using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
using Coscine.ApiCommons.Factories;
using Coscine.ApiCommons.Utils;
using Coscine.Configuration;
using Coscine.Database.Model;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json.Linq;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.IO;
using System.Linq;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using System.Web;
#region DupFinder Exclusion
namespace Coscine.Api.Project.Controllers
{
[Authorize]
public class DataSourceController : Controller
{
private readonly IConfiguration _configuration;
private readonly JWTHandler _jwtHandler;
// make to lazy property
private static readonly HttpClient Client;
private readonly Authenticator _authenticator;
private readonly ResourceModel _resourceModel;
private readonly ProjectModel _projectModel;
static DataSourceController()
{
Client = new HttpClient
{
Timeout = TimeSpan.FromMinutes(30)
};
}
public DataSourceController()
{
_configuration = Program.Configuration;
_jwtHandler = new JWTHandler(_configuration);
_authenticator = new Authenticator(this, _configuration);
_resourceModel = new ResourceModel();
_projectModel = new ProjectModel();
}
// inferring a ../ (urlencoded) can manipulate the url.
// However the constructed signature for s3 won't match and it will not be resolved.
// This may be a problem for other provider!
[HttpGet("[controller]/{resourceId}/{path}")]
public async Task<IActionResult> GetWaterButlerFolder(string resourceId, string path)
{
var user = _authenticator.GetUser();
if (!string.IsNullOrWhiteSpace(path))
{
path = HttpUtility.UrlDecode(path);
}
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
{
return check;
}
if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
return BadRequest("User does not have permission to the resource.");
}
var authHeader = BuildAuthHeader(resource);
if (authHeader == null)
{
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
}
else
{
// If the path is null, an empty string is added.
string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{GetResourceTypeName(resource)}{path}";
var request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authHeader);
// Thread safe according to msdn and HttpCompletionOption sets it to get only headers first.
var response = await Client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
if (response.IsSuccessStatusCode)
{
if (response.Content.Headers.Contains("Content-Disposition"))
{
return File(await response.Content.ReadAsStreamAsync(),
response.Content.Headers.GetValues("Content-Type").First());
}
else
{
var data = JObject.Parse(await response.Content.ReadAsStringAsync())["data"];
return Ok(new WaterbutlerObject(path, data));
}
}
else
{
return FailedRequest(response, path);
}
}
}
// inferring a ../ (urlencoded) can manipulate the url.
// However the constructed signature for s3 won't match and it will not be resolved.
// This may be a problem for other provider!
[HttpPut("[controller]/{resourceId}/{path}")]
[DisableRequestSizeLimit]
public async Task<IActionResult> PutUploadFile(string resourceId, string path)
{
var user = _authenticator.GetUser();
if (!string.IsNullOrWhiteSpace(path))
{
path = HttpUtility.UrlDecode(path);
}
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
{
return check;
}
if(!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
return BadRequest("User does not have permission to the resource.");
}
var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });
if (authHeader == null)
{
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
}
else
{
// If the path is null, an empty string is added.
string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{GetResourceTypeName(resource)}/?kind=file&name={path}";
try
{
var response = await UploadFile(url, authHeader, Request.Body);
if (response.IsSuccessStatusCode)
{
return NoContent();
}
else
{
return FailedRequest(response, path);
}
}
catch (Exception e)
{
Console.WriteLine(e);
return BadRequest(e);
}
}
}
// inferring a ../ (urlencoded) can manipulate the url.
// However the constructed signature for s3 won't match and it will not be resolved.
// This may be a problem for other provider!
[HttpPut("[controller]/{resourceId}/{path}/update")]
[DisableRequestSizeLimit]
public async Task<IActionResult> PutUpdateFile(string resourceId, string path)
{
var user = _authenticator.GetUser();
if (!string.IsNullOrWhiteSpace(path))
{
path = HttpUtility.UrlDecode(path);
}
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
{
return check;
}
if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
return BadRequest("User does not have permission to the resource.");
}
var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });
if (authHeader == null)
{
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
}
else
{
// If the path is null, an empty string is added.
