|
|
|
|
using System;
|
|
|
|
|
using System.Linq;
|
|
|
|
|
using Nancy;
|
|
|
|
|
using Nancy.Bootstrapper;
|
|
|
|
|
using NzbDrone.Api.Extensions;
|
|
|
|
|
using NzbDrone.Api.Extensions.Pipelines;
|
|
|
|
|
using NzbDrone.Common.EnvironmentInfo;
|
|
|
|
|
using NzbDrone.Core.Configuration;
|
|
|
|
|
|
|
|
|
|
namespace NzbDrone.Api.Authentication
|
|
|
|
|
{
|
|
|
|
|
public class EnableStatelessAuthInNancy : IRegisterNancyPipeline
|
|
|
|
|
{
|
|
|
|
|
private readonly IAuthenticationService _authenticationService;
|
|
|
|
|
private readonly IConfigFileProvider _configFileProvider;
|
|
|
|
|
|
|
|
|
|
public EnableStatelessAuthInNancy(IAuthenticationService authenticationService, IConfigFileProvider configFileProvider)
|
|
|
|
|
{
|
|
|
|
|
_authenticationService = authenticationService;
|
|
|
|
|
_configFileProvider = configFileProvider;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public void Register(IPipelines pipelines)
|
|
|
|
|
{
|
|
|
|
|
pipelines.BeforeRequest.AddItemToEndOfPipeline(ValidateApiKey);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public Response ValidateApiKey(NancyContext context)
|
|
|
|
|
{
|
|
|
|
|
Response response = null;
|
|
|
|
|
|
|
|
|
|
// if (!RuntimeInfo.IsProduction && context.Request.IsLocalRequest())
|
|
|
|
|
// {
|
|
|
|
|
// return response;
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
var apiKey = context.Request.Headers.Authorization;
|
|
|
|
|
|
|
|
|
|
if (context.Request.IsApiRequest() && !ValidApiKey(apiKey) && !_authenticationService.IsAuthenticated(context))
|
|
|
|
|
{
|
|
|
|
|
response = new Response { StatusCode = HttpStatusCode.Unauthorized };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return response;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private bool ValidApiKey(string apiKey)
|
|
|
|
|
{
|
|
|
|
|
if (String.IsNullOrWhiteSpace(apiKey)) return false;
|
|
|
|
|
if (!apiKey.Equals(_configFileProvider.ApiKey)) return false;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|