Added SecureRest which implements token requirement for commands. Still must implement a Verify function and probably change SecureRest around a bit.
This commit is contained in:
high
parent
734b11681f
commit
1fe7284f7c
5 changed files with 134 additions and 26 deletions
|
|
@ -15,9 +15,9 @@ namespace TShockAPI
|
|||
/// Rest command delegate
|
||||
/// </summary>
|
||||
/// <param name="parameters">Parameters in the url</param>
|
||||
/// <param name="request">Http request</param>
|
||||
/// <param name="verbs">{x} in urltemplate</param>
|
||||
/// <returns>Response object or null to not handle request</returns>
|
||||
public delegate object RestCommandD(RestVerbs verbs, IParameterCollection parameters, RequestEventArgs request);
|
||||
public delegate object RestCommandD(RestVerbs verbs, IParameterCollection parameters);
|
||||
public class Rest : IDisposable
|
||||
{
|
||||
readonly List<RestCommand> commands = new List<RestCommand>();
|
||||
|
|
@ -62,7 +62,7 @@ namespace TShockAPI
|
|||
|
||||
protected virtual void OnRequest(object sender, RequestEventArgs e)
|
||||
{
|
||||
var obj = Process(sender, e);
|
||||
var obj = ProcessRequest(sender, e);
|
||||
if (obj == null)
|
||||
throw new NullReferenceException("obj");
|
||||
var str = JsonConvert.SerializeObject(obj, Formatting.Indented);
|
||||
|
|
@ -72,25 +72,40 @@ namespace TShockAPI
|
|||
return;
|
||||
}
|
||||
|
||||
protected virtual object Process(object sender, RequestEventArgs e)
|
||||
protected virtual object ProcessRequest(object sender, RequestEventArgs e)
|
||||
{
|
||||
foreach (var com in commands)
|
||||
{
|
||||
var matches = Regex.Matches(e.Request.Uri.AbsolutePath, com.UriMatch);
|
||||
if (matches.Count == com.UriNames.Length)
|
||||
var verbs = new RestVerbs();
|
||||
if (com.HasVerbs)
|
||||
{
|
||||
var verbs = new RestVerbs();
|
||||
for (int i = 0; i < matches.Count; i++)
|
||||
verbs.Add(com.UriNames[i], matches[i].Groups[1].Value);
|
||||
var match = Regex.Match(e.Request.Uri.AbsolutePath, com.UriVerbMatch);
|
||||
if (!match.Success)
|
||||
continue;
|
||||
if ((match.Groups.Count - 1) != com.UriVerbs.Length)
|
||||
continue;
|
||||
|
||||
var obj = com.Callback(verbs, e.Request.Parameters, e);
|
||||
if (obj != null)
|
||||
return obj;
|
||||
for (int i = 0; i < com.UriVerbs.Length; i++)
|
||||
verbs.Add(com.UriVerbs[i], match.Groups[i + 1].Value);
|
||||
}
|
||||
else if (com.UriTemplate.ToLower() != e.Request.Uri.AbsolutePath.ToLower())
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
var obj = ExecuteCommand(com, verbs, e.Request.Parameters);
|
||||
if (obj != null)
|
||||
return obj;
|
||||
|
||||
}
|
||||
return new Dictionary<string, string> { { "Error", "Invalid request" } };
|
||||
}
|
||||
|
||||
protected virtual object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
|
||||
{
|
||||
return cmd.Callback(verbs, parms);
|
||||
}
|
||||
|
||||
#region Dispose
|
||||
public void Dispose()
|
||||
{
|
||||
|
|
@ -123,18 +138,43 @@ namespace TShockAPI
|
|||
|
||||
public class RestCommand
|
||||
{
|
||||
public string Name { get; protected set; }
|
||||
public string UriTemplate { get; protected set; }
|
||||
public string UriMatch { get; protected set; }
|
||||
public string[] UriNames { get; protected set; }
|
||||
public string UriVerbMatch { get; protected set; }
|
||||
