AgentResource.cs

using System;
using System.Collections.Generic;
using System.Text;
using System.Threading.Tasks;
using Waher.IoTGateway;
using Waher.IoTGateway.Setup;
using Waher.Networking;
using Waher.Networking.HTTP;
using Waher.Networking.HTTP.Authentication;
using Waher.Networking.XMPP;
using Waher.Runtime.Inventory;
using Waher.Script;
using Waher.Script.Abstraction.Elements;
using Waher.Script.Model;
using Waher.Security.JWT;
using Waher.Service.IoTBroker.DataStorage;
 
namespace Waher.Service.IoTBroker.WebServices.Agent
{
    public abstract class AgentResource : HttpSynchronousResource, IAgentResource
    {
        public const string AgentNamespace = "https://waher.se/Schema/BrokerAgent.xsd";
 
        private readonly Dictionary<Type, Expression> patternMatches;
        private AgentApi api;
 
        public AgentResource(string AgentResourceName,
            params KeyValuePair<Type, Expression>[] PatternMatches)
            : base("/Agent/" + AgentResourceName)
        {
            this.patternMatches = new Dictionary<Type, Expression>();
 
            foreach (KeyValuePair<Type, Expression> P in PatternMatches)
                this.patternMatches[P.Key] = P.Value;
        }
 
        public Task Register(HttpServer WebServer, AgentApi AgentApi)
        {
            this.api = AgentApi;
            WebServer.Register(this);
            return Task.CompletedTask;
        }
 
        public Task Unregister(HttpServer WebServer)
        {
            WebServer.Unregister(this);
            return Task.CompletedTask;
        }
 
        public override bool HandlesSubPaths => false;
 
        public override bool UserSessions => false;
 
        public override HttpAuthenticationScheme[] GetAuthenticationSchemes(HttpRequest Request)
        {
            if (this.authenticationSchemes is null)
            {
                if (accounts is null)
                {
                    PersistenceLayer PersistenceLayer = XmppServerModule.PersistenceLayer ?? new PersistenceLayer();
                    accounts = new Accounts(PersistenceLayer);
                }
 
                List<HttpAuthenticationScheme> Schemes = new List<HttpAuthenticationScheme>();
 
                this.AddAuthenticationSchemes(accounts, Schemes);
 
                if (XmppServerModule.PersistenceLayer is null)
                    return Schemes.ToArray();
 
                this.authenticationSchemes = Schemes.ToArray();
            }
 
            return this.authenticationSchemes;
        }
 
        protected virtual void AddAuthenticationSchemes(Accounts Accounts, List<HttpAuthenticationScheme> Schemes)
        {
            bool RequireEncryption = !(DomainConfiguration.Instance is null) && 
                DomainConfiguration.Instance.UseEncryption &&
                !string.IsNullOrEmpty(DomainConfiguration.Instance.Domain);
            int MinStrength = RequireEncryption ? 128 : 0;
 
            Schemes.Add(new JwtAuthentication(RequireEncryption, MinStrength, Gateway.Domain, Accounts, Factory));
 
            if (!(Gateway.HttpServer is null) &&
                Gateway.HttpServer.ClientCertificates != ClientCertificates.NotUsed)
            {
                Schemes.Add(new MutualTlsAuthentication(Accounts));
            }
 
            Schemes.Add(new BasicAuthentication(RequireEncryption, MinStrength, Gateway.Domain, Accounts));
            Schemes.Add(new DigestAuthentication(RequireEncryption, MinStrength, DigestAlgorithm.MD5, Gateway.Domain, Accounts));
            Schemes.Add(new DigestAuthentication(RequireEncryption, MinStrength, DigestAlgorithm.SHA256, Gateway.Domain, Accounts));
            Schemes.Add(new DigestAuthentication(RequireEncryption, MinStrength, DigestAlgorithm.SHA3_256, Gateway.Domain, Accounts));
        }
 
        private static Accounts accounts = null;
        private static JwtFactory factory = null;
        private HttpAuthenticationScheme[] authenticationSchemes = null;
 
        protected AgentApi Api => this.api;
 
        internal static JwtFactory Factory
        {
            get
            {
                if (factory is null)
                {
                    if (Types.TryGetModuleParameter("JWT", out object Obj) &&
                        Obj is JwtFactory JwtFactory &&
                        !JwtFactory.Disposed)
                    {
                        factory = JwtFactory;
                    }
                    else
                        factory = JwtFactory.CreateHmacSha256();
                }
 
