themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Added SecureRest which implements token requirement for commands. Still must implement a Verify function and probably change SecureRest around a bit.

Browse source
This commit is contained in:
high 2011-09-05 02:44:46 -04:00
parent 734b11681f
commit 1fe7284f7c
5 changed files with 134 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

72
TShockAPI/Rest.cs
View file

@ -15,9 +15,9 @@ namespace TShockAPI
/// Rest command delegate /// Rest command delegate
/// </summary> /// </summary>
/// <param name="parameters">Parameters in the url</param> /// <param name="parameters">Parameters in the url</param>
/// <param name="request">Http request</param> /// <param name="verbs">{x} in urltemplate</param>
/// <returns>Response object or null to not handle request</returns> /// <returns>Response object or null to not handle request</returns>
public delegate object RestCommandD(RestVerbs verbs, IParameterCollection parameters, RequestEventArgs request); public delegate object RestCommandD(RestVerbs verbs, IParameterCollection parameters);
public class Rest : IDisposable public class Rest : IDisposable
{ {
readonly List<RestCommand> commands = new List<RestCommand>(); readonly List<RestCommand> commands = new List<RestCommand>();
@ -62,7 +62,7 @@ namespace TShockAPI
protected virtual void OnRequest(object sender, RequestEventArgs e) protected virtual void OnRequest(object sender, RequestEventArgs e)
{ {
var obj = Process(sender, e); var obj = ProcessRequest(sender, e);
if (obj == null) if (obj == null)
throw new NullReferenceException("obj"); throw new NullReferenceException("obj");
var str = JsonConvert.SerializeObject(obj, Formatting.Indented); var str = JsonConvert.SerializeObject(obj, Formatting.Indented);
@ -72,25 +72,40 @@ namespace TShockAPI
return; return;
} }
protected virtual object Process(object sender, RequestEventArgs e) protected virtual object ProcessRequest(object sender, RequestEventArgs e)
{ {
foreach (var com in commands) foreach (var com in commands)
{
var matches = Regex.Matches(e.Request.Uri.AbsolutePath, com.UriMatch);
if (matches.Count == com.UriNames.Length)
{ {
var verbs = new RestVerbs(); var verbs = new RestVerbs();
for (int i = 0; i < matches.Count; i++) if (com.HasVerbs)
verbs.Add(com.UriNames[i], matches[i].Groups[1].Value); {
var match = Regex.Match(e.Request.Uri.AbsolutePath, com.UriVerbMatch);
if (!match.Success)
continue;
if ((match.Groups.Count - 1) != com.UriVerbs.Length)
continue;
var obj = com.Callback(verbs, e.Request.Parameters, e); for (int i = 0; i < com.UriVerbs.Length; i++)
verbs.Add(com.UriVerbs[i], match.Groups[i + 1].Value);
}
else if (com.UriTemplate.ToLower() != e.Request.Uri.AbsolutePath.ToLower())
{
continue;
}
var obj = ExecuteCommand(com, verbs, e.Request.Parameters);
if (obj != null) if (obj != null)
return obj; return obj;
}
} }
return new Dictionary<string, string> { { "Error", "Invalid request" } }; return new Dictionary<string, string> { { "Error", "Invalid request" } };
} }
protected virtual object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
{
return cmd.Callback(verbs, parms);
}
#region Dispose #region Dispose
public void Dispose() public void Dispose()
{ {
@ -123,18 +138,43 @@ namespace TShockAPI
public class RestCommand public class RestCommand
{ {
public string Name { get; protected set; }
public string UriTemplate { get; protected set; } public string UriTemplate { get; protected set; }
public string UriMatch { get; protected set; } public string UriVerbMatch { get; protected set; }
public string[] UriNames { get; protected set; } public string[] UriVerbs { get; protected set; }
public RestCommandD Callback { get; protected set; } public RestCommandD Callback { get; protected set; }
public bool RequiesToken { get; set; }
public RestCommand(string uritemplate, RestCommandD callback) /// <summary>
///
/// </summary>
/// <param name="name">Used for identification</param>
/// <param name="uritemplate">Url template</param>
/// <param name="callback">Rest Command callback</param>
public RestCommand(string name, string uritemplate, RestCommandD callback)
{ {
Name = name;
UriTemplate = uritemplate; UriTemplate = uritemplate;
UriMatch = string.Join("([^/]*)", Regex.Split(uritemplate, "\\{[^\\{\\}]*\\}")); UriVerbMatch = string.Join("([^/]*)", Regex.Split(uritemplate, "\\{[^\\{\\}]*\\}"));
var matches = Regex.Matches(uritemplate, "\\{([^\\{\\}]*)\\}"); var matches = Regex.Matches(uritemplate, "\\{([^\\{\\}]*)\\}");
UriNames = (from Match match in matches select match.Groups[1].Value).ToArray(); UriVerbs = (from Match match in matches select match.Groups[1].Value).ToArray();
Callback = callback; Callback = callback;
RequiesToken = true;
}
/// <summary>
///
/// </summary>
/// <param name="uritemplate">Url template</param>
/// <param name="callback">Rest Command callback</param>
public RestCommand(string uritemplate, RestCommandD callback)
: this(string.Empty, uritemplate, callback)
{
}
public bool HasVerbs
{
get { return UriVerbs.Length > 0; }
} }
} }
} }

