DataSourceController.cs 14.4 KB
Newer Older
1
2
3
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
4
5
using Coscine.ApiCommons.Utils;
using Coscine.Configuration;
6
using Coscine.Database.Model;
7
8
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json.Linq;
9
using System;
10
11
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
12
using System.IO;
13
14
15
using System.Linq;
using System.Net.Http;
using System.Net.Http.Headers;
16
using System.Text.RegularExpressions;
17
using System.Threading.Tasks;
18
19
20
using System.Web;

#region DupFinder Exclusion
21
22
23
24
25
26
27

namespace Coscine.Api.Project.Controllers
{
    public class DataSourceController : Controller
    {
        private readonly IConfiguration _configuration;
        private readonly JWTHandler _jwtHandler;
28
29
        // make to lazy property
        private static readonly HttpClient Client;
30
31
32
        private readonly Authenticator _authenticator;
        private readonly ResourceModel _resourceModel;

33
34
35
36
37
38
39
40
        static DataSourceController()
        {
            Client = new HttpClient
            {
                Timeout = TimeSpan.FromMinutes(30)
            };
        }

41
42
        public DataSourceController()
        {
43
            _configuration = Program.Configuration;
44
            _jwtHandler = new JWTHandler(_configuration);
45
46
            _authenticator = new Authenticator(this, _configuration);
            _resourceModel = new ResourceModel();
47
48
        }

49
50
51
        // inferring a ../ (urlencoded) can manipulate the url.
        // However the constructed signature for s3 won't match and it will not be resolved.
        // This may be a problem for other provider!
52
53
        [HttpGet("[controller]/{resourceId}/{path}")]
        public async Task<IActionResult> GetWaterButlerFolder(string resourceId, string path)
54
        {
55
            if (!string.IsNullOrWhiteSpace(path))
56
            {
57
                path = HttpUtility.UrlDecode(path);
58
            }
59

60
61
            var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
            if (check != null)
62
            {
63
                return check;
64
65
            }

66
            var authHeader = BuildAuthHeader(resource);
67

68
            if (authHeader == null)
69
            {
70
                return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
71
            }
72
            else
73
74
            {
                // If the path is null, an empty string is added.
75
                string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{resource.Type.DisplayName.ToLower()}{path}";
76
77
78
79
80

                var request = new HttpRequestMessage(HttpMethod.Get, url);
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authHeader);

                // Thread safe according to msdn and HttpCompletionOption sets it to get only headers first.
81
                var response = await Client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
82
                if (response.IsSuccessStatusCode)
83
                {
84
85
86
87
88
89
90
91
92
93
                    if (response.Content.Headers.Contains("Content-Disposition"))
                    {
                        return File(await response.Content.ReadAsStreamAsync(),
                            response.Content.Headers.GetValues("Content-Type").First());
                    }
                    else
                    {
                        var data = JObject.Parse(await response.Content.ReadAsStringAsync())["data"];
                        return Ok(new WaterbutlerObject(path, data));
                    }
94
95
96
                }
                else
                {
97
                    return FailedRequest(response, path);
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
                }
            }
        }

        // inferring a ../ (urlencoded) can manipulate the url.
        // However the constructed signature for s3 won't match and it will not be resolved.
        // This may be a problem for other provider!
        [HttpPut("[controller]/{resourceId}/{path}")]
        [DisableRequestSizeLimit]
        public async Task<IActionResult> PutUploadFile(string resourceId, string path)
        {
            if (!string.IsNullOrWhiteSpace(path))
            {
                path = HttpUtility.UrlDecode(path);
            }

            var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
            if (check != null)
            {
                return check;
            }

            var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });

            if (authHeader == null)
            {
                return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
            }
            else
            {
                // If the path is null, an empty string is added.
                string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{resource.Type.DisplayName.ToLower()}/?kind=file&name={path}";

                try
                {
                    var response = await UploadFile(url, authHeader, Request.Body);
                    if (response.IsSuccessStatusCode)
135
                    {
136
                        return NoContent();
137
138
139
                    }
                    else
                    {
140
                        return FailedRequest(response, path);
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
                    }
                }
                catch (Exception e)
                {
                    Console.WriteLine(e);
                    return BadRequest(e);
                }
            }
        }

