Merge branch 'general-devel-rest' of github.com:TShock/TShock into general-devel-rest

Conflicts:
	TShockAPI/RestManager.cs
Fixed /status returning a 500

TShockAPI/Rest.cs

@@ -15,9 +15,9 @@ namespace TShockAPI
     /// Rest command delegate
     /// </summary>
     /// <param name="parameters">Parameters in the url</param>
-    /// <param name="request">Http request</param>
+    /// <param name="verbs">{x} in urltemplate</param>
     /// <returns>Response object or null to not handle request</returns>
-    public delegate object RestCommandD(RestVerbs verbs, IParameterCollection parameters, RequestEventArgs request);
+    public delegate object RestCommandD(RestVerbs verbs, IParameterCollection parameters);
     public class Rest : IDisposable
     {
         readonly List<RestCommand> commands = new List<RestCommand>();
@@ -64,7 +64,7 @@ namespace TShockAPI
 
         protected virtual void OnRequest(object sender, RequestEventArgs e)
         {
-            var obj = Process(sender, e);
+            var obj = ProcessRequest(sender, e);
             if (obj == null)
                 throw new NullReferenceException("obj");
             var str = JsonConvert.SerializeObject(obj, Formatting.Indented);
@@ -74,25 +74,40 @@ namespace TShockAPI
             return;
         }
 
-        protected virtual object Process(object sender, RequestEventArgs e)
+        protected virtual object ProcessRequest(object sender, RequestEventArgs e)
         {
             foreach (var com in commands)
             {
-                var matches = Regex.Matches(e.Request.Uri.AbsolutePath, com.UriMatch);
+                var verbs = new RestVerbs();
-                if (matches.Count == com.UriNames.Length)
+                if (com.HasVerbs)
                 {
-                    var verbs = new RestVerbs();
+                    var match = Regex.Match(e.Request.Uri.AbsolutePath, com.UriVerbMatch);
-                    for (int i = 0; i < matches.Count; i++)
+                    if (!match.Success)
-                        verbs.Add(com.UriNames[i], matches[i].Groups[1].Value);
+                        continue;
+                    if ((match.Groups.Count - 1) != com.UriVerbs.Length)
+                        continue;
 
-                    var obj = com.Callback(verbs, e.Request.Parameters, e);
+                    for (int i = 0; i < com.UriVerbs.Length; i++)
-                    if (obj != null)
+                        verbs.Add(com.UriVerbs[i], match.Groups[i + 1].Value);
-                        return obj;
                 }
+                else if (com.UriTemplate.ToLower() != e.Request.Uri.AbsolutePath.ToLower())
+                {
+                    continue;
+                }
+
+                var obj = ExecuteCommand(com, verbs, e.Request.Parameters);
+                if (obj != null)
+                    return obj;
+
             }
             return new Dictionary<string, string> { { "Error", "Invalid request" } };
         }
 
+        protected virtual object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
+        {
+            return cmd.Callback(verbs, parms);
+        }
+
         #region Dispose
         public void Dispose()
         {
@@ -125,18 +140,43 @@ namespace TShockAPI
 
     public class RestCommand
     {
+        public string Name { get; protected set; }
         public string UriTemplate { get; protected set; }
-        public string UriMatch { get; protected set; }
+        public string UriVerbMatch { get; protected set; }
-        public string[] UriNames { get; protected set; }
+        public string[] UriVerbs { get; protected set; }
         public RestCommandD Callback { get; protected set; }
+        public bool RequiesToken { get; set; }
 
-        public RestCommand(string uritemplate, RestCommandD callback)
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="name">Used for identification</param>
+        /// <param name="uritemplate">Url template</param>
+        /// <param name="callback">Rest Command callback</param>
+        public RestCommand(string name, string uritemplate, RestCommandD callback)
         {
+            Name = name;
             UriTemplate = uritemplate;
-            UriMatch = string.Join("([^/]*)", Regex.Split(uritemplate, "\\{[^\\{\\}]*\\}"));
+            UriVerbMatch = string.Join("([^/]*)", Regex.Split(uritemplate, "\\{[^\\{\\}]*\\}"));
             var matches = Regex.Matches(uritemplate, "\\{([^\\{\\}]*)\\}");
-            UriNames = (from Match match in matches select match.Groups[1].Value).ToArray();
+            UriVerbs = (from Match match in matches select match.Groups[1].Value).ToArray();
             Callback = callback;
+            RequiesToken = true;
+        }
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="uritemplate">Url template</param>
+        /// <param name="callback">Rest Command callback</param>
+        public RestCommand(string uritemplate, RestCommandD callback)
+            : this(string.Empty, uritemplate, callback)
+        {
+
+        }
+
+        public bool HasVerbs
+        {
+            get { return UriVerbs.Length > 0; }
         }
     }
 }

