From c6d8333c7a28b752397e171540306ceccf74ca12 Mon Sep 17 00:00:00 2001
From: Jesse Plamondon-Willard <github@jplamondonw.com>
Date: Sat, 28 Oct 2017 11:53:54 -0400
Subject: improve criteria for subdomain rewriting (#358)

---
 .../ConditionalRewriteSubdomainRule.cs             | 48 ++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 src/SMAPI.Web/Framework/RewriteRules/ConditionalRewriteSubdomainRule.cs

(limited to 'src/SMAPI.Web/Framework/RewriteRules')

diff --git a/src/SMAPI.Web/Framework/RewriteRules/ConditionalRewriteSubdomainRule.cs b/src/SMAPI.Web/Framework/RewriteRules/ConditionalRewriteSubdomainRule.cs
new file mode 100644
index 00000000..83f23058
--- /dev/null
+++ b/src/SMAPI.Web/Framework/RewriteRules/ConditionalRewriteSubdomainRule.cs
@@ -0,0 +1,48 @@
+using System;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Rewrite;
+
+namespace StardewModdingAPI.Web.Framework.RewriteRules
+{
+    /// <summary>Rewrite requests to prepend the subdomain portion (if any) to the path.</summary>
+    /// <remarks>Derived from <a href="https://stackoverflow.com/a/44526747/262123" />.</remarks>
+    internal class ConditionalRewriteSubdomainRule : IRule
+    {
+        /*********
+        ** Accessors
+        *********/
+        /// <summary>A predicate which indicates when the rule should be applied.</summary>
+        private readonly Func<HttpRequest, bool> ShouldRewrite;
+
+
+        /*********
+        ** Public methods
+        *********/
+        /// <summary>Construct an instance.</summary>
+        /// <param name="shouldRewrite">A predicate which indicates when the rule should be applied.</param>
+        public ConditionalRewriteSubdomainRule(Func<HttpRequest, bool> shouldRewrite = null)
+        {
+            this.ShouldRewrite = shouldRewrite;
+        }
+
+        /// <summary>Applies the rule. Implementations of ApplyRule should set the value for <see cref="RewriteContext.Result" /> (defaults to RuleResult.ContinueRules).</summary>
+        /// <param name="context">The rewrite context.</param>
+        public void ApplyRule(RewriteContext context)
+        {
+            HttpRequest request = context.HttpContext.Request;
+
+            // check condition
+            if (this.ShouldRewrite != null && !this.ShouldRewrite(request))
+                return;
+
+            // get host parts
+            string host = request.Host.Host;
+            string[] parts = host.Split('.');
+            if (parts.Length < 2)
+                return;
+
+            // prepend to path
+            request.Path = $"/{parts[0]}{request.Path}";
+        }
+    }
+}
-- 
cgit 


From d545281ef3d83d4db43d5ca56eb59800c8a1b8d2 Mon Sep 17 00:00:00 2001
From: Jesse Plamondon-Willard <github@jplamondonw.com>
Date: Sat, 28 Oct 2017 12:24:50 -0400
Subject: redirect web views to HTTPS (#358)

---
 .../RewriteRules/ConditionalRedirectToHttpsRule.cs | 62 ++++++++++++++++++++++
 .../ConditionalRewriteSubdomainRule.cs             |  4 +-
 src/SMAPI.Web/Startup.cs                           |  7 +++
 3 files changed, 71 insertions(+), 2 deletions(-)
 create mode 100644 src/SMAPI.Web/Framework/RewriteRules/ConditionalRedirectToHttpsRule.cs

(limited to 'src/SMAPI.Web/Framework/RewriteRules')

