Remove unnecessary ASP.NET features

Rewrite token authorization checks in integrated server
Disable ASP.NET logging and use custom logging for request duration
2024-11-25 05:42:45 +01:00 · 2023-12-23 13:47:33 +01:00 · 2023-12-23 13:47:31 +01:00 · 2023-12-23 11:19:54 +01:00
10 changed files with 103 additions and 56 deletions
--- a/app/Server/Endpoints/BaseEndpoint.cs
+++ b/app/Server/Endpoints/BaseEndpoint.cs
@ -3,12 +3,9 @@ using System.Net;
 using System.Text.Json;
 using System.Threading.Tasks;
 using DHT.Server.Database;
-using DHT.Server.Service;
 using DHT.Utils.Http;
 using DHT.Utils.Logging;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Extensions;
-using Microsoft.Extensions.Primitives;

 namespace DHT.Server.Endpoints;

@ -16,25 +13,14 @@ abstract class BaseEndpoint {
 	private static readonly Log Log = Log.ForType<BaseEndpoint>();

 	protected IDatabaseFile Db { get; }
-	protected ServerParameters Parameters { get; }

-	protected BaseEndpoint(IDatabaseFile db, ServerParameters parameters) {
+	protected BaseEndpoint(IDatabaseFile db) {
 		this.Db = db;
-		this.Parameters = parameters;
 	}

-	private async Task Handle(HttpContext ctx, StringValues token) {
-		var request = ctx.Request;
+	public async Task Handle(HttpContext ctx) {
 		var response = ctx.Response;

-		Log.Info("Request: " + request.GetDisplayUrl() + " (" + request.ContentLength + " B)");
-
-		if (token.Count != 1 || token[0] != Parameters.Token) {
-			Log.Error("Token: " + (token.Count == 1 ? token[0] : "<missing>"));
-			response.StatusCode = (int) HttpStatusCode.Forbidden;
-			return;
-		}
-
 		try {
 			response.StatusCode = (int) HttpStatusCode.OK;
 			var output = await Respond(ctx);
@ -49,14 +35,6 @@ abstract class BaseEndpoint {
 		}
 	}

-	public async Task HandleGet(HttpContext ctx) {
-		await Handle(ctx, ctx.Request.Query["token"]);
-	}
-
-	public async Task HandlePost(HttpContext ctx) {
-		await Handle(ctx, ctx.Request.Headers["X-DHT-Token"]);
-	}
-
 	protected abstract Task<IHttpOutput> Respond(HttpContext ctx);

 	protected static async Task<JsonElement> ReadJson(HttpContext ctx) {
--- a/app/Server/Endpoints/GetAttachmentEndpoint.cs
+++ b/app/Server/Endpoints/GetAttachmentEndpoint.cs
@ -2,14 +2,13 @@ using System.Net;
 using System.Threading.Tasks;
 using DHT.Server.Data;
 using DHT.Server.Database;
-using DHT.Server.Service;
 using DHT.Utils.Http;
 using Microsoft.AspNetCore.Http;

 namespace DHT.Server.Endpoints;

 sealed class GetAttachmentEndpoint : BaseEndpoint {
-	public GetAttachmentEndpoint(IDatabaseFile db, ServerParameters parameters) : base(db, parameters) {}
+	public GetAttachmentEndpoint(IDatabaseFile db) : base(db) {}

 	protected override Task<IHttpOutput> Respond(HttpContext ctx) {
 		string attachmentUrl = WebUtility.UrlDecode((string) ctx.Request.RouteValues["url"]!);
--- a/app/Server/Endpoints/GetTrackingScriptEndpoint.cs
+++ b/app/Server/Endpoints/GetTrackingScriptEndpoint.cs
@ -13,12 +13,16 @@ namespace DHT.Server.Endpoints;
 sealed class GetTrackingScriptEndpoint : BaseEndpoint {
 	private static ResourceLoader Resources { get; } = new (Assembly.GetExecutingAssembly());
 	
-	public GetTrackingScriptEndpoint(IDatabaseFile db, ServerParameters parameters) : base(db, parameters) {}
+	private readonly ServerParameters serverParameters;
+	
+	public GetTrackingScriptEndpoint(IDatabaseFile db, ServerParameters parameters) : base(db) {
+		serverParameters = parameters;
+	}

