Ensure correct access to all manifests + introduce "public" package manifests (#15921)

* Introduce "public" package manifests * Make sure "all manifests" are available to anyone with backoffice access * review comments
2024-03-21 09:55:30 +01:00
parent 129e9004d8
commit e750d29d14
6 changed files with 71 additions and 17 deletions
--- a/src/Umbraco.Cms.Api.Management/Controllers/Package/AllPackageManifestController.cs
+++ b/src/Umbraco.Cms.Api.Management/Controllers/Package/AllPackageManifestController.cs
@@ -1,13 +1,16 @@
 using Asp.Versioning;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Umbraco.Cms.Api.Management.ViewModels.Package;
 using Umbraco.Cms.Core.Manifest;
 using Umbraco.Cms.Core.Mapping;
+using Umbraco.Cms.Web.Common.Authorization;

 namespace Umbraco.Cms.Api.Management.Controllers.Package;

 [ApiVersion("1.0")]
+[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]
 public class AllPackageManifestController : PackageControllerBase
 {
    private readonly IPackageManifestService _packageManifestService;
@@ -25,7 +28,7 @@ public class AllPackageManifestController : PackageControllerBase
    [ProducesResponseType(typeof(IEnumerable<PackageManifestResponseModel>), StatusCodes.Status200OK)]
    public async Task<IActionResult> AllPackageManifests()
    {
-        PackageManifest[] packageManifests = (await _packageManifestService.GetPackageManifestsAsync()).ToArray();
+        PackageManifest[] packageManifests = (await _packageManifestService.GetAllPackageManifestsAsync()).ToArray();
        return Ok(_umbracoMapper.MapEnumerable<PackageManifest, PackageManifestResponseModel>(packageManifests));
    }
 }
--- a/src/Umbraco.Cms.Api.Management/Controllers/Package/PublicPackageManifestController.cs
+++ b/src/Umbraco.Cms.Api.Management/Controllers/Package/PublicPackageManifestController.cs
@@ -0,0 +1,33 @@
+using Asp.Versioning;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Umbraco.Cms.Api.Management.ViewModels.Package;
+using Umbraco.Cms.Core.Manifest;
+using Umbraco.Cms.Core.Mapping;
+
+namespace Umbraco.Cms.Api.Management.Controllers.Package;
+
+[ApiVersion("1.0")]
+[AllowAnonymous]
+public class PublicPackageManifestController : PackageControllerBase
+{
+    private readonly IPackageManifestService _packageManifestService;
+    private readonly IUmbracoMapper _umbracoMapper;
+
+    public PublicPackageManifestController(IPackageManifestService packageManifestService, IUmbracoMapper umbracoMapper)
+    {
+        _packageManifestService = packageManifestService;
+        _umbracoMapper = umbracoMapper;
+    }
+
+    // NOTE: this endpoint is deliberately created as non-paginated to ensure the fastest possible client initialization
+    [HttpGet("manifest/public")]
+    [MapToApiVersion("1.0")]
+    [ProducesResponseType(typeof(IEnumerable<PackageManifestResponseModel>), StatusCodes.Status200OK)]
+    public async Task<IActionResult> PublicPackageManifests()
+    {
+        PackageManifest[] packageManifests = (await _packageManifestService.GetPublicPackageManifestsAsync()).ToArray();
+        return Ok(_umbracoMapper.MapEnumerable<PackageManifest, PackageManifestResponseModel>(packageManifests));
+    }
+}
--- a/src/Umbraco.Core/Manifest/IPackageManifestService.cs
+++ b/src/Umbraco.Core/Manifest/IPackageManifestService.cs
@@ -2,7 +2,9 @@

 public interface IPackageManifestService
 {
-    Task<IEnumerable<PackageManifest>> GetPackageManifestsAsync();
+    Task<IEnumerable<PackageManifest>> GetAllPackageManifestsAsync();
+
+    Task<IEnumerable<PackageManifest>> GetPublicPackageManifestsAsync();

    Task<PackageManifestImportmap> GetPackageManifestImportmapAsync();
 }
--- a/src/Umbraco.Core/Manifest/PackageManifest.cs
+++ b/src/Umbraco.Core/Manifest/PackageManifest.cs
@@ -6,6 +6,8 @@ public class PackageManifest

    public string? Version { get; set; }

+    public bool AllowPublicAccess { get; set; }
+
    public bool AllowTelemetry { get; set; } = true;

    public required object[] Extensions { get; set; }
--- a/src/Umbraco.Infrastructure/Manifest/PackageManifestService.cs
+++ b/src/Umbraco.Infrastructure/Manifest/PackageManifestService.cs
@@ -22,7 +22,7 @@ internal sealed class PackageManifestService : IPackageManifestService
        _cache = appCaches.RuntimeCache;
    }

-    public async Task<IEnumerable<PackageManifest>> GetPackageManifestsAsync()
+    public async Task<IEnumerable<PackageManifest>> GetAllPackageManifestsAsync()
        => await _cache.GetCacheItemAsync(
               $"{nameof(PackageManifestService)}-PackageManifests",
               async () =>
@@ -37,9 +37,12 @@ internal sealed class PackageManifestService : IPackageManifestService
               _packageManifestSettings.CacheTimeout)
           ?? Array.Empty<PackageManifest>();

+    public async Task<IEnumerable<PackageManifest>> GetPublicPackageManifestsAsync()
+        => (await GetAllPackageManifestsAsync()).Where(manifest => manifest.AllowPublicAccess).ToArray();
+
    public async Task<PackageManifestImportmap> GetPackageManifestImportmapAsync()
    {
-        IEnumerable<PackageManifest> packageManifests = await GetPackageManifestsAsync();
+        IEnumerable<PackageManifest> packageManifests = await GetAllPackageManifestsAsync();
        var manifests = packageManifests.Select(x => x.Importmap).WhereNotNull().ToList();

        var importDict = manifests