protected override async Task ProcessAsync(HttpContext context, bool useMinification, bool useCompression)
{
HttpResponse response = context.Response;
IFeatureCollection features = context.Features;
Stream originalStream = response.Body;
IHttpBufferingFeature originalBufferFeature = features.Get <IHttpBufferingFeature>();
var bodyWrapperStream = new BodyWrapperStreamWithBufferingFeature(context, originalStream, _options,
useMinification ? _minificationManagers : new List <IMarkupMinificationManager>(),
useCompression ? _compressionManager : null,
originalBufferFeature);
response.Body = bodyWrapperStream;
features.Set <IHttpBufferingFeature>(bodyWrapperStream);
try
{
await _next(context);
await bodyWrapperStream.FinishAsync();
}
finally
{
bodyWrapperStream.Dispose();
response.Body = originalStream;
features.Set(originalBufferFeature);
}
}
/// <summary>
/// Constructs an instance of the stream wrapper with HTTP buffering feature
/// </summary>
/// <param name="context">HTTP context</param>
/// <param name="originalStream">Original stream</param>
/// <param name="options">WebMarkupMin configuration</param>
/// <param name="minificationManagers">List of markup minification managers</param>
/// <param name="compressionManager">HTTP compression manager</param>
/// <param name="bufferingFeature">HTTP buffering feature</param>
internal BodyWrapperStreamWithBufferingFeature(HttpContext context, Stream originalStream,
WebMarkupMinOptions options, IList <IMarkupMinificationManager> minificationManagers,
IHttpCompressionManager compressionManager, IHttpBufferingFeature bufferingFeature)
: base(context, originalStream, options, minificationManagers, compressionManager)
{
_bufferingFeature = bufferingFeature;
}
public async Task Invoke(HttpContext context)
{
if (context.Request.Headers["Accept"] == "text/event-stream")
{
var t = Task.Delay(-1);
IHttpBufferingFeature bufferingFeature = context.Features.Get <IHttpBufferingFeature>();
if (bufferingFeature != null)
{
bufferingFeature.DisableResponseBuffering();
}
context.Response.ContentType = "text/event-stream";
context.Response.Headers.Add("Access-Control-Allow-Origin", "*");
context.Response.Body.Flush();
while (!context.RequestAborted.WaitHandle.GetSafeWaitHandle().IsClosed)
{
string data = "id: 123456\nevent: message\ndata:now time: " + DateTime.Now + "\n\n";
await context.Response.WriteAsync(data);
Thread.Sleep(2000);
}
}
else
{
}
}
private void DisableResponseBuffering(HttpContext context)
{
IHttpBufferingFeature bufferingFeature = context.Features.Get <IHttpBufferingFeature>();
if (bufferingFeature != null)
{
bufferingFeature.DisableResponseBuffering();
}
}
public void DisableResponseBuffering()
{
IHttpBufferingFeature bufferingFeature = currentResponse.Features.Get <IHttpBufferingFeature>();
if (bufferingFeature != null)
{
bufferingFeature.DisableResponseBuffering();
}
}
internal BodyWrapperStream(HttpContext context, Stream bodyOriginalStream, IResponseCompressionProvider provider,
IHttpBufferingFeature innerBufferFeature, IHttpSendFileFeature innerSendFileFeature)
{
_context = context;
_bodyOriginalStream = bodyOriginalStream;
_provider = provider;
_innerBufferFeature = innerBufferFeature;
_innerSendFileFeature = innerSendFileFeature;
}
internal BodyWrapperStream(HttpContext context, Stream bodyOriginalStream, IProxyStreamProvider provider,
IHttpBufferingFeature innerBufferFeature, IHttpSendFileFeature innerSendFileFeature)
{
_context = context;
_bodyOriginalStream = bodyOriginalStream;
_provider = provider;
_innerBufferFeature = innerBufferFeature;
_innerSendFileFeature = innerSendFileFeature;
EnableFlush = false;
}
/// <summary>
/// Constructs an instance of the stream wrapper
/// </summary>
/// <param name="context">HTTP context</param>
/// <param name="originalStream">Original stream</param>
/// <param name="options">WebMarkupMin configuration</param>
/// <param name="minificationManagers">List of markup minification managers</param>
/// <param name="compressionManager">HTTP compression manager</param>
/// <param name="bufferingFeature">HTTP buffering feature</param>
internal BodyWrapperStream(HttpContext context, Stream originalStream,
WebMarkupMinOptions options, IList <IMarkupMinificationManager> minificationManagers,
IHttpCompressionManager compressionManager, IHttpBufferingFeature bufferingFeature)
{
_context = context;
_originalStream = originalStream;
_options = options;
_minificationManagers = minificationManagers;
_compressionManager = compressionManager;
_bufferingFeature = bufferingFeature;
}
private void DisableResponseBuffering(HttpContext context)
{
#if !NETCOREAPP2_1 && !NET461
IHttpResponseBodyFeature responseBodyFeature = context.Features.Get <IHttpResponseBodyFeature>();
if (responseBodyFeature != null)
{
responseBodyFeature.DisableBuffering();
}
#else
