteData return(actionName); } } else if (odataPath.PathTemplate == "~/entityset/$count" && HttpMethods.IsGet(request.Method)) { EntitySetSegment entitySetSegment = (EntitySetSegment)odataPath.Segments[0]; IEdmEntitySetBase entitySet = entitySetSegment.EntitySet; // e.g. Try GetCustomers first, then fall back to Get action name return(actionDescriptors.FindMatchingAction( "Get" + entitySet.Name, "Get")); } else if (odataPath.PathTemplate == "~/entityset/cast") { EntitySetSegment entitySetSegment = (EntitySetSegment)odataPath.Segments[0]; IEdmEntitySetBase entitySet = entitySetSegment.EntitySet; IEdmCollectionType collectionType = (IEdmCollectionType)odataPath.EdmType; IEdmEntityType entityType = (IEdmEntityType)collectionType.ElementType.Definition; if (HttpMethods.IsGet(request.Method)) { // e.g. Try GetCustomersFromSpecialCustomer first, then fall back to GetFromSpecialCustomer return(actionDescriptors.FindMatchingAction( "Get" + entitySet.Name + "From" + entityType.Name, "GetFrom" + entityType.Name)); } else if (HttpMethods.IsPost(request.Method)) { // e.g. Try PostCustomerFromSpecialCustomer first, then fall back to PostFromSpecialCustomer return(actionDescriptors.FindMatchingAction( "Post" + entitySet.EntityType().Name + "From" + entityType.Name, "PostFrom" + entityType.Name)); } } else if (odataPath.PathTemplate == "~/entityset/cast/$count" && HttpMethods.IsGet(request.Method)) { EntitySetSegment entitySetSegment = (EntitySetSegment)odataPath.Segments[0]; IEdmEntitySetBase entitySet = entitySetSegment.EntitySet; IEdmCollectionType collectionType = (IEdmCollectionType)odataPath.Segments[1].EdmType; IEdmEntityType entityType = (IEdmEntityType)collectionType.ElementType.Definition; // e.g. Try GetCustomersFromSpecialCustomer first, then fall back to GetFromSpecialCustomer return(actionDescriptors.FindMatchingAction( "Get" + entitySet.Name + "From" + entityType.Name, "GetFrom" + entityType.Name)); } return(null); }
private static bool MethodHasBody(string method) => HttpMethods.IsPost(method) || HttpMethods.IsPut(method) || HttpMethods.IsPatch(method);
protected override async Task <bool> ProcessInternal(HttpContext context, CancellationToken ct) { var request = context.Request; PathString partialPath; if (!request.Path.StartsWithSegments(_options.Value.MountPoint, out partialPath)) { return(false); } var pathSegments = partialPath.Value?.Split('/').Where(x => !x.Trim().IsNullOrEmpty()).ToArray(); if (pathSegments == null || pathSegments.Length < 2) { return(false); } var model = await MetaService.GetModel(pathSegments[0], ct); pathSegments = pathSegments.Skip(1).ToArray(); var headers = context.Request.GetTypedHeaders(); var requestSerializer = _serializerFactory.GetByMediaType(headers.ContentType?.MediaType); var responseSerializer = headers.Accept.IsNullOrEmpty() ? requestSerializer : _serializerFactory.GetByMediaType(headers.Accept.Safe().Select(x => x.MediaType)); var processParams = new RestProcessParameters(context, headers, pathSegments, model, requestSerializer, responseSerializer); if (HttpMethods.IsGet(request.Method)) { await ProcessQuery(processParams, ct); return(true); } if (HttpMethods.IsPost(request.Method)) { await ProcessPostCommand(processParams, ct); return(true); } if (HttpMethods.IsPut(request.Method)) { await ProcessPutCommand(processParams, ct); return(true); } if (HttpMethods.IsPatch(request.Method)) { await ProcessPatchCommand(processParams, ct); return(true); } if (HttpMethods.IsDelete(request.Method)) { await ProcessDeleteCommand(processParams, ct); return(true); } throw new NotSupportedException(); }
/// <summary> /// Excludes a mapped path, optionally based on the given HTTP method. If HTTP method is not specified, every request to this path will not be used by <see cref="HttpSignatureMiddleware"/>. /// </summary> /// <param name="pathString">The path to exclude.</param> /// <param name="httpMethods">The HTTP methods to exclude for the given path.</param> public HttpSignatureOptions IgnorePath(PathString pathString, params string[] httpMethods) { if (pathString == null) { throw new ArgumentNullException(nameof(pathString), "Cannot ignore a null path."); } var path = pathString.Value.EnsureLeadingSlash().ToTemplatedDynamicPath(); // No HTTP methods specified, so exclude just the path (implies that all HTTP methods will be excluded for this path). if (httpMethods?.Length == 0) { IgnoredPaths.Add(path, "*"); return(this); } // Validate HTTP method. // There are more of course, but this seems enough for our needs. foreach (var method in httpMethods) { var isValidHttpMethod = HttpMethods.IsGet(method) || HttpMethods.IsPost(method) || HttpMethods.IsPut(method) || HttpMethods.IsDelete(method) || HttpMethods.IsPatch(method); if (!isValidHttpMethod) { throw new ArgumentException($"HTTP method {method} is not valid."); } } if (!IgnoredPaths.ContainsKey(path)) { IgnoredPaths.Add(path, string.Join('|', httpMethods)); } else { var methods = IgnoredPaths[path].Split('|').Union(httpMethods); IgnoredPaths[path] = string.Join('|', methods); } return(this); }