        // inferring a ../ (urlencoded) can manipulate the url.
        // However the constructed signature for s3 won't match and it will not be resolved.
        // This may be a problem for other provider!
        [HttpPut("[controller]/{resourceId}/{path}/update")]
        [DisableRequestSizeLimit]
        public async Task<IActionResult> PutUpdateFile(string resourceId, string path)
        {
            if (!string.IsNullOrWhiteSpace(path))
            {
                path = HttpUtility.UrlDecode(path);
            }

            var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
            if (check != null)
            {
                return check;
            }

            var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });

            if (authHeader == null)
            {
                return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
            }
            else
            {
                // If the path is null, an empty string is added.
                string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{resource.Type.DisplayName.ToLower()}/{path}?kind=file";

                try
                {
                    var response = await UploadFile(url, authHeader, Request.Body);
                    if (response.IsSuccessStatusCode)
                    {
                        return NoContent();
186
187
188
                    }
                    else
                    {
189
                        return FailedRequest(response, path);
190
                    }
191
                }
192
193
194
195
196
                catch (Exception e)
                {
                    Console.WriteLine(e);
                    return BadRequest(e);
                }
197
            }
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
        }


        public async Task<HttpResponseMessage> UploadFile(string url, string authHeader, Stream stream)
        {
            var request = new HttpRequestMessage(HttpMethod.Put, url);
            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authHeader);
            request.Content = new StreamContent(stream);
            return await Client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
        }

        [HttpDelete("[controller]/{resourceId}/{path}")]
        public async Task<IActionResult> Delete(string resourceId, string path)
        {
            if (!string.IsNullOrWhiteSpace(path))
            {
                path = HttpUtility.UrlDecode(path);
            }

            var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
            if (check != null)
            {
                return check;
            }

            var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });

            if (authHeader == null)
226
227
228
            {
                return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
            }
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
            else
            {
                // If the path is null, an empty string is added.
                string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{resource.Type.DisplayName.ToLower()}/{path}";

                var request = new HttpRequestMessage(HttpMethod.Delete, url);
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authHeader);

                // Thread safe according to msdn and HttpCompletionOption sets it to get only headers first.
                try
                {
                    var response = await Client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
                    if (response.IsSuccessStatusCode)
                    {
                        return NoContent();
                    }
                    else
                    {
247
                        return FailedRequest(response, path);
248
249
250
251
252
253
254
255
256
257
                    }
                }
                catch (Exception e)
                {
                    Console.WriteLine(e);
                    return BadRequest(e);
                }
            }
        }

258
        private IActionResult FailedRequest(HttpResponseMessage response, string path)
259
260
261
262
263
        {
            if (response.StatusCode == System.Net.HttpStatusCode.NotFound)
            {
                return NotFound($"Could not find object for: \"{path}\".");
            }
264
            else if (response.StatusCode == System.Net.HttpStatusCode.Forbidden)
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
            {
                return Forbid("Not allowed to access the datasource.");
            }
            else
            {
                return BadRequest($"Error in communication with waterbutler: {response.StatusCode}");
            }
        }

        private IActionResult CheckResourceIdAndPath(string resourceId, string path, out Resource resource)
        {
            resource = null;

            if (string.IsNullOrWhiteSpace(path))
            {
                return BadRequest($"Your path \"{path}\" is empty.");
            }

            Regex rgx = new Regex(@"^[0-9a-zA-Z_\-/. ]+$");
            if (!rgx.IsMatch(path))
            {
                return BadRequest($"Your path \"{path}\" contains bad chars. Only {@"^[0-9a-zA-Z_\-./ ]+"} are allowed as chars.");
            }

