notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

file dl auth

main
Paul Schneider 6 years ago
parent e71f598bd3
commit 8eddb95fa5
5 changed files with 81 additions and 41 deletions
Show Stats Download Patch File Download Diff File

32
src/Yavsc/AuthorizationHandlers/ViewFileHandler.cs
Unescape Escape View File

@ -1,18 +1,30 @@
using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Authorization;
using Yavsc.Services;
using Yavsc.ViewModels.Auth; using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers namespace Yavsc.AuthorizationHandlers {
{
public class ViewFileHandler : AuthorizationHandler<ViewRequirement, ViewFileContext> public class ViewFileHandler : AuthorizationHandler<ViewRequirement, ViewFileContext> {
{
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, ViewFileContext fileContext) IFileSystemAuthManager _authManager;
{
public ViewFileHandler (IFileSystemAuthManager authManager) {
_authManager = authManager;
}
protected override void Handle (AuthorizationContext context, ViewRequirement requirement, ViewFileContext fileContext) {
// TODO file access rules // TODO file access rules
if (fileContext.Path.StartsWith("/pub/")) if (fileContext.Path.StartsWith ("/pub/"))
context.Succeed(requirement); context.Succeed (requirement);
else { else {
// TODO use "/blog/{num}/" path to link to blog access list if (!fileContext.Path.StartsWith ("/"))
context.Succeed(requirement); context.Fail ();
else {
var rights = _authManager.GetFilePathAccess (context.User, fileContext.Path.Substring (1));
if ((rights & FileAccessRight.Read) > 0)
context.Succeed (requirement);
else context.Fail ();
}
} }
} }
} }

44
src/Yavsc/Services/FileSystemAuthManager.cs
Unescape Escape View File

@ -0,0 +1,44 @@
using System;
using System.Linq;
using System.Security.Principal;
using System.Security.Claims;
using Yavsc.Models;
namespace Yavsc.Services
{
public class FileSystemAuthManager : IFileSystemAuthManager
{
ApplicationDbContext _dbContext;
public FileSystemAuthManager(ApplicationDbContext dbContext)
{
_dbContext = dbContext;
}
public FileAccessRight GetFilePathAccess(ClaimsPrincipal user, string normalizedFullPath)
{
// Assert (normalizedFullPath!=null)
var parts = normalizedFullPath.Split('/');
if (parts.Length<2) return FileAccessRight.None;
var funame = parts[0];
if (funame == user.GetUserName()) return FileAccessRight.Read | FileAccessRight.Write;
var ucl = user.Claims.Where(c => c.Type == YavscClaimTypes.CircleMembership).Select(c => long.Parse(c.Value)).ToArray();
if (_dbContext.CircleAuthorizationToFile.Any(
r => r.FullPath == normalizedFullPath && ucl.Contains(r.CircleId)
)) return FileAccessRight.Read;
return FileAccessRight.None;
}
public string NormalizePath(string path)
{
throw new NotImplementedException();
}
public void SetAccess(long circleId, string normalizedFullPath, FileAccessRight access)
{
throw new NotImplementedException();
}
}
}

32
src/Yavsc/Services/IFileSystemAuthManager.cs
Unescape Escape View File

@ -1,8 +1,9 @@
using System; using System;
using System.Security.Claims;
using System.Security.Principal; using System.Security.Principal;
using Yavsc.Models;
namespace Yavsc.Services { namespace Yavsc.Services
{
[Flags] [Flags]
public enum FileAccessRight { public enum FileAccessRight {
None = 0, None = 0,
@ -22,34 +23,9 @@ namespace Yavsc.Services {
/// <param name="user"></param> /// <param name="user"></param>
/// <param name="normalizedFullPath"></param> /// <param name="normalizedFullPath"></param>
/// <returns></returns> /// <returns></returns>
FileAccessRight GetFilePathAccess(IPrincipal user, string normalizedFullPath); FileAccessRight GetFilePathAccess(ClaimsPrincipal user, string normalizedFullPath);
void SetAccess (long circleId, string normalizedFullPath, FileAccessRight access); void SetAccess (long circleId, string normalizedFullPath, FileAccessRight access);
} }
public class FileSystemAuthManager : IFileSystemAuthManager
{
ApplicationDbContext _dbContext;
public FileSystemAuthManager(ApplicationDbContext dbContext)
{
_dbContext = dbContext;
}
public FileAccessRight GetFilePathAccess(IPrincipal user, string normalizedFullPath)
{
throw new NotImplementedException();
}
public string NormalizePath(string path)
{
throw new NotImplementedException();
}
public void SetAccess(long circleId, string normalizedFullPath, FileAccessRight access)
{
throw new NotImplementedException();
}
}
} }