57
TShockAPI/SecureRest.cs Normal file
View file

@ -0,0 +1,57 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using HttpServer;
namespace TShockAPI
{
public delegate bool VerifyD(string username, string password);
public class SecureRest : Rest
{
public Dictionary<string, object> Tokens { get; protected set; }
public event VerifyD Verify;
public SecureRest(IPAddress ip, int port)
: base(ip, port)
{
Tokens = new Dictionary<string, object>();
Register(new RestCommand("/token/new/{username}/{password}", newtoken) { RequiesToken = false });
}
object newtoken(RestVerbs verbs, IParameterCollection parameters)
{
var user = verbs["username"];
var pass = verbs["password"];
if (Verify != null && !Verify(user, pass))
return new Dictionary<string, string> { { "Error", "Failed to verify username/password" } };
string hash = string.Empty;
var rand = new Random();
var randbytes = new byte[20];
do
{
rand.NextBytes(randbytes);
hash = Tools.HashPassword(randbytes);
} while (Tokens.ContainsKey(hash));
Tokens.Add(hash, new Object());
return new Dictionary<string, string> { { "Token", hash } }; ;
}
protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
{
if (cmd.RequiesToken)
{
var strtoken = parms["token"];
if (strtoken == null)
return new Dictionary<string, string> { { "Error", "Token Missing" } };
object token;
if (!Tokens.TryGetValue(strtoken, out token))
return new Dictionary<string, string> { { "Error", "Token Invalid" } };
}
return base.ExecuteCommand(cmd, verbs, parms);
}
}
}

2
TShockAPI/TShock.cs
View file

@ -176,7 +176,7 @@ namespace TShockAPI
Regions = new RegionManager(DB); Regions = new RegionManager(DB);
Itembans = new ItemManager(DB); Itembans = new ItemManager(DB);
RememberedPos = new RemeberedPosManager(DB); RememberedPos = new RemeberedPosManager(DB);
RestApi = new Rest(IPAddress.Any, 8080); RestApi = new SecureRest(IPAddress.Any, 8080);
RestManager = new RestManager(RestApi); RestManager = new RestManager(RestApi);
RestManager.RegisterRestfulCommands(); RestManager.RegisterRestfulCommands();
if (Config.EnableGeoIP) if (Config.EnableGeoIP)

3
TShockAPI/TShockAPI.csproj
View file

@ -126,6 +126,7 @@
</Compile> </Compile>
<Compile Include="Rest.cs" /> <Compile Include="Rest.cs" />
<Compile Include="RestManager.cs" /> <Compile Include="RestManager.cs" />
<Compile Include="SecureRest.cs" />
<Compile Include="Tools.cs" /> <Compile Include="Tools.cs" />
<Compile Include="TShock.cs" /> <Compile Include="TShock.cs" />
<Compile Include="Properties\AssemblyInfo.cs" /> <Compile Include="Properties\AssemblyInfo.cs" />
@ -182,7 +183,7 @@
</PropertyGroup> </PropertyGroup>
<ProjectExtensions> <ProjectExtensions>
<VisualStudio> <VisualStudio>
<UserProperties BuildVersion_IncrementBeforeBuild="False" BuildVersion_StartDate="2011/6/17" BuildVersion_BuildVersioningStyle="None.None.None.MonthAndDayStamp" BuildVersion_BuildAction="Both" BuildVersion_UpdateFileVersion="True" BuildVersion_UpdateAssemblyVersion="True" /> <UserProperties BuildVersion_UpdateAssemblyVersion="True" BuildVersion_UpdateFileVersion="True" BuildVersion_BuildAction="Both" BuildVersion_BuildVersioningStyle="None.None.None.MonthAndDayStamp" BuildVersion_StartDate="2011/6/17" BuildVersion_IncrementBeforeBuild="False" />
</VisualStudio> </VisualStudio>
</ProjectExtensions> </ProjectExtensions>
<!-- To modify your build process, add your task inside one of the targets below and uncomment it. <!-- To modify your build process, add your task inside one of the targets below and uncomment it.

24
TShockAPI/Tools.cs
View file

@ -535,23 +535,33 @@ namespace TShockAPI
/// <summary> /// <summary>
/// Returns a Sha256 string for a given string /// Returns a Sha256 string for a given string
/// </summary> /// </summary>
/// <param name="password">string password</param> /// <param name="bytes">bytes to hash</param>
/// <returns>string sha256</returns> /// <returns>string sha256</returns>
public static string HashPassword(string password) public static string HashPassword(byte[] bytes)
{ {
if (string.IsNullOrEmpty(password) || password == "non-existant password") if (bytes == null)
return "non-existant password"; throw new NullReferenceException("bytes");
Func<HashAlgorithm> func; Func<HashAlgorithm> func;
if (!HashTypes.TryGetValue(HashAlgo.ToLower(), out func)) if (!HashTypes.TryGetValue(HashAlgo.ToLower(), out func))
throw new NotSupportedException("Hashing algorithm {0} is not supported".SFormat(HashAlgo.ToLower())); throw new NotSupportedException("Hashing algorithm {0} is not supported".SFormat(HashAlgo.ToLower()));
using (var hash = func()) using (var hash = func())
{ {
var bytes = hash.ComputeHash(Encoding.ASCII.GetBytes(password)); var ret = hash.ComputeHash(bytes);
return bytes.Aggregate("", (s, b) => s + b.ToString("X2")); return ret.Aggregate("", (s, b) => s + b.ToString("X2"));
} }
} }
/// <summary>
/// Returns a Sha256 string for a given string
/// </summary>
/// <param name="bytes">bytes to hash</param>
/// <returns>string sha256</returns>
public static string HashPassword(string password)
{
if (string.IsNullOrEmpty(password) || password == "non-existant password")
return "non-existant password";
return HashPassword(Encoding.UTF8.GetBytes(password));
}
/// <summary> /// <summary>
/// Checks if the string contains any unprintable characters /// Checks if the string contains any unprintable characters