Archive-Team
/
sonarr-repo-only
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revised Authentication logic for api and logfiles.

This commit is contained in:
Taloth Saldono 2014-03-27 23:13:31 +01:00 committed by Taloth
parent 9645fb07db
commit f92aded4f0
4 changed files with 23 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/NzbDrone.Api/Authentication/EnableStatelessAuthInNancy.cs
View File

@ -12,12 +12,10 @@ namespace NzbDrone.Api.Authentication
{ {
public class EnableStatelessAuthInNancy : IRegisterNancyPipeline public class EnableStatelessAuthInNancy : IRegisterNancyPipeline
{ {
private readonly IAuthenticationService _authenticationService;
private static String API_KEY; private static String API_KEY;
public EnableStatelessAuthInNancy(IAuthenticationService authenticationService, IConfigFileProvider configFileProvider) public EnableStatelessAuthInNancy(IConfigFileProvider configFileProvider)
{ {
_authenticationService = authenticationService;
API_KEY = configFileProvider.ApiKey; API_KEY = configFileProvider.ApiKey;
} }
@ -29,17 +27,12 @@ namespace NzbDrone.Api.Authentication
public Response ValidateApiKey(NancyContext context) public Response ValidateApiKey(NancyContext context)
{ {
Response response = null; Response response = null;
if (!RuntimeInfo.IsProduction && context.Request.IsLocalRequest())
{
return response;
}
var authorizationHeader = context.Request.Headers.Authorization; var authorizationHeader = context.Request.Headers.Authorization;
var apiKeyHeader = context.Request.Headers["X-Api-Key"].FirstOrDefault(); var apiKeyHeader = context.Request.Headers["X-Api-Key"].FirstOrDefault();
var apiKey = apiKeyHeader.IsNullOrWhiteSpace() ? authorizationHeader : apiKeyHeader; var apiKey = apiKeyHeader.IsNullOrWhiteSpace() ? authorizationHeader : apiKeyHeader;
if (context.Request.IsApiRequest() && !ValidApiKey(apiKey) && !IsAuthenticated(context)) if (context.Request.IsApiRequest() && !ValidApiKey(apiKey))
{ {
response = new Response { StatusCode = HttpStatusCode.Unauthorized }; response = new Response { StatusCode = HttpStatusCode.Unauthorized };
} }
@ -49,15 +42,9 @@ namespace NzbDrone.Api.Authentication
private bool ValidApiKey(string apiKey) private bool ValidApiKey(string apiKey)
{ {
if (apiKey.IsNullOrWhiteSpace()) return false; if (!API_KEY.Equals(apiKey)) return false;
if (!apiKey.Equals(API_KEY)) return false;
return true; return true;
} }
private bool IsAuthenticated(NancyContext context)
{
return _authenticationService.Enabled && _authenticationService.IsAuthenticated(context);
}
} }
} }

8
src/NzbDrone.Api/Extensions/RequestExtensions.cs
View File

@ -7,7 +7,7 @@ namespace NzbDrone.Api.Extensions
{ {
public static bool IsApiRequest(this Request request) public static bool IsApiRequest(this Request request)
{ {
return request.Path.StartsWith("/api/", StringComparison.InvariantCultureIgnoreCase) || request.IsLogFileRequest(); return request.Path.StartsWith("/api/", StringComparison.InvariantCultureIgnoreCase);
} }
public static bool IsSignalRRequest(this Request request) public static bool IsSignalRRequest(this Request request)
@ -21,11 +21,5 @@ namespace NzbDrone.Api.Extensions
request.UserHostAddress.Equals("127.0.0.1") || request.UserHostAddress.Equals("127.0.0.1") ||
request.UserHostAddress.Equals("::1")); request.UserHostAddress.Equals("::1"));
} }
private static bool IsLogFileRequest(this Request request)
{
return request.Path.StartsWith("/log/", StringComparison.InvariantCultureIgnoreCase) &&
request.Path.EndsWith(".txt", StringComparison.InvariantCultureIgnoreCase);
}
} }
} }

18
src/NzbDrone.Api/Logs/LogFileModule.cs
View File

@ -4,11 +4,15 @@ using System.Linq;
using NzbDrone.Common; using NzbDrone.Common;
using NzbDrone.Common.Disk; using NzbDrone.Common.Disk;
using NzbDrone.Common.EnvironmentInfo; using NzbDrone.Common.EnvironmentInfo;
using Nancy;
using Nancy.Responses;
namespace NzbDrone.Api.Logs namespace NzbDrone.Api.Logs
{ {
public class LogFileModule : NzbDroneRestModule<LogFileResource> public class LogFileModule : NzbDroneRestModule<LogFileResource>
{ {
private const string LOGFILE_ROUTE = @"/(?<filename>nzbdrone(?:\.\d+)?\.txt)";
private readonly IAppFolderInfo _appFolderInfo; private readonly IAppFolderInfo _appFolderInfo;
private readonly IDiskProvider _diskProvider; private readonly IDiskProvider _diskProvider;
@ -19,6 +23,8 @@ namespace NzbDrone.Api.Logs
_appFolderInfo = appFolderInfo; _appFolderInfo = appFolderInfo;
_diskProvider = diskProvider; _diskProvider = diskProvider;
GetResourceAll = GetLogFiles; GetResourceAll = GetLogFiles;
Get[LOGFILE_ROUTE] = options => GetLogFile(options.filename);
} }
private List<LogFileResource> GetLogFiles() private List<LogFileResource> GetLogFiles()
@ -41,5 +47,17 @@ namespace NzbDrone.Api.Logs
return result.OrderByDescending(l => l.LastWriteTime).ToList(); return result.OrderByDescending(l => l.LastWriteTime).ToList();
} }
private Response GetLogFile(string filename)
{
var filePath = Path.Combine(_appFolderInfo.GetLogFolder(), filename);
if (!_diskProvider.FileExists(filePath))
return new NotFoundResponse();
var data = _diskProvider.ReadAllText(filePath);
return new TextResponse(data);
}
} }
} }

2
src/UI/System/Logs/Files/ContentsModel.js
View File

@ -6,7 +6,7 @@ define(
], function (Backbone, StatusModel) { ], function (Backbone, StatusModel) {
return Backbone.Model.extend({ return Backbone.Model.extend({
url: function () { url: function () {
return StatusModel.get('urlBase') + '/logfile/' + this.get('filename'); return StatusModel.get('urlBase') + '/api/log/file/' + this.get('filename');
}, },
parse: function (contents) { parse: function (contents) {