string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{GetResourceTypeName(resource)}/{path}?kind=file";
try
{
var response = await UploadFile(url, authHeader, Request.Body);
if (response.IsSuccessStatusCode)
{
return NoContent();
}
else
{
return FailedRequest(response, path);
}
}
catch (Exception e)
{
Console.WriteLine(e);
return BadRequest(e);
}
}
}
private string GetResourceTypeName(Resource resource)
{
if (resource.Type.DisplayName.ToLower().Equals("s3")) {
return "rds";
}
else
{
return resource.Type.DisplayName.ToLower();
}
}
private string GetResourceTypeName(JToken resource)
{
if (resource["type"]["displayName"].ToString().ToLower().Equals("s3"))
{
return "rds";
}
else
{
return resource["type"]["displayName"].ToString().ToLower();
}
}
public async Task<HttpResponseMessage> UploadFile(string url, string authHeader, Stream stream)
{
var request = new HttpRequestMessage(HttpMethod.Put, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authHeader);
request.Content = new StreamContent(stream);
return await Client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
}
[HttpDelete("[controller]/{resourceId}/{path}")]
public async Task<IActionResult> Delete(string resourceId, string path)
{
var user = _authenticator.GetUser();
if (!string.IsNullOrWhiteSpace(path))
{
path = HttpUtility.UrlDecode(path);
}
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
{
return check;
}
if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
return BadRequest("User does not have permission to the resource.");
}
var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });
if (authHeader == null)
{
return BadRequest($"No provider for: \"{resource.Type.DisplayName}\".");
}
else
{
// If the path is null, an empty string is added.
string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{GetResourceTypeName(resource)}{path}";
var request = new HttpRequestMessage(HttpMethod.Delete, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authHeader);
// Thread safe according to msdn and HttpCompletionOption sets it to get only headers first.
try
{
var response = await Client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
if (response.IsSuccessStatusCode)
{
return NoContent();
}
else
{
return FailedRequest(response, path);
}
}
catch (Exception e)
{
Console.WriteLine(e);
return BadRequest(e);
}
}
}
[HttpPost("[controller]/validate")]
public async Task<IActionResult> IsResourceValid()
{
var path = "/";
JToken resource = ObjectFactory<JToken>.DeserializeFromStream(Request.Body);
string authHeader = null;
if (resource["type"]["displayName"].ToString().ToLower() == "s3")
{
S3ResourceType s3ResourceType = new S3ResourceType();
s3ResourceType.BucketName = resource["resourceTypeOption"]["BucketName"].ToString();
s3ResourceType.AccessKey = resource["resourceTypeOption"]["AccessKey"].ToString();
s3ResourceType.SecretKey = resource["resourceTypeOption"]["SecretKey"].ToString();
authHeader = BuildS3AuthHeader(s3ResourceType);
}
else if (resource["type"]["displayName"].ToString().ToLower() == "gitlab")
{
GitlabResourceType gitlabResourceType = new GitlabResourceType
{
RepositoryNumber = (int)resource["resourceTypeOption"]["RepositoryNumber"],
RepositoryUrl = resource["resourceTypeOption"]["RepositoryUrl"].ToString(),
Token = resource["resourceTypeOption"]["Token"].ToString()
};
authHeader = BuildGitlabAuthHeader(gitlabResourceType);
}
if (authHeader == null)
{
return BadRequest($"No provider for: \"{resource["type"]["displayName"].ToString()}\".");
}
else
{
// If the path is null, an empty string is added.
string url = $"{_configuration.GetString("coscine/global/waterbutler_url")}{GetResourceTypeName(resource)}{path}";
var request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authHeader);
// Thread safe according to msdn and HttpCompletionOption sets it to get only headers first.
