public Task Invoke(HttpContext httpContext) { #region Заголовок X-Forwarded-For запрещен if (httpContext.Request.Headers.TryGetValue("X-Forwarded-For", out _)) { httpContext.Response.ContentType = "text/plain; charset=utf-8"; return(httpContext.Response.WriteAsync("Заголовок X-Forwarded-For запрещен")); } #endregion // IP адрес пользователя string IP = httpContext.Connection.RemoteIpAddress.ToString(); // Проверка кук для прохождения авторизации if (IsAuth.Auth(httpContext.Request.Cookies, IP, out bool IsConfirm2FA)) { // Авторизация в Telegram if (!TelegramBot.IsAuth(IP)) { httpContext.Response.ContentType = "text/html"; return(httpContext.Response.WriteAsync(TelegramBot.AuthToHtml(IP))); } // Успех return(_next(httpContext)); } // Редикт на страницу авторизациии return(RewriteTo.Local(httpContext, "auth")); }
public Task Invoke(HttpContext httpContext) { #region Заголовок X-Forwarded-For запрещен if (httpContext.Request.Headers.TryGetValue("X-Forwarded-For", out _)) { httpContext.Response.ContentType = "text/plain; charset=utf-8"; return(httpContext.Response.WriteAsync("Заголовок X-Forwarded-For запрещен")); } #endregion // IP адрес пользователя string IP = httpContext.Connection.RemoteIpAddress.ToString(); // Проверка кук для прохождения авторизации if (IsAuth.Auth(httpContext.Request.Cookies, IP, out bool IsConfirm2FA)) { // База Json var jsonDB = Service.Get <JsonDB>(); // 2FA пройдена/отключена и запрос на страницу "/auth/confirm" if ((!jsonDB.Base.EnableTo2FA || IsConfirm2FA) && httpContext.Request.Path.Value.StartsWith("/auth/confirm")) { return(RewriteTo.Local(httpContext, "")); } // Авторизация 2FA if (jsonDB.Base.EnableTo2FA) { // 2FA пройдена или запрос на страницу "/auth/confirm" if (IsConfirm2FA || httpContext.Request.Path.Value.StartsWith("/auth/confirm")) { return(_next(httpContext)); } // Редикт на страницу 2FA return(RewriteTo.Local(httpContext, "auth/confirm")); } // Успех return(_next(httpContext)); } // Редикт на страницу авторизациии return(RewriteTo.Local(httpContext, "auth")); }
public static Task Check(HttpContext context) { #region Получаем параметры запроса var gRequest = new Regex(@"^(\?ip=([^&]+)&|\?)method=([^&]+)&host=([^&]+)&uri=([^\n\r]+)").Match(context.Request.QueryString.Value).Groups; string IP = gRequest[2].Value, method = gRequest[3].Value.ToUpper(), host = Regex.Replace(gRequest[4].Value, @"^www\.", "", RegexOptions.IgnoreCase), uri = WebUtility.UrlDecode(gRequest[5].Value); // Проверяем правильно ли мы спарсили данные if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(uri)) { context.Response.ContentType = "text/html; charset=utf-8"; return(context.Response.WriteAsync("Не сохранен порядок запроса<br />Пример: /core/check/request?ip=127.0.0.1&method=GET&host=test.com&uri=/", context.RequestAborted)); } // IP адрес пользователя if (string.IsNullOrWhiteSpace(IP)) { IP = context.Connection.RemoteIpAddress.ToString(); } #endregion #region Получаем параметры POST запроса string FormData = string.Empty; if (context.Request.Method == "POST") { StringBuilder mass = new StringBuilder(); foreach (var arg in context.Request.Form) { // Удаляем из ключа массивы [] и проверяем на пустоту string key = Regex.Replace(arg.Key, @"\[([^\]]+)?\]", "", RegexOptions.IgnoreCase); if (string.IsNullOrWhiteSpace(key)) { continue; } mass.Append($"&{key}={arg.Value[0]}"); } FormData = mass.ToString(); } #endregion #region ViewBag var viewBag = new ViewBag(); viewBag.DebugEnabled = jsonDB.Base.DebugEnabled; // Режим дебага, выводит json правил viewBag.IsErrorRule = false; // Переменная для ловли ошибок regex #endregion // Если домена нету в базе, то выдаем 303 или заглушку if (ISPCache.DomainToID(host) is int DomainID && DomainID == 0) { return(jsonDB.Base.EnableToDomainNotFound ? ViewDomainNotFound(context) : View(context, viewBag, ActionCheckLink.allow)); } // Если у IP есть полный доступ к сайтам или к сайту if (CheckLinkWhitelistToAllDomain()) { return(View(context, viewBag, ActionCheckLink.allow)); } #region Получаем User-Agent и Referer // User-Agent string userAgent = string.Empty; if (context.Request.Headers.TryGetValue("User-Agent", out var tmp_userAgent)) { userAgent = tmp_userAgent.ToString(); } // Referer string Referer = string.Empty; if (context.Request.Headers.TryGetValue("Referer", out var tmp_Referer)) { Referer = tmp_Referer.ToString(); } #endregion // Достаем данные домена var Domain = ISPCache.GetDomain(DomainID); // Достаем настройки AntiBot из кеша var antiBotToGlobalConf = AntiBot.GlobalConf(jsonDB.AntiBot); // Достаем настройки WhiteList из кеша var whiteList = Engine.Base.SqlAndCache.WhiteList.GetCache(jsonDB.WhiteList); #region Проверяем "IP/User-Agent" в блокировке IPtables // Проверяем IP в блокировке IPtables по домену if (IPtablesMiddleware.CheckIP(IP, memoryCache, out IPtables BlockedData, host)) { // Логируем пользователя AddJurnalTo200(IsIPtables: true); SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest); // Отдаем ответ context.Response.StatusCode = 401; context.Response.ContentType = "text/html; charset=utf-8"; return(context.Response.WriteAsync(IPtablesMiddleware.BlockedToHtml(IP, BlockedData.Description, BlockedData.TimeExpires), context.RequestAborted)); } // Проверяем User-Agent в блокировке IPtables if (IPtablesMiddleware.CheckUserAgent(userAgent)) { // Логируем пользователя AddJurnalTo200(IsIPtables: true); SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest); // Отдаем ответ context.Response.StatusCode = 401; context.Response.ContentType = "text/html; charset=utf-8"; return(context.Response.WriteAsync(IPtablesMiddleware.BlockedHtmlToUserAgent(userAgent), context.RequestAborted)); } #endregion // IP нету в пользовательском белом списке // IP нету в глобальном белом списке if (!Regex.IsMatch(IP, whiteList.IpRegex) && !WhitePtr.IsWhiteIP(IP)) { #region AntiBot if (!AntiBot.ValidRequest(((antiBotToGlobalConf.conf.Enabled || Domain.AntiBot.UseGlobalConf) ? antiBotToGlobalConf.conf.type : Domain.AntiBot.type), host, method, uri, context, Domain, out string outHtml)) { // Логируем пользователя AddJurnalTo200(IsAntiBot: true); SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest); // Выводим html пользователю context.Response.ContentType = "text/html; charset=utf-8"; return(context.Response.WriteAsync(outHtml, context.RequestAborted)); } #endregion #region Лимит запросов if (Domain.limitRequest.IsEnabled || antiBotToGlobalConf.conf.limitRequest.IsEnabled) { // Настройки лимита запросов var limitRequest = (antiBotToGlobalConf.conf.limitRequest.IsEnabled || Domain.limitRequest.UseGlobalConf) ? antiBotToGlobalConf.conf.limitRequest : Domain.limitRequest; // Проверяем белый список UserAgent if (!Regex.IsMatch(userAgent, whiteList.UserAgentRegex, RegexOptions.IgnoreCase)) { #region IsWhitePtr bool IsWhitePtr(out string PtrHostName) { PtrHostName = null; string KeyLimitRequestToBlockedWait = $"LimitRequestToBlockedWait-{IP}_{host}"; if (memoryCache.TryGetValue(KeyLimitRequestToBlockedWait, out _)) { return(true); } memoryCache.Set(KeyLimitRequestToBlockedWait, (byte)0, TimeSpan.FromMinutes(5)); #region DNSLookup try { // Белый список Ptr string WhitePtrRegex = whiteList.PtrRegex; if (WhitePtrRegex != "^$" && !string.IsNullOrWhiteSpace(WhitePtrRegex)) { // Получаем имя хоста по IP var DnsHost = Dns.GetHostEntryAsync(IP).Result; // Получаем IP хоста по имени DnsHost = Dns.GetHostEntryAsync(DnsHost.HostName).Result; // Проверяем имя хоста и IP на совпадение if (DnsHost.AddressList.Where(i => i.ToString() == IP).FirstOrDefault() != null) { PtrHostName = DnsHost.HostName; // Проверяем имя хоста на белый список DNSLookup if (Regex.IsMatch(DnsHost.HostName, WhitePtrRegex, RegexOptions.IgnoreCase)) { // Добовляем IP в белый список на 9 дней WhitePtr.Add(IP, DateTime.Now.AddDays(9)); memoryCache.Remove(KeyLimitRequestToBlockedWait); return(true); } } } } catch { } #endregion // Сносим временную запись memoryCache.Remove(KeyLimitRequestToBlockedWait); return(false); } #endregion #region Локальный метод - "СheckingToreCAPTCHA" bool СheckingToreCAPTCHA(out Task content, int ExpiresToMinute) { content = null; if (IsWhitePtr(out _)) { return(false); } #region Валидный пользователь if (memoryCache.TryGetValue(KeyToMemoryCache.LimitRequestToreCAPTCHA(IP), out (int countRequest, int ExpiresToMinute)item)) { // Пользователь превысил допустимый лимит if (item.countRequest >= limitRequest.MaxRequestToAgainСheckingreCAPTCHA) { // Удаляем запись memoryCache.Remove(KeyToMemoryCache.LimitRequestToreCAPTCHA(IP)); return(false); } // Считаем количество запросов item.countRequest++; memoryCache.Set(KeyToMemoryCache.LimitRequestToreCAPTCHA(IP), item, TimeSpan.FromMinutes(item.ExpiresToMinute)); return(false); } #endregion #region Кеш шаблона // Путь к шаблону string SourceFile = $"{Folders.Tpl.LimitRequest}/reCAPTCHA.tpl"; if (!File.Exists(SourceFile)) { SourceFile = $"{Folders.Tpl.LimitRequest}/default/reCAPTCHA.tpl"; } // Время модификации файла DateTime LastWriteTimeToFile = File.GetLastWriteTime(SourceFile); // default value (DateTime LastWriteTime, string Source)cacheTpl = (DateTime.Now, ""); // Обновляем кеш if (!memoryCache.TryGetValue("core.Check.Request:LimitRequest-tpl", out cacheTpl) || LastWriteTimeToFile != cacheTpl.LastWriteTime) { cacheTpl.LastWriteTime = LastWriteTimeToFile; cacheTpl.Source = File.ReadAllText(SourceFile); memoryCache.Set("core.Check.Request:LimitRequest-tpl", cacheTpl); } #endregion #region Замена полей string tpl = Regex.Replace(cacheTpl.Source, @"\{isp:([^\}]+)\}", key => { switch (key.Groups[1].Value) { case "CoreApiUrl": return(jsonDB.Base.CoreAPI); case "reCAPTCHASitekey": return(jsonDB.Base.reCAPTCHASitekey); case "IP": return(IP); case "ExpiresToMinute": return(ExpiresToMinute.ToString()); case "hash": return(md5.text($"{IP}{ExpiresToMinute}:{PasswdTo.salt}")); default: return(string.Empty); } }); #endregion // Ответ context.Response.ContentType = "text/html; charset=utf-8"; content = context.Response.WriteAsync(tpl, context.RequestAborted); return(true); } #endregion #region Локальный метод - "CheckToLimit" bool CheckToLimit(string keyName, int limit, int ExpiresToMinute, out CacheValue _cacheValue) { string key = $"LimitRequestTo{keyName}-{IP}_{host}"; if (memoryCache.TryGetValue(key, out CacheValue item)) { item.value++; _cacheValue = item; if (item.value > limit) { return(true); } } else { _cacheValue = new CacheValue() { value = 1, Expires = DateTime.Now.AddMinutes(ExpiresToMinute) }; memoryCache.Set(key, _cacheValue, TimeSpan.FromMinutes(ExpiresToMinute)); } return(false); } #endregion #region Локальный метод - "BlockedToIP" void BlockedToIP(string Msg, DateTime Expires) { if (IsWhitePtr(out string PtrHostName)) { return; } // Записываем IP в кеш IPtables и журнал SetBlockedToIPtables(Msg, Expires, PtrHostName); } #endregion // Переменная для кеша CacheValue cacheValue; #region Метод блокировки LimitToBlockType BlockType = limitRequest.BlockType; if (BlockType == LimitToBlockType.reCAPTCHA && (antiBotToGlobalConf.conf.limitRequest.IsEnabled || Domain.limitRequest.UseGlobalConf)) { // Если домена нету в глобальных настройках if (!Regex.IsMatch(host, antiBotToGlobalConf.DomainsToreCaptchaRegex, RegexOptions.IgnoreCase)) { BlockType = LimitToBlockType._403; } } #endregion #region Минутный лимит if (limitRequest.MinuteLimit != 0 && CheckToLimit("Minute", limitRequest.MinuteLimit, 1, out cacheValue)) { switch (BlockType) { case LimitToBlockType._403: BlockedToIP("Превышен минутный лимит на запросы", cacheValue.Expires); memoryCache.Remove($"LimitRequestToMinute-{IP}_{host}"); break; case LimitToBlockType.reCAPTCHA: { if (СheckingToreCAPTCHA(out Task res, 2)) { return(res); } } break; } } #endregion #region Часовой лимит if (limitRequest.HourLimit != 0 && CheckToLimit("Hour", limitRequest.HourLimit, 60, out cacheValue)) { switch (BlockType) { case LimitToBlockType._403: BlockedToIP("Превышен часовой лимит на запросы", cacheValue.Expires); memoryCache.Remove($"LimitRequestToHour-{IP}_{host}"); break; case LimitToBlockType.reCAPTCHA: { if (СheckingToreCAPTCHA(out Task res, 61)) { return(res); } } break; } } #endregion #region Дневной лимит if (limitRequest.DayLimit != 0 && CheckToLimit("Day", limitRequest.DayLimit, 1440, out cacheValue)) { switch (BlockType) { case LimitToBlockType._403: BlockedToIP("Превышен дневной лимит на запросы", cacheValue.Expires); memoryCache.Remove($"LimitRequestToHour-{IP}_{host}"); memoryCache.Remove($"LimitRequestToDay-{IP}_{host}"); break; case LimitToBlockType.reCAPTCHA: { if (СheckingToreCAPTCHA(out Task res, 1441)) { return(res); } } break; } } #endregion } } #endregion } #region Защита от Brute Force if (Domain.StopBruteForce != BruteForceType.Not) { // Настройки var BrutConf = jsonDB.BruteForceConf; // Переменная для кеша CacheValue cacheValue; #region Локальный метод - "CheckToLimit" bool CheckToLimit(string keyName, int limit, int ExpiresToMinute, out CacheValue _cacheValue) { string key = $"BruteForceTo{keyName}-{IP}_{host}"; if (memoryCache.TryGetValue(key, out CacheValue item)) { _cacheValue = item; if (item.value >= limit) { return(true); } } _cacheValue = null; return(false); } #endregion #region Локальный метод - "BlockedToIP" void BlockedToIP(string Msg, DateTime Expires) { string KeyLimitRequestToBlockedWait = $"BruteForceToBlockedWait-{IP}_{host}"; if (memoryCache.TryGetValue(KeyLimitRequestToBlockedWait, out _)) { return; } memoryCache.Set(KeyLimitRequestToBlockedWait, (byte)0, TimeSpan.FromMinutes(5)); // Записываем IP в кеш IPtables и журнал SetBlockedToIPtables(Msg, Expires, null); // Сносим временную запись memoryCache.Remove(KeyLimitRequestToBlockedWait); } #endregion // Блокировка IP if (CheckToLimit("Day", BrutConf.DayLimit, 1440, out cacheValue) || CheckToLimit("Hour", BrutConf.HourLimit, 60, out cacheValue) || CheckToLimit("Minute", BrutConf.MinuteLimit, 1, out cacheValue)) { BlockedToIP("Защита от Brute Force", cacheValue.Expires); } // Была авторизация if (BruteForce.IsLogin(Domain.StopBruteForce, method, uri, FormData)) { #region Локальный метод - "SetValue" void SetValue(string