file dl auth
This commit is contained in:
@ -1,18 +1,30 @@
|
||||
using Microsoft.AspNet.Authorization;
|
||||
using Yavsc.Services;
|
||||
using Yavsc.ViewModels.Auth;
|
||||
|
||||
namespace Yavsc.AuthorizationHandlers
|
||||
{
|
||||
public class ViewFileHandler : AuthorizationHandler<ViewRequirement, ViewFileContext>
|
||||
{
|
||||
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, ViewFileContext fileContext)
|
||||
{
|
||||
namespace Yavsc.AuthorizationHandlers {
|
||||
|
||||
public class ViewFileHandler : AuthorizationHandler<ViewRequirement, ViewFileContext> {
|
||||
|
||||
IFileSystemAuthManager _authManager;
|
||||
|
||||
public ViewFileHandler (IFileSystemAuthManager authManager) {
|
||||
_authManager = authManager;
|
||||
}
|
||||
|
||||
protected override void Handle (AuthorizationContext context, ViewRequirement requirement, ViewFileContext fileContext) {
|
||||
// TODO file access rules
|
||||
if (fileContext.Path.StartsWith("/pub/"))
|
||||
context.Succeed(requirement);
|
||||
if (fileContext.Path.StartsWith ("/pub/"))
|
||||
context.Succeed (requirement);
|
||||
else {
|
||||
// TODO use "/blog/{num}/" path to link to blog access list
|
||||
context.Succeed(requirement);
|
||||
if (!fileContext.Path.StartsWith ("/"))
|
||||
context.Fail ();
|
||||
else {
|
||||
var rights = _authManager.GetFilePathAccess (context.User, fileContext.Path.Substring (1));
|
||||
if ((rights & FileAccessRight.Read) > 0)
|
||||
context.Succeed (requirement);
|
||||
else context.Fail ();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
44
src/Yavsc/Services/FileSystemAuthManager.cs
Normal file
44
src/Yavsc/Services/FileSystemAuthManager.cs
Normal file
@ -0,0 +1,44 @@
|
||||
using System;
|
||||
using System.Linq;
|
||||
using System.Security.Principal;
|
||||
using System.Security.Claims;
|
||||
using Yavsc.Models;
|
||||
|
||||
namespace Yavsc.Services
|
||||
{
|
||||
public class FileSystemAuthManager : IFileSystemAuthManager
|
||||
{
|
||||
ApplicationDbContext _dbContext;
|
||||
|
||||
public FileSystemAuthManager(ApplicationDbContext dbContext)
|
||||
{
|
||||
_dbContext = dbContext;
|
||||
}
|
||||
|
||||
public FileAccessRight GetFilePathAccess(ClaimsPrincipal user, string normalizedFullPath)
|
||||
{
|
||||
// Assert (normalizedFullPath!=null)
|
||||
var parts = normalizedFullPath.Split('/');
|
||||
if (parts.Length<2) return FileAccessRight.None;
|
||||
var funame = parts[0];
|
||||
if (funame == user.GetUserName()) return FileAccessRight.Read | FileAccessRight.Write;
|
||||
|
||||
var ucl = user.Claims.Where(c => c.Type == YavscClaimTypes.CircleMembership).Select(c => long.Parse(c.Value)).ToArray();
|
||||
|
||||
if (_dbContext.CircleAuthorizationToFile.Any(
|
||||
r => r.FullPath == normalizedFullPath && ucl.Contains(r.CircleId)
|
||||
)) return FileAccessRight.Read;
|
||||
return FileAccessRight.None;
|
||||
}
|
||||
|
||||
public string NormalizePath(string path)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
public void SetAccess(long circleId, string normalizedFullPath, FileAccessRight access)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,8 +1,9 @@
|
||||
using System;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Principal;
|
||||
using Yavsc.Models;
|
||||
|
||||
namespace Yavsc.Services {
|
||||
namespace Yavsc.Services
|
||||
{
|
||||
[Flags]
|
||||
public enum FileAccessRight {
|
||||
None = 0,
|
||||
@ -22,34 +23,9 @@ namespace Yavsc.Services {
|
||||
/// <param name="user"></param>
|
||||
/// <param name="normalizedFullPath"></param>
