public HttpResponseMessage Summary(string guid)
{
if (!SessionManager.SessionExists(guid))
{
// Session doesn't exist.
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Invalid session."));
}
try
{
// Get the users ip address.
string ipAddress = HttpContext.Current.Request.UserHostAddress;
// Get the session.
Session sessionObj = SessionManager.GetSession(guid);
// Create a deploy operation.
Deployment deployOperation = new Deployment(sessionObj, ipAddress);
var summary = deployOperation.Summary();
return(Request.CreateResponse(HttpStatusCode.OK, summary));
}
catch (Exception ex)
{
EventLogManager.Log("SESSION_EXCEPTION", EventLogSeverity.Warning, null, ex);
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex));
}
}
public async Task <HttpResponseMessage> AddPackages(string sessionGuid)
{
if (!SessionManager.SessionExists(sessionGuid))
{
// Session doesn't exist.
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Invalid session."));
}
try
{
// Does the request contain multipart/form-data?
if (!Request.Content.IsMimeMultipartContent())
{
throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
}
// Get the api key from the header.
string apiKey = Request.Headers.GetValues("x-api-key").FirstOrDefault();
// Get the api user.
APIUser apiUser = APIUserManager.FindAndPrepare(apiKey);
// Receive files.
MultipartMemoryStreamProvider provider = await Request.Content.ReadAsMultipartAsync();
foreach (HttpContent file in provider.Contents)
{
EventLogManager.Log("httpcontent filename: ", EventLogSeverity.Warning, "hard coded", null);
//EventLogManager.Log("httpcontent filename: ", EventLogSeverity.Warning, file.Headers.ContentDisposition.FileName.ToString(), null);
//string filename = file.Headers.ContentDisposition.FileName.Replace("\"", "");
string filename = "DonorsTrust_Install.zip";
using (MemoryStream ms = new MemoryStream(await file.ReadAsByteArrayAsync()))
{
EventLogManager.Log("MemoryStream ms length: ", EventLogSeverity.Warning, ms.Length.ToString(), null);
EventLogManager.Log("apiUser.EncryptionKey: ", EventLogSeverity.Warning, apiUser.EncryptionKey.ToString(), null);
using (Stream ds = Crypto.Decrypt(ms, apiUser.EncryptionKey))
{
SessionManager.AddPackage(sessionGuid, ds, filename);
}
}
}
}
catch (Exception ex)
{
EventLogManager.Log("REMOTE_EXCEPTION", EventLogSeverity.Warning, null, ex);
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message));
}
return(Request.CreateResponse(HttpStatusCode.Created));
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
bool authenticated = false;
string message = "Access denied.";
string apiKey = null;
try
{
// Is there an api key header present?
if (actionContext.Request.Headers.Contains("x-api-key"))
{
// Get the api key from the header.
apiKey = actionContext.Request.Headers.GetValues("x-api-key").FirstOrDefault();
// Make sure it's not null and it's 32 characters or we're wasting our time.
if (apiKey != null && apiKey.Length == 32)
{
// Attempt to look up the api user.
APIUser apiUser = APIUserManager.GetByAPIKey(apiKey);
// Did we find one and double check the api key.
if (apiUser != null && apiUser.APIKey == apiKey)
{
// Genuine API user.
authenticated = true;
}
}
}
}
catch (Exception ex)
{
// Set appropriate message.
message = "An error occurred while trying to authenticate this request.";
EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex);
}
// If authentication failure occurs, return a response without carrying on executing actions.
if (!authenticated)
{
EventLogManager.Log("AUTH_BAD_APIKEY", EventLogSeverity.Warning, string.Format("Authentication failed for API key: {0}.", apiKey));
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message);
}
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
bool authenticated = false;
string message = "Access denied.";
string apiKey = null;
try
{
apiKey = actionContext.Request.GetApiKey();
EventLogManager.Log("api-key is", EventLogSeverity.Info, apiKey);
// Make sure it's not null and it's 32 characters or we're wasting our time.
if (apiKey != null && apiKey.Length == 32)
{
EventLogManager.Log("Find APIUSER using key", EventLogSeverity.Info, apiKey);
// Attempt to look up the api user.