public string[] UriVerbs { get; protected set; }
|
||||
public RestCommandD Callback { get; protected set; }
|
||||
public bool RequiesToken { get; set; }
|
||||
|
||||
public RestCommand(string uritemplate, RestCommandD callback)
|
||||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
/// <param name="name">Used for identification</param>
|
||||
/// <param name="uritemplate">Url template</param>
|
||||
/// <param name="callback">Rest Command callback</param>
|
||||
public RestCommand(string name, string uritemplate, RestCommandD callback)
|
||||
{
|
||||
Name = name;
|
||||
UriTemplate = uritemplate;
|
||||
UriMatch = string.Join("([^/]*)", Regex.Split(uritemplate, "\\{[^\\{\\}]*\\}"));
|
||||
UriVerbMatch = string.Join("([^/]*)", Regex.Split(uritemplate, "\\{[^\\{\\}]*\\}"));
|
||||
var matches = Regex.Matches(uritemplate, "\\{([^\\{\\}]*)\\}");
|
||||
UriNames = (from Match match in matches select match.Groups[1].Value).ToArray();
|
||||
UriVerbs = (from Match match in matches select match.Groups[1].Value).ToArray();
|
||||
Callback = callback;
|
||||
RequiesToken = true;
|
||||
}
|
||||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
/// <param name="uritemplate">Url template</param>
|
||||
/// <param name="callback">Rest Command callback</param>
|
||||
public RestCommand(string uritemplate, RestCommandD callback)
|
||||
: this(string.Empty, uritemplate, callback)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
public bool HasVerbs
|
||||
{
|
||||
get { return UriVerbs.Length > 0; }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
57
TShockAPI/SecureRest.cs
Normal file
57
TShockAPI/SecureRest.cs
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Text;
|
||||
using HttpServer;
|
||||
|
||||
namespace TShockAPI
|
||||
{
|
||||
public delegate bool VerifyD(string username, string password);
|
||||
public class SecureRest : Rest
|
||||
{
|
||||
public Dictionary<string, object> Tokens { get; protected set; }
|
||||
public event VerifyD Verify;
|
||||
public SecureRest(IPAddress ip, int port)
|
||||
: base(ip, port)
|
||||
{
|
||||
Tokens = new Dictionary<string, object>();
|
||||
Register(new RestCommand("/token/new/{username}/{password}", newtoken) { RequiesToken = false });
|
||||
}
|
||||
object newtoken(RestVerbs verbs, IParameterCollection parameters)
|
||||
{
|
||||
var user = verbs["username"];
|
||||
var pass = verbs["password"];
|
||||
|
||||
if (Verify != null && !Verify(user, pass))
|
||||
return new Dictionary<string, string> { { "Error", "Failed to verify username/password" } };
|
||||
|
||||
string hash = string.Empty;
|
||||
var rand = new Random();
|
||||
var randbytes = new byte[20];
|
||||
do
|
||||
{
|
||||
rand.NextBytes(randbytes);
|
||||
hash = Tools.HashPassword(randbytes);
|
||||
} while (Tokens.ContainsKey(hash));
|
||||
|
||||
Tokens.Add(hash, new Object());
|
||||
|
||||
return new Dictionary<string, string> { { "Token", hash } }; ;
|
||||
}
|
||||
protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
|
||||
{
|
||||
if (cmd.RequiesToken)
|
||||
{
|
||||
var strtoken = parms["token"];
|
||||
if (strtoken == null)
|
||||
return new Dictionary<string, string> { { "Error", "Token Missing" } };
|
||||
|
||||
object token;
|
||||
if (!Tokens.TryGetValue(strtoken, out token))
|
||||
return new Dictionary<string, string> { { "Error", "Token Invalid" } };
|
||||
}
|
||||