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IAntiforgery antiforgery) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseHsts(); } app.UseHttpsRedirection(); app.UseMiddleware <StrictSameSiteMiddleware>(); app.UseAuthentication(); app.UseResponseCompression(); app.Use(async(context, next) => { if (!context.User.Identity.IsAuthenticated) { await context.ChallengeAsync(); return; } await next(); }); app.Use(async(context, next) => { if (HttpMethods.IsPost(context.Request.Method) || HttpMethods.IsPatch(context.Request.Method) || HttpMethods.IsPut(context.Request.Method) || HttpMethods.IsDelete(context.Request.Method)) { await antiforgery.ValidateRequestAsync(context); } await next(); }); app.Use(next => context => { string path = context.Request.Path.Value; if ( string.Equals(path, "/", StringComparison.OrdinalIgnoreCase) || string.Equals(path, "/index.html", StringComparison.OrdinalIgnoreCase)) { var tokens = antiforgery.GetAndStoreTokens(context); context.Response.Headers.Append("X-XSRF-TOKEN", tokens.RequestToken); } return(next(context)); }); app.Map("/api", api => { api.RunProxy(async context => { var forwardContext = context.ForwardTo(Env.GetString("API_HTTPS_URL")); try { var token = await context.GetUserAccessTokenAsync(); forwardContext.UpstreamRequest.SetBearerToken(token); return(await forwardContext.Send()); } catch (Exception ex) { throw ex; } }); }); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapDefaultControllerRoute().RequireAuthorization(); }); app.UseSpaStaticFiles(); app.UseSpa(spa => { spa.Options.SourcePath = "Resources"; if (env.IsDevelopment()) { spa.UseVueDevelopmentServer(Env.GetString("APP_VUE_DEVELOPMENT_SERVER_URL")); } }); }
public static async Task <JsonApiRequest> FromHttpRequestAsync(HttpRequest request) { var body = await new StreamReader(request.Body).ReadToEndAsync(); return(new JsonApiRequest(GetUserName(), GetAction(), body, ParseDictionary(request.Headers), ParseDictionary(request.Query))); RequestAction GetAction() => (HttpMethods.IsGet(request.Method)) ? RequestAction.Get : (HttpMethods.IsPost(request.Method) || HttpMethods.IsPut(request.Method) || HttpMethods.IsPatch(request.Method)) ? RequestAction.Save : (HttpMethods.IsDelete(request.Method)) ? RequestAction.Delete : throw new Exception($"Unsupported method: {request.Method}"); string GetUserName() { try { return(request.HttpContext.User.Identity.Name); } catch { return(null); } } Dictionary <string, StringValues> ParseDictionary(IEnumerable <KeyValuePair <string, StringValues> > collection) => collection .GroupBy(item => item.Key) .ToDictionary( grp => grp.Key, grp => new StringValues(grp.SelectMany(item => item.Value).ToArray())); }
/// <summary> /// /// </summary> /// <param name="request"></param> /// <returns>Cache Validation Status</returns> public static CacheValidationStatus GetCacheValidationStatus(this HttpRequest request) { var typedHeaders = request.GetTypedHeadersWithCaching(); if (HttpMethods.IsGet(request.Method)) { if (typedHeaders.IfModifiedSince.HasValue) { return(CacheValidationStatus.GetIfModifiedSince); } if (typedHeaders.IfNoneMatch != null && typedHeaders.IfNoneMatch.Count > 0) { return(CacheValidationStatus.GetIfNoneMatch); } } if (HttpMethods.IsPut(request.Method) || HttpMethods.IsDelete(request.Method) || HttpMethods.IsPatch(request.Method)) { if (typedHeaders.IfUnmodifiedSince.HasValue) { return(CacheValidationStatus.PutPatchDeleteIfUnModifiedSince); } if (typedHeaders.IfMatch != null && typedHeaders.IfMatch.Count > 0) { return(CacheValidationStatus.PutPatchDeleteIfMatch); } } return(CacheValidationStatus.None); }
/// <summary> /// Takes a snapshot of the current request body. /// </summary> /// <returns></returns> internal async Task SnapRequestBody() { var method = HttpContext.Request.Method; HttpContext.Request.EnableBuffering(); // Only if we are dealing with POST or PUT, GET and others shouldn't have a body. if (HttpContext.Request.Body.CanRead && (HttpMethods.IsPost(method) || HttpMethods.IsPut(method) || HttpMethods.IsPatch(method))) { // Leave stream open so next middleware can read it. using var reader = new StreamReader(HttpContext.Request.Body, Encoding.UTF8, detectEncodingFromByteOrderMarks: false, bufferSize: 512, leaveOpen: true); RequestBody = await reader.ReadToEndAsync(); // Reset stream position, so next middleware can read it. HttpContext.Request.Body.Seek(0, SeekOrigin.Begin); } }