IHttpBufferingFeature bufferingFeature = context.Features.Get <IHttpBufferingFeature>();
if (bufferingFeature != null)
{
bufferingFeature.DisableResponseBuffering();
}
#endif
}
public async Task Invoke(HttpContext context)
{
bool useMinification = _options.IsMinificationEnabled() && _minificationManagers.Count > 0;
bool useCompression = _options.IsCompressionEnabled() && _compressionManager != null;
if (!useMinification && !useCompression)
{
await _next.Invoke(context);
return;
}
else
{
HttpResponse response = context.Response;
IFeatureCollection features = context.Features;
Stream originalStream = response.Body;
IHttpBufferingFeature originalBufferFeature = features.Get <IHttpBufferingFeature>();
BodyWrapperStream bodyWrapperStream = new BodyWrapperStream(context, originalStream, _options,
useMinification ? _minificationManagers : new List <IMarkupMinificationManager>(),
useCompression ? _compressionManager : null,
originalBufferFeature);
response.Body = bodyWrapperStream;
features.Set <IHttpBufferingFeature>(bodyWrapperStream);
try
{
await _next(context);
await bodyWrapperStream.Finish();
}
finally
{
#if NETCOREAPP3_0
await bodyWrapperStream.DisposeAsync();
#else
bodyWrapperStream.Dispose();
#endif
response.Body = originalStream;
features.Set(originalBufferFeature);
}
}
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
using (var scope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope()) {
scope.ServiceProvider.GetService <ApplicationDbContext>().Database.Migrate();
}
var pipeline = new AggregatedFilterPipeline();
app
.UseForwardedHeaders(new ForwardedHeadersOptions {
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
KnownNetworks = { new IPNetwork(new IPAddress(new byte[] { 127, 0, 0, 1 }), 32) }
})
.Use(async(context, next) => {
var flareContext = new FlaggableFlareContext(new FlareContext()
{
request = new FlareRequest()
{
date = DateTimeOffset.Now,
http_version = (int)(double.Parse(context.Request.Protocol.Substring(5)) * 10),
identity = "-",
ip = context.Connection.RemoteIpAddress.ToString(),
method = context.Request.Method,
path = context.Request.Path.Value,
query_string = context.Request.QueryString.Value,
userid = "-"
},
response = null
});
var domain = context.Request.Headers["host"];
// Flare CDN logic
if (domain != "localhost:5000" && domain != "api.flare.wtf")
{
var db = context.RequestServices.GetRequiredService <ApplicationDbContext>();
var server = await db.servers
.Where(a => a.proxy_active && a.domains.Any(b => b.domain == domain))
.FirstOrDefaultAsync();
if (server == null)
{
context.Response.StatusCode = 404;
await context.Response.WriteAsync("The requested resource is not found. That's all we know.");
return;
}
var ip = await context.RequestServices.GetRequiredService <GeoIpService>()
.Query(flareContext.Context.request.ip);
var db_request = new request {
server_id = server.id,
ip_id = ip.id,
request_identity = flareContext.Context.request.identity,
request_user_id = flareContext.Context.request.userid,
request_date = flareContext.Context.request.date,
request_method = flareContext.Context.request.method,
request_path = flareContext.Context.request.path,
request_query_string = flareContext.Context.request.query_string,
request_http_version = flareContext.Context.request.http_version,
// response_code = flareContext.Context.response?.status_code,
// response_length = flareContext.Context.response?.bytes_sent,
// flags = flareContext.Flags
};
db.requests.Add(db_request);
if (await pipeline.ProcessRequest(flareContext) && server.proxy_block_requests)
{
await db.SaveChangesAsync();
db_request.response_code = 418;
db_request.flags = flareContext.Flags;
await db.SaveChangesAsync();
var text =
$"418 - I am a teapot. Your request #{db_request.id} is failed because of security checks. Contact the website owner with this number if you think this was a mistake.";
db_request.response_length = text.Length;
context.Response.StatusCode = 418;
await context.Response.WriteAsync(text);
return;
}
db_request.flags = flareContext.Flags;
using (var httpClient = new HttpClient()) {
httpClient.DefaultRequestHeaders.Clear();
foreach (var header in context.Request.Headers
.Where(a => !a.Key.StartsWith("X-")))
{
httpClient.DefaultRequestHeaders.Add(header.Key, header.Value.ToArray());
}
httpClient.DefaultRequestHeaders.Add("X-Forwarded-For", context.Connection.RemoteIpAddress.ToString());
using (var _req = new HttpRequestMessage(
context.Request.Method == "GET" ? HttpMethod.Get :
context.Request.Method == "POST" ? HttpMethod.Post :
context.Request.Method == "DELETE" ? HttpMethod.Delete :
context.Request.Method == "PUT" ? HttpMethod.Put :
context.Request.Method == "PATCH" ? HttpMethod.Patch :
context.Request.Method == "TRACE" ? HttpMethod.Trace :
context.Request.Method == "OPTIONS" ? HttpMethod.Options : throw new Exception("invalid method")