diff --git a/src/SMAPI.Web/Framework/RewriteRules/ConditionalRedirectToHttpsRule.cs b/src/SMAPI.Web/Framework/RewriteRules/ConditionalRedirectToHttpsRule.cs
new file mode 100644
index 00000000..d6a56bb7
--- /dev/null
+++ b/src/SMAPI.Web/Framework/RewriteRules/ConditionalRedirectToHttpsRule.cs
@@ -0,0 +1,62 @@
+using System;
+using System.Net;
+using System.Text;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Rewrite;
+
+namespace StardewModdingAPI.Web.Framework.RewriteRules
+{
+    /// <summary>Redirect requests to HTTPS.</summary>
+    /// <remarks>Derived from <a href="https://stackoverflow.com/a/44526747/262123" /> and <see cref="Microsoft.AspNetCore.Rewrite.Internal.RedirectToHttpsRule"/>.</remarks>
+    internal class ConditionalRedirectToHttpsRule : IRule
+    {
+        /*********
+        ** Properties
+        *********/
+        /// <summary>A predicate which indicates when the rule should be applied.</summary>
+        private readonly Func<HttpRequest, bool> ShouldRewrite;
+
+
+        /*********
+        ** Public methods
+        *********/
+        /// <summary>Construct an instance.</summary>
+        /// <param name="shouldRewrite">A predicate which indicates when the rule should be applied.</param>
+        public ConditionalRedirectToHttpsRule(Func<HttpRequest, bool> shouldRewrite = null)
+        {
+            this.ShouldRewrite = shouldRewrite ?? (req => true);
+        }
+
+        /// <summary>Applies the rule. Implementations of ApplyRule should set the value for <see cref="RewriteContext.Result" /> (defaults to RuleResult.ContinueRules).</summary>
+        /// <param name="context">The rewrite context.</param>
+        public void ApplyRule(RewriteContext context)
+        {
+            HttpRequest request = context.HttpContext.Request;
+
+            // check condition
+            if (this.IsSecure(request) || !this.ShouldRewrite(request))
+                return;
+
+            // redirect request
+            HttpResponse response = context.HttpContext.Response;
+            response.StatusCode = (int)HttpStatusCode.RedirectKeepVerb;
+            response.Headers["Location"] = new StringBuilder()
+                .Append("https://")
+                .Append(request.Host.Host)
+                .Append(request.PathBase)
+                .Append(request.Path)
+                .Append(request.QueryString)
+                .ToString();
+            context.Result = RuleResult.EndResponse;
+        }
+
+        /// <summary>Get whether the request was received over HTTPS.</summary>
+        /// <param name="request">The request to check.</param>
+        public bool IsSecure(HttpRequest request)
+        {
+            return
+                request.IsHttps // HTTPS to server
+                || string.Equals(request.Headers["x-forwarded-proto"], "HTTPS", StringComparison.OrdinalIgnoreCase); // HTTPS to AWS load balancer
+        }
+    }
+}
diff --git a/src/SMAPI.Web/Framework/RewriteRules/ConditionalRewriteSubdomainRule.cs b/src/SMAPI.Web/Framework/RewriteRules/ConditionalRewriteSubdomainRule.cs
index 83f23058..920632ab 100644
--- a/src/SMAPI.Web/Framework/RewriteRules/ConditionalRewriteSubdomainRule.cs
+++ b/src/SMAPI.Web/Framework/RewriteRules/ConditionalRewriteSubdomainRule.cs
@@ -22,7 +22,7 @@ namespace StardewModdingAPI.Web.Framework.RewriteRules
         /// <param name="shouldRewrite">A predicate which indicates when the rule should be applied.</param>
         public ConditionalRewriteSubdomainRule(Func<HttpRequest, bool> shouldRewrite = null)
         {
-            this.ShouldRewrite = shouldRewrite;
+            this.ShouldRewrite = shouldRewrite ?? (req => true);
         }
 
         /// <summary>Applies the rule. Implementations of ApplyRule should set the value for <see cref="RewriteContext.Result" /> (defaults to RuleResult.ContinueRules).</summary>
@@ -32,7 +32,7 @@ namespace StardewModdingAPI.Web.Framework.RewriteRules
             HttpRequest request = context.HttpContext.Request;
 
             // check condition
-            if (this.ShouldRewrite != null && !this.ShouldRewrite(request))
+            if (!this.ShouldRewrite(request))
                 return;
 
             // get host parts
diff --git a/src/SMAPI.Web/Startup.cs b/src/SMAPI.Web/Startup.cs
index 0f656e55..b27ff9a5 100644
--- a/src/SMAPI.Web/Startup.cs
+++ b/src/SMAPI.Web/Startup.cs
@@ -66,6 +66,13 @@ namespace StardewModdingAPI.Web
             loggerFactory.AddDebug();
             app
                 .UseRewriter(new RewriteOptions()
+                    // redirect to HTTPS (except API for Linux/Mac Mono compatibility)
+                    .Add(new ConditionalRedirectToHttpsRule(
+                        shouldRewrite: req =>
+                            req.Host.Host != "localhost"
+                            && !req.Path.StartsWithSegments("/api")
+                    ))
+
                     // convert subdomain.smapi.io => smapi.io/subdomain for routing
                     .Add(new ConditionalRewriteSubdomainRule(
                         shouldRewrite: req =>
-- 
cgit