ApiKey Authentication cleanup

pull/4/head
Mark McDowall 11 years ago
parent 57fdbe6e08
commit de607e207b

@ -1,15 +1,12 @@
using Nancy; using Nancy;
using Nancy.Authentication.Basic; using Nancy.Authentication.Basic;
using Nancy.Bootstrapper; using Nancy.Bootstrapper;
using NzbDrone.Api.Extensions;
using NzbDrone.Api.Extensions.Pipelines;
namespace NzbDrone.Api.Authentication namespace NzbDrone.Api.Authentication
{ {
public interface IEnableBasicAuthInNancy public class EnableBasicAuthInNancy : IRegisterNancyPipeline
{
void Register(IPipelines pipelines);
}
public class EnableBasicAuthInNancy : IEnableBasicAuthInNancy
{ {
private readonly IAuthenticationService _authenticationService; private readonly IAuthenticationService _authenticationService;
@ -28,7 +25,7 @@ namespace NzbDrone.Api.Authentication
{ {
Response response = null; Response response = null;
if (!context.Request.Path.StartsWith("/api/") && if (!context.Request.IsApiRequest() &&
context.CurrentUser == null && context.CurrentUser == null &&
_authenticationService.Enabled) _authenticationService.Enabled)
{ {

@ -1,17 +1,15 @@
using System.Linq; using System;
using System.Linq;
using Nancy; using Nancy;
using Nancy.Bootstrapper; using Nancy.Bootstrapper;
using NzbDrone.Api.Extensions;
using NzbDrone.Api.Extensions.Pipelines;
using NzbDrone.Common.EnvironmentInfo; using NzbDrone.Common.EnvironmentInfo;
using NzbDrone.Core.Configuration; using NzbDrone.Core.Configuration;
namespace NzbDrone.Api.Authentication namespace NzbDrone.Api.Authentication
{ {
public interface IEnableStatelessAuthInNancy public class EnableStatelessAuthInNancy : IRegisterNancyPipeline
{
void Register(IPipelines pipelines);
}
public class EnableStatelessAuthInNancy : IEnableStatelessAuthInNancy
{ {
private readonly IConfigFileProvider _configFileProvider; private readonly IConfigFileProvider _configFileProvider;
@ -28,18 +26,16 @@ namespace NzbDrone.Api.Authentication
public Response ValidateApiKey(NancyContext context) public Response ValidateApiKey(NancyContext context)
{ {
Response response = null; Response response = null;
var apiKey = context.Request.Headers["ApiKey"].FirstOrDefault();
if (!RuntimeInfo.IsProduction && context.Request.IsLocalRequest())
if (!RuntimeInfo.IsProduction &&
(context.Request.UserHostAddress.Equals("localhost") ||
context.Request.UserHostAddress.Equals("127.0.0.1") ||
context.Request.UserHostAddress.Equals("::1")))
{ {
return response; return response;
} }
var apiKey = context.Request.Headers.Authorization;
if (context.Request.Path.StartsWith("/api/") && if (context.Request.IsApiRequest() &&
(apiKey == null || !apiKey.Equals(_configFileProvider.ApiKey))) (String.IsNullOrWhiteSpace(apiKey) || !apiKey.Equals(_configFileProvider.ApiKey)))
{ {
response = new Response { StatusCode = HttpStatusCode.Unauthorized }; response = new Response { StatusCode = HttpStatusCode.Unauthorized };
} }

@ -0,0 +1,28 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Nancy;
namespace NzbDrone.Api.Extensions
{
public static class RequestExtensions
{
public static bool IsApiRequest(this Request request)
{
return request.Path.StartsWith("/api/", StringComparison.InvariantCultureIgnoreCase);
}
public static bool IsSignalRRequest(this Request request)
{
return request.Path.StartsWith("/signalr/", StringComparison.InvariantCultureIgnoreCase);
}
public static bool IsLocalRequest(this Request request)
{
return (request.UserHostAddress.Equals("localhost") ||
request.UserHostAddress.Equals("127.0.0.1") ||
request.UserHostAddress.Equals("::1"));
}
}
}

@ -38,21 +38,7 @@ namespace NzbDrone.Api.Frontend.Mappers
public override Response GetResponse(string resourceUrl) public override Response GetResponse(string resourceUrl)
{ {
string content;
var response = base.GetResponse(resourceUrl); var response = base.GetResponse(resourceUrl);
var stream = new MemoryStream();
response.Contents.Invoke(stream);
stream.Position = 0;
using (var reader = new StreamReader(stream))
{
content = reader.ReadToEnd();
}
content = content.Replace("API_KEY", _configFileProvider.ApiKey);
response = new StreamResponse(() => StringToStream(content), response.ContentType);
response.Headers["X-UA-Compatible"] = "IE=edge"; response.Headers["X-UA-Compatible"] = "IE=edge";
return response; return response;
@ -70,6 +56,7 @@ namespace NzbDrone.Api.Frontend.Mappers
text = text.Replace(".css", ".css?v=" + BuildInfo.Version); text = text.Replace(".css", ".css?v=" + BuildInfo.Version);
text = text.Replace(".js", ".js?v=" + BuildInfo.Version); text = text.Replace(".js", ".js?v=" + BuildInfo.Version);
text = text.Replace("API_KEY", _configFileProvider.ApiKey);
return text; return text;
} }

@ -30,8 +30,6 @@ namespace NzbDrone.Api
RegisterPipelines(pipelines); RegisterPipelines(pipelines);
container.Resolve<DatabaseTarget>().Register(); container.Resolve<DatabaseTarget>().Register();
container.Resolve<IEnableBasicAuthInNancy>().Register(pipelines);
container.Resolve<IEnableStatelessAuthInNancy>().Register(pipelines);
container.Resolve<IEventAggregator>().PublishEvent(new ApplicationStartedEvent()); container.Resolve<IEventAggregator>().PublishEvent(new ApplicationStartedEvent());
ApplicationPipelines.OnError.AddItemToEndOfPipeline(container.Resolve<NzbDroneErrorPipeline>().HandleException); ApplicationPipelines.OnError.AddItemToEndOfPipeline(container.Resolve<NzbDroneErrorPipeline>().HandleException);

@ -21,11 +21,8 @@ define(function () {
delete xhr.data; delete xhr.data;
} }
if (xhr) { if (xhr) {
if (!xhr.headers) { xhr.headers = xhr.headers || {};
xhr.headers = {}; xhr.headers['Authorization'] = window.NzbDrone.ApiKey;
}
xhr.headers["ApiKey"] = window.NzbDrone.ApiKey;
} }
return original.apply(this, arguments); return original.apply(this, arguments);

@ -5,7 +5,7 @@ var statusText = $.ajax({
url : window.NzbDrone.ApiRoot + '/system/status', url : window.NzbDrone.ApiRoot + '/system/status',
async: false, async: false,
headers: { headers: {
ApiKey: window.NzbDrone.ApiKey Authorization: window.NzbDrone.ApiKey
} }
}).responseText; }).responseText;

@ -62,7 +62,7 @@
</body> </body>
<script type="text/javascript"> <script type="text/javascript">
window.NzbDrone = {}; window.NzbDrone = window.NzbDrone || {};
window.NzbDrone.ApiKey = 'API_KEY'; window.NzbDrone.ApiKey = 'API_KEY';
</script> </script>

Loading…
Cancel
Save