示例#1
0
        internal static async Task <(string, AuthorizationLevel)> GetAuthorizationLevelAsync(ISecretManager secretManager, string keyValue, string functionName = null)
        {
            // see if the key specified is the master key
            HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync();

            if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
                Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
            {
                return(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin);
            }

            if (HasMatchingKey(hostSecrets.SystemKeys, keyValue, out string keyName))
            {
                return(keyName, AuthorizationLevel.System);
            }

            // see if the key specified matches the host function key
            if (HasMatchingKey(hostSecrets.FunctionKeys, keyValue, out keyName))
            {
                return(keyName, AuthorizationLevel.Function);
            }

            // If there is a function specific key specified try to match against that
            if (functionName != null)
            {
                IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);

                if (HasMatchingKey(functionSecrets, keyValue, out keyName))
                {
                    return(keyName, AuthorizationLevel.Function);
                }
            }

            return(null, AuthorizationLevel.Anonymous);
        }
        private async Task <Dictionary <string, string> > GetHostSecretsByScope(string secretsScope, bool includeMasterInSystemKeys = false)
        {
            var hostSecrets = await _secretManager.GetHostSecretsAsync();

            if (string.Equals(secretsScope, HostKeyScopes.FunctionKeys, StringComparison.OrdinalIgnoreCase))
            {
                return(hostSecrets.FunctionKeys);
            }
            else if (string.Equals(secretsScope, HostKeyScopes.SystemKeys, StringComparison.OrdinalIgnoreCase))
            {
                Dictionary <string, string> keys = hostSecrets.SystemKeys ?? new Dictionary <string, string>();

                if (includeMasterInSystemKeys)
                {
                    keys = new Dictionary <string, string>(keys)
                    {
                        { MasterKeyName, hostSecrets.MasterKey }
                    };
                }

                return(keys);
            }

            return(null);
        }
        internal static async Task <KeyAuthorizationResult> GetAuthorizationResultAsync(HttpRequestMessage request, ISecretManager secretManager,
                                                                                        Func <IDictionary <string, string>, string, string, string> matchEvaluator, string keyName = null, string functionName = null)
        {
            // first see if a key value is specified via headers or query string (header takes precedence)
            IEnumerable <string> values;
            string keyValue = null;

            if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
            {
                keyValue = values.FirstOrDefault();
            }
            else
            {
                var queryParameters = request.GetQueryParameterDictionary();
                queryParameters.TryGetValue("code", out keyValue);
            }

            if (!string.IsNullOrEmpty(keyValue))
            {
                // see if the key specified is the master key
                HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);

                if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
                    Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
                {
                    return(new KeyAuthorizationResult(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin));
                }

                string matchedKeyName = matchEvaluator(hostSecrets.SystemKeys, keyName, keyValue);
                if (matchedKeyName != null)
                {
                    return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.System));
                }

                // see if the key specified matches the host function key
                matchedKeyName = matchEvaluator(hostSecrets.FunctionKeys, keyName, keyValue);
                if (matchedKeyName != null)
                {
                    return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.Function));
                }

                // if there is a function specific key specified try to match against that
                if (functionName != null)
                {
                    var functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);

                    matchedKeyName = matchEvaluator(functionSecrets, keyName, keyValue);
                    if (matchedKeyName != null)
                    {
                        return(new KeyAuthorizationResult(matchedKeyName, AuthorizationLevel.Function));
                    }
                }
            }

            return(new KeyAuthorizationResult(null, AuthorizationLevel.Anonymous));
        }
        internal static async Task <(string, AuthorizationLevel)> GetAuthorizationKeyInfoAsync(HttpRequest request, ISecretManagerProvider secretManagerProvider)
        {
            // first see if a key value is specified via headers or query string (header takes precedence)
            string keyValue = null;

            if (request.Headers.TryGetValue(FunctionsKeyHeaderName, out StringValues values))
            {
                keyValue = values.First();
            }
            else if (request.Query.TryGetValue("code", out values))
            {
                keyValue = values.First();
            }

            if (!string.IsNullOrEmpty(keyValue))
            {
                ISecretManager secretManager = secretManagerProvider.Current;

                // see if the key specified is the master key
                HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);

                if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
                    Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
                {
                    return(ScriptConstants.DefaultMasterKeyName, AuthorizationLevel.Admin);
                }

                if (HasMatchingKey(hostSecrets.SystemKeys, keyValue, out string keyName))
                {
                    return(keyName, AuthorizationLevel.System);
                }

                // see if the key specified matches the host function key
                if (HasMatchingKey(hostSecrets.FunctionKeys, keyValue, out keyName))
                {
                    return(keyName, AuthorizationLevel.Function);
                }

