Changeset 418 for binary-improvements2/WebServer
- Timestamp:
- Feb 27, 2023, 9:40:12 PM (21 months ago)
- Location:
- binary-improvements2/WebServer/src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
binary-improvements2/WebServer/src/Permissions/AdminWebModules.cs
r404 r418 41 41 42 42 public void AddModule (string _module, int _permissionLevel) { 43 WebModule p = new WebModule (_module, _permissionLevel );43 WebModule p = new WebModule (_module, _permissionLevel, false); 44 44 lock (this) { 45 45 allModulesList.Clear (); … … 84 84 public readonly string Name; 85 85 public readonly int PermissionLevel; 86 public readonly bool IsDefault; 86 87 87 public WebModule (string _name, int _permissionLevel ) {88 public WebModule (string _name, int _permissionLevel, bool _isDefault) { 88 89 Name = _name; 89 90 PermissionLevel = _permissionLevel; 91 IsDefault = _isDefault; 90 92 } 91 93 … … 116 118 } 117 119 118 _result = new WebModule (name, permissionLevel );120 _result = new WebModule (name, permissionLevel, false); 119 121 return true; 120 122 } … … 139 141 } 140 142 141 WebModule p = new WebModule (_module, _defaultPermission );143 WebModule p = new WebModule (_module, _defaultPermission, true); 142 144 143 145 lock (this) { … … 158 160 159 161 public bool ModuleAllowedWithLevel (string _module, int _level) { 160 WebModule permInfo = GetModule (_module) ;162 WebModule permInfo = GetModule (_module)!.Value; 161 163 return permInfo.PermissionLevel >= _level; 162 164 } 163 165 164 public WebModule GetModule (string _module) {166 public WebModule? GetModule (string _module, bool _returnDefaults = true) { 165 167 if (modules.TryGetValue (_module, out WebModule result)) { 166 168 return result; 169 } 170 171 if (!_returnDefaults) { 172 return null; 167 173 } 168 174 … … 170 176 } 171 177 172 private readonly WebModule defaultModulePermission = new WebModule ("", 0 );178 private readonly WebModule defaultModulePermission = new WebModule ("", 0, true); 173 179 174 180 #endregion -
binary-improvements2/WebServer/src/UrlHandlers/ApiHandler.cs
r404 r418 3 3 using System.Net; 4 4 using System.Reflection; 5 using Webserver.Permissions;6 5 using Webserver.WebAPI; 7 6 … … 47 46 private void addApi (AbsWebAPI _api) { 48 47 apis.Add (_api.Name, _api); 49 AdminWebModules.Instance.AddKnownModule ($"webapi.{_api.Name}", _api.DefaultPermissionLevel ());50 48 } 51 49 … … 71 69 } 72 70 73 if (!IsAuthorizedForApi (apiName, _context.PermissionLevel)) { 71 _context.RequestPath = subPath; 72 73 if (!api.Authorized (_context)) { 74 74 _context.Response.StatusCode = (int) HttpStatusCode.Forbidden; 75 75 if (_context.Connection != null) { … … 79 79 return; 80 80 } 81 82 _context.RequestPath = subPath;83 81 84 82 try { … … 92 90 } 93 91 } 94 95 private bool IsAuthorizedForApi (string _apiName, int _permissionLevel) {96 return AdminWebModules.Instance.ModuleAllowedWithLevel ($"webapi.{_apiName}", _permissionLevel);97 }98 92 } 99 93 } -
binary-improvements2/WebServer/src/WebAPI/AbsRestApi.cs
r410 r418 4 4 using System.Net; 5 5 using Utf8Json; 6 using Webserver.Permissions; 6 7 7 8 namespace Webserver.WebAPI { … … 9 10 private static readonly UnityEngine.Profiling.CustomSampler jsonDeserializeSampler = UnityEngine.Profiling.CustomSampler.Create ("JSON_Deserialize"); 10 11 12 protected readonly string[] CachedPerMethodModuleNames = new string[(int)ERequestMethod.Count]; 13 11 14 protected AbsRestApi (string _name = null) : this(null, _name) { 12 15 } 13 16 14 17 protected AbsRestApi (Web _parentWeb, string _name = null) : base(_parentWeb, _name) { 18 } 19 20 protected override void RegisterPermissions () { 21 base.RegisterPermissions (); 22 23 for (int i = 0; i < (int)ERequestMethod.Count; i++) { 24 ERequestMethod method = (ERequestMethod)i; 25 26 if (method is not (ERequestMethod.GET or ERequestMethod.PUT or ERequestMethod.POST or ERequestMethod.DELETE)) { 27 continue; 28 } 29 30 CachedPerMethodModuleNames [i] = $"webapi.{Name}:{method.ToStringCached ()}"; 31 AdminWebModules.Instance.AddKnownModule (CachedPerMethodModuleNames [i], DefaultMethodPermissionLevel (method)); 32 } 15 33 } 16 34 … … 44 62 45 63 try { 46 switch (_context. Request.HttpMethod) {47 case "GET":64 switch (_context.Method) { 65 case ERequestMethod.GET: 48 66 if (inputJson != null) { 49 67 SendErrorResult (_context, HttpStatusCode.BadRequest, jsonInputData, "GET_WITH_BODY"); … … 53 71 HandleRestGet (_context); 54 72 return; 55 case "POST":73 case ERequestMethod.POST: 56 74 if (!string.IsNullOrEmpty (_context.RequestPath)) { 57 75 SendErrorResult (_context, HttpStatusCode.BadRequest, jsonInputData, "POST_WITH_ID"); … … 66 84 HandleRestPost (_context, inputJson, jsonInputData); 67 85 return; 68 case "PUT":86 case ERequestMethod.PUT: 69 87 if (string.IsNullOrEmpty (_context.RequestPath)) { 70 88 SendErrorResult (_context, HttpStatusCode.BadRequest, jsonInputData, "PUT_WITHOUT_ID"); … … 