internal static async Task <(string, AuthorizationLevel)> GetAuthorizationLevelAsync(ISecretManager secretManager, string keyValue, string functionName = null)
{
// see if the key specified is the master key
HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync();
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin);
}
if (HasMatchingKey(hostSecrets.SystemKeys, keyValue, out string keyName))
{
return(keyName, AuthorizationLevel.System);
}
// see if the key specified matches the host function key
if (HasMatchingKey(hostSecrets.FunctionKeys, keyValue, out keyName))
{
return(keyName, AuthorizationLevel.Function);
}
// If there is a function specific key specified try to match against that
if (functionName != null)
{
IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
if (HasMatchingKey(functionSecrets, keyValue, out keyName))
{
return(keyName, AuthorizationLevel.Function);
}
}
return(null, AuthorizationLevel.Anonymous);
}
private async Task <Dictionary <string, string> > GetHostSecretsByScope(string secretsScope, bool includeMasterInSystemKeys = false)
{
var hostSecrets = await _secretManager.GetHostSecretsAsync();
if (string.Equals(secretsScope, HostKeyScopes.FunctionKeys, StringComparison.OrdinalIgnoreCase))
{
return(hostSecrets.FunctionKeys);
}
else if (string.Equals(secretsScope, HostKeyScopes.SystemKeys, StringComparison.OrdinalIgnoreCase))
{
Dictionary <string, string> keys = hostSecrets.SystemKeys ?? new Dictionary <string, string>();
if (includeMasterInSystemKeys)
{
keys = new Dictionary <string, string>(keys)
{
{ MasterKeyName, hostSecrets.MasterKey }
};
}
return(keys);
}
return(null);
}
internal static async Task <KeyAuthorizationResult> GetAuthorizationResultAsync(HttpRequestMessage request, ISecretManager secretManager,
Func <IDictionary <string, string>, string, string, string> matchEvaluator, string keyName = null, string functionName = null)
{
// first see if a key value is specified via headers or query string (header takes precedence)
IEnumerable <string> values;
string keyValue = null;
if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
{
keyValue = values.FirstOrDefault();
}
else
{
var queryParameters = request.GetQueryParameterDictionary();
queryParameters.TryGetValue("code", out keyValue);
}
if (!string.IsNullOrEmpty(keyValue))
{
// see if the key specified is the master key
HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(new KeyAuthorizationResult(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin));
}
string matchedKeyName = matchEvaluator(hostSecrets.SystemKeys, keyName, keyValue);
if (matchedKeyName != null)
{
return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.System));
}
// see if the key specified matches the host function key
matchedKeyName = matchEvaluator(hostSecrets.FunctionKeys, keyName, keyValue);
if (matchedKeyName != null)
{
return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.Function));
}
// if there is a function specific key specified try to match against that
if (functionName != null)
{
var functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
matchedKeyName = matchEvaluator(functionSecrets, keyName, keyValue);
if (matchedKeyName != null)
{
return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.Function));
}
}
}
return(new KeyAuthorizationResult(null, AuthorizationLevel.Anonymous));
}
internal static async Task <(string, AuthorizationLevel)> GetAuthorizationKeyInfoAsync(HttpRequest request, ISecretManagerProvider secretManagerProvider)
{
// first see if a key value is specified via headers or query string (header takes precedence)
string keyValue = null;
if (request.Headers.TryGetValue(FunctionsKeyHeaderName, out StringValues values))
{
keyValue = values.First();
}
else if (request.Query.TryGetValue("code", out values))
{
keyValue = values.First();
}
if (!string.IsNullOrEmpty(keyValue))
{
ISecretManager secretManager = secretManagerProvider.Current;
// see if the key specified is the master key
HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin);
}