var response = await Client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead);
if (response.IsSuccessStatusCode)
{
if (response.Content.Headers.Contains("Content-Disposition"))
{
return File(await response.Content.ReadAsStreamAsync(),
response.Content.Headers.GetValues("Content-Type").First());
}
else
{
var data = JObject.Parse(await response.Content.ReadAsStringAsync())["data"];
return Ok(new WaterbutlerObject(path, data));
}
}
else
{
return FailedRequest(response, path);
}
}
}
private IActionResult FailedRequest(HttpResponseMessage response, string path)
{
if (response.StatusCode == System.Net.HttpStatusCode.NotFound)
{
return NotFound($"Could not find object for: \"{path}\".");
}
else if (response.StatusCode == System.Net.HttpStatusCode.Forbidden)
{
return Forbid("Not allowed to access the datasource.");
}
else
{
return BadRequest($"Error in communication with waterbutler: {response.StatusCode}");
}
}
private IActionResult CheckResourceIdAndPath(string resourceId, string path, out Resource resource)
{
resource = null;
if (string.IsNullOrWhiteSpace(path))
{
return BadRequest($"Your path \"{path}\" is empty.");
}
Regex rgx = new Regex(@"^[0-9a-zA-Z_\-/. ]+$");
if (!rgx.IsMatch(path))
{
return BadRequest($"Your path \"{path}\" contains bad chars. Only {@"^[0-9a-zA-Z_\-./ ]+"} are allowed as chars.");
}
if (!Guid.TryParse(resourceId, out Guid resourceGuid))
{
return BadRequest($"{resourceId} is not a guid.");
}
try
{
resource = _resourceModel.GetById(resourceGuid);
if (resource == null)
{
return NotFound($"Could not find resource with id: {resourceId}");
}
}
catch (Exception)
{
return NotFound($"Could not find resource with id: {resourceId}");
}
if (resource.Type == null)
{
ResourceTypeModel resourceTypeModel = new ResourceTypeModel();
resource.Type = resourceTypeModel.GetById(resource.TypeId);
}
// All good
return null;
}
private string BuildWaterbutlerPayload(Dictionary<string, object> auth, Dictionary<string, object> credentials, Dictionary<string, object> settings)
{
var data = new Dictionary<string, object>
{
{ "auth", auth },
{ "credentials", credentials },
{ "settings", settings },
{ "callback_url", "rwth-aachen.de" }
};
var payload = new JwtPayload
{
{ "data", data }
};
return _jwtHandler.GenerateJwtToken(payload);
}
private string BuildAuthHeader(Resource resource, IEnumerable<string> exclude = null)
{
if (exclude != null && exclude.Contains(resource.Type.DisplayName.ToLower()))
{
return null;
}
string authHeader = null;
if (resource.Type.DisplayName.ToLower() == "rds")
{
RDSResourceTypeModel rdsResourceTypeModel = new RDSResourceTypeModel();
var rdsResourceType = rdsResourceTypeModel.GetById(resource.ResourceTypeOptionId.Value);
authHeader = BuildRdsAuthHeader(rdsResourceType);
}
else if (resource.Type.DisplayName.ToLower() == "s3")
{
S3ResourceTypeModel s3ResourceTypeModel = new S3ResourceTypeModel();
var s3ResourceType = s3ResourceTypeModel.GetById(resource.ResourceTypeOptionId.Value);
authHeader = BuildS3AuthHeader(s3ResourceType);
}
else if (resource.Type.DisplayName.ToLower() == "gitlab")
{
GitlabResourceTypeModel gitlabResourceTypeModel = new GitlabResourceTypeModel();
var gitlabResourceType = gitlabResourceTypeModel.GetById(resource.ResourceTypeOptionId.Value);
authHeader = BuildGitlabAuthHeader(gitlabResourceType);
}
return authHeader;
}
private string BuildRdsAuthHeader(RDSResourceType rdsResourceType)
{
var auth = new Dictionary<string, object>();
var credentials = new Dictionary<string, object>
{
{ "access_key", _configuration.GetStringAndWait("coscine/global/buckets/accessKey") },
{ "secret_key", _configuration.GetStringAndWait("coscine/global/buckets/secretKey") }
};
var settings = new Dictionary<string, object>
{
{ "bucket", rdsResourceType.BucketName }
};
return BuildWaterbutlerPayload(auth, credentials, settings);
}
private string BuildS3AuthHeader(S3ResourceType s3ResourceType)
{
var auth = new Dictionary<string, object>();
var credentials = new Dictionary<string, object>
{
{ "access_key", s3ResourceType.AccessKey },
{ "secret_key", s3ResourceType.SecretKey }
};
var settings = new Dictionary<string, object>
{
{ "bucket", s3ResourceType.BucketName }
};
return BuildWaterbutlerPayload(auth, credentials, settings);
}
private string BuildGitlabAuthHeader(GitlabResourceType gitlabResourceType)
{
var auth = new Dictionary<string, object>();
var credentials = new Dictionary<string, object>
{
{ "token", gitlabResourceType.Token }
};
var settings = new Dictionary<string, object>
{
{ "owner", "Tester"},
{ "repo", gitlabResourceType.RepositoryUrl},
{ "repo_id", gitlabResourceType.RepositoryNumber.ToString()},
{ "host", "https://git.rwth-aachen.de"}
};
return BuildWaterbutlerPayload(auth, credentials, settings);
}
}
}
#endregion