79 97 HandleRestPut (_context, inputJson, jsonInputData); 80 98 return; 81 case "DELETE":99 case ERequestMethod.DELETE: 82 100 if (string.IsNullOrEmpty (_context.RequestPath)) { 83 101 SendErrorResult (_context, HttpStatusCode.BadRequest, jsonInputData, "DELETE_WITHOUT_ID"); … … 101 119 } 102 120 121 protected virtual void HandleRestGet (RequestContext _context) { 122 SendErrorResult (_context, HttpStatusCode.MethodNotAllowed, null, "Unsupported"); 123 } 124 125 protected virtual void HandleRestPost (RequestContext _context, IDictionary<string, object> _jsonInput, byte[] _jsonInputData) { 126 SendErrorResult (_context, HttpStatusCode.MethodNotAllowed, _jsonInputData, "Unsupported"); 127 } 128 129 protected virtual void HandleRestPut (RequestContext _context, IDictionary<string, object> _jsonInput, byte[] _jsonInputData) { 130 SendErrorResult (_context, HttpStatusCode.MethodNotAllowed, _jsonInputData, "Unsupported"); 131 } 132 133 protected virtual void HandleRestDelete (RequestContext _context) { 134 SendErrorResult (_context, HttpStatusCode.MethodNotAllowed, null, "Unsupported"); 135 } 136 137 public override bool Authorized (RequestContext _context) { 138 return ActiveMethodPermissionLevel (_context.Method) >= _context.PermissionLevel; 139 } 140 141 /// <summary> 142 /// Define default permission levels per HTTP method 143 /// </summary> 144 /// <param name="_method">HTTP method to return the default value for</param> 145 /// <returns>Default permission level for the given HTTP method. A value of int.MinValue means no per-method default, use per-API default</returns> 146 public virtual int DefaultMethodPermissionLevel (ERequestMethod _method) => int.MinValue; 147 148 public virtual int ActiveMethodPermissionLevel (ERequestMethod _method) { 149 string methodApiModuleName = CachedPerMethodModuleNames [(int)_method]; 150 151 if (methodApiModuleName == null) { 152 return 0; 153 } 154 155 AdminWebModules.WebModule? overrideModule = AdminWebModules.Instance.GetModule (methodApiModuleName, false); 156 if (overrideModule.HasValue) { 157 return overrideModule.Value.PermissionLevel; 158 } 159 160 overrideModule = AdminWebModules.Instance.GetModule (CachedApiModuleName, false); 161 if (overrideModule.HasValue) { 162 return overrideModule.Value.PermissionLevel; 163 } 164 165 int defaultMethodPermissionLevel = DefaultMethodPermissionLevel (_method); 166 // ReSharper disable once ConvertIfStatementToReturnStatement 167 if (defaultMethodPermissionLevel != int.MinValue) { 168 return defaultMethodPermissionLevel; 169 } 170 171 return DefaultPermissionLevel (); 172 } 173 174 #region Helpers 175 176 protected static readonly byte[] JsonEmptyData; 177 103 178 static AbsRestApi () { 104 179 JsonWriter writer = new JsonWriter (); … … 108 183 } 109 184 110 protected virtual void HandleRestGet (RequestContext _context) {111 SendErrorResult (_context, HttpStatusCode.MethodNotAllowed, null, "Unsupported");112 }113 114 protected virtual void HandleRestPost (RequestContext _context, IDictionary<string, object> _jsonInput, byte[] _jsonInputData) {115 SendErrorResult (_context, HttpStatusCode.MethodNotAllowed, _jsonInputData, "Unsupported");116 }117 118 protected virtual void HandleRestPut (RequestContext _context, IDictionary<string, object> _jsonInput, byte[] _jsonInputData) {119 SendErrorResult (_context, HttpStatusCode.MethodNotAllowed, _jsonInputData, "Unsupported");120 }121 122 protected virtual void HandleRestDelete (RequestContext _context) {123 SendErrorResult (_context, HttpStatusCode.MethodNotAllowed, null, "Unsupported");124 }125 126 127 #region Helpers128 129 protected static readonly byte[] JsonEmptyData;130 131 185 protected static void PrepareEnvelopedResult (out JsonWriter _writer) { 132 186 WebUtils.PrepareEnvelopedResult (out _writer); -
binary-improvements2/WebServer/src/WebAPI/AbsWebAPI.cs
r410 r418 1 using Webserver.Permissions; 2 1 3 namespace Webserver.WebAPI { 2 4 public abstract class AbsWebAPI { 3 5 public readonly string Name; 4 6 protected readonly Web ParentWeb; 7 8 protected readonly string CachedApiModuleName; 5 9 6 10 protected AbsWebAPI (string _name = null) : this(null, _name) { … … 10 14 Name = _name ?? GetType ().Name; 11 15 ParentWeb = _parentWeb; 16 CachedApiModuleName = $"webapi.{Name}"; 17 RegisterPermissions (); 18 } 19 20 protected virtual void RegisterPermissions () { 21 AdminWebModules.Instance.AddKnownModule ($"webapi.{Name}", DefaultPermissionLevel ()); 12 22 } 13 23 14 24 public abstract void HandleRequest (RequestContext _context); 15 25 26 public virtual bool Authorized (RequestContext _context) { 27 return AdminWebModules.Instance.ModuleAllowedWithLevel (CachedApiModuleName, _context.PermissionLevel); 28 } 29 16 30 public virtual int DefaultPermissionLevel () => 0; 17 31 }
Note:
See TracChangeset
for help on using the changeset viewer.