Endpoint authorization
Tokens are validated for some of the endpoints. Need to add other measures to rule out bogus tokens.
This commit is contained in:
@@ -43,10 +43,40 @@ namespace Icarus.Controllers.V1
|
||||
#endregion
|
||||
|
||||
|
||||
#region Methods
|
||||
private string ParseBearerTokenFromHeader()
|
||||
{
|
||||
var token = string.Empty;
|
||||
const string tokenType = "Bearer";
|
||||
|
||||
var req = Request;
|
||||
var auth = req.Headers.Authorization;
|
||||
var val = auth.ToString();
|
||||
|
||||
if (val.Contains(tokenType) && val.Split(" ").Count() > 1)
|
||||
{
|
||||
var split = val.Split(" ");
|
||||
token = split[1];
|
||||
}
|
||||
|
||||
|
||||
return token;
|
||||
}
|
||||
#region HTTP Endpoints
|
||||
|
||||
|
||||
[HttpGet]
|
||||
[Authorize("read:song_details")]
|
||||
// [Authorize("read:song_details")]
|
||||
public IActionResult Get()
|
||||
{
|
||||
var token = ParseBearerTokenFromHeader();
|
||||
var tokMgr = new TokenManager(_config);
|
||||
|
||||
if (!tokMgr.IsTokenValid("read:song_details", token))
|
||||
{
|
||||
return StatusCode(401, "Not allowed");
|
||||
}
|
||||
|
||||
List<Song> songs = new List<Song>();
|
||||
Console.WriteLine("Attemtping to retrieve songs");
|
||||
_logger.LogInformation("Attempting to retrieve songs");
|
||||
@@ -100,5 +130,7 @@ namespace Icarus.Controllers.V1
|
||||
|
||||
return Ok(songRes);
|
||||
}
|
||||
#endregion
|
||||
#endregion
|
||||
}
|
||||
}
|
||||
|
||||
@@ -47,6 +47,27 @@ namespace Icarus.Controllers.V1
|
||||
#endregion
|
||||
|
||||
|
||||
private string ParseBearerTokenFromHeader()
|
||||
{
|
||||
var token = string.Empty;
|
||||
const string tokenType = "Bearer";
|
||||
const string otherTokenType = "Jwt";
|
||||
|
||||
var req = Request;
|
||||
var auth = req.Headers.Authorization;
|
||||
var val = auth.ToString();
|
||||
|
||||
if (val.Contains(tokenType) && val.Split(" ").Count() > 1 ||
|
||||
val.Contains(otherTokenType) && val.Split(" ").Count() > 1)
|
||||
{
|
||||
var split = val.Split(" ");
|
||||
token = split[1];
|
||||
}
|
||||
|
||||
|
||||
return token;
|
||||
}
|
||||
|
||||
|
||||
[HttpGet("download/{id}")]
|
||||
[Route("private-scoped")]
|
||||
@@ -112,9 +133,17 @@ namespace Icarus.Controllers.V1
|
||||
//
|
||||
[HttpPost("upload/with/data")]
|
||||
[Route("private-scoped")]
|
||||
[Authorize("upload:songs")]
|
||||
// [Authorize("upload:songs")]
|
||||
public async Task<IActionResult> Post ([FromForm] UploadSongWithDataForm up)
|
||||
{
|
||||
var token = ParseBearerTokenFromHeader();
|
||||
var tokMgr = new TokenManager(_config);
|
||||
|
||||
if (!tokMgr.IsTokenValid("upload:songs", token))
|
||||
{
|
||||
return StatusCode(401, "Not allowed");
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
if (up.SongData.Length > 0 && up.CoverArtData.Length > 0 && !string.IsNullOrEmpty(up.SongFile))
|
||||
|
||||
@@ -13,6 +13,7 @@ using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
||||
using Icarus.Models;
|
||||
using Icarus.Controllers.Managers;
|
||||
using Icarus.Database.Contexts;
|
||||
|
||||
namespace Icarus.Controllers.V1
|
||||
@@ -42,11 +43,40 @@ namespace Icarus.Controllers.V1
|
||||
#endregion
|
||||
|
||||
|
||||
private string ParseBearerTokenFromHeader()
|
||||
{
|
||||
var token = string.Empty;
|
||||
const string tokenType = "Bearer";
|
||||
|
||||
var req = Request;
|
||||
var auth = req.Headers.Authorization;
|
||||
var val = auth.ToString();
|
||||
|
||||
if (val.Contains(tokenType) && val.Split(" ").Count() > 1)
|
||||
{
|
||||
var split = val.Split(" ");
|
||||
token = split[1];
|
||||
}
|
||||
|
||||
|
||||
return token;
|
||||
}
|
||||
|
||||
#region HTTP endpoints
|
||||
[HttpGet("{id}")]
|
||||
[Authorize("stream:songs")]
|
||||
// [Authorize("stream:songs")]
|
||||
public async Task<IActionResult> Get(int id)
|
||||
{
|
||||
var token = ParseBearerTokenFromHeader();
|
||||
var tokMgr = new TokenManager(_config);
|
||||
|
||||
/**
|
||||
if (!tokMgr.IsTokenValid("stream:songs", token))
|
||||
{
|
||||
return StatusCode(401, "Not allowed");
|
||||
}
|
||||
*/
|
||||
|
||||
var context = new SongContext(_config.GetConnectionString("DefaultConnection"));
|
||||
|
||||
var song = context.Songs.FirstOrDefault(sng => sng.SongID == id);
|
||||
|
||||
Reference in New Issue
Block a user