ApiController.cs

Go to the documentation of this file.

using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Net;
using System.Threading;
using System.Threading.Tasks;
 
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Query;
using Microsoft.Extensions.Logging;
using Microsoft.Net.Http.Headers;
 
using Octokit;
 
using Serilog.Context;
 
using Tgstation.Server.Api;
using Tgstation.Server.Api.Models;
using Tgstation.Server.Api.Models.Response;
using Tgstation.Server.Common.Extensions;
using Tgstation.Server.Host.Controllers.Results;
using Tgstation.Server.Host.Database;
using Tgstation.Server.Host.Extensions;
using Tgstation.Server.Host.Models;
using Tgstation.Server.Host.Security;
using Tgstation.Server.Host.Utils;
 
namespace Tgstation.Server.Host.Controllers
{
    public abstract class ApiController : ApiControllerBase
    {
        public const ushort DefaultPageSize = 10;
 
        public const ushort MaximumPageSize = 100;
 
        protected ApiHeaders? ApiHeaders => ApiHeadersProvider.ApiHeaders;
 
        protected IApiHeadersProvider ApiHeadersProvider { get; }
 
        protected IDatabaseContext DatabaseContext { get; }
 
        protected IAuthenticationContext AuthenticationContext { get; }
 
        protected ILogger<ApiController> Logger { get; }
 
        protected Models.Instance? Instance { get; }
 
        readonly bool requireHeaders;
 
        protected ApiController(
            IDatabaseContext databaseContext,
            IAuthenticationContext authenticationContext,
            IApiHeadersProvider apiHeadersProvider,
            ILogger<ApiController> logger,
            bool requireHeaders)
        {
            DatabaseContext = databaseContext ?? throw new ArgumentNullException(nameof(databaseContext));
            AuthenticationContext = authenticationContext ?? throw new ArgumentNullException(nameof(authenticationContext));
            ApiHeadersProvider = apiHeadersProvider ?? throw new ArgumentNullException(nameof(apiHeadersProvider));
            Logger = logger ?? throw new ArgumentNullException(nameof(logger));
 
            Instance = AuthenticationContext.InstancePermissionSet?.Instance;
            this.requireHeaders = requireHeaders;
        }
 
#pragma warning disable CA1506 // TODO: Decomplexify
        protected override async ValueTask<IActionResult?> HookExecuteAction(Func<Task> executeAction, CancellationToken cancellationToken)
        {
            ArgumentNullException.ThrowIfNull(executeAction);
 
            // validate the headers
            if (ApiHeaders == null)
            {
                if (requireHeaders)
                    return HeadersIssue(ApiHeadersProvider.HeadersException!);
            }
 
            var errorCase = await ValidateRequest(cancellationToken);
            if (errorCase != null)
                return errorCase;
 
            if (ModelState?.IsValid == false)
            {
                var errorMessages = ModelState
                    .SelectMany(x => x.Value!.Errors)
                    .Select(x => x.ErrorMessage)
 
                    // We use RequiredAttributes purely for preventing properties from becoming nullable in the databases
                    // We validate missing required fields in controllers
                    // Unfortunately, we can't remove the whole validator for that as it checks other things like StringLength
                    // This is the best way to deal with it unfortunately
                    .Where(x => !x.EndsWith(" field is required.", StringComparison.Ordinal));
 
                if (errorMessages.Any())
                    return BadRequest(
                        new ErrorMessageResponse(ErrorCode.ModelValidationFailure)
                        {
                            AdditionalData = String.Join(Environment.NewLine, errorMessages),
                        });
 
                ModelState.Clear();
            }
 
            using (ApiHeaders?.InstanceId != null
                ? LogContext.PushProperty(SerilogContextHelper.InstanceIdContextProperty, ApiHeaders.InstanceId)
                : null)
            using (AuthenticationContext.Valid
                ? LogContext.PushProperty(SerilogContextHelper.UserIdContextProperty, AuthenticationContext.User.Id)
                : null)
            using (LogContext.PushProperty(SerilogContextHelper.RequestPathContextProperty, $"{Request.Method} {Request.Path}"))
            {
                if (ApiHeaders != null)
                {
                    var isGet = HttpMethods.IsGet(Request.Method);
                    Logger.Log(
                        isGet
                            ? LogLevel.Trace
                            : LogLevel.Debug,
                        "Starting API request: Version: {clientApiVersion}. {userAgentHeaderName}: {clientUserAgent}",
                        ApiHeaders.ApiVersion.Semver(),
                        HeaderNames.UserAgent,
                        ApiHeaders.RawUserAgent);
                }
                else if (Request.Headers.TryGetValue(HeaderNames.UserAgent, out var userAgents))
                    Logger.LogDebug(
                        "Starting unauthorized API request. {userAgentHeaderName}: {allUserAgents}",
                        HeaderNames.UserAgent,
                        userAgents);
                else
                    Logger.LogDebug(
                        "Starting unauthorized API request. No {userAgentHeaderName}!",
                        HeaderNames.UserAgent);
 
                await executeAction();
            }
 
            return null;
        }
#pragma warning restore CA1506
 
        protected new NotFoundObjectResult NotFound() => NotFound(new ErrorMessageResponse(ErrorCode.ResourceNeverPresent));
 
        protected StatusCodeResult StatusCode(HttpStatusCode statusCode) => StatusCode((int)statusCode);
 
        protected ObjectResult RateLimit(RateLimitExceededException rateLimitException)
        {
            ArgumentNullException.ThrowIfNull(rateLimitException);
 