                // If there is a function specific key specified try to match against that
                IFunctionExecutionFeature executionFeature = request.HttpContext.Features.Get <IFunctionExecutionFeature>();
                if (executionFeature != null)
                {
                    IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(executionFeature.Descriptor.Name);

                    if (HasMatchingKey(functionSecrets, keyValue, out keyName))
                    {
                        return(keyName, AuthorizationLevel.Function);
                    }
                }
            }

            return(null, AuthorizationLevel.Anonymous);
        }
示例#5
0
        internal static async Task <AuthorizationLevel> GetAuthorizationLevelAsync(HttpRequestMessage request, ISecretManager secretManager, string functionName = null)
        {
            // TODO: Add support for validating "EasyAuth" headers

            // first see if a key value is specified via headers or query string (header takes precedence)
            IEnumerable <string> values;
            string keyValue = null;

            if (request.Headers.TryGetValues(FunctionsKeyHeaderName, out values))
            {
                keyValue = values.FirstOrDefault();
            }
            else
            {
                var queryParameters = request.GetQueryParameterDictionary();
                queryParameters.TryGetValue("code", out keyValue);
            }

            if (!string.IsNullOrEmpty(keyValue))
            {
                // see if the key specified is the master key
                HostSecretsInfo hostSecrets = await secretManager.GetHostSecretsAsync().ConfigureAwait(false);

                if (!string.IsNullOrEmpty(hostSecrets.MasterKey) &&
                    Key.SecretValueEquals(keyValue, hostSecrets.MasterKey))
                {
                    return(AuthorizationLevel.Admin);
                }

                // see if the key specified matches the host function key
                if (hostSecrets.FunctionKeys != null &&
                    hostSecrets.FunctionKeys.Any(k => Key.SecretValueEquals(keyValue, k.Value)))
                {
                    return(AuthorizationLevel.Function);
                }

                // if there is a function specific key specified try to match against that
                if (functionName != null)
                {
                    IDictionary <string, string> functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);

                    if (functionSecrets != null &&
                        functionSecrets.Values.Any(s => Key.SecretValueEquals(keyValue, s)))
                    {
                        return(AuthorizationLevel.Function);
                    }
                }
            }

            return(AuthorizationLevel.Anonymous);
        }
示例#6
0
        private async Task <string> GetOrCreateExtensionKey(string extensionName)
        {
            var    hostSecrets = _secretManager.GetHostSecretsAsync().GetAwaiter().GetResult();
            string keyName     = GetKeyName(extensionName);
            string keyValue    = null;

            if (!hostSecrets.SystemKeys.TryGetValue(keyName, out keyValue))
            {
                // if the requested secret doesn't exist, create it on demand
                keyValue = SecretManager.GenerateSecret();
                await _secretManager.AddOrUpdateFunctionSecretAsync(keyName, keyValue, HostKeyScopes.SystemKeys, ScriptSecretsType.Host);
            }

            return(keyValue);
        }
        private async Task <Dictionary <string, string> > GetHostSecretsByScope(string secretsScope)
        {
            var hostSecrets = await _secretManager.GetHostSecretsAsync();

            if (string.Equals(secretsScope, HostKeyScopes.FunctionKeys, StringComparison.OrdinalIgnoreCase))
            {
                return(hostSecrets.FunctionKeys);
            }
            else if (string.Equals(secretsScope, HostKeyScopes.SystemKeys, StringComparison.OrdinalIgnoreCase))
            {
                return(hostSecrets.SystemKeys);
            }

            return(null);
        }
示例#8
0
        private async Task <string> GetOrCreateExtensionKey(string extensionName)
        {
            ISecretManager secretManager = _secretManagerProvider.Current;
            var            hostSecrets   = await secretManager.GetHostSecretsAsync();

            string keyName = GetKeyName(extensionName);
            string keyValue;

            if (!hostSecrets.SystemKeys.TryGetValue(keyName, out keyValue))
            {
                // if the requested secret doesn't exist, create it on demand
                keyValue = SecretGenerator.GenerateSystemKeyValue();
                await secretManager.AddOrUpdateFunctionSecretAsync(keyName, keyValue, HostKeyScopes.SystemKeys, ScriptSecretsType.Host);
            }

            return(keyValue);
        }
示例#9
0
        public async Task <string> GetMasterKeyAsync()
        {
            HostSecretsInfo secrets = await SecretManager.GetHostSecretsAsync();

            return(secrets.MasterKey);
        }
示例#10
0
        public async Task <IHttpActionResult> Get()
        {
            var hostSecrets = await _secretManager.GetHostSecretsAsync();

            return(GetKeysResult(hostSecrets.FunctionKeys));
        }