APIUser apiUser = APIUserManager.FindAndPrepare(apiKey);
EventLogManager.Log("APIUSER.prepared ", EventLogSeverity.Info, apiUser.Prepared.ToString());
// Did we find one and is it ready to use?
if (apiUser != null && apiUser.Prepared)
{
EventLogManager.Log("Authenticated URI: ", EventLogSeverity.Info, "True: " + actionContext.Request.RequestUri);
// Genuine API user.
authenticated = true;
}
}
}
catch (Exception ex)
{
// Set appropriate message.
message = "An error occurred while trying to authenticate this request.";
EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex);
}
// If authentication failure occurs, return a response without carrying on executing actions.
if (!authenticated)
{
EventLogManager.Log("AUTH_BAD_APIKEY", EventLogSeverity.Warning, string.Format("Authentication failed for API key: {0}.", apiKey));
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message);
}
}
public void Deploy()
{
// Do the install.
JavaScriptSerializer jsonSer = new JavaScriptSerializer();
SessionDataController dc = new SessionDataController();
// Set as started.
Session.Status = SessionStatus.InProgess;
dc.Update(Session);
// Install in order.
foreach (KeyValuePair <int, InstallJob> keyPair in OrderedInstall)
{
// Get install job.
InstallJob job = keyPair.Value;
// Attempt install.
job.Install();
// Log package installs.
foreach (PackageJob package in job.Packages)
{
string log = string.Format("Package successfully installed: {0} @ {1}, session: {2}.", package.Name, package.VersionStr, Session.Guid);
EventLogManager.Log("PACKAGE_INSTALLED", EventLogSeverity.Info, log);
}
// Make sorted list serialisable.
SortedList <string, InstallJob> serOrderedInstall = new SortedList <string, InstallJob>();
foreach (KeyValuePair <int, InstallJob> pair in OrderedInstall)
{
serOrderedInstall.Add(pair.Key.ToString(), pair.Value);
}
// After each install job, update response.
Session.Response = jsonSer.Serialize(serOrderedInstall);
dc.Update(Session);
}
// Done.
Session.Status = SessionStatus.Complete;
dc.Update(Session);
}
public static string GetApiKey(this HttpRequestMessage request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
var message = request.Headers.ToString() + " <br /> <br /> " + request.RequestUri;
EventLogManager.Log("Get ApiKey Headers: ", EventLogSeverity.Info, message, null);
// Is there an api key header present?
if (request.Headers.Contains("x-api-key"))
{
EventLogManager.Log("Inside Contains x-api-key", EventLogSeverity.Info, request.Headers.GetValues("x-api-key").FirstOrDefault().ToString(), null);
// Get the api key from the header.
return(request.Headers.GetValues("x-api-key").FirstOrDefault());
}
return(null);
}
public async Task <HttpResponseMessage> AddPackage(string guid)
{
if (!SessionManager.SessionExists(guid))
{
// Session doesn't exist.
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Invalid session."));
}
try
{
// Does the request contain multipart/form-data?
if (!Request.Content.IsMimeMultipartContent())
{
throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
}
// Receive files.
MultipartMemoryStreamProvider provider = await Request.Content.ReadAsMultipartAsync();
// TODO: Add filtering so that non .zip archives are not added.
foreach (HttpContent file in provider.Contents)
{
string filename = file.Headers.ContentDisposition.FileName.Replace("\"", "");
using (MemoryStream ms = new MemoryStream(await file.ReadAsByteArrayAsync()))
{
SessionManager.AddPackage(guid, ms, filename);
}
}
}
catch (Exception ex)
{
EventLogManager.Log("SESSION_EXCEPTION", EventLogSeverity.Warning, null, ex);
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message));
}
return(Request.CreateResponse(HttpStatusCode.Created));
}
public HttpResponseMessage Install(string sessionGuid)
{
if (!SessionManager.SessionExists(sessionGuid))
{
// Session doesn't exist.
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Invalid session."));
}
string apiKey = null;
try
{
// Get the users ip address.
string ipAddress = HttpContext.Current.Request.UserHostAddress;
// Get the api key from the header.
apiKey = Request.Headers.GetValues("x-api-key").FirstOrDefault();
// Get the session.
Session sessionObj = SessionManager.GetSession(sessionGuid);
// Create a deploy operation.
