示例#1
0
        protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
        {
            if (cmd.RequiresToken)
            {
                var strtoken = parms["token"];
                if (strtoken == null)
                    return new Dictionary<string, string> { { "status", "401" }, { "error", "Not authorized. The specified API endpoint requires a token." } };

                object token;
                if (!Tokens.TryGetValue(strtoken, out token))
                    return new Dictionary<string, string> { { "status", "403" }, { "error", "Not authorized. The specified API endpoint requires a token, but the provided token was not valid." } };
            }
            return base.ExecuteCommand(cmd, verbs, parms);
        }
示例#2
0
        protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms, IRequest request, IHttpContext context)
        {
            if (!cmd.RequiresToken)
                return base.ExecuteCommand(cmd, verbs, parms, request, context);

            var token = parms["token"];
            if (token == null)
                return new RestObject("401")
                { Error = "Not authorized. The specified API endpoint requires a token." };

            SecureRestCommand secureCmd = (SecureRestCommand)cmd;
            TokenData tokenData;
            if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData))
                return new RestObject("403")
                { Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid." };

            // TODO: Get rid of this when the old REST permission model is removed.
            if (TShock.Config.RestUseNewPermissionModel)
            {
                Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName);
                if (userGroup == null)
                {
                    Tokens.Remove(token);

                    return new RestObject("403")
                    { Error = "Not authorized. The provided token became invalid due to group changes, please create a new token." };
                }

                if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm)))
                {
                    return new RestObject("403")
                    { Error = string.Format("Not authorized. User \"{0}\" has no access to use the specified API endpoint.", tokenData.Username) };
                }
            }

            object result = secureCmd.Execute(verbs, parms, tokenData, request, context);
            if (cmd.DoLog && TShock.Config.LogRest)
                TShock.Utils.SendLogs(string.Format(
                    "\"{0}\" requested REST endpoint: {1}", tokenData.Username, this.BuildRequestUri(cmd, verbs, parms, false)),
                    Color.PaleVioletRed);

            return result;
        }
示例#3
0
文件: Rest.cs 项目: vharonftw/TShock
 public void Register(RestCommand com)
 {
     AddCommand(com);
 }
示例#4
0
文件: Rest.cs 项目: vharonftw/TShock
 protected virtual object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
 {
     return cmd.Callback(verbs, parms);
 }
示例#5
0
文件: Rest.cs 项目: vharonftw/TShock
 protected void AddCommand(RestCommand com)
 {
     commands.Add(com);
 }
示例#6
0
文件: Rest.cs 项目: Ijwu/TShock
        protected virtual object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms, IRequest request)
        {
            object result = cmd.Execute(verbs, parms, request);
            if (cmd.DoLog && TShock.Config.LogRest)
            {
                TShock.Log.ConsoleInfo("Anonymous requested REST endpoint: " + BuildRequestUri(cmd, verbs, parms, false));
            }

            return result;
        }
示例#7
0
文件: Rest.cs 项目: Ijwu/TShock
        protected virtual string BuildRequestUri(
            RestCommand cmd, RestVerbs verbs, IParameterCollection parms, bool includeToken = true
            )
        {
            StringBuilder requestBuilder = new StringBuilder(cmd.UriTemplate);
            char separator = '?';
            foreach (IParameter paramImpl in parms)
            {
                Parameter param = (paramImpl as Parameter);
                if (param == null || (!includeToken && param.Name.Equals("token", StringComparison.InvariantCultureIgnoreCase)))
                    continue;

                requestBuilder.Append(separator);
                requestBuilder.Append(param.Name);
                requestBuilder.Append('=');
                requestBuilder.Append(param.Value);
                separator = '&';
            }

            return requestBuilder.ToString();
        }
示例#8
0
文件: Rest.cs 项目: mistzzt/TShock
 /// <summary>
 /// Adds a <see cref="RestCommand"/> to the service's command list
 /// </summary>
 /// <param name="com"><see cref="RestCommand"/> to add</param>
 protected void AddCommand(RestCommand com)
 {
     commands.Add(com);
 }
示例#9
0
文件: Rest.cs 项目: mistzzt/TShock
 /// <summary>
 /// Registers a <see cref="RestCommand"/>
 /// </summary>
 /// <param name="com"><see cref="RestCommand"/> to register</param>
 public void Register(RestCommand com)
 {
     AddCommand(com);
 }
示例#10
0
        protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms, IRequest request, IHttpContext context)
        {
            if (!cmd.RequiresToken)
            {
                return(base.ExecuteCommand(cmd, verbs, parms, request, context));
            }

            var token = parms["token"];

            if (token == null)
            {
                return new RestObject("401")
                       {
                           Error = "Not authorized. The specified API endpoint requires a token."
                       }
            }
            ;

            SecureRestCommand secureCmd = (SecureRestCommand)cmd;
            TokenData         tokenData;

            if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData))
            {
                return new RestObject("403")
                       {
                           Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid."
                       }
            }
            ;

            Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName);

            if (userGroup == null)
            {
                Tokens.Remove(token);

                return(new RestObject("403")
                {
                    Error = "Not authorized. The provided token became invalid due to group changes, please create a new token."
                });
            }

            if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm)))
            {
                return(new RestObject("403")
                {
                    Error = string.Format("Not authorized. User \"{0}\" has no access to use the specified API endpoint.", tokenData.Username)
                });
            }

            //Main.rand being null can cause issues in command execution.
            //This should solve that
            if (Main.rand == null)
            {
                Main.rand = new Terraria.Utilities.UnifiedRandom();
            }

            object result = secureCmd.Execute(verbs, parms, tokenData, request, context);

            if (cmd.DoLog && TShock.Config.Settings.LogRest)
            {
                TShock.Utils.SendLogs(string.Format(
                                          "\"{0}\" requested REST endpoint: {1}", tokenData.Username, this.BuildRequestUri(cmd, verbs, parms, false)),
                                      Color.PaleVioletRed);
            }

            return(result);
        }
    }
}
示例#11
0
 protected virtual object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
 {
     return(cmd.Callback(verbs, parms));
 }
示例#12
0
        protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms, IRequest request)
        {
            if (!cmd.RequiresToken)
            {
                return(base.ExecuteCommand(cmd, verbs, parms, request));
            }

            var token = parms["token"];

            if (token == null)
            {
                return new RestObject("401")
                       {
                           Error = "Not authorized. The specified API endpoint requires a token."
                       }
            }
            ;

            SecureRestCommand secureCmd = (SecureRestCommand)cmd;
            TokenData         tokenData;

            if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData))
            {
                return new RestObject("403")
                       {
                           Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid."
                       }
            }
            ;

            // TODO: Get rid of this when the old REST permission model is removed.
            if (TShock.Config.RestUseNewPermissionModel)
            {
                Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName);

                if (userGroup == null)
                {
                    Tokens.Remove(token);

                    return(new RestObject("403")
                    {
                        Error = "Not authorized. The provided token became invalid due to group changes, please create a new token."
                    });
                }

                if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm)))
                {
                    return(new RestObject("403")
                    {
                        Error = string.Format("Not authorized. User \"{0}\" has no access to use the specified API endpoint.", tokenData.Username)
                    });
                }
            }

            object result = secureCmd.Execute(verbs, parms, tokenData, request);

            if (cmd.DoLog && TShock.Config.LogRest)
            {
                TShock.Utils.SendLogs(string.Format(
                                          "\"{0}\" requested REST endpoint: {1}", tokenData.Username, this.BuildRequestUri(cmd, verbs, parms, false)),
                                      Color.PaleVioletRed);
            }

            return(result);
        }
    }
}