if (HasMatchingKey(hostSecrets.SystemKeys, keyValue, out string keyName))
{
return(keyName, AuthorizationLevel.System);
}
// see if the key specified matches the host function key
if (HasMatchingKey(hostSecrets.FunctionKeys, keyValue, out keyName))
{
return(keyName, AuthorizationLevel.Function);
}
// If there is a function specific key specified try to match against that
IFunctionExecutionFeature executionFeature = request.HttpContext.Features.Get <IFunctionExecutionFeature>();
if (executionFeature != null)
{
IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(executionFeature.Descriptor.Name);
if (HasMatchingKey(functionSecrets, keyValue, out keyName))
{
return(keyName, AuthorizationLevel.Function);
}
}
}
return(null, AuthorizationLevel.Anonymous);
}
internal static async Task <AuthorizationLevel> GetAuthorizationLevelAsync(HttpRequestMessage request, ISecretManager secretManager, string functionName = null)
{
// TODO: Add support for validating "EasyAuth" headers
// first see if a key value is specified via headers or query string (header takes precedence)
IEnumerable <string> values;
string keyValue = null;
if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
{
keyValue = values.FirstOrDefault();
}
else
{
var queryParameters = request.GetQueryParameterDictionary();
queryParameters.TryGetValue("code", out keyValue);
}
if (!string.IsNullOrEmpty(keyValue))
{
// see if the key specified is the master key
HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);
if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
{
return(AuthorizationLevel.Admin);
}
// see if the key specified matches the host function key
if (hostSecrets.FunctionKeys != null &&
hostSecrets.FunctionKeys.Any(k => Key.SecretValueEquals(keyValue, k.Value)))
{
return(AuthorizationLevel.Function);
}
// if there is a function specific key specified try to match against that
if (functionName != null)
{
IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
if (functionSecrets != null &&
functionSecrets.Values.Any(s => Key.SecretValueEquals(keyValue, s)))
{
return(AuthorizationLevel.Function);
}
}
}
return(AuthorizationLevel.Anonymous);
}
private async Task <string> GetOrCreateExtensionKey(string extensionName)
{
var hostSecrets = _secretManager.GetHostSecretsAsync().GetAwaiter().GetResult();
string keyName = GetKeyName(extensionName);
string keyValue = null;
if (!hostSecrets.SystemKeys.TryGetValue(keyName, out keyValue))
{
// if the requested secret doesn't exist, create it on demand
keyValue = SecretManager.GenerateSecret();
await _secretManager.AddOrUpdateFunctionSecretAsync(keyName, keyValue, HostKeyScopes.SystemKeys, ScriptSecretsType.Host);
}
return(keyValue);
}
private async Task <Dictionary <string, string> > GetHostSecretsByScope(string secretsScope)
{
var hostSecrets = await _secretManager.GetHostSecretsAsync();
if (string.Equals(secretsScope, HostKeyScopes.FunctionKeys, StringComparison.OrdinalIgnoreCase))
{
return(hostSecrets.FunctionKeys);
}
else if (string.Equals(secretsScope, HostKeyScopes.SystemKeys, StringComparison.OrdinalIgnoreCase))
{
return(hostSecrets.SystemKeys);
}
return(null);
}
private async Task <string> GetOrCreateExtensionKey(string extensionName)
{
ISecretManager secretManager = _secretManagerProvider.Current;
var hostSecrets = await secretManager.GetHostSecretsAsync();
string keyName = GetKeyName(extensionName);
string keyValue;
if (!hostSecrets.SystemKeys.TryGetValue(keyName, out keyValue))
{
// if the requested secret doesn't exist, create it on demand
keyValue = SecretGenerator.GenerateSystemKeyValue();
await secretManager.AddOrUpdateFunctionSecretAsync(keyName, keyValue, HostKeyScopes.SystemKeys, ScriptSecretsType.Host);
}
return(keyValue);
}
public async Task <string> GetMasterKeyAsync()
{
HostSecretsInfo secrets = await SecretManager.GetHostSecretsAsync();
return(secrets.MasterKey);
}
public async Task <IHttpActionResult> Get()
{
var hostSecrets = await _secretManager.GetHostSecretsAsync();
return(GetKeysResult(hostSecrets.FunctionKeys));
}