public override void Configure(Container container)
{
_configured = true;
// Feature disableFeatures = Feature.Jsv | Feature.Soap;
SetConfig(new EndpointHostConfig {
// EnableFeatures = Feature.All.Remove(disableFeatures), //all formats except of JSV and SOAP
DebugMode = true, //Show StackTraces in service responses during development
WriteErrorsToResponse = false, //Disable exception handling
DefaultContentType = ContentType.Json, //Change default content type
AllowJsonpRequests = true, //Enable JSONP requests
ServiceName = "RestService",
});
#if DEBUG
LogManager.LogFactory = new DebugLogFactory();
#endif
using (var ps = RunspacePool.Dynamic()) {
foreach (var restCommand in _activeCommands) {
PSObject command = ps.LookupCommand(restCommand.Name);
if (command != null) {
var cmdletInfo = (command.ImmediateBaseObject as CmdletInfo);
if (cmdletInfo != null) {
dynamic d = new AccessPrivateWrapper((ServiceController as ServiceController));
// for each type we're adding, see if it's already been added already.
if(!d.requestExecMap.ContainsKey(cmdletInfo.ImplementingType)) {
(ServiceController as ServiceController).RegisterGService(GetTypeFactory(cmdletInfo.ImplementingType), cmdletInfo.ImplementingType);
(ServiceController as ServiceController).RegisterNService(GetTypeFactory(cmdletInfo.ImplementingType), cmdletInfo.ImplementingType);
}
ReverseLookup.AddOrSet(cmdletInfo.ImplementingType, restCommand);
Routes.Add(cmdletInfo.ImplementingType, "/" + restCommand.PublishAs + "/", "GET");
}
else {
throw new ClrPlusException("command isn't cmdletinfo: {0}".format(command.GetType()));
}
}
}
}
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new CustomBasicAuthProvider(),
// new CustomCredentialsAuthProvider(),
}
));
// stick a request filter in to validate that the user has the right to actually
// call this method.
RequestFilters.Add((request, response, requestDto) => {
var restCommand = ReverseLookup[requestDto.GetType()];
// is this one of the restCommands?
// and does it has roles defined?
if (restCommand != null && !restCommand.Roles.IsNullOrEmpty()) {
// ensure we're authenticated if the user passed the right stuff in the request
try {
AuthenticateAttribute.AuthenticateIfBasicAuth(request, response);
} catch (Exception e) {
Console.WriteLine(e.Message);
response.StatusCode = 401;
response.AddHeader("WWW-Authenticate", "Basic realm=\"rest-service\"");
response.StatusDescription = "Unauthorized";
response.EndServiceStackRequest(false);
return;
}
// get the session object.
var session = request.GetSession(false);
// check if we got our authentication.
if (!session.IsAuthenticated) {
response.StatusCode = 401;
response.AddHeader("WWW-Authenticate", "Basic realm=\"rest-service\"");
response.StatusDescription = "Unauthorized";
response.EndServiceStackRequest(false);
return;
}
// validate the user has the role.
if (!restCommand.Roles.Any(session.HasRole)) {
response.StatusCode = 403;
response.StatusDescription = "Forbidden";
response.EndServiceStackRequest(false);
}
var req = (requestDto as IHasSession);
if (req != null) {
req.Session = session;
}
}
});
}