|
||||
/// <returns></returns>
|
||||
FileAccessRight GetFilePathAccess(IPrincipal user, string normalizedFullPath);
|
||||
FileAccessRight GetFilePathAccess(ClaimsPrincipal user, string normalizedFullPath);
|
||||
|
||||
void SetAccess (long circleId, string normalizedFullPath, FileAccessRight access);
|
||||
|
||||
}
|
||||
|
||||
public class FileSystemAuthManager : IFileSystemAuthManager
|
||||
{
|
||||
ApplicationDbContext _dbContext;
|
||||
|
||||
public FileSystemAuthManager(ApplicationDbContext dbContext)
|
||||
{
|
||||
_dbContext = dbContext;
|
||||
}
|
||||
|
||||
public FileAccessRight GetFilePathAccess(IPrincipal user, string normalizedFullPath)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
public string NormalizePath(string path)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
|
||||
public void SetAccess(long circleId, string normalizedFullPath, FileAccessRight access)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,4 +1,5 @@
|
||||
using System.IO;
|
||||
using System.Security.Claims;
|
||||
using Microsoft.AspNet.Authorization;
|
||||
using Microsoft.AspNet.Builder;
|
||||
using Microsoft.AspNet.FileProviders;
|
||||
@ -7,6 +8,8 @@ using Microsoft.AspNet.Http;
|
||||
using Microsoft.AspNet.StaticFiles;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Yavsc.Abstract.FileSystem;
|
||||
using Yavsc.Services;
|
||||
using Yavsc.ViewModels.Auth;
|
||||
|
||||
namespace Yavsc
|
||||
{
|
||||
@ -17,7 +20,8 @@ namespace Yavsc
|
||||
|
||||
public static FileServerOptions AvatarsOptions { get; set; }
|
||||
public void ConfigureFileServerApp(IApplicationBuilder app,
|
||||
SiteSettings siteSettings, IHostingEnvironment env, IAuthorizationService authorizationService)
|
||||
SiteSettings siteSettings, IHostingEnvironment env,
|
||||
IAuthorizationService authorizationService)
|
||||
{
|
||||
var userFilesDirInfo = new DirectoryInfo( siteSettings.Blog );
|
||||
AbstractFileSystemHelpers.UserFilesDirName = userFilesDirInfo.FullName;
|
||||
@ -33,15 +37,18 @@ namespace Yavsc
|
||||
UserFilesOptions.EnableDefaultFiles=true;
|
||||
UserFilesOptions.StaticFileOptions.ServeUnknownFileTypes=true;
|
||||
|
||||
/* TODO needs a better design, at implementation time (don't use database, but in memory data)
|
||||
/* TODO needs a better design, at implementation time (don't use database, but in memory data) */
|
||||
UserFilesOptions.StaticFileOptions.OnPrepareResponse += async context =>
|
||||
{
|
||||
var uname = context.Context.User.GetUserName();
|
||||
var path = context.Context.Request.Path;
|
||||
var result = await authorizationService.AuthorizeAsync(context.Context.User, new ViewFileContext
|
||||
{ UserName = uname, File = context.File, Path = path } , new ViewRequirement());
|
||||
if (!result) {
|
||||
context.Context.Response.StatusCode = 403;
|
||||
context.Context.Abort();
|
||||
}
|
||||
};
|
||||
*/
|
||||
var avatarsDirInfo = new DirectoryInfo(Startup.SiteSetup.Avatars);
|
||||
if (!avatarsDirInfo.Exists) avatarsDirInfo.Create();
|
||||
AvatarsDirName = avatarsDirInfo.FullName;
|
||||
|
||||
@ -232,6 +232,7 @@ namespace Yavsc
|
||||
services.AddSingleton<IAuthorizationHandler, SendMessageHandler>();
|
||||
services.AddSingleton<IConnexionManager, HubConnectionManager>();
|
||||
services.AddSingleton<ILiveProcessor, LiveProcessor>();
|
||||
services.AddSingleton<IFileSystemAuthManager, FileSystemAuthManager>();
|
||||
|
||||
services.AddMvc(config =>
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user