RemoteDeployment deployOperation = new RemoteDeployment(sessionObj, ipAddress, apiKey);
// Deploy.
deployOperation.Deploy();
}
catch (Exception ex)
{
EventLogManager.Log("REMOTE_EXCEPTION", EventLogSeverity.Warning, null, ex);
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message));
}
return(Request.CreateResponse(HttpStatusCode.OK, "Operation started."));
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
bool authenticated = false;
string message = "Access denied.";
string forwardingAddress = null;
string clientIpAddress = null;
try
{
// There is a strong possibility that this is not the ip address of the machine
// that sent the request. Being behind a load balancer with transparancy switched
// off or being served through CloudFlare will both affect this value.
clientIpAddress = HttpContext.Current.Request.UserHostAddress;
// We need to get the X-Forwarded-For header from the request, if this is set we
// should use it instead of the ip address from the request.
string forwardedFor = HttpContext.Current.Request.Headers.Get("X-Forwarded-For");
// Forwarded for set?
if (forwardedFor != null)
{
forwardingAddress = clientIpAddress;
clientIpAddress = forwardedFor;
}
// Got the ip address?
if (!string.IsNullOrEmpty(clientIpAddress))
{
// Is it whitelisted or localhost?
if (IPSpecManager.IsWhitelisted(clientIpAddress) || clientIpAddress.Equals("127.0.0.1"))
{
authenticated = true;
}
}
}
catch (Exception ex)
{
// Set appropriate message.
message = "An error occurred while trying to authenticate this request.";
EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex);
}
// If authentication failure occurs, return a response without carrying on executing actions.
if (!authenticated)
{
string log = string.Format("Whitelist check failed for IP address: {0}.", clientIpAddress);
// Was it forwarded?
if (forwardingAddress != null)
{
log = string.Format("Whitelist check failed for IP address: {0}, forwarded by: {1}.", clientIpAddress, forwardingAddress);
}
EventLogManager.Log("AUTH_BAD_IPADDRESS", EventLogSeverity.Warning, log);
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message);
}
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
// Get whitelist state.
bool whitelistDisabled;
try
{
// Attempt to retrieve disabled state.
whitelistDisabled = SettingManager.GetSetting("WHITELIST", "STATE").Value.ToLower() == "false";
}
catch (SettingNotFoundException ex)
{
// Setting not set, default to off.
whitelistDisabled = true;
}
// Get api user.
string apiKey = actionContext.Request.GetApiKey();
APIUser apiUser = APIUserManager.GetByAPIKey(apiKey);
// Is the whitelist disabled or does the api user have permission to
// bypass it?
if (whitelistDisabled || (apiUser != null && apiUser.BypassIPWhitelist))
{
// No need to perform whitelisting checks, return early.
return;
}
bool authenticated = false;
string message = "Access denied.";
string forwardingAddress = null;
string clientIpAddress = null;
try
{
// There is a strong possibility that this is not the ip address of the machine
// that sent the request. Being behind a load balancer with transparancy switched
// off or being served through CloudFlare will both affect this value.
clientIpAddress = HttpContext.Current.Request.UserHostAddress;
// We need to get the X-Forwarded-For header from the request, if this is set we
// should use it instead of the ip address from the request.
string forwardedFor = HttpContext.Current.Request.Headers.Get("X-Forwarded-For");
// Forwarded for set?
if (forwardedFor != null)
{
forwardingAddress = clientIpAddress;
clientIpAddress = forwardedFor;
}
// Got the ip address?
if (!string.IsNullOrEmpty(clientIpAddress))
{
// Is it whitelisted or localhost?
if (IPSpecManager.IsWhitelisted(clientIpAddress) || clientIpAddress.Equals("127.0.0.1"))
{
authenticated = true;
}
}
}
catch (Exception ex)
{
// Set appropriate message.
message = "An error occurred while trying to authenticate this request.";
EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex);
}
// If authentication failure occurs, return a response without carrying on executing actions.
if (!authenticated)
{
string log = string.Format("Whitelist check failed for IP address: {0}.", clientIpAddress);
// Was it forwarded?
if (forwardingAddress != null)
{
log = string.Format("Whitelist check failed for IP address: {0}, forwarded by: {1}.", clientIpAddress, forwardingAddress);
}
EventLogManager.Log("AUTH_BAD_IPADDRESS", EventLogSeverity.Warning, log);
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message);
}
}