13
src/Yavsc/Startup/Startup.FileServer.cs
Unescape Escape View File

@ -1,4 +1,5 @@
using System.IO; using System.IO;
using System.Security.Claims;
using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Builder; using Microsoft.AspNet.Builder;
using Microsoft.AspNet.FileProviders; using Microsoft.AspNet.FileProviders;
@ -7,6 +8,8 @@ using Microsoft.AspNet.Http;
using Microsoft.AspNet.StaticFiles; using Microsoft.AspNet.StaticFiles;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using Yavsc.Abstract.FileSystem; using Yavsc.Abstract.FileSystem;
using Yavsc.Services;
using Yavsc.ViewModels.Auth;
namespace Yavsc namespace Yavsc
{ {
@ -17,7 +20,8 @@ namespace Yavsc
public static FileServerOptions AvatarsOptions { get; set; } public static FileServerOptions AvatarsOptions { get; set; }
public void ConfigureFileServerApp(IApplicationBuilder app, public void ConfigureFileServerApp(IApplicationBuilder app,
SiteSettings siteSettings, IHostingEnvironment env, IAuthorizationService authorizationService) SiteSettings siteSettings, IHostingEnvironment env,
IAuthorizationService authorizationService)
{ {
var userFilesDirInfo = new DirectoryInfo( siteSettings.Blog ); var userFilesDirInfo = new DirectoryInfo( siteSettings.Blog );
AbstractFileSystemHelpers.UserFilesDirName = userFilesDirInfo.FullName; AbstractFileSystemHelpers.UserFilesDirName = userFilesDirInfo.FullName;
@ -33,15 +37,18 @@ namespace Yavsc
UserFilesOptions.EnableDefaultFiles=true; UserFilesOptions.EnableDefaultFiles=true;
UserFilesOptions.StaticFileOptions.ServeUnknownFileTypes=true; UserFilesOptions.StaticFileOptions.ServeUnknownFileTypes=true;
/* TODO needs a better design, at implementation time (don't use database, but in memory data) /* TODO needs a better design, at implementation time (don't use database, but in memory data) */
UserFilesOptions.StaticFileOptions.OnPrepareResponse += async context => UserFilesOptions.StaticFileOptions.OnPrepareResponse += async context =>
{ {
var uname = context.Context.User.GetUserName(); var uname = context.Context.User.GetUserName();
var path = context.Context.Request.Path; var path = context.Context.Request.Path;
var result = await authorizationService.AuthorizeAsync(context.Context.User, new ViewFileContext var result = await authorizationService.AuthorizeAsync(context.Context.User, new ViewFileContext
{ UserName = uname, File = context.File, Path = path } , new ViewRequirement()); { UserName = uname, File = context.File, Path = path } , new ViewRequirement());
if (!result) {
context.Context.Response.StatusCode = 403;
context.Context.Abort();
}
}; };
*/
var avatarsDirInfo = new DirectoryInfo(Startup.SiteSetup.Avatars); var avatarsDirInfo = new DirectoryInfo(Startup.SiteSetup.Avatars);
if (!avatarsDirInfo.Exists) avatarsDirInfo.Create(); if (!avatarsDirInfo.Exists) avatarsDirInfo.Create();
AvatarsDirName = avatarsDirInfo.FullName; AvatarsDirName = avatarsDirInfo.FullName;

1
src/Yavsc/Startup/Startup.cs
Unescape Escape View File

@ -232,6 +232,7 @@ namespace Yavsc
services.AddSingleton<IAuthorizationHandler, SendMessageHandler>(); services.AddSingleton<IAuthorizationHandler, SendMessageHandler>();
services.AddSingleton<IConnexionManager, HubConnectionManager>(); services.AddSingleton<IConnexionManager, HubConnectionManager>();
services.AddSingleton<ILiveProcessor, LiveProcessor>(); services.AddSingleton<ILiveProcessor, LiveProcessor>();
services.AddSingleton<IFileSystemAuthManager, FileSystemAuthManager>();
services.AddMvc(config => services.AddMvc(config =>
{ {

Write Preview
Loading…