Compare commits

...

4 Commits

Author SHA1 Message Date
07d7fec24f feat: add localhost for generate token
Some checks failed
.NET Test Pipeline / build-and-test (pull_request) Failing after 1m50s
2024-05-29 03:30:26 +03:00
22793c7882 feat: add localhost attribute 2024-05-29 03:30:00 +03:00
9bf9eabad7 fix: add full path to settings 2024-05-28 07:20:21 +03:00
966ab9bdda feat: add generate and check token 2024-05-28 07:19:40 +03:00
2 changed files with 68 additions and 0 deletions

View File

@ -0,0 +1,19 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Net;
namespace Mirea.Api.Endpoint.Common.Attributes;
public class LocalhostAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext context)
{
var ip = context.HttpContext.Connection.RemoteIpAddress;
if (ip == null || !IPAddress.IsLoopback(ip))
{
context.Result = new UnauthorizedResult();
return;
}
base.OnActionExecuting(context);
}
}

View File

@ -0,0 +1,49 @@
using System;
using System.Security.Cryptography;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Mirea.Api.Endpoint.Common.Attributes;
using Mirea.Api.Endpoint.Common.Exceptions;
using Mirea.Api.Endpoint.Common.Interfaces;
using Mirea.Api.Endpoint.Configuration.General;
namespace Mirea.Api.Endpoint.Controllers.Configuration;
[ApiVersion("1.0")]
[ApiController]
[MaintenanceModeIgnore]
public class SetupController(ISetupToken setupToken, IMaintenanceModeNotConfigureService notConfigureService) : BaseController
{
[HttpGet("GenerateToken")]
[Localhost]
public ActionResult<string> GenerateToken()
{
if (!notConfigureService.IsMaintenanceMode)
throw new ControllerArgumentException(
"The token cannot be generated because the server has been configured. " +
$"If you need to restart the configuration, then delete the \"{PathBuilder.Combine(GeneralConfig.FilePath)}\" file and restart the application.");
var token = new byte[32];
RandomNumberGenerator.Create().GetBytes(token);
setupToken.SetToken(token);
return Ok(Convert.ToBase64String(token));
}
[HttpGet("CheckToken")]
public ActionResult<bool> CheckToken([FromQuery] string token)
{
if (!setupToken.MatchToken(Convert.FromBase64String(token))) return Unauthorized("The token is not valid");
Response.Cookies.Append("AuthToken", token, new CookieOptions
{
HttpOnly = false,
Secure = false,
Path = "/"
});
return Ok(true);
}
}