ApiHeaders.cs

Go to the documentation of this file.

using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Net.Http.Headers;
using System.Net.Mime;
using System.Reflection;
using System.Text;
 
using Microsoft.AspNetCore.Http.Headers;
using Microsoft.Extensions.Primitives;
using Microsoft.Net.Http.Headers;
 
using Tgstation.Server.Api.Models;
using Tgstation.Server.Api.Models.Response;
using Tgstation.Server.Api.Properties;
using Tgstation.Server.Common.Extensions;
 
namespace Tgstation.Server.Api
{
    public sealed class ApiHeaders
    {
        public const string ApiVersionHeader = "Api";
 
        public const string InstanceIdHeader = "Instance";
 
        public const string OAuthProviderHeader = "OAuthProvider";
 
        public const string BearerAuthenticationScheme = "Bearer";
 
        public const string BasicAuthenticationScheme = "Basic";
 
        public const string OAuthAuthenticationScheme = "OAuth";
 
        public const string ApplicationJsonMime = "application/json";
 
        const string TextEventStreamMime = "text/event-stream";
 
        public static readonly Version Version = Version.Parse(ApiVersionAttribute.Instance.RawApiVersion);
 
        static readonly AssemblyName AssemblyName = Assembly.GetExecutingAssembly().GetName();
 
        static readonly char[] ColonSeparator = [':'];
 
        public long? InstanceId { get; set; }
 
        public ProductHeaderValue? UserAgent => ProductInfoHeaderValue.TryParse(RawUserAgent, out var userAgent) ? userAgent.Product : null;
 
        public string? RawUserAgent { get; }
 
        public Version ApiVersion { get; }
 
        public TokenResponse? Token { get; }
 
        public string? Username { get; }
 
        public string? Password { get; }
 
        public string? OAuthCode { get; }
 
        public OAuthProvider? OAuthProvider { get; }
 
        public bool IsTokenAuthentication => Token != null && !OAuthProvider.HasValue;
 
        public static bool CheckCompatibility(Version otherVersion) => Version.Major == (otherVersion?.Major ?? throw new ArgumentNullException(nameof(otherVersion)));
 
        public ApiHeaders(ProductHeaderValue userAgent, TokenResponse token)
            : this(userAgent, token, null, null)
        {
            if (userAgent == null)
                throw new ArgumentNullException(nameof(userAgent));
            if (token == null)
                throw new ArgumentNullException(nameof(token));
            if (token.Bearer == null)
                throw new InvalidOperationException("token.Bearer must be set!");
        }
 
        public ApiHeaders(ProductHeaderValue userAgent, string oAuthCode, OAuthProvider oAuthProvider)
            : this(userAgent, null, null, null)
        {
            if (userAgent == null)
                throw new ArgumentNullException(nameof(userAgent));
 
            OAuthCode = oAuthCode ?? throw new ArgumentNullException(nameof(oAuthCode));
            OAuthProvider = oAuthProvider;
        }
 
        public ApiHeaders(ProductHeaderValue userAgent, string username, string password)
            : this(userAgent, null, username, password)
        {
            if (userAgent == null)
                throw new ArgumentNullException(nameof(userAgent));
            if (username == null)
                throw new ArgumentNullException(nameof(username));
            if (password == null)
                throw new ArgumentNullException(nameof(password));
        }
 
#pragma warning disable CA1502 // TODO: Decomplexify
        public ApiHeaders(RequestHeaders requestHeaders, bool ignoreMissingAuth, bool allowEventStreamAccept)
        {
            if (requestHeaders == null)
                throw new ArgumentNullException(nameof(requestHeaders));
 
            var badHeaders = HeaderErrorTypes.None;
            var errorBuilder = new StringBuilder();
            var multipleErrors = false;
            void AddError(HeaderErrorTypes headerType, string message)
            {
                if (badHeaders != HeaderErrorTypes.None)
                {
                    multipleErrors = true;
                    errorBuilder.AppendLine();
                }
 
                badHeaders |= headerType;
                errorBuilder.Append(message);
            }
 