            Logger.LogWarning(rateLimitException, "Exceeded GitHub rate limit!");
 
            var secondsString = Math.Ceiling(rateLimitException.GetRetryAfterTimeSpan().TotalSeconds).ToString(CultureInfo.InvariantCulture);
            Response.Headers.Add(HeaderNames.RetryAfter, secondsString);
            return this.StatusCode(HttpStatusCode.TooManyRequests, new ErrorMessageResponse(ErrorCode.GitHubApiRateLimit));
        }
 
        protected virtual ValueTask<IActionResult?> ValidateRequest(CancellationToken cancellationToken)
            => ValueTask.FromResult<IActionResult?>(null);
 
        protected IActionResult HeadersIssue(HeadersException headersException)
        {
            if (headersException == null)
                throw new InvalidOperationException("Expected a header parse exception!");
 
            var errorMessage = new ErrorMessageResponse(ErrorCode.BadHeaders)
            {
                AdditionalData = headersException.Message,
            };
 
            if (headersException.ParseErrors.HasFlag(HeaderErrorTypes.Accept))
                return this.StatusCode(HttpStatusCode.NotAcceptable, errorMessage);
 
            return BadRequest(errorMessage);
        }
 
        protected ValueTask<IActionResult> Paginated<TModel>(
            Func<ValueTask<PaginatableResult<TModel>?>> queryGenerator,
            Func<TModel, ValueTask>? resultTransformer,
            int? pageQuery,
            int? pageSizeQuery,
            CancellationToken cancellationToken) => PaginatedImpl(
                queryGenerator,
                resultTransformer,
                pageQuery,
                pageSizeQuery,
                cancellationToken);
 
        protected ValueTask<IActionResult> Paginated<TModel, TApiModel>(
            Func<ValueTask<PaginatableResult<TModel>?>> queryGenerator,
            Func<TApiModel, ValueTask>? resultTransformer,
            int? pageQuery,
            int? pageSizeQuery,
            CancellationToken cancellationToken)
            where TModel : ILegacyApiTransformable<TApiModel>
            => PaginatedImpl(
                queryGenerator,
                resultTransformer,
                pageQuery,
                pageSizeQuery,
                cancellationToken);
 
        async ValueTask<IActionResult> PaginatedImpl<TModel, TResultModel>(
            Func<ValueTask<PaginatableResult<TModel>?>> queryGenerator,
            Func<TResultModel, ValueTask>? resultTransformer,
            int? pageQuery,
            int? pageSizeQuery,
            CancellationToken cancellationToken)
        {
            ArgumentNullException.ThrowIfNull(queryGenerator);
 
            if (pageQuery <= 0 || pageSizeQuery <= 0)
                return BadRequest(new ErrorMessageResponse(ErrorCode.ApiInvalidPageOrPageSize));
 
            var pageSize = pageSizeQuery ?? DefaultPageSize;
            if (pageSize > MaximumPageSize)
                return BadRequest(new ErrorMessageResponse(ErrorCode.ApiPageTooLarge)
                {
                    AdditionalData = $"Maximum page size: {MaximumPageSize}",
                });
 
            var page = pageQuery ?? 1;
 
            var paginationResult = await queryGenerator();
            if (paginationResult == null)
                return Forbid();
 
            if (!paginationResult.Valid)
                return paginationResult.EarlyOut;
 
            var queriedResults = paginationResult
                .Results
                .Skip((page - 1) * pageSize)
                .Take(pageSize);
 
            int totalResults;
            List<TModel> pagedResults;
            if (queriedResults.Provider is IAsyncQueryProvider)
            {
                totalResults = await paginationResult.Results.CountAsync(cancellationToken);
                pagedResults = await queriedResults
                    .ToListAsync(cancellationToken);
            }
            else
            {
                totalResults = paginationResult.Results.Count();
                pagedResults = [.. queriedResults];
            }
 
            ICollection<TResultModel> finalResults;
            if (typeof(TResultModel).IsAssignableFrom(typeof(TModel)))
                finalResults = pagedResults.Cast<TResultModel>().ToList(); // clearly a safe cast
            else
                finalResults = pagedResults
                    .Cast<ILegacyApiTransformable<TResultModel>>()
                    .Select(x => x.ToApi())
                    .ToList();
 
            if (resultTransformer != null)
                foreach (var finalResult in finalResults)
                    await resultTransformer(finalResult);
 
            var carryTheOne = totalResults % pageSize != 0
                ? 1
                : 0;
            return Json(
                new PaginatedResponse<TResultModel>
                {
                    Content = finalResults,
                    PageSize = pageSize,
                    TotalPages = (ushort)(totalResults / pageSize) + carryTheOne,
                    TotalItems = totalResults,
                });
        }
    }
}