, $"http://{server.origin_ip}{context.Request.Path}{context.Request.QueryString}")) {
_req.Headers.Host = domain;
using (var response = await httpClient.SendAsync(_req)) {
db_request.response_code = context.Response.StatusCode = (int)response.StatusCode;
foreach (var header in response.Headers
.Where(a => a.Key != "Transfer-Encoding"))
{
context.Response.Headers.Add(header.Key, new StringValues(header.Value.ToArray()));
}
foreach (var header in response.Content.Headers)
{
context.Response.Headers.Add(header.Key, new StringValues(header.Value.ToArray()));
}
using (var streamWithProgess = new StreamWithProgress(context.Response.Body)) {
await response.Content.CopyToAsync(streamWithProgess);
await context.Response.Body.FlushAsync();
context.Response.Body.Close();
db_request.response_length = (int)streamWithProgess.bytesTotal;
await db.SaveChangesAsync();
}
}
}
}
}
else
{
if (await pipeline.ProcessRequest(flareContext))
{
var text =
$"418 - I am a teapot. Your request is failed because of security checks. If you think it was a mistake contact [email protected]";
context.Response.StatusCode = 418;
await context.Response.WriteAsync(text);
return;
}
await next();
}
})
.UseCors(policy => policy.SetPreflightMaxAge(TimeSpan.FromMinutes(10)).AllowAnyMethod().AllowAnyOrigin().AllowAnyHeader())
.UseStaticFiles(new StaticFileOptions {
FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), "../uploads")),
RequestPath = new PathString("/uploads")
})
.Use(async(context, next) => {
IHttpBufferingFeature bufferingFeature = context.Features.Get <IHttpBufferingFeature>();
bufferingFeature?.DisableRequestBuffering();
bufferingFeature?.DisableResponseBuffering();
try {
await next();
} catch (Exception e) {
context.Response.StatusCode = e is NotImplementedException ? 404 : e is UnauthorizedAccessException || e is SecurityTokenValidationException ? 401 : e is ArgumentException ? 400 : 500;
context.Response.ContentType = "application/json; charset=utf-8";
string message = "";
Exception x = e;
do
{
message += x.Message + "\r\n\r\n";
} while ((x = x.InnerException) != null);
await context.Response.WriteAsync(JsonConvert.SerializeObject(new {
code = -1,
message = message.Substring(0, message.Length - 4),
stacktrace = e.StackTrace
}));
}
})
.Use(async(context, next) => {
Token token = null;
string strToken = context.Request.Query["token"];
if (strToken == null)
{
string authorization = context.Request.Headers["Authorization"];
if (authorization != null)
{
if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
strToken = authorization.Substring("Bearer ".Length).Trim();
}
else if (authorization.StartsWith("Basic "))
{
var encoding = Encoding.UTF8.GetString(Convert.FromBase64String(authorization.Substring("Basic ".Length))).Split(':');
if (encoding.Length != 2)
{
throw new UnauthorizedAccessException();
}
var username = encoding[0];
var password = encoding[1];
token = await personal_token_cache.GetAsync(username + ":" + password, async() => {
var db = context.RequestServices.GetRequiredService <ApplicationDbContext>();
var _code = AccountController.StringToByteArrayFastest(username);
var id = new Guid(_code.ToArray());
var app2 = await db.pacs
.Include(a => a.user)
.SingleOrDefaultAsync(b => b.id == id);
if (app2 == null || app2.password_hash == null || !app2.password_hash.SequenceEqual(
KeyDerivation.Pbkdf2(
password: password,
salt: app2.password_salt,
iterationCount: 10000,
numBytesRequested: 256 / 8,
prf: KeyDerivationPrf.HMACSHA1
)
))
{
throw new UnauthorizedAccessException();
}
return(await token_cache.GetAsync(app2.user.id.ToString(), () => Task.FromResult <Token>(new UserToken(app2.user.id, app2.user.name, app2.user.type)), TimeSpan.FromDays(3)));
}, TimeSpan.FromDays(3));
}
}
}
if (strToken != null)
{
var a = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var claims = a.ValidateToken(strToken, new TokenValidationParameters {
ValidateAudience = true,
ValidIssuer = "Flare",
ValidAudience = "Flare Users",
IssuerSigningKey = _key
}, out SecurityToken _);
context.User = claims;
var strID = context.User?.Claims?.FirstOrDefault(b => b.Type == "user_id")?.Value;
if (Int32.TryParse(strID, out int dwID))
{
token = await token_cache.GetAsync(strID, async() => {
var db = context.RequestServices.GetRequiredService <ApplicationDbContext>();
var app2 = await db.users.SingleAsync(b => b.id == dwID);
return(new UserToken(app2.id, app2.name, app2.type));
}, TimeSpan.FromDays(3));
}
}
context.AddScoped(() => {
if (token == null)
{
throw new UnauthorizedAccessException();
}
return(token);
});
await next();
})
.UseMvc();
}
internal HttpBufferingFeature(BufferingWriteStream buffer, IHttpBufferingFeature innerFeature)
{
_buffer = buffer;
_innerFeature = innerFeature;
}
internal HttpBufferingFeature(BufferingWriteStream buffer, IHttpBufferingFeature innerFeature)
{
_buffer = buffer;
_innerFeature = innerFeature;
}