            var jsonAccept = new Microsoft.Net.Http.Headers.MediaTypeHeaderValue(ApplicationJsonMime);
            var eventStreamAccept = new Microsoft.Net.Http.Headers.MediaTypeHeaderValue(TextEventStreamMime);
            if (!requestHeaders.Accept.Any(accept => accept.IsSubsetOf(jsonAccept)))
                if (!allowEventStreamAccept)
                    AddError(HeaderErrorTypes.Accept, $"Client does not accept {ApplicationJsonMime}!");
                else if (!requestHeaders.Accept.Any(eventStreamAccept.IsSubsetOf))
                    AddError(HeaderErrorTypes.Accept, $"Client does not accept {ApplicationJsonMime} or {TextEventStreamMime}!");
 
            if (!requestHeaders.Headers.TryGetValue(HeaderNames.UserAgent, out var userAgentValues) || userAgentValues.Count == 0)
                AddError(HeaderErrorTypes.UserAgent, $"Missing {HeaderNames.UserAgent} header!");
            else
            {
                RawUserAgent = userAgentValues.First();
                if (String.IsNullOrWhiteSpace(RawUserAgent))
                    AddError(HeaderErrorTypes.UserAgent, $"Malformed {HeaderNames.UserAgent} header!");
            }
 
            // make sure the api header matches ours
            Version? apiVersion = null;
            if (!requestHeaders.Headers.TryGetValue(ApiVersionHeader, out var apiUserAgentHeaderValues) || !ProductInfoHeaderValue.TryParse(apiUserAgentHeaderValues.FirstOrDefault(), out var apiUserAgent) || apiUserAgent.Product.Name != AssemblyName.Name)
                AddError(HeaderErrorTypes.Api, $"Missing {ApiVersionHeader} header!");
            else if (!Version.TryParse(apiUserAgent.Product.Version, out apiVersion))
                AddError(HeaderErrorTypes.Api, $"Malformed {ApiVersionHeader} header!");
 
            if (!requestHeaders.Headers.TryGetValue(HeaderNames.Authorization, out StringValues authorization))
            {
                if (!ignoreMissingAuth)
                    AddError(HeaderErrorTypes.AuthorizationMissing, $"Missing {HeaderNames.Authorization} header!");
            }
            else
            {
                var auth = authorization.First();
                var splits = new List<string>(auth.Split(' '));
                var scheme = splits.First();
                if (String.IsNullOrWhiteSpace(scheme))
                    AddError(HeaderErrorTypes.AuthorizationInvalid, "Missing authentication scheme!");
                else
                {
                    splits.RemoveAt(0);
                    var parameter = String.Concat(splits);
                    if (String.IsNullOrEmpty(parameter))
                        AddError(HeaderErrorTypes.AuthorizationInvalid, "Missing authentication parameter!");
                    else
                    {
                        if (requestHeaders.Headers.TryGetValue(InstanceIdHeader, out var instanceIdValues))
                        {
                            var instanceIdString = instanceIdValues.FirstOrDefault();
                            if (instanceIdString != default && Int64.TryParse(instanceIdString, out var instanceId))
                                InstanceId = instanceId;
                        }
 
                        switch (scheme)
                        {
                            case OAuthAuthenticationScheme:
                                if (requestHeaders.Headers.TryGetValue(OAuthProviderHeader, out StringValues oauthProviderValues))
                                {
                                    var oauthProviderString = oauthProviderValues.First();
                                    if (Enum.TryParse<OAuthProvider>(oauthProviderString, true, out var oauthProvider))
                                        OAuthProvider = oauthProvider;
                                    else
                                        AddError(HeaderErrorTypes.OAuthProvider, "Invalid OAuth provider!");
                                }
                                else
                                    AddError(HeaderErrorTypes.OAuthProvider, $"Missing {OAuthProviderHeader} header!");
 
                                OAuthCode = parameter;
                                break;
                            case BearerAuthenticationScheme:
                                Token = new TokenResponse
                                {
                                    Bearer = parameter,
                                };
 
                                try
                                {
                                    Token.ParseJwt();
                                }
                                catch (ArgumentException ex) when (ex is not ArgumentNullException)
                                {
                                    AddError(HeaderErrorTypes.AuthorizationInvalid, $"Invalid JWT: {ex.Message}");
                                }
 