 	protected override async Task<IHttpOutput> Respond(HttpContext ctx) {
 		string bootstrap = await Resources.ReadTextAsync("Tracker/bootstrap.js");
-		string script = bootstrap.Replace("= 0; /*[PORT]*/", "= " + Parameters.Port + ";")
-		                         .Replace("/*[TOKEN]*/", HttpUtility.JavaScriptStringEncode(Parameters.Token))
+		string script = bootstrap.Replace("= 0; /*[PORT]*/", "= " + serverParameters.Port + ";")
+		                         .Replace("/*[TOKEN]*/", HttpUtility.JavaScriptStringEncode(serverParameters.Token))
 		                         .Replace("/*[IMPORTS]*/", await Resources.ReadJoinedAsync("Tracker/scripts/", '\n'))
 		                         .Replace("/*[CSS-CONTROLLER]*/", await Resources.ReadTextAsync("Tracker/styles/controller.css"))
 		                         .Replace("/*[CSS-SETTINGS]*/", await Resources.ReadTextAsync("Tracker/styles/settings.css"))
--- a/app/Server/Endpoints/TrackChannelEndpoint.cs
+++ b/app/Server/Endpoints/TrackChannelEndpoint.cs
@ -3,14 +3,13 @@ using System.Text.Json;
 using System.Threading.Tasks;
 using DHT.Server.Data;
 using DHT.Server.Database;
-using DHT.Server.Service;
 using DHT.Utils.Http;
 using Microsoft.AspNetCore.Http;

 namespace DHT.Server.Endpoints;

 sealed class TrackChannelEndpoint : BaseEndpoint {
-	public TrackChannelEndpoint(IDatabaseFile db, ServerParameters parameters) : base(db, parameters) {}
+	public TrackChannelEndpoint(IDatabaseFile db) : base(db) {}

 	protected override async Task<IHttpOutput> Respond(HttpContext ctx) {
 		var root = await ReadJson(ctx);
--- a/app/Server/Endpoints/TrackMessagesEndpoint.cs
+++ b/app/Server/Endpoints/TrackMessagesEndpoint.cs
@ -9,7 +9,6 @@ using DHT.Server.Data;
 using DHT.Server.Data.Filters;
 using DHT.Server.Database;
 using DHT.Server.Download;
-using DHT.Server.Service;
 using DHT.Utils.Collections;
 using DHT.Utils.Http;
 using Microsoft.AspNetCore.Http;
@ -20,7 +19,7 @@ sealed class TrackMessagesEndpoint : BaseEndpoint {
 	private const string HasNewMessages = "1";
 	private const string NoNewMessages = "0";
 	
-	public TrackMessagesEndpoint(IDatabaseFile db, ServerParameters parameters) : base(db, parameters) {}
+	public TrackMessagesEndpoint(IDatabaseFile db) : base(db) {}

 	protected override async Task<IHttpOutput> Respond(HttpContext ctx) {
 		var root = await ReadJson(ctx);
--- a/app/Server/Endpoints/TrackUsersEndpoint.cs
+++ b/app/Server/Endpoints/TrackUsersEndpoint.cs
@ -3,14 +3,13 @@ using System.Text.Json;
 using System.Threading.Tasks;
 using DHT.Server.Data;
 using DHT.Server.Database;
-using DHT.Server.Service;
 using DHT.Utils.Http;
 using Microsoft.AspNetCore.Http;

 namespace DHT.Server.Endpoints;

 sealed class TrackUsersEndpoint : BaseEndpoint {
-	public TrackUsersEndpoint(IDatabaseFile db, ServerParameters parameters) : base(db, parameters) {}
+	public TrackUsersEndpoint(IDatabaseFile db) : base(db) {}

 	protected override async Task<IHttpOutput> Respond(HttpContext ctx) {
 		var root = await ReadJson(ctx);
--- a/app/Server/Service/Middlewares/ServerAuthorizationMiddleware.cs
+++ b/app/Server/Service/Middlewares/ServerAuthorizationMiddleware.cs
@ -0,0 +1,44 @@
+using System.Net;
+using System.Threading.Tasks;
+using DHT.Utils.Logging;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Primitives;
+
+namespace DHT.Server.Service.Middlewares;
+
+sealed class ServerAuthorizationMiddleware {
+	private static readonly Log Log = Log.ForType<ServerAuthorizationMiddleware>();
+
+	private readonly RequestDelegate next;
+	private readonly ServerParameters serverParameters;
+
+	public ServerAuthorizationMiddleware(RequestDelegate next, ServerParameters serverParameters) {
+		this.next = next;
+		this.serverParameters = serverParameters;
+	}
+
+	public async Task InvokeAsync(HttpContext context) {
+		var request = context.Request;
+
+		bool success = HttpMethods.IsGet(request.Method)
+			               ? CheckToken(request.Query["token"])
+			               : CheckToken(request.Headers["X-DHT-Token"]);
+
+		if (success) {
+			await next(context);
+		}
+		else {
+			context.Response.StatusCode = (int) HttpStatusCode.Forbidden;
+		}
+	}
+
+	private bool CheckToken(StringValues token) {
+		if (token.Count == 1 && token[0] == serverParameters.Token) {
+			return true;
+		}
+		else {
+			Log.Error("Invalid token: " + (token.Count == 1 ? token[0] : "<missing>"));
+			return false;
+		}
+	}
+}
--- a/app/Server/Service/Middlewares/ServerLoggingMiddleware.cs
+++ b/app/Server/Service/Middlewares/ServerLoggingMiddleware.cs
@ -0,0 +1,29 @@
+using System.Diagnostics;
+using System.Threading.Tasks;
+using DHT.Utils.Logging;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Extensions;
+
+namespace DHT.Server.Service.Middlewares; 
+
+sealed class ServerLoggingMiddleware {
+	private static readonly Log Log = Log.ForType<ServerLoggingMiddleware>();
+	
+	private readonly RequestDelegate next;
+	
+	public ServerLoggingMiddleware(RequestDelegate next) {
+		this.next = next;
+	}
+
+	public async Task InvokeAsync(HttpContext context) {
+		var stopwatch = Stopwatch.StartNew();
+		await next(context);
+		stopwatch.Stop();
+		
+		var request = context.Request;
+		var requestLength = request.ContentLength ?? 0L;
+		var responseStatus = context.Response.StatusCode;
+		var elapsedMs = stopwatch.ElapsedMilliseconds;
+		Log.Debug("Request to " + request.GetEncodedPathAndQuery() + " (" + requestLength + " B) returned " + responseStatus + ", took " + elapsedMs + " ms");
+	}
+}
--- a/app/Server/Service/ServerLauncher.cs
+++ b/app/Server/Service/ServerLauncher.cs
@ -4,7 +4,6 @@ using System.Diagnostics.CodeAnalysis;
 using System.Threading;
 using DHT.Server.Database;
 using DHT.Utils.Logging;
-using Microsoft.AspNetCore;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.Extensions.DependencyInjection;
@ -75,7 +74,7 @@ public static class ServerLauncher {
 			options.ListenLocalhost(port, static listenOptions => listenOptions.Protocols = HttpProtocols.Http1);
 		}