                return factory;
            }
 
            set => factory = value;
        }
 
        protected static Accounts Accounts => accounts;
 
        protected async Task<Dictionary<string, IElement>> AssertMatch(HttpRequest Request)
        {
            if (!Request.HasData)
                throw new BadRequestException("No content is request.");
 
            object Decoded = await Request.DecodeDataAsync();
            Type T = Decoded.GetType();
 
            if (!this.patternMatches.TryGetValue(T, out Expression Pattern))
                throw new UnsupportedMediaTypeException("Unhandled content type in request.");
 
            IElement E = Expression.Encapsulate(Decoded);
            Dictionary<string, IElement> Matches = new Dictionary<string, IElement>();
 
            switch (Pattern.Root.PatternMatch(E, Matches))
            {
                case PatternMatchResult.Match:
                    return Matches;
 
                case PatternMatchResult.NoMatch:
                case PatternMatchResult.Unknown:
                default:
                    throw new BadRequestException("Content does not match specification.");
            }
        }
 
        protected static AccountUser AssertUserAuthenticated(HttpRequest Request)
        {
            return AssertUserAuthenticated(Request, true);
        }
 
        protected static AccountUser AssertUserAuthenticated(HttpRequest Request,
            bool MustBeEnabled)
        {
            if (!(Request.User is AccountUser User))
                throw new ForbiddenException("User not authenticated.");
 
            if (MustBeEnabled && !User.Account.Enabled)
                throw new ForbiddenException("Account not enabled.");
 
            return User;
        }
 
        protected static AccountUser GetAuthenticatedUser(HttpRequest Request)
        {
            return GetAuthenticatedUser(Request, true);
        }
 
        protected static AccountUser GetAuthenticatedUser(HttpRequest Request, bool MustBeEnabled)
        {
            if (!(Request.User is AccountUser User))
                return null;
 
            if (MustBeEnabled && !User.Account.Enabled)
                return null;
 
            return User;
        }
 
        protected async Task CheckBlocks(HttpRequest Request)
        {
            DateTime? Next = await this.api.Auditor.GetEarliestLoginOpportunity(Request.RemoteEndPoint, "HTTPS");
 
            if (Next.HasValue)
            {
                DateTime TP = Next.Value;
                DateTime Today = DateTime.Today;
                StringBuilder sb = new StringBuilder();
 
                if (Next.Value == DateTime.MaxValue)
                {
                    sb.Append("This endpoint (");
                    sb.Append(Request.RemoteEndPoint);
                    sb.Append(") has been blocked from the system.");
                }
                else
                {
                    sb.Append("Too many failed login attempts in a row registered. Try again after ");
                    sb.Append(TP.ToLongTimeString());
 
                    if (TP.Date != Today)
                    {
                        if (TP.Date == Today.AddDays(1))
                            sb.Append(" tomorrow");
                        else
                        {
                            sb.Append(", ");
                            sb.Append(TP.ToShortDateString());
                        }
                    }
 
                    sb.Append(". Remote Endpoint: ");
                    sb.Append(Request.RemoteEndPoint);
                }
 
                throw new TooManyRequestsException(sb.ToString());
            }
        }
 
        protected static Exception ToHttpException(XmppException ex)
        {
            if (ex is null)
                return null;
 
            if (ex is Networking.XMPP.StanzaErrors.BadRequestException)
                return new BadRequestException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.ConflictException)
                return new ConflictException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.ForbiddenException)
                return new ForbiddenException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.FeatureNotImplementedException)
                return new Networking.HTTP.NotImplementedException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.GoneException)
                return new GoneException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.InternalServerErrorException)
                return new InternalServerErrorException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.ItemNotFoundException)
                return new NotFoundException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.NotAllowedException)
                return new MethodNotAllowedException(new string[0], ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.ResourceConstraintException)
                return new TooManyRequestsException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.ServiceUnavailableException)
                return new ServiceUnavailableException(ex.Message);
            else if (ex is Networking.XMPP.StanzaErrors.NotAuthorizedException)
                return new NetworkAuthenticationRequiredException(ex.Message);
            else
                return ex;
        }
 
    }
}