keyName, int ExpiresToMinute) { string key = $"BruteForceTo{keyName}-{IP}_{host}"; if (memoryCache.TryGetValue(key, out CacheValue item)) { item.value++; } else { memoryCache.Set(key, new CacheValue() { value = 1, Expires = DateTime.Now.AddMinutes(ExpiresToMinute) }, TimeSpan.FromMinutes(ExpiresToMinute)); } } #endregion // Обновляем счетчики SetValue("Day", 1440); SetValue("Hour", 60); SetValue("Minute", 1); } } #endregion #region ViewBag if (jsonDB.Base.DebugEnabled) { viewBag.IP = IP; viewBag.jsonDomain = JsonConvert.SerializeObject(Domain, Formatting.Indented); viewBag.antiBotToGlobalConf = JsonConvert.SerializeObject(antiBotToGlobalConf, Formatting.Indented); viewBag.FormData = FormData; } viewBag.method = method; viewBag.host = host; viewBag.uri = uri; viewBag.Referer = context.Request.Headers["Referer"]; viewBag.UserAgent = userAgent; #endregion #region Замена ответа - 302/код try { // Проверка url и GET аргументов if (Regex.IsMatch(uri, Domain.RuleReplaces.RuleGetToRegex, RegexOptions.IgnoreCase)) { // Проверка POST аргументов if (method != "POST" || (method == "POST" && Regex.IsMatch($"{(new Regex(@"^(/[^\?\&]+)").Match(uri).Groups[1].Value)}{FormData}", Domain.RuleReplaces.RulePostToRegex, RegexOptions.IgnoreCase))) { // Разделяем URL на аргументы var g = new Regex(@"^(/([^\?&]+)?((\?|&).*)?)$").Match(uri).Groups; string args = g[3].Value.Replace("?", "&"); #region Локальный метод - GetRule ModelCache.Rules.RuleReplace GetRule() { foreach (var item in Domain.RuleReplaces.Rules) { // Url не подходит if (!Regex.IsMatch($"/{g[2].Value}", $"^{item.uri}$", RegexOptions.IgnoreCase)) { continue; } if (method == "POST") { // Get или POST аргументы подходят if (Regex.IsMatch(args, item.GetArgsToRegex, RegexOptions.IgnoreCase) || Regex.IsMatch(FormData, item.PostArgsToRegex, RegexOptions.IgnoreCase)) { return(item); } } else { // Get аргументы подходят if (Regex.IsMatch(args, item.GetArgsToRegex, RegexOptions.IgnoreCase)) { return(item); } } } return(null); } #endregion // Находим правило которое подходит для нашего запроса if (GetRule() is ModelCache.Rules.RuleReplace rule) { #region Локальный метод - "ReplaceArgs" string ReplaceArgs(string _args, string regexArgs) { StringBuilder mass = new StringBuilder(); foreach (var arg in _args.Split('&')) { if (string.IsNullOrWhiteSpace(arg) || !arg.Contains('=')) { continue; } var tmpArg = arg.Split('='); // Список аргументов для замены if (Regex.IsMatch(regexArgs, tmpArg[0], RegexOptions.IgnoreCase)) { mass.Append("&" + tmpArg[0] + "=" + Regex.Replace(tmpArg[1], rule.RegexWhite, "")); } else { mass.Append("&" + arg); } } return(mass.ToString()); } #endregion #region Локальный метод - "ResponseContent" Task ResponseContent(string _argsGet) { // Записываем данные пользователя AddJurnalTo200(); SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest); // Тип ответа if (rule.TypeResponse == TypeResponseRule.kode) { // Пользовательский код context.Response.ContentType = rule.ContentType; return(context.Response.WriteAsync(rule.kode, context.RequestAborted)); } else { if (string.IsNullOrWhiteSpace(rule.ResponceUri)) { // Если url для 302 не указан return(RewriteTo.Local(context, g[2].Value + Regex.Replace(_argsGet, "^&", "?"))); } else { // Редирект на указаный URL return(RewriteTo.Local(context, rule.ResponceUri.Replace("{arg}", Regex.Replace(_argsGet, "^&", "?")))); } } } #endregion // Если аргументы для проверки не указаны if (rule.GetArgs == "" && rule.PostArgs == "") { return(ResponseContent(string.Empty)); } #region argsGet / argsPOST string argsGet = ReplaceArgs(args, rule.GetArgs); string argsPOST = string.Empty; if (method == "POST") { argsPOST = ReplaceArgs(FormData, rule.PostArgs); } #endregion // Замена ответа, если в аргументах есть лишние символы if (args != argsGet || FormData != argsPOST) { return(ResponseContent(argsGet)); } } } } } catch (Exception ex) { // Записываем данные ошибки в журнал AddJurnalTo500(ex.Message); SetCountRequestToHour(TypeRequest._500, host, Domain.confToLog.EnableCountRequest); // Выводим ошибку viewBag.IsErrorRule = true; viewBag.ErrorTitleException = "Ошибка в правиле"; viewBag.ErrorRuleException = jsonDB.Base.DebugEnabled ? ex.Message : "Данные ошибки доступны в журнале 500"; return(View(context, viewBag, ActionCheckLink.deny)); } #endregion // Переопределенные правила if (OpenPageToRule(Domain.RuleOverrideAllow, Domain.RuleOverride2FA, Domain.RuleOverrideDeny) is Task pageToRuleOverride) { return(pageToRuleOverride); } // Обычные правила if (OpenPageToRule(Domain.RuleAllow, Domain.Rule2FA, Domain.RuleDeny) is Task pageToRule) { return(pageToRule); } // Записываем данные пользователя AddJurnalTo403And303(Is303: true); SetCountRequestToHour(TypeRequest._303, host, Domain.confToLog.EnableCountRequest); // Если не одно правило не подошло return(View(context, viewBag, ActionCheckLink.allow)); #region Локальный метод - "OpenPageToRule" Task OpenPageToRule(ModelCache.Rules.Rule RuleAllow, ModelCache.Rules.Rule Rule2FA, ModelCache.Rules.Rule RuleDeny) { #region азрешенные запросы if (IsRequestTheRules(RuleAllow)) { // Записываем данные пользователя AddJurnalTo403And303(Is303: true); SetCountRequestToHour(TypeRequest._303, host, Domain.confToLog.EnableCountRequest); // Если режим дебага выключен if (!jsonDB.Base.DebugEnabled) { context.Response.StatusCode = 303; return(context.Response.WriteAsync("303", context.RequestAborted)); } // Разрешаем запрос return(View(context, viewBag, ActionCheckLink.allow)); } #endregion #region Правила 2FA else if (IsRequestTheRules(Rule2FA)) { // Записываем данные пользователя AddJurnalTo200(Is2FA: true); SetCountRequestToHour(TypeRequest._200, host, Domain.confToLog.EnableCountRequest); // Если IP для 2FA уже есть if (memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistTo2FA(host, IP), out byte _)) { // Авторизация в Telegram if (!TelegramBot.IsAuth(IP, Is2FA: true)) { context.Response.ContentType = "text/html"; return(context.Response.WriteAsync(TelegramBot.AuthToHtml(IP), context.RequestAborted)); } // Успех return(View(context, viewBag, ActionCheckLink.allow)); } // Просим пройти 2FA авторизацию viewBag.CoreAPI = jsonDB.Base.CoreAPI; return(View(context, viewBag, ActionCheckLink.Is2FA)); } #endregion #region Запрещенные запросы else if (IsRequestTheRules(RuleDeny)) { // Записываем данные пользователя AddJurnalTo403And303(Is403: true); SetCountRequestToHour(TypeRequest._403, host, Domain.confToLog.EnableCountRequest); // Отдаем страницу 403 return(View(context, viewBag, ActionCheckLink.deny)); } #endregion // Если не одно правило не подошло return(null); } #endregion #region Локальный метод - "IsRequestTheRules" bool IsRequestTheRules(ModelCache.Rules.Rule rule) { #region Быстрая проверка 'GET/POST' запроса try { switch (method) { case "GET": return(rule.RuleGetToRegex != "^$" && Regex.IsMatch(uri, rule.RuleGetToRegex, RegexOptions.IgnoreCase)); case "POST": { if (rule.RulePostToRegex != "^$" && Regex.IsMatch(uri, rule.RulePostToRegex, RegexOptions.IgnoreCase)) { return(true); } break; } default: { // Записываем данные ошибки в журнал AddJurnalTo500($"Метод '{method}' не поддерживается", IsException: true); SetCountRequestToHour(TypeRequest._500, host, Domain.confToLog.EnableCountRequest); return(true); } } // Быстрая проверка POST запроса if (rule.RuleArgsCheckPostToRegex == "^$" || !Regex.IsMatch(uri, rule.RuleArgsCheckPostToRegex, RegexOptions.IgnoreCase)) { return(false); } } catch (Exception ex) { // Записываем данные ошибки в журнал AddJurnalTo500(ex.Message); SetCountRequestToHour(TypeRequest._500, host, Domain.confToLog.EnableCountRequest); // Если есть ошибка в одном из регексов viewBag.IsErrorRule = true; viewBag.ErrorTitleException = "Ошибка в правиле"; viewBag.ErrorRuleException = jsonDB.Base.DebugEnabled ? ex.Message : "Данные ошибки доступны в журнале 500"; return(true); } #endregion #region Полная проверка POST запроса // Если POST правил нету - (ложное срабатывание в 'RuleArgsCheckPostToRegex') if (rule.postRules == null && rule.postRules.Count < 1) { return(false); } foreach (var postRules in rule.postRules) { try { if (Regex.IsMatch(uri, postRules.rule, RegexOptions.IgnoreCase)) { // Проверяем есть ли в запросе POST аргументы не указаные в списке правил if (Regex.IsMatch(FormData, postRules.RulePostToRegex, RegexOptions.IgnoreCase)) { return(true); } } } catch (Exception ex) { // Записываем данные ошибки в журнал AddJurnalTo500(ex.Message); SetCountRequestToHour(TypeRequest._500, host, Domain.confToLog.EnableCountRequest); // Если есть ошибка в одном из регексов viewBag.IsErrorRule = true; viewBag.ErrorTitleException = "Ошибка в правиле"; viewBag.ErrorRuleException = jsonDB.Base.DebugEnabled ? ex.Message : "Данные ошибки доступны в журнале 500"; return(true); } } #endregion // Если ничего не подошло return(false); } #endregion #region Локальный метод - "AddJurnalTo500" void AddJurnalTo500(string errorMsg, bool IsException = false) { if (IsException) { viewBag.IsErrorRule = true; viewBag.ErrorTitleException = "Ошибка в запросе"; viewBag.ErrorRuleException = errorMsg; } if (Domain.confToLog.Jurn500 != WriteLogMode.off) { // Игнорирование логов if (!Regex.IsMatch(uri, Domain.IgnoreLogToRegex, RegexOptions.IgnoreCase)) { var model = new Jurnal500() { IP = IP, Host = host, Method = method, Uri = uri, FormData = FormData, UserAgent = userAgent, Referer = context.Request.Headers["Referer"], Time = DateTime.Now, ErrorMsg = errorMsg }; // Записываем данные в журнал switch (Domain.confToLog.Jurn500) { case WriteLogMode.File: WriteLogTo.FileStream(model); break; case WriteLogMode.SQL: WriteLogTo.SQL(model); break; case WriteLogMode.all: WriteLogTo.SQL(model); WriteLogTo.FileStream(model); break; } } } } #endregion #region Локальный метод - "AddJurnalTo403And303" void AddJurnalTo403And303(bool Is403 = false, bool Is303 = false) { if (viewBag.IsErrorRule) { return; } // Игнорирование логов if (Domain.confToLog.IsActive && (Domain.confToLog.Jurn403 != WriteLogMode.off || Domain.confToLog.Jurn303 != WriteLogMode.off) && !Regex.IsMatch(uri, Domain.IgnoreLogToRegex, RegexOptions.IgnoreCase)) { ThreadPool.QueueUserWorkItem(ob => { var geoIP = (Country: "Disabled", City: "Disabled", Region: "Disabled"); if (Domain.confToLog.EnableGeoIP) { geoIP = GeoIP2.City(IP); } #region 403 if (Is403) { var model = new Jurnal403() { IP = IP, Host = host, Method = method, Uri = uri, FormData = FormData, UserAgent = userAgent, Referer = Referer, Country = geoIP.Country, City = geoIP.City, Region = geoIP.Region, Time = DateTime.Now }; // Записываем данные в журнал switch (Domain.confToLog.Jurn403) { case WriteLogMode.File: WriteLogTo.FileStream(model); break; case WriteLogMode.SQL: WriteLogTo.SQL(model); break; case WriteLogMode.all: WriteLogTo.SQL(model); WriteLogTo.FileStream(model); break; } } #endregion #region 303 if (Is303) { var model = new Jurnal303() { IP = IP, Host = host, Method = method, Uri = uri, FormData = FormData, UserAgent = userAgent, Referer = Referer, Country = geoIP.Country, City = geoIP.City, Region = geoIP.Region, Time = DateTime.Now }; // Записываем данные в журнал switch (Domain.confToLog.Jurn303) { case WriteLogMode.File: WriteLogTo.FileStream(model); break; case WriteLogMode.SQL: WriteLogTo.SQL(model); break; case WriteLogMode.all: WriteLogTo.SQL(model); WriteLogTo.FileStream(model); break; } } #endregion }); } } #endregion #region Локальный метод - "AddJurnalTo200" void AddJurnalTo200(bool IsAntiBot = false, bool Is2FA = false, bool IsIPtables = false) { // Игнорирование логов if (Domain.confToLog.IsActive && !Regex.IsMatch(uri, Domain.IgnoreLogToRegex, RegexOptions.IgnoreCase)) { ThreadPool.QueueUserWorkItem(ob => { var geoIP = (Country: "Disabled", City: "Disabled", Region: "Disabled"); if (Domain.confToLog.EnableGeoIP) { geoIP = GeoIP2.City(IP); } #region Тип журнала var typeJurn = TypeJurn200.Unknown; if (IsAntiBot) { typeJurn = TypeJurn200.AntiBot; } if (Is2FA) { typeJurn = TypeJurn200._2FA; } if (IsIPtables) { typeJurn = TypeJurn200.IPtables; } #endregion var model = new Jurnal200() { typeJurn = typeJurn, IP = IP, Host = host, Method = method, Uri = uri, FormData = FormData, UserAgent = userAgent, Referer = Referer, Country = geoIP.Country, City = geoIP.City, Region = geoIP.Region, Time = DateTime.Now }; // Записываем данные в журнал switch (Domain.confToLog.Jurn200) { case WriteLogMode.File: WriteLogTo.FileStream(model); break; case WriteLogMode.SQL: WriteLogTo.SQL(model); break; case WriteLogMode.all: WriteLogTo.FileStream(model); break; } }); } } #endregion #region Локальный метод - "SetBlockedToIPtables" void SetBlockedToIPtables(string Msg, DateTime Expires, string PtrHostName) { // Данные для статистики SetCountRequestToHour(TypeRequest._401, host, Domain.confToLog.EnableCountRequest); // Записываем IP в кеш IPtables memoryCache.Set(KeyToMemoryCache.IPtables(IP, host), new IPtables(Msg, Expires), Expires); // Дублируем информацию в SQL WriteLogTo.SQL(new BlockedIP() { IP = IP, BlockingTime = Expires, Description = Msg, typeBlockIP = TypeBlockIP.domain, BlockedHost = host }); // Игнорирование логов if (Domain.confToLog.IsActive && !Regex.IsMatch(uri, Domain.IgnoreLogToRegex, RegexOptions.IgnoreCase)) { var geoIP = (Country : "Disabled", City : "Disabled", Region : "Disabled"); if (Domain.confToLog.EnableGeoIP) { geoIP = GeoIP2.City(IP); } // Модель Jurnal401 model = new Jurnal401() { Host = host, IP = IP, Msg = Msg, Ptr = PtrHostName, UserAgent = userAgent, Country = geoIP.Country, City = geoIP.City, Region = geoIP.Region, Time = DateTime.Now }; // Записываем данные в журнал switch (Domain.confToLog.Jurn401) { case WriteLogMode.File: WriteLogTo.FileStream(model); break; case WriteLogMode.SQL: WriteLogTo.SQL(model); break; case WriteLogMode.all: WriteLogTo.SQL(model); WriteLogTo.FileStream(model); break; } } } #endregion #region Локальный метод - "CheckLinkWhitelistToAllDomain" bool CheckLinkWhitelistToAllDomain() { // Глобальный доступ для IP ко всем сайтам // Глобальный доступ для IP в этому сайту if (memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistToAllDomain(IP), out byte _) || memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistToAll(host, IP), out byte _)) { return(true); } // IP для проверки в формате /24 string ipCache = Regex.Replace(IP, @"\.[0-9]+$", "");; // Глобальный доступ для IP ко всем сайтам // Глобальный доступ для IP в этому сайту if (memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistToAllDomain(ipCache), out byte _) || memoryCache.TryGetValue(KeyToMemoryCache.CheckLinkWhitelistToAll(host, ipCache), out byte _)) { return(true); } // IP нету в белом списке return(false); } #endregion }