return base.ExecuteCommand(cmd, verbs, parms);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -176,7 +176,7 @@ namespace TShockAPI
|
|||
Regions = new RegionManager(DB);
|
||||
Itembans = new ItemManager(DB);
|
||||
RememberedPos = new RemeberedPosManager(DB);
|
||||
RestApi = new Rest(IPAddress.Any, 8080);
|
||||
RestApi = new SecureRest(IPAddress.Any, 8080);
|
||||
RestManager = new RestManager(RestApi);
|
||||
RestManager.RegisterRestfulCommands();
|
||||
if (Config.EnableGeoIP)
|
||||
|
|
|
|||
|
|
@ -126,6 +126,7 @@
|
|||
</Compile>
|
||||
<Compile Include="Rest.cs" />
|
||||
<Compile Include="RestManager.cs" />
|
||||
<Compile Include="SecureRest.cs" />
|
||||
<Compile Include="Tools.cs" />
|
||||
<Compile Include="TShock.cs" />
|
||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||
|
|
@ -182,7 +183,7 @@
|
|||
</PropertyGroup>
|
||||
<ProjectExtensions>
|
||||
<VisualStudio>
|
||||
<UserProperties BuildVersion_IncrementBeforeBuild="False" BuildVersion_StartDate="2011/6/17" BuildVersion_BuildVersioningStyle="None.None.None.MonthAndDayStamp" BuildVersion_BuildAction="Both" BuildVersion_UpdateFileVersion="True" BuildVersion_UpdateAssemblyVersion="True" />
|
||||
<UserProperties BuildVersion_UpdateAssemblyVersion="True" BuildVersion_UpdateFileVersion="True" BuildVersion_BuildAction="Both" BuildVersion_BuildVersioningStyle="None.None.None.MonthAndDayStamp" BuildVersion_StartDate="2011/6/17" BuildVersion_IncrementBeforeBuild="False" />
|
||||
</VisualStudio>
|
||||
</ProjectExtensions>
|
||||
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
|
||||
|
|
|
|||
|
|
@ -535,23 +535,33 @@ namespace TShockAPI
|
|||
/// <summary>
|
||||
/// Returns a Sha256 string for a given string
|
||||
/// </summary>
|
||||
/// <param name="password">string password</param>
|
||||
/// <param name="bytes">bytes to hash</param>
|
||||
/// <returns>string sha256</returns>
|
||||
public static string HashPassword(string password)
|
||||
public static string HashPassword(byte[] bytes)
|
||||
{
|
||||
if (string.IsNullOrEmpty(password) || password == "non-existant password")
|
||||
return "non-existant password";
|
||||
|
||||
if (bytes == null)
|
||||
throw new NullReferenceException("bytes");
|
||||
Func<HashAlgorithm> func;
|
||||
if (!HashTypes.TryGetValue(HashAlgo.ToLower(), out func))
|
||||
throw new NotSupportedException("Hashing algorithm {0} is not supported".SFormat(HashAlgo.ToLower()));
|
||||
|
||||
using (var hash = func())
|
||||
{
|
||||
var bytes = hash.ComputeHash(Encoding.ASCII.GetBytes(password));
|
||||
return bytes.Aggregate("", (s, b) => s + b.ToString("X2"));
|
||||
var ret = hash.ComputeHash(bytes);
|
||||
return ret.Aggregate("", (s, b) => s + b.ToString("X2"));
|
||||
}
|
||||
}
|
||||
/// <summary>
|
||||
/// Returns a Sha256 string for a given string
|
||||
/// </summary>
|
||||
/// <param name="bytes">bytes to hash</param>
|
||||
/// <returns>string sha256</returns>
|
||||
public static string HashPassword(string password)
|
||||
{
|
||||
if (string.IsNullOrEmpty(password) || password == "non-existant password")
|
||||
return "non-existant password";
|
||||
return HashPassword(Encoding.UTF8.GetBytes(password));
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Checks if the string contains any unprintable characters
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue