[AllowAnonymous] // bootstrap
public string RetrieveKey([FromBody] JsonElement body)
{
_log.LogDebug("RetrieveKey method was called!");
string proof = body.GetString();
string userManagedPassword = _configuration.GetValue <string>(MagicConstants.EnvironmentVariable_SharedSecret);
if (string.IsNullOrEmpty(userManagedPassword))
{
throw new InvalidOperationException($"{MagicConstants.EnvironmentVariable_SharedSecret} environment variable is required by CLI");
}
if (proof == SharedSecret.DeriveFromPassword(userManagedPassword))
{
return(_apiKeyRepo.PickValidKey());
}
else
{
_log.LogError("API Key request failed from {0}", HttpContext.Connection.RemoteIpAddress);
return(MagicConstants.InvalidApiKey);
}
}
internal async Task <Guid> AddFromUrlAsync(string projectName, string @event, EventFilters filters, Uri targetUrl, string ruleName, bool impersonateExecution, CancellationToken cancellationToken)
{
async Task <(Uri, string)> RetrieveHostedUrl(string _ruleName, CancellationToken _cancellationToken)
{
string apiKey = MagicConstants.InvalidApiKey;
logger.WriteVerbose($"Validating target URL {targetUrl.AbsoluteUri}");
string userManagedPassword = Environment.GetEnvironmentVariable(MagicConstants.EnvironmentVariable_SharedSecret);
if (string.IsNullOrEmpty(userManagedPassword))
{
throw new ApplicationException($"{MagicConstants.EnvironmentVariable_SharedSecret} environment variable is required for this command");
}
string proof = SharedSecret.DeriveFromPassword(userManagedPassword);
var configUrl = new UriBuilder(targetUrl);
configUrl.Path += $"config/key";
var handler = new HttpClientHandler()
{
SslProtocols = SslProtocols.Tls12,// | SslProtocols.Tls11 | SslProtocols.Tls,
ServerCertificateCustomValidationCallback = delegate { return(true); }
};
using (var client = new HttpClient(handler))
using (var request = new HttpRequestMessage(HttpMethod.Post, configUrl.Uri))
{
using (request.Content = new StringContent($"\"{proof}\"", Encoding.UTF8, "application/json"))
using (var response = await client.SendAsync(request, cancellationToken))
{
switch (response.StatusCode)
{
case HttpStatusCode.OK:
logger.WriteVerbose($"Connection to {targetUrl} succeded");
apiKey = await response.Content.ReadAsStringAsync();
logger.WriteInfo($"Configuration retrieved.");
break;
default:
logger.WriteError($"{targetUrl} returned {response.ReasonPhrase}.");
break;
}//switch
}
}
if (string.IsNullOrEmpty(apiKey) || apiKey == MagicConstants.InvalidApiKey)
{
throw new ApplicationException("Unable to retrieve API Key, please check Shared secret configuration");
}
var b = new UriBuilder(targetUrl);
b.Path += $"workitem/{_ruleName}";
return(b.Uri, apiKey);
}
return(await CoreAddAsync(projectName, @event, filters, ruleName, impersonateExecution, RetrieveHostedUrl, MagicConstants.ApiKeyAuthenticationHeaderName, cancellationToken));
}