source: binary-improvements2/WebServer/src/UrlHandlers/ApiHandler.cs@ 418

Last change on this file since 418 was 418, checked in by alloc, 21 months ago

Refactored API authorization to support per-HTTP-method permission levels
File size: 3.0 KB
Line 
1using System;
2using System.Collections.Generic;
3using System.Net;
4using System.Reflection;
5using Webserver.WebAPI;
6
7namespace Webserver.UrlHandlers {
8 public class ApiHandler : AbsHandler {
9 private readonly Dictionary<string, AbsWebAPI> apis = new CaseInsensitiveStringDictionary<AbsWebAPI> ();
10
11 public ApiHandler () : base (null) {
12 }
13
14 private static readonly Type[] apiWithParentCtorTypes = { typeof (Web) };
15 private static readonly object[] apiWithParentCtorArgs = new object[1];
16 private static readonly Type[] apiEmptyCtorTypes = { };
17 private static readonly object[] apiEmptyCtorArgs = { };
18
19 public override void SetBasePathAndParent (Web _parent, string _relativePath) {
20 base.SetBasePathAndParent (_parent, _relativePath);
21
22 apiWithParentCtorArgs[0] = _parent;
23
24 ReflectionHelpers.FindTypesImplementingBase (typeof (AbsWebAPI), apiFoundCallback);
25
26 // Permissions that don't map to a real API
27 addApi (new Null ("viewallclaims"));
28 addApi (new Null ("viewallplayers"));
29 }
30
31 private void apiFoundCallback (Type _type) {
32 ConstructorInfo ctor = _type.GetConstructor (apiWithParentCtorTypes);
33 if (ctor != null) {
34 AbsWebAPI apiInstance = (AbsWebAPI)ctor.Invoke (apiWithParentCtorArgs);
35 addApi (apiInstance);
36 return;
37 }
38
39 ctor = _type.GetConstructor (apiEmptyCtorTypes);
40 if (ctor != null) {
41 AbsWebAPI apiInstance = (AbsWebAPI)ctor.Invoke (apiEmptyCtorArgs);
42 addApi (apiInstance);
43 }
44 }
45
46 private void addApi (AbsWebAPI _api) {
47 apis.Add (_api.Name, _api);
48 }
49
50 private static readonly UnityEngine.Profiling.CustomSampler apiHandlerSampler = UnityEngine.Profiling.CustomSampler.Create ("API_Handler");
51
52 public override void HandleRequest (RequestContext _context) {
53
54 string apiName;
55 string subPath = null;
56
57 int pathSeparatorIndex = _context.RequestPath.IndexOf ('/', urlBasePath.Length);
58 if (pathSeparatorIndex >= 0) {
59 apiName = _context.RequestPath.Substring (urlBasePath.Length, pathSeparatorIndex - urlBasePath.Length);
60 subPath = _context.RequestPath.Substring (pathSeparatorIndex + 1);
61 } else {
62 apiName = _context.RequestPath.Substring (urlBasePath.Length);
63 }
64
65 if (!apis.TryGetValue (apiName, out AbsWebAPI api)) {
66 Log.Warning ($"[Web] In {nameof(ApiHandler)}.HandleRequest(): No handler found for API \"{apiName}\"");
67 _context.Response.StatusCode = (int) HttpStatusCode.NotFound;
68 return;
69 }
70
71 _context.RequestPath = subPath;
72
73 if (!api.Authorized (_context)) {
74 _context.Response.StatusCode = (int) HttpStatusCode.Forbidden;
75 if (_context.Connection != null) {
76 //Log.Out ($"{nameof(ApiHandler)}: user '{user.SteamID}' not allowed to execute '{apiName}'");
77 }
78
79 return;
80 }
81
82 try {
83 apiHandlerSampler.Begin ();
84 api.HandleRequest (_context);
85 apiHandlerSampler.End ();
86 } catch (Exception e) {
87 Log.Error ($"[Web] In {nameof(ApiHandler)}.HandleRequest(): Handler {api.Name} threw an exception:");
88 Log.Exception (e);
89 _context.Response.StatusCode = (int) HttpStatusCode.InternalServerError;
90 }
91 }
92 }
93}
Note: See TracBrowser for help on using the repository browser.