289
            if (!Guid.TryParse(resourceId, out Guid resourceGuid))
290
291
292
            {
                return BadRequest($"{resourceId} is not a guid.");
            }
293
            
294
295
            try
            {
296
                resource = _resourceModel.GetById(resourceGuid);
297
298
299
300
                if (resource == null)
                {
                    return NotFound($"Could not find resource with id: {resourceId}");
                }
301
302
303
304
305
                var user = _authenticator.GetUserFromToken();
                if (!_resourceModel.OwnsResource(user, resource))
                {
                    return Forbid($"The user does not own the resource {resourceId}");
                }
306
307
308
309
310
311
312
313
314
315
316
317
318
319
            }
            catch (Exception)
            {
                return NotFound($"Could not find resource with id: {resourceId}");
            }

            if (resource.Type == null)
            {
                ResourceTypeModel resourceTypeModel = new ResourceTypeModel();
                resource.Type = resourceTypeModel.GetById(resource.TypeId);
            }

            // All good
            return null;
320
321
        }

322
        private string BuildWaterbutlerPayload(Dictionary<string, object> auth, Dictionary<string, object> credentials, Dictionary<string, object> settings)
323
324
        {
            var data = new Dictionary<string, object>
325
326
327
328
329
330
            {
                { "auth", auth },
                { "credentials", credentials },
                { "settings", settings },
                { "callback_url", "rwth-aachen.de" }
            };
331
332

            var payload = new JwtPayload
333
334
335
            {
                { "data", data }
            };
336
337
338

            return _jwtHandler.GenerateJwtToken(payload);
        }
339

340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
        private string BuildAuthHeader(Resource resource, IEnumerable<string> exclude = null)
        {
            if (exclude != null && exclude.Contains(resource.Type.DisplayName.ToLower()))
            {
                return null;
            }

            string authHeader = null;
            if (resource.Type.DisplayName.ToLower() == "rds")
            {
                RDSResourceTypeModel rdsResourceTypeModel = new RDSResourceTypeModel();
                var rdsResourceType = rdsResourceTypeModel.GetById(resource.ResourceTypeOptionId.Value);

                authHeader = BuildRdsAuthHeader(rdsResourceType);
            }
            else if (resource.Type.DisplayName.ToLower() == "gitlab")
            {
                GitlabResourceTypeModel gitlabResourceTypeModel = new GitlabResourceTypeModel();
                var gitlabResourceType = gitlabResourceTypeModel.GetById(resource.ResourceTypeOptionId.Value);

                authHeader = BuildGitlabAuthHeader(gitlabResourceType);
            }

            return authHeader;
        }

366
        private string BuildRdsAuthHeader(RDSResourceType rdsResourceType)
367
368
369
370
371
        {
            var auth = new Dictionary<string, object>();

            var credentials = new Dictionary<string, object>
            {
372
373
                { "access_key", rdsResourceType.AccessKey },
                { "secret_key", rdsResourceType.SecretKey }
374
375
376
377
            };

            var settings = new Dictionary<string, object>
            {
378
                { "bucket", rdsResourceType.BucketName }
379
380
381
382
383
            };

            return BuildWaterbutlerPayload(auth, credentials, settings);
        }

384
        private string BuildGitlabAuthHeader(GitlabResourceType gitlabResourceType)
385
        {
386
387
388
389
390

            var auth = new Dictionary<string, object>();

            var credentials = new Dictionary<string, object>
            {
391
                { "token", gitlabResourceType.Token }
392
393
394
395
396
            };

            var settings = new Dictionary<string, object>
            {
                {"owner", "Tester"},
397
398
                { "repo", gitlabResourceType.RepositoryUrl},
                { "repo_id", gitlabResourceType.RepositoryNumber},
399
400
401
                { "host", "https://git.rwth-aachen.de"}
            };

402
            return BuildWaterbutlerPayload(auth, credentials, settings);
403
        }
404
405
    }
}
406
#endregion