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IApplicationLifetime applicationLifetime, IMemoryCache memoryCache) { #region Системные настройки loggerFactory.AddConsole(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } #endregion #region Добовляем порт в белый список if (Platform.Get == PlatformOS.Unix) { if (string.IsNullOrWhiteSpace(new Bash().Run("iptables -L INPUT -v -n 2>/dev/null | grep 8793"))) { new Bash().Run("iptables -I INPUT -p tcp --dport 8793 -j ACCEPT"); } } #endregion #region Unix Socket try { applicationLifetime.ApplicationStarted.Register(() => { if (Platform.Get == PlatformOS.Unix || Platform.Get == PlatformOS.Docker) { ThreadPool.QueueUserWorkItem((s) => { while (true) { // Ждем 3 секунды Thread.Sleep(1000 * 3); // Меняем права доступа if (File.Exists("/var/run/ispcore.sock")) { new Bash().Run("chmod 666 /var/run/ispcore.sock"); return; } } }); } }); } catch { } #endregion // Создаем сервис Service.Create(memoryCache); // Регистрируем триггеры RegisteredTriggers.Initialize(); #region Загружаем список BlockedIP в кеш using (CoreDB coreDB = Service.Get <CoreDB>()) { // IP который нужно удалить string unlockip = string.Empty; if (File.Exists($"{Folders.Tmp}/unlockip.root")) { unlockip = File.ReadAllText($"{Folders.Tmp}/unlockip.root").Trim(); } // Загружаем IP адреса foreach (var item in coreDB.BlockedsIP.AsNoTracking()) { if (item.BlockingTime > DateTime.Now && item.typeBlockIP != TypeBlockIP.UserAgent) { // Белый IP if (item.IP.Contains(unlockip)) { continue; } // Модель var data = new ModelIPtables(item.Description, item.BlockingTime); IPtables.AddIPv4Or6(item.IP, data, item.typeBlockIP, item.BlockedHost); } } } #endregion #region Загружаем список WhitePtrIP в кеш using (CoreDB coreDB = Service.Get <CoreDB>()) { // Загружаем IP адреса foreach (var item in coreDB.WhitePtrIPs.AsNoTracking()) { // Добовляем IP в кеш if (item.Expires > DateTime.Now) { memoryCache.Set(KeyToMemoryCache.WhitePtrIP(item.IPv4Or6), (byte)0, item.Expires); } } } #endregion #region Загружаем список "Разрешенные доступы" в кеш foreach (var item in AccessIP.List()) { // IP для кеша string ipCache = item.IP.Replace(".*", "").Replace(":*", ""); switch (item.accessType) { case AccessType.all: memoryCache.Set(KeyToMemoryCache.CheckLinkWhitelistToAll(item.host, ipCache), (byte)1, item.Expires); break; case AccessType.Is2FA: memoryCache.Set(KeyToMemoryCache.CheckLinkWhitelistTo2FA(item.host, ipCache), (byte)1, item.Expires); break; case AccessType.allDomain: memoryCache.Set(KeyToMemoryCache.CheckLinkWhitelistToAllDomain(ipCache), (byte)1, item.Expires); break; } } #endregion #region Кеш WhiteList / IPtables WhiteUserList.UpdateCache(); Engine.Security.IPtables.UpdateCacheToUserAgent(); #endregion #region Статичиские файлы var provider = new FileExtensionContentTypeProvider(); provider.Mappings[".jgz"] = "application/javascript"; app.UseStaticFiles(new StaticFileOptions { ContentTypeProvider = provider }); #endregion #region IP-адрес клиента app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto, KnownProxies = { IPAddress.Parse("172.17.42.1"), IPAddress.Parse("127.0.0.1") }, }); #endregion // Страницы ошибок app.UseMvc(routes => { routes.MapRoute("ErrorPage-404", "404", new { controller = "Error", action = "_404" }); }); // Блокировка IP app.UseIPtablesMiddleware(); #region Core API // Доступ запрещен с порта панели 8793 app.UseCoreMiddleware(); // Core CheckRequest app.Map("/core/check/request", ap => ap.Run(context => { if (Startup.cmd.Timeout.core == 0) { return(Engine.core.Check.Request.Check(context)); } // Состояние потока bool RanToCompletion = false; // Завершаем подключение через ** секунд var token = new CancellationTokenSource(1000 * Startup.cmd.Timeout.core).Token; token.Register(() => { if (!RanToCompletion) { context.Abort(); } }); // Проверка запроса var task = Engine.core.Check.Request.Check(context); RanToCompletion = task.Status == TaskStatus.RanToCompletion; // Успех return(task); })); // Core API app.UseMvc(routes => { routes.MapRoute(null, "core/unlock/2fa", new { controller = "CoreUnlock2FA", action = "Index" }); routes.MapRoute(null, "core/check/cookie", new { controller = "CoreCheckCookie", action = "Index" }); routes.MapRoute(null, "core/check/recaptcha", new { controller = "CoreCheckRecaptcha", action = "Base" }); routes.MapRoute(null, "core/check/recaptcha/limitrequest", new { controller = "CoreCheckRecaptcha", action = "LimitRequest" }); }); // AntiBotHub app.UseSignalR(routes => routes.MapHub <AntiBotHub>("/core/AntiBotHub")); // Генерация скриптов app.UseMvc(routes => { routes.MapRoute(null, "core/gen/antibot.js", new { controller = "CoreGenToAntiBot", action = "Index" }); }); // Заглушка для "Core API" app.Map("/core", ap => ap.Run(context => context.Response.WriteAsync("404 Not Found"))); #endregion #region Открытый API { // Проверка авторизации app.UseAuthApiMiddleware(); #region API - List app.UseMvc(routes => { routes.MapRoute(null, "api/list/home/jurnal", new { controller = "ApiListHome", action = "Jurnal" }); routes.MapRoute(null, "api/list/notifications", new { controller = "ApiListNotifications", action = "Jurnal" }); routes.MapRoute(null, "api/list/jsondb", new { controller = "ApiListJsonDB", action = "Get" }); routes.MapRoute(null, "api/list/whitelist/system", new { controller = "ApiListWhitelistTo", action = "Systems" }); routes.MapRoute(null, "api/list/security/anti-ddos/stats/day", new { controller = "ApiListAntiDdos", action = "StatsDay" }); routes.MapRoute(null, "api/list/security/anti-ddos/stats/month", new { controller = "ApiListAntiDdos", action = "StatsMonth" }); routes.MapRoute(null, "api/list/security/anti-ddos/jurnal", new { controller = "ApiListAntiDdos", action = "Jurnal" }); routes.MapRoute(null, "api/list/security/iptables/blockedip", new { controller = "ApiListIptables", action = "BlockedsIP" }); routes.MapRoute(null, "api/list/security/av/report", new { controller = "ApiListAntiVirus", action = "Report" }); routes.MapRoute(null, "api/list/requests-filter/domain", new { controller = "ApiListDomain", action = "Domain" }); routes.MapRoute(null, "api/list/requests-filter/domains", new { controller = "ApiListDomain", action = "Domains" }); routes.MapRoute(null, "api/list/requests-filter/template", new { controller = "ApiListTemplate", action = "Template" }); routes.MapRoute(null, "api/list/requests-filter/templates", new { controller = "ApiListTemplate", action = "Templates" }); routes.MapRoute(null, "api/list/requests-filter/access", new { controller = "ApiListAccess", action = "Get" }); routes.MapRoute(null, "api/list/requests-filter/monitoring/stats/day", new { controller = "ApiListMonitoring", action = "StatsDay" }); routes.MapRoute(null, "api/list/requests-filter/monitoring/stats/month", new { controller = "ApiListMonitoring", action = "StatsMonth" }); routes.MapRoute(null, "api/list/requests-filter/monitoring/jurnal", new { controller = "ApiListMonitoring", action = "Jurnal" }); routes.MapRoute(null, "api/list/backup/io/task", new { controller = "ApiListBackupFiles", action = "Task" }); routes.MapRoute(null, "api/list/backup/io/tasks", new { controller = "ApiListBackupFiles", action = "Tasks" }); routes.MapRoute(null, "api/list/backup/io/operations", new { controller = "ApiListBackupFiles", action = "Operation" }); routes.MapRoute(null, "api/list/backup/db/task", new { controller = "ApiListBackupDatabase", action = "Task" }); routes.MapRoute(null, "api/list/backup/db/tasks", new { controller = "ApiListBackupDatabase", action = "Tasks" }); routes.MapRoute(null, "api/list/backup/db/operations", new { controller = "ApiListBackupDatabase", action = "Operation" }); }); #endregion #region API - Add app.UseMvc(routes => { routes.MapRoute(null, "api/add/whitelist", new { controller = "ApiAddWhiteList", action = "Base" }); routes.MapRoute(null, "api/add/security/iptables", new { controller = "ApiAddIptables", action = "Base" }); routes.MapRoute(null, "api/add/backup/io/task", new { controller = "ApiAddBackupFiles", action = "Task" }); routes.MapRoute(null, "api/add/backup/io/ignore", new { controller = "ApiAddBackupFiles", action = "Ignore" }); routes.MapRoute(null, "api/add/backup/db/task", new { controller = "ApiAddBackupDatabase", action = "Task" }); routes.MapRoute(null, "api/add/requests-filter/template", new { controller = "ApiAddTemplate", action = "Base" }); routes.MapRoute(null, "api/add/requests-filter/template/rule", new { controller = "ApiAddRule", action = "RuleTemplate" }); routes.MapRoute(null, "api/add/requests-filter/domain", new { controller = "ApiAddDomain", action = "Domain" }); routes.MapRoute(null, "api/add/requests-filter/aliases", new { controller = "ApiAddDomain", action = "Aliases" }); routes.MapRoute(null, "api/add/requests-filter/domain/rule", new { controller = "ApiAddRule", action = "RuleDomain" }); routes.MapRoute(null, "api/add/requests-filter/domain/template", new { controller = "ApiAddDomain", action = "TemplatesId" }); routes.MapRoute(null, "api/add/requests-filter/domain/ignore", new { controller = "ApiAddDomain", action = "IgnoreLogs" }); routes.MapRoute(null, "api/add/requests-filter/access", new { controller = "ApiAddAccess", action = "Base" }); }); #endregion #region API - Remove app.UseMvc(routes => { routes.MapRoute(null, "api/remove/whitelist/user", new { controller = "ApiRemoveWhiteList", action = "Users" }); routes.MapRoute(null, "api/remove/whitelist/system", new { controller = "ApiRemoveWhiteList", action = "Systems" }); routes.MapRoute(null, "api/remove/security/iptables", new { controller = "ApiRemoveIptables", action = "BlockedsIP" }); routes.MapRoute(null, "api/remove/security/antivirus", new { controller = "ApiRemoveAntivirus", action = "Base" }); routes.MapRoute(null, "api/remove/backup/io/task", new { controller = "ApiRemoveBackupFiles", action = "Task" }); routes.MapRoute(null, "api/remove/backup/io/ignore", new { controller = "ApiRemoveBackupFiles", action = "Ignore" }); routes.MapRoute(null, "api/remove/backup/db/task", new { controller = "ApiRemoveBackupDatabase", action = "Task" }); routes.MapRoute(null, "api/remove/requests-filter/rules/base", new { controller = "ApiRemoveRules", action = "Rule" }); routes.MapRoute(null, "api/remove/requests-filter/rules/replace", new { controller = "ApiRemoveRules", action = "RuleReplace" }); routes.MapRoute(null, "api/remove/requests-filter/rules/override", new { controller = "ApiRemoveRules", action = "RuleOverride" }); routes.MapRoute(null, "api/remove/requests-filter/rules/arg", new { controller = "ApiRemoveRules", action = "RuleArg" }); routes.MapRoute(null, "api/remove/requests-filter/alias", new { controller = "ApiRemoveDomain", action = "Alias" }); routes.MapRoute(null, "api/remove/requests-filter/domain", new { controller = "ApiRemoveDomain", action = "Base" }); routes.MapRoute(null, "api/remove/requests-filter/domain/template", new { controller = "ApiRemoveDomain", action = "Template" }); routes.MapRoute(null, "api/remove/requests-filter/domain/ignore", new { controller = "ApiRemoveDomain", action = "Ignore" }); routes.MapRoute(null, "api/remove/requests-filter/template", new { controller = "ApiRemoveTemplate", action = "Base" }); routes.MapRoute(null, "api/remove/requests-filter/access", new { controller = "ApiRemoveAccess", action = "Base" }); }); #endregion #region API - Common app.UseMvc(routes => { routes.MapRoute(null, "api/common/av/start", new { controller = "ApiCommonAV", action = "Start" }); routes.MapRoute(null, "api/common/av/stop", new { controller = "ApiCommonAV", action = "Stop" }); routes.MapRoute(null, "api/common/template/export", new { controller = "ApiCommonTemplate", action = "Export" }); routes.MapRoute(null, "api/common/template/import", new { controller = "ApiCommonTemplate", action = "Import" }); routes.MapRoute(null, "api/common/backup/io/clearing/cache", new { controller = "ApiCommonBackupFiles", action = "ClearingCache" }); routes.MapRoute(null, "api/common/backup/io/recovery", new { controller = "ApiCommonBackupFiles", action = "Recovery" }); }); #endregion #region API - Edit app.UseMvc(routes => { routes.MapRoute(null, "api/edit/settings/base", new { controller = "ApiEditSettingsToBase", action = "Base" }); routes.MapRoute(null, "api/edit/settings/cache", new { controller = "ApiEditSettingsToBase", action = "Cache" }); routes.MapRoute(null, "api/edit/settings/api", new { controller = "ApiEditSettingsToBase", action = "API" }); routes.MapRoute(null, "api/edit/settings/security", new { controller = "ApiEditSettingsToBase", action = "Security" }); routes.MapRoute(null, "api/edit/settings/passwd", new { controller = "ApiEditSettingsToBase", action = "Passwd" }); routes.MapRoute(null, "api/edit/settings/brute-force", new { controller = "ApiEditSettingsToBase", action = "BruteForce" }); routes.MapRoute(null, "api/edit/settings/anti-ddos", new { controller = "ApiEditSettingsToBase", action = "AntiDdos" }); routes.MapRoute(null, "api/edit/settings/antivirus", new { controller = "ApiEditSettingsToBase", action = "AntiVirus" }); routes.MapRoute(null, "api/edit/settings/service/email", new { controller = "ApiEditSettingsToService", action = "Email" }); routes.MapRoute(null, "api/edit/settings/service/telegram", new { controller = "ApiEditSettingsToService", action = "Telegram" }); routes.MapRoute(null, "api/edit/settings/service/sms", new { controller = "ApiEditSettingsToService", action = "SMS" }); routes.MapRoute(null, "api/edit/antibot/base", new { controller = "ApiEditAntiBot", action = "Base" }); routes.MapRoute(null, "api/edit/antibot/limit", new { controller = "ApiEditAntiBot", action = "Limit" }); routes.MapRoute(null, "api/edit/domain/base", new { controller = "ApiEditDomain", action = "Base" }); routes.MapRoute(null, "api/edit/domain/log", new { controller = "ApiEditDomain", action = "LogSettings" }); routes.MapRoute(null, "api/edit/domain/av", new { controller = "ApiEditDomain", action = "AntiVirus" }); routes.MapRoute(null, "api/edit/domain/antibot", new { controller = "ApiEditDomain", action = "AntiBot" }); routes.MapRoute(null, "api/edit/domain/limit/request", new { controller = "ApiEditDomain", action = "LimitRequest" }); routes.MapRoute(null, "api/edit/template", new { controller = "ApiEditTemplate", action = "Base" }); routes.MapRoute(null, "api/edit/backup/io/task", new { controller = "ApiEditBackupFiles", action = "Task" }); routes.MapRoute(null, "api/edit/backup/io/ftp", new { controller = "ApiEditBackupFiles", action = "FTP" }); routes.MapRoute(null, "api/edit/backup/io/webdav", new { controller = "ApiEditBackupFiles", action = "WebDav" }); routes.MapRoute(null, "api/edit/backup/io/onedrive", new { controller = "ApiEditBackupFiles", action = "OneDrive" }); routes.MapRoute(null, "api/edit/backup/db/task", new { controller = "ApiEditBackupDatabase", action = "Task" }); routes.MapRoute(null, "api/edit/backup/db/task/dumpconf", new { controller = "ApiEditBackupDatabase", action = "DumpConf" }); routes.MapRoute(null, "api/edit/backup/db/connectionconf", new { controller = "ApiEditBackupDatabase", action = "ConnectionConf" }); }); #endregion } #endregion #region Авторизация // Страница авторизации app.UseMvc(routes => { routes.MapRoute(null, "auth", new { controller = "AuthToBase", action = "Index" }); routes.MapRoute(null, "auth/unlock", new { controller = "AuthToBase", action = "Unlock" }); routes.MapRoute(null, "auth/signout", new { controller = "AuthToBase", action = "SignOut" }); }); // Проверка авторизации app.UseAuthMiddleware(); // Страница 2FA app.UseMvc(routes => { routes.MapRoute(null, "auth/confirm", new { controller = "AuthToConfirm", action = "Index" }); routes.MapRoute(null, "auth/confirm/unlock", new { controller = "AuthToConfirm", action = "Unlock" }); }); #endregion // Главная страница app.UseMvc(routes => { routes.MapRoute(null, "", new { controller = "Home", action = "Index" }); }); #region API // FAQ app.UseMvc(routes => routes.MapRoute(null, "api/faq", new { controller = "ApiFaq", action = "Index" })); // Заглушка для "API" app.Map("/api", ap => ap.Run(context => context.Response.WriteAsync("404 Not Found"))); #endregion #region Настройки app.UseMvc(routes => { routes.MapRoute(null, "settings", new { controller = "SettingsToBase", action = "Index" }); routes.MapRoute(null, "settings/save/base", new { controller = "SettingsToBase", action = "Save" }); routes.MapRoute(null, "settings/whitelist", new { controller = "SettingsToUserWhiteList", action = "Index" }); routes.MapRoute(null, "settings/save/whitelist", new { controller = "SettingsToUserWhiteList", action = "Save" }); routes.MapRoute(null, "settings/remove/whitelist", new { controller = "SettingsToUserWhiteList", action = "Remove" }); routes.MapRoute(null, "settings/whitelist/export", new { controller = "SettingsToUserWhiteList", action = "Export" }); routes.MapRoute(null, "settings/whitelist/import", new { controller = "SettingsToUserWhiteList", action = "Import" }); routes.MapRoute(null, "settings/whitelist/system", new { controller = "SettingsToSystemWhiteList", action = "Index" }); routes.MapRoute(null, "settings/remove/whitelist/system", new { controller = "SettingsToSystemWhiteList", action = "Remove" }); routes.MapRoute(null, "settings/service", new { controller = "SettingsToService", action = "Index" }); routes.MapRoute(null, "settings/save/service", new { controller = "SettingsToService", action = "Save" }); }); #endregion #region Безопастность системы // Брандмауэр app.UseMvc(routes => { routes.MapRoute(null, "security/iptables", new { controller = "SecurityToIPtables", action = "Index" }); routes.MapRoute(null, "security/iptables/remove", new { controller = "SecurityToIPtables", action = "Remove" }); routes.MapRoute(null, "security/iptables/add", new { controller = "SecurityToIPtables", action = "Add" }); }); // Антивирус app.UseMvc(routes => { routes.MapRoute(null, "security/antivirus", new { controller = "SecurityToAntiVirus", action = "Index" }); routes.MapRoute(null, "security/antivirus/save", new { controller = "SecurityToAntiVirus", action = "Save" }); routes.MapRoute(null, "security/antivirus/remove", new { controller = "SecurityToAntiVirus", action = "Remove" }); routes.MapRoute(null, "security/antivirus/start", new { controller = "SecurityToAntiVirus", action = "Start" }); routes.MapRoute(null, "security/antivirus/stop", new { controller = "SecurityToAntiVirus", action = "Stop" }); }); // AntiDdos if (Platform.Get == PlatformOS.Unix) { app.UseMvc(routes => { routes.MapRoute(null, "security/anti-ddos", new { controller = "SecurityToAntiDdos", action = "Index" }); routes.MapRoute(null, "security/anti-ddos/save", new { controller = "SecurityToAntiDdos", action = "Save" }); }); } // Anti-Bot app.UseMvc(routes => { routes.MapRoute(null, "security/antibot", new { controller = "SecurityToAntiBot", action = "Index" }); routes.MapRoute(null, "security/antibot/save", new { controller = "SecurityToAntiBot", action = "Save" }); }); #endregion #region Фильтрация запросов // Views app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/domains", new { controller = "RequestsFilterToDomains", action = "Index" }); routes.MapRoute(null, "requests-filter/templates", new { controller = "RequestsFilterToTemplates", action = "Index" }); routes.MapRoute(null, "requests-filter/monitoring", new { controller = "RequestsFilterToMonitoring", action = "Index" }); }); // Common app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/common/remove/rule", new { controller = "RequestsFilterToCommon", action = "RemoveToRule" }); routes.MapRoute(null, "requests-filter/common/remove/rulereplace", new { controller = "RequestsFilterToCommon", action = "RemoveToRuleReplace" }); routes.MapRoute(null, "requests-filter/common/remove/ruleoverride", new { controller = "RequestsFilterToCommon", action = "RemoveToRuleOverride" }); routes.MapRoute(null, "requests-filter/common/remove/rulearg", new { controller = "RequestsFilterToCommon", action = "RemoveToRuleArg" }); routes.MapRoute(null, "requests-filter/common/remove/alias", new { controller = "RequestsFilterToCommon", action = "RemoveToAlias" }); }); // Шаблон app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/template", new { controller = "RequestsFilterToTemplate", action = "Index" }); routes.MapRoute(null, "requests-filter/template/save", new { controller = "RequestsFilterToTemplate", action = "Save" }); routes.MapRoute(null, "requests-filter/template/remove", new { controller = "RequestsFilterToTemplate", action = "Remove" }); routes.MapRoute(null, "requests-filter/template/import", new { controller = "RequestsFilterToTemplate", action = "Import" }); routes.MapRoute(null, "requests-filter/template/export", new { controller = "RequestsFilterToTemplate", action = "Export" }); }); // Разрешенные доступы app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/access", new { controller = "RequestsFilterToAccess", action = "Index" }); routes.MapRoute(null, "requests-filter/access/open", new { controller = "RequestsFilterToAccess", action = "Open" }); routes.MapRoute(null, "requests-filter/access/remove", new { controller = "RequestsFilterToAccess", action = "Remove" }); }); #endregion #region Фильтрация запросов - Домен // Домен - Главная/FAQ app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/domain/base", new { controller = "RequestsFilterToDomainBase", action = "Index" }); routes.MapRoute(null, "requests-filter/domain/faq", new { controller = "RequestsFilterToDomainBase", action = "Faq" }); routes.MapRoute(null, "requests-filter/domain/remove", new { controller = "RequestsFilterToDomainBase", action = "Remove" }); routes.MapRoute(null, "requests-filter/domain/save/base", new { controller = "RequestsFilterToDomainBase", action = "Save" }); routes.MapRoute(null, "requests-filter/domain/import", new { controller = "RequestsFilterToDomainBase", action = "Import" }); routes.MapRoute(null, "requests-filter/domain/export", new { controller = "RequestsFilterToDomainBase", action = "Export" }); }); // Домен - Алиасы app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/domain/aliases", new { controller = "RequestsFilterToDomainAliases", action = "Index" }); routes.MapRoute(null, "requests-filter/domain/save/aliases", new { controller = "RequestsFilterToDomainAliases", action = "Save" }); }); // Домен - Правила app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/domain/rules", new { controller = "RequestsFilterToDomainRules", action = "Index" }); routes.MapRoute(null, "requests-filter/domain/save/rules", new { controller = "RequestsFilterToDomainRules", action = "Save" }); }); // Домен - Настройки журнала app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/domain/logsettings", new { controller = "RequestsFilterToDomainLogSettings", action = "Index" }); routes.MapRoute(null, "requests-filter/domain/save/logsettings", new { controller = "RequestsFilterToDomainLogSettings", action = "Save" }); }); // Домен - Антивирус app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/domain/av", new { controller = "RequestsFilterToDomainAv", action = "Index" }); routes.MapRoute(null, "requests-filter/domain/save/av", new { controller = "RequestsFilterToDomainAv", action = "Save" }); }); // Домен - AntiBot app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/domain/antibot", new { controller = "RequestsFilterToDomainAntiBot", action = "Index" }); routes.MapRoute(null, "requests-filter/domain/save/antibot", new { controller = "RequestsFilterToDomainAntiBot", action = "Save" }); }); // Домен - Лимит запросов app.UseMvc(routes => { routes.MapRoute(null, "requests-filter/domain/limitrequest", new { controller = "RequestsFilterToDomainLimitRequest", action = "Index" }); routes.MapRoute(null, "requests-filter/domain/save/limitrequest", new { controller = "RequestsFilterToDomainLimitRequest", action = "Save" }); }); #endregion #region SyncBackup - IO // Views app.UseMvc(routes => { routes.MapRoute(null, "backup/io/tasks", new { controller = "SyncBackupFilesToTasks", action = "Index" }); routes.MapRoute(null, "backup/io/operation", new { controller = "SyncBackupFilesToOperation", action = "Index" }); }); // Задание app.UseMvc(routes => { routes.MapRoute(null, "backup/io/task", new { controller = "SyncBackupFilesToTask", action = "Index" }); routes.MapRoute(null, "backup/io/task/remove", new { controller = "SyncBackupFilesToTask", action = "Remove" }); routes.MapRoute(null, "backup/io/task/save", new { controller = "SyncBackupFilesToTask", action = "Save" }); routes.MapRoute(null, "backup/io/task/clearing-cache", new { controller = "SyncBackupFilesToTask", action = "ClearingCache" }); }); // Улиты app.UseMvc(routes => { routes.MapRoute(null, "backup/io/tools", new { controller = "SyncBackupFilesToTools", action = "Index" }); routes.MapRoute(null, "backup/io/tools/recover", new { controller = "SyncBackupFilesToTools", action = "Recovery" }); }); // Получение токенов app.UseMvc(routes => { routes.MapRoute(null, "backup/io/authorize/onedrive", new { controller = "SyncBackupFilesToAuthorize", action = "OneDrive" }); }); #endregion #region SyncBackup - DB // Views app.UseMvc(routes => { routes.MapRoute(null, "backup/db/tasks", new { controller = "SyncBackupDatabaseToTasks", action = "Index" }); routes.MapRoute(null, "backup/db/operation", new { controller = "SyncBackupDatabaseToOperation", action = "Index" }); }); // Задание app.UseMvc(routes => { routes.MapRoute(null, "backup/db/task", new { controller = "SyncBackupDatabaseToTask", action = "Index" }); routes.MapRoute(null, "backup/db/task/remove", new { controller = "SyncBackupDatabaseToTask", action = "Remove" }); routes.MapRoute(null, "backup/db/task/save", new { controller = "SyncBackupDatabaseToTask", action = "Save" }); }); #endregion #region Файловый менеджер app.UseMvc(routes => { routes.MapRoute(null, "file-manager", new { controller = "ToolsToFileManager", action = "Index" }); routes.MapRoute(null, "file-manager/target/{targetfile}", new { controller = "ToolsToFileManager", action = "Target" }); routes.MapRoute(null, "file-manager/connector", new { controller = "ToolsToFileManager", action = "Connector" }); routes.MapRoute(null, "file-manager/thumb/{hash}", new { controller = "ToolsToFileManager", action = "Thumbs" }); }); #endregion #region Триггеры app.UseMvc(routes => { routes.MapRoute(null, "triggers", new { controller = "ToolsToTriggers", action = "Index" }); routes.MapRoute(null, "trigger", new { controller = "ToolsToTriggerSettings", action = "Index" }); routes.MapRoute(null, "trigger/faq", new { controller = "ToolsToTriggerSettings", action = "FAQ" }); routes.MapRoute(null, "trigger/save", new { controller = "ToolsToTriggerSettings", action = "Save" }); routes.MapRoute(null, "trigger/remove", new { controller = "ToolsToTriggerSettings", action = "Remove" }); routes.MapRoute(null, "trigger/export", new { controller = "ToolsToTriggerSettings", action = "Export" }); routes.MapRoute(null, "trigger/import", new { controller = "ToolsToTriggerSettings", action = "Import" }); routes.MapRoute(null, "trigger/nodes", new { controller = "ToolsToTriggerNodes", action = "Index" }); routes.MapRoute(null, "trigger/nodes/save", new { controller = "ToolsToTriggerNodes", action = "Save" }); }); #endregion // Уведомления app.UseMvc(routes => { routes.MapRoute(null, "notifications", new { controller = "Notifications", action = "Index" }); }); // Ошибка 404 app.Run(async(context) => { await RewriteTo.Local(context, "404" + (context.Request.QueryString.Value.Contains("ajax=true") ? "?ajax=true" : "")); }); }