TShockAPI/RestManager.cs

@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using HttpServer;
+using Terraria;
 
 namespace TShockAPI {
 
@@ -16,13 +17,13 @@ namespace TShockAPI {
 
         public void RegisterRestfulCommands()
         {
-            Rest.Register(new RestCommand("/status", Status));
+            Rest.Register(new RestCommand("/status", Status) {RequiesToken = false});
             //RegisterExamples();
-        }
+        } 
 
         #region RestMethods
 
-        object Status(RestVerbs verbs, IParameterCollection parameters, RequestEventArgs request)
+        object Status(RestVerbs verbs, IParameterCollection parameters)
         {
             var ReturnBlock = new Dictionary<string, string>();
             if (TShock.Config.EnableTokenEndpointAuthentication)
@@ -31,17 +32,22 @@ namespace TShockAPI {
                 ReturnBlock.Add("error", "Server settings require a token for this API call.");
                 return ReturnBlock;
             }
+            string CurrentPlayers = "";
+            int PlayerCount = 0;
+            for (int i = 0; i < Main.player.Length; i++ )
+            {
+                if (Main.player[i].active)
+                {
+                    CurrentPlayers += Main.player[i].name + ", ";
+                    PlayerCount++;
+                }
+            }
             ReturnBlock.Add("status", "200");
             ReturnBlock.Add("name", TShock.Config.ServerNickname);
             ReturnBlock.Add("port", Convert.ToString(TShock.Config.ServerPort));
-            ReturnBlock.Add("playercount", Convert.ToString(TShock.Players.Count()));
+            ReturnBlock.Add("playercount", Convert.ToString(PlayerCount));
-            string CurrentPlayers = "";
-            foreach (TSPlayer tplayer in TShock.Players)
-            {
-                CurrentPlayers += tplayer.Name + ", ";
-            }
-
             ReturnBlock.Add("players", CurrentPlayers);
+
             return ReturnBlock;
         }
 
@@ -56,7 +62,7 @@ namespace TShockAPI {
         }
 
         //The Wizard example, for demonstrating the response convention:
-        object Wizard(RestVerbs verbs, IParameterCollection parameters, RequestEventArgs request)
+        object Wizard(RestVerbs verbs, IParameterCollection parameters)
         {
             var returnBack = new Dictionary<string, string>();
             returnBack.Add("status", "200"); //Keep this in everything, 200 = ok, etc. Standard http status codes.
@@ -66,7 +72,7 @@ namespace TShockAPI {
         }
 
         //http://127.0.0.1:8080/HelloWorld/name/{username}?type=status
-        object UserTest(RestVerbs verbs, IParameterCollection parameters, RequestEventArgs request)
+        object UserTest(RestVerbs verbs, IParameterCollection parameters)
         {
             var ret = new Dictionary<string, string>();
             var type = parameters["type"];

TShockAPI/SecureRest.cs

@@ -0,0 +1,57 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Text;
+using HttpServer;
+
+namespace TShockAPI
+{
+    public delegate bool VerifyD(string username, string password);
+    public class SecureRest : Rest
+    {
+        public Dictionary<string, object> Tokens { get; protected set; }
+        public event VerifyD Verify;
+        public SecureRest(IPAddress ip, int port)
+            : base(ip, port)
+        {
+            Tokens = new Dictionary<string, object>();
+            Register(new RestCommand("/token/new/{username}/{password}", newtoken) { RequiesToken = false });
+        }
+        object newtoken(RestVerbs verbs, IParameterCollection parameters)
+        {
+            var user = verbs["username"];
+            var pass = verbs["password"];
+
+            if (Verify != null && !Verify(user, pass))
+                return new Dictionary<string, string> { { "Error", "Failed to verify username/password" } };
+
+            string hash = string.Empty;
+            var rand = new Random();
+            var randbytes = new byte[20];
+            do
+            {
+                rand.NextBytes(randbytes);
+                hash = Tools.HashPassword(randbytes);
+            } while (Tokens.ContainsKey(hash));
+
+            Tokens.Add(hash, new Object());
+
+            return new Dictionary<string, string> { { "Token", hash } }; ;
+        }
+        protected override object ExecuteCommand(RestCommand cmd, RestVerbs verbs, IParameterCollection parms)
+        {
+            if (cmd.RequiesToken)
+            {
+                var strtoken = parms["token"];
+                if (strtoken == null)
+                    return new Dictionary<string, string> { { "Error", "Token Missing" } };
+
+                object token;
+                if (!Tokens.TryGetValue(strtoken, out token))
+                    return new Dictionary<string, string> { { "Error", "Token Invalid" } };
+            }
+            return base.ExecuteCommand(cmd, verbs, parms);
+        }
+    }
+}

TShockAPI/TShock.cs

@@ -176,7 +176,7 @@ namespace TShockAPI
                 Regions = new RegionManager(DB);
                 Itembans = new ItemManager(DB);
                 RememberedPos = new RemeberedPosManager(DB);
-                RestApi = new Rest(IPAddress.Any, 8080);
+                RestApi = new SecureRest(IPAddress.Any, 8080);
                 RestManager = new RestManager(RestApi);
                 RestManager.RegisterRestfulCommands();
                 if (Config.EnableGeoIP)

TShockAPI/TShockAPI.csproj

@@ -126,6 +126,7 @@
     </Compile>
     <Compile Include="Rest.cs" />
     <Compile Include="RestManager.cs" />
+    <Compile Include="SecureRest.cs" />
     <Compile Include="Tools.cs" />
     <Compile Include="TShock.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
@@ -182,7 +183,7 @@
   </PropertyGroup>
   <ProjectExtensions>
     <VisualStudio>
-      <UserProperties BuildVersion_IncrementBeforeBuild="False" BuildVersion_StartDate="2011/6/17" BuildVersion_BuildVersioningStyle="None.None.None.MonthAndDayStamp" BuildVersion_BuildAction="Both" BuildVersion_UpdateFileVersion="True" BuildVersion_UpdateAssemblyVersion="True" />
+      <UserProperties BuildVersion_UpdateAssemblyVersion="True" BuildVersion_UpdateFileVersion="True" BuildVersion_BuildAction="Both" BuildVersion_BuildVersioningStyle="None.None.None.MonthAndDayStamp" BuildVersion_StartDate="2011/6/17" BuildVersion_IncrementBeforeBuild="False" />
     </VisualStudio>
   </ProjectExtensions>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 

TShockAPI/Tools.cs

@@ -535,23 +535,33 @@ namespace TShockAPI
         /// <summary>
         /// Returns a Sha256 string for a given string
         /// </summary>
-        /// <param name="password">string password</param>
+        /// <param name="bytes">bytes to hash</param>
         /// <returns>string sha256</returns>
-        public static string HashPassword(string password)
+        public static string HashPassword(byte[] bytes)
         {
-            if (string.IsNullOrEmpty(password) || password == "non-existant password")
+            if (bytes == null)
-                return "non-existant password";
+                throw new NullReferenceException("bytes");
-
             Func<HashAlgorithm> func;
             if (!HashTypes.TryGetValue(HashAlgo.ToLower(), out func))
                 throw new NotSupportedException("Hashing algorithm {0} is not supported".SFormat(HashAlgo.ToLower()));
 
             using (var hash = func())
             {
-                var bytes = hash.ComputeHash(Encoding.ASCII.GetBytes(password));
+                var ret = hash.ComputeHash(bytes);
-                return bytes.Aggregate("", (s, b) => s + b.ToString("X2"));
+                return ret.Aggregate("", (s, b) => s + b.ToString("X2"));
             }
         }
+        /// <summary>
+        /// Returns a Sha256 string for a given string
+        /// </summary>
+        /// <param name="bytes">bytes to hash</param>
+        /// <returns>string sha256</returns>
+        public static string HashPassword(string password)
+        {
+            if (string.IsNullOrEmpty(password) || password == "non-existant password")
+                return "non-existant password";
+            return HashPassword(Encoding.UTF8.GetBytes(password));
+        }
 
         /// <summary>
         /// Checks if the string contains any unprintable characters