                                break;
                            case BasicAuthenticationScheme:
                                string badBasicAuthHeaderMessage = $"Invalid basic {HeaderNames.Authorization} header!";
                                string joinedString;
                                try
                                {
                                    var base64Bytes = Convert.FromBase64String(parameter);
                                    joinedString = Encoding.UTF8.GetString(base64Bytes);
                                }
                                catch
                                {
                                    AddError(HeaderErrorTypes.AuthorizationInvalid, badBasicAuthHeaderMessage);
                                    break;
                                }
 
                                var basicAuthSplits = joinedString.Split(ColonSeparator, StringSplitOptions.RemoveEmptyEntries);
                                if (basicAuthSplits.Length < 2)
                                {
                                    AddError(HeaderErrorTypes.AuthorizationInvalid, badBasicAuthHeaderMessage);
                                    break;
                                }
 
                                Username = basicAuthSplits.First();
                                Password = String.Concat(basicAuthSplits.Skip(1));
                                break;
                            default:
                                AddError(HeaderErrorTypes.AuthorizationInvalid, "Invalid authentication scheme!");
                                break;
                        }
                    }
                }
            }
 
            if (badHeaders != HeaderErrorTypes.None)
            {
                if (multipleErrors)
                    errorBuilder.Insert(0, $"Multiple header validation errors occurred:{Environment.NewLine}");
 
                throw new HeadersException(badHeaders, errorBuilder.ToString());
            }
 
            ApiVersion = apiVersion!.Semver();
        }
#pragma warning restore CA1502
 
        ApiHeaders(ProductHeaderValue userAgent, TokenResponse? token, string? username, string? password)
        {
            RawUserAgent = userAgent?.ToString();
            Token = token;
            Username = username;
            Password = password;
            ApiVersion = Version;
        }
 
        public bool Compatible(Version? alternateApiVersion = null) => CheckCompatibility(ApiVersion) || (alternateApiVersion != null && alternateApiVersion.Major == ApiVersion.Major);
 
        public void SetRequestHeaders(HttpRequestHeaders headers, long? instanceId = null)
        {
            if (headers == null)
                throw new ArgumentNullException(nameof(headers));
            if (instanceId.HasValue && InstanceId.HasValue && instanceId != InstanceId)
                throw new InvalidOperationException("Specified different instance IDs in constructor and SetRequestHeaders!");
 
            headers.Clear();
            headers.Accept.Add(new MediaTypeWithQualityHeaderValue(ApplicationJsonMime));
            headers.UserAgent.Add(new ProductInfoHeaderValue(UserAgent));
            headers.Add(ApiVersionHeader, CreateApiVersionHeader());
            if (OAuthProvider.HasValue)
            {
                headers.Authorization = new AuthenticationHeaderValue(OAuthAuthenticationScheme, OAuthCode!);
                headers.Add(OAuthProviderHeader, OAuthProvider.ToString());
            }
            else if (!IsTokenAuthentication)
                headers.Authorization = new AuthenticationHeaderValue(
                    BasicAuthenticationScheme,
                    Convert.ToBase64String(Encoding.UTF8.GetBytes($"{Username}:{Password}")));
            else
                headers.Authorization = new AuthenticationHeaderValue(BearerAuthenticationScheme, Token!.Bearer);
 
            instanceId ??= InstanceId;
            if (instanceId.HasValue)
                headers.Add(InstanceIdHeader, instanceId.Value.ToString(CultureInfo.InvariantCulture));
        }
 
        public void SetHubConnectionHeaders(IDictionary<string, string> headers)
        {
            if (headers == null)
                throw new ArgumentNullException(nameof(headers));
 
            headers.Add(HeaderNames.UserAgent, RawUserAgent ?? throw new InvalidOperationException("Missing UserAgent!"));
            headers.Add(HeaderNames.Accept, ApplicationJsonMime);
            headers.Add(ApiVersionHeader, CreateApiVersionHeader());
        }
 
        string CreateApiVersionHeader()
            => new ProductHeaderValue(AssemblyName.Name, ApiVersion.ToString()).ToString();
    }
}