yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1fae0e350e5adab32b8961455c7d8a2d812ed13
Umbraco-CMS/src/Umbraco.Web.Website/Routing/SurfaceControllerMatcherPolicy.cs
Bjarke Berg de6e9aeb31 Prioritise surface controller requests highest (#13919) 
* Fixed issue mentioned in https://github.com/umbraco/Umbraco-CMS/issues/13836

Now surface controller requests always has higher priority than other. So if this is both a surface controller request and a virtual page request, it will execute the surface controller.

* Moved some login into private methods

* More clean up

* Clean up

* Only handle valid candidates
2023-03-08 13:43:35 +01:00

119 lines
4.2 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Routing.Matching;
using Umbraco.Cms.Web.Website.Controllers;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.Website.Routing;
/// <summary>
/// Ensures the surface controller requests takes priority over other things like virtual routes.
/// Also ensures that requests to a surface controller on a virtual route will return 405, like HttpMethodMatcherPolicy ensures for non-virtual route requests.
/// </summary>
internal class SurfaceControllerMatcherPolicy : MatcherPolicy, IEndpointSelectorPolicy
{
private const string Http405EndpointDisplayName = "405 HTTP Method Not Supported";
public override int Order { get; } // default order should be okay. Count be everything positive to not conflict with MS policies
public bool AppliesToEndpoints(IReadOnlyList<Endpoint> endpoints)
{
// In theory all endpoints can have the query string data for a surface controller
return true;
}
public Task ApplyAsync(HttpContext httpContext, CandidateSet candidates)
{
ArgumentNullException.ThrowIfNull(nameof(httpContext));
ArgumentNullException.ThrowIfNull(nameof(candidates));
if (candidates.Count < 2)
{
return Task.CompletedTask;
}
int? surfaceControllerIndex = GetSurfaceControllerCandidateIndex(candidates);
if (surfaceControllerIndex.HasValue)
{
HashSet<string> allowedHttpMethods = GetAllowedHttpMethods(candidates[surfaceControllerIndex.Value]);
if (allowedHttpMethods.Any()
&& allowedHttpMethods.Contains(httpContext.Request.Method) is false)
{
// We need to handle this as a 405 like the HttpMethodMatcherPolicy would do.
httpContext.SetEndpoint(CreateRejectEndpoint(allowedHttpMethods));
httpContext.Request.RouteValues = null!;
}
else
{
// Otherwise we invalidate all other endpoints than the surface controller that matched.
InvalidateAllCandidatesExceptIndex(candidates, surfaceControllerIndex.Value);
}
}
return Task.CompletedTask;
}
private static HashSet<string> GetAllowedHttpMethods(CandidateState candidate)
{
var surfaceControllerAllowedHttpMethods = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
IHttpMethodMetadata? httpMethodMetadata = candidate.Endpoint?.Metadata.GetMetadata<IHttpMethodMetadata>();
if (httpMethodMetadata is not null)
{
foreach (var httpMethod in httpMethodMetadata.HttpMethods)
{
surfaceControllerAllowedHttpMethods.Add(httpMethod);
}
}
return surfaceControllerAllowedHttpMethods;
}
private static int? GetSurfaceControllerCandidateIndex(CandidateSet candidates)
{
for (var i = 0; i < candidates.Count; i++)
{
if (candidates.IsValidCandidate(i))
{
CandidateState candidate = candidates[i];
ControllerActionDescriptor? controllerActionDescriptor =
candidate.Endpoint?.Metadata.GetMetadata<ControllerActionDescriptor>();
if (controllerActionDescriptor?.ControllerTypeInfo.IsType<SurfaceController>() == true)
{
return i;
}
}
}
return null;
}
private static void InvalidateAllCandidatesExceptIndex(CandidateSet candidates, int index)
{
for (var i = 0; i < candidates.Count; i++)
{
if (i != index)
{
candidates.SetValidity(i, false);
}
}
}
private static Endpoint CreateRejectEndpoint(ISet<string> allowedHttpMethods) =>
new Endpoint(
(context) =>
{
context.Response.StatusCode = 405;
context.Response.Headers.Allow = string.Join(", ", allowedHttpMethods);
return Task.CompletedTask;
},
EndpointMetadataCollection.Empty,
Http405EndpointDisplayName);
}
Reference in New Issue View Git Blame Copy Permalink