api key unprotected
This commit is contained in:
Paul Schneider
@ -44,4 +44,5 @@ pack:
|
|||||||
paths:
|
paths:
|
||||||
- bin/Release/nuget-host.*.nupkg
|
- bin/Release/nuget-host.*.nupkg
|
||||||
script:
|
script:
|
||||||
- dotnet pack --version-suffix ci --configuration Release --no-restore
|
- dotnet pack --configuration Release --no-restore
|
||||||
|
- nuget push -Source $NUGETSOURCE -ApiKey $NUGETSOURCEAPIKEY bin/Release/nuget-host.*.nupkg
|
||||||
|
|||||||
@ -3,6 +3,7 @@ using System.Collections.Generic;
|
|||||||
using System.IO;
|
using System.IO;
|
||||||
using System.IO.Compression;
|
using System.IO.Compression;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
using System.Security.Claims;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.DataProtection;
|
using Microsoft.AspNetCore.DataProtection;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
@ -10,26 +11,32 @@ using Microsoft.Extensions.Logging;
|
|||||||
using Microsoft.Extensions.Options;
|
using Microsoft.Extensions.Options;
|
||||||
using NuGet.Packaging;
|
using NuGet.Packaging;
|
||||||
using NuGet.Packaging.Core;
|
using NuGet.Packaging.Core;
|
||||||
|
using nuget_host.Data;
|
||||||
using nuget_host.Entities;
|
using nuget_host.Entities;
|
||||||
using nuget_host.Helpers;
|
using nuget_host.Helpers;
|
||||||
|
|
||||||
namespace nuget_host.Controllers
|
namespace nuget_host.Controllers
|
||||||
{
|
{
|
||||||
|
|
||||||
|
[AllowAnonymous]
|
||||||
public class PackagesController : Controller
|
public class PackagesController : Controller
|
||||||
{
|
{
|
||||||
private readonly ILogger<PackagesController> logger;
|
private readonly ILogger<PackagesController> logger;
|
||||||
private readonly IDataProtector protector;
|
private readonly IDataProtector protector;
|
||||||
|
|
||||||
private readonly NugetSettings nugetSettings;
|
private readonly NugetSettings nugetSettings;
|
||||||
|
ApplicationDbContext dbContext;
|
||||||
|
|
||||||
public PackagesController(
|
public PackagesController(
|
||||||
ILoggerFactory loggerFactory,
|
ILoggerFactory loggerFactory,
|
||||||
IDataProtectionProvider provider,
|
IDataProtectionProvider provider,
|
||||||
IOptions<NugetSettings> nugetOptions)
|
IOptions<NugetSettings> nugetOptions,
|
||||||
|
ApplicationDbContext dbContext)
|
||||||
{
|
{
|
||||||
logger = loggerFactory.CreateLogger<PackagesController>();
|
logger = loggerFactory.CreateLogger<PackagesController>();
|
||||||
nugetSettings = nugetOptions.Value;
|
nugetSettings = nugetOptions.Value;
|
||||||
protector = provider.CreateProtector(nugetSettings.ProtectionTitle);
|
protector = provider.CreateProtector(nugetSettings.ProtectionTitle);
|
||||||
|
this.dbContext = dbContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPut("packages/{*spec}")]
|
[HttpPut("packages/{*spec}")]
|
||||||
@ -44,8 +51,10 @@ namespace nuget_host.Controllers
|
|||||||
ViewData["nuget client"] = "nuget {clientVersionId}";
|
ViewData["nuget client"] = "nuget {clientVersionId}";
|
||||||
|
|
||||||
var clearkey = protector.Unprotect(apiKey);
|
var clearkey = protector.Unprotect(apiKey);
|
||||||
if (clearkey!= Startup.RootApiKeySecret)
|
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
|
||||||
return Unauthorized();
|
var apikey = dbContext.ApiKeys.SingleOrDefault(k => k.Id == clearkey);
|
||||||
|
if (apikey == null)
|
||||||
|
return new BadRequestObjectResult(new {error = "api-key"});
|
||||||
|
|
||||||
foreach (var file in Request.Form.Files)
|
foreach (var file in Request.Form.Files)
|
||||||
{
|
{
|
||||||
@ -95,7 +104,7 @@ namespace nuget_host.Controllers
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return BadRequest();
|
return new BadRequestObjectResult(ViewData);
|
||||||
}
|
}
|
||||||
return Ok(ViewData);
|
return Ok(ViewData);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user