-Added REST per-endpoint permissions.

-Added REST endpoint "/v2/server/restart". -Added REST endpoint "/v2/server/reload". -Added REST endpoint "/v3/server/rawcmd", will output all returned lines as an array instead. -Added "uptime", "serverpassword", "rules/ServerSideInventory" fields to REST endpoint "/v2/server/status". -REST requests are now logged. -Endpoint "/v2/server/rawcmd" does now check whether the user has the sufficient permission to execute the command. -Fixed Config.EnableTokenEndpointAuthentication not working properly before. -Removed obsolete "api" permission (only "restapi" now).
2013-07-25 12:31:11 +02:00 · 2013-07-25 12:31:11 +02:00 · 0ea83746cf
commit 0ea83746cf
parent 4e7b497ae4
9 changed files with 415 additions and 237 deletions
--- a/TShockAPI/Rest/Rest.cs
+++ b/TShockAPI/Rest/Rest.cs
@ -36,7 +36,16 @@ namespace Rests
 	/// <param name="parameters">Parameters in the url</param>
 	/// <param name="verbs">{x} in urltemplate</param>
 	/// <returns>Response object or null to not handle request</returns>
-	public delegate object RestCommandD(RestVerbs verbs, IParameterCollection parameters);
+	public delegate object RestCommandD(RestVerbs verbs, IParameterCollection parameters);
+
+	/// <summary>
+	/// Secure Rest command delegate including a token.
+	/// </summary>
+	/// <param name="parameters">Parameters in the url</param>
+	/// <param name="verbs">{x} in urltemplate</param>
+	/// <param name="tokenData">The data of stored for the provided token.</param>
+	/// <returns>Response object or null to not handle request</returns>
+	public delegate object SecureRestCommandD(RestVerbs verbs, IParameterCollection parameters, SecureRest.TokenData tokenData);

 	public class Rest : IDisposable
 	{
@ -182,7 +191,41 @@ namespace Rests

 		protected virtual object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
 		{
-			return cmd.Callback(verbs, parms);
+			object result = cmd.Execute(verbs, parms);
+			if (cmd.DoLog)
+				Log.ConsoleInfo("Anonymous requested REST endpoint: " + BuildRequestUri(cmd, verbs, parms, false));
+
+			return result;
+		}
+
+		protected virtual string BuildRequestUri(
+			RestCommand cmd, RestVerbs verbs, IParameterCollection parms, bool includeToken = true
+		) {
+			StringBuilder requestBuilder = new StringBuilder(cmd.UriTemplate);
+			if (parms.Count > 0)
+			{
+				bool isFirstParam = true;
+				foreach (IParameter paramImpl in parms)
+				{
+					Parameter param = (paramImpl as Parameter);
+					if (param == null || (!includeToken && param.Name.Equals("token", StringComparison.InvariantCultureIgnoreCase)))
+						continue;
+
+					if (!isFirstParam)
+						requestBuilder.Append('&');
+					else
+					{
+						requestBuilder.Append('?');
+						isFirstParam = false;
+					}
+
+					requestBuilder.Append(param.Name);
+					requestBuilder.Append('=');
+					requestBuilder.Append(param.Value);
+				}
+			}
+			
+			return requestBuilder.ToString();
 		}

 		#region Dispose