forked from MediaBrowser/Emby
-
Notifications
You must be signed in to change notification settings - Fork 0
/
PluginSecurityManager.cs
309 lines (266 loc) · 11.4 KB
/
PluginSecurityManager.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Threading;
using System.Threading.Tasks;
using MediaBrowser.Common.Configuration;
using MediaBrowser.Common.Net;
using MediaBrowser.Common.Security;
using MediaBrowser.Controller;
using MediaBrowser.Model.Cryptography;
using MediaBrowser.Model.Entities;
using MediaBrowser.Model.IO;
using MediaBrowser.Model.Logging;
using MediaBrowser.Model.Net;
using MediaBrowser.Model.Serialization;
namespace Emby.Server.Implementations.Security
{
/// <summary>
/// Class PluginSecurityManager
/// </summary>
public class PluginSecurityManager : ISecurityManager
{
private const string MBValidateUrl = