protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms, IRequest request, IHttpContext context)
{
if (!cmd.RequiresToken)
{
return(base.ExecuteCommand(cmd, verbs, parms, request, context));
}
var token = parms["token"];
if (token == null)
{
return new RestObject("401")
{
Error = "Not authorized. The specified API endpoint requires a token."
}
}
;
SecureRestCommand secureCmd = (SecureRestCommand)cmd;
TokenData tokenData;
if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData))
{
return new RestObject("403")
{
Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid."
}
}
;
Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName);
if (userGroup == null)
{
Tokens.Remove(token);
return(new RestObject("403")
{
Error = "Not authorized. The provided token became invalid due to group changes, please create a new token."
});
}
if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm)))
{
return(new RestObject("403")
{
Error = string.Format("Not authorized. User \"{0}\" has no access to use the specified API endpoint.", tokenData.Username)
});
}
//Main.rand being null can cause issues in command execution.
//This should solve that
if (Main.rand == null)
{
Main.rand = new Terraria.Utilities.UnifiedRandom();
}
object result = secureCmd.Execute(verbs, parms, tokenData, request, context);
if (cmd.DoLog && TShock.Config.Settings.LogRest)
{
TShock.Utils.SendLogs(string.Format(
"\"{0}\" requested REST endpoint: {1}", tokenData.Username, this.BuildRequestUri(cmd, verbs, parms, false)),
Color.PaleVioletRed);
}
return(result);
}
}
}
protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms, IRequest request)
{
if (!cmd.RequiresToken)
{
return(base.ExecuteCommand(cmd, verbs, parms, request));
}
var token = parms["token"];
if (token == null)
{
return new RestObject("401")
{
Error = "Not authorized. The specified API endpoint requires a token."
}
}
;
SecureRestCommand secureCmd = (SecureRestCommand)cmd;
TokenData tokenData;
if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData))
{
return new RestObject("403")
{
Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid."
}
}
;
// TODO: Get rid of this when the old REST permission model is removed.
if (TShock.Config.RestUseNewPermissionModel)
{
Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName);
if (userGroup == null)
{
Tokens.Remove(token);
return(new RestObject("403")
{
Error = "Not authorized. The provided token became invalid due to group changes, please create a new token."
});
}
if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm)))
{
return(new RestObject("403")
{
Error = string.Format("Not authorized. User \"{0}\" has no access to use the specified API endpoint.", tokenData.Username)
});
}
}
object result = secureCmd.Execute(verbs, parms, tokenData, request);
if (cmd.DoLog && TShock.Config.LogRest)
{
TShock.Utils.SendLogs(string.Format(
"\"{0}\" requested REST endpoint: {1}", tokenData.Username, this.BuildRequestUri(cmd, verbs, parms, false)),
Color.PaleVioletRed);
}
return(result);
}
}
}