-		Server = WebHost.CreateDefaultBuilder()
+		Server = new WebHostBuilder()
 		         .ConfigureServices(AddServices)
 		         .UseKestrel(SetKestrelOptions)
 		         .UseStartup<Startup>()
--- a/app/Server/Service/ServerStartup.cs
+++ b/app/Server/Service/ServerStartup.cs
@ -2,6 +2,7 @@ using System.Diagnostics.CodeAnalysis;
 using System.Text.Json.Serialization;
 using DHT.Server.Database;
 using DHT.Server.Endpoints;
+using DHT.Server.Service.Middlewares;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http.Json;
 using Microsoft.Extensions.DependencyInjection;
@ -27,27 +28,23 @@ sealed class Startup {
 				builder.WithOrigins(AllowedOrigins).AllowCredentials().AllowAnyMethod().AllowAnyHeader().WithExposedHeaders("X-DHT");
 			});
 		});
+		
+		services.AddRoutingCore();
 	}

 	[SuppressMessage("ReSharper", "UnusedMember.Global")]
 	public void Configure(IApplicationBuilder app, IHostApplicationLifetime lifetime, IDatabaseFile db, ServerParameters parameters) {
-		app.UseRouting();
+		app.UseMiddleware<ServerLoggingMiddleware>();
 		app.UseCors();
+		app.UseMiddleware<ServerAuthorizationMiddleware>();
+		app.UseRouting();
+		
 		app.UseEndpoints(endpoints => {
-			GetTrackingScriptEndpoint getTrackingScript = new (db, parameters);
-			endpoints.MapGet("/get-tracking-script", context => getTrackingScript.HandleGet(context));
-			
-			TrackChannelEndpoint trackChannel = new (db, parameters);
-			endpoints.MapPost("/track-channel", context => trackChannel.HandlePost(context));
-
-			TrackUsersEndpoint trackUsers = new (db, parameters);
-			endpoints.MapPost("/track-users", context => trackUsers.HandlePost(context));
-
-			TrackMessagesEndpoint trackMessages = new (db, parameters);
-			endpoints.MapPost("/track-messages", context => trackMessages.HandlePost(context));
-
-			GetAttachmentEndpoint getAttachment = new (db, parameters);
-			endpoints.MapGet("/get-attachment/{url}", context => getAttachment.HandleGet(context));
+			endpoints.MapGet("/get-tracking-script", new GetTrackingScriptEndpoint(db, parameters).Handle);
+			endpoints.MapGet("/get-attachment/{url}", new GetAttachmentEndpoint(db).Handle);
+			endpoints.MapPost("/track-channel", new TrackChannelEndpoint(db).Handle);
+			endpoints.MapPost("/track-users", new TrackUsersEndpoint(db).Handle);
+			endpoints.MapPost("/track-messages", new TrackMessagesEndpoint(db).Handle);
 		});
 	}
 }
Author	SHA1	Message	Date
chylex	3d9d6a454a	Remove unnecessary ASP.NET features	2023-12-23 13:47:33 +01:00
chylex	ee39780928	Rewrite token authorization checks in integrated server	2023-12-23 13:47:31 +01:00
chylex	7b58f973a0	Disable ASP.NET logging and use custom logging for request duration	2023-12-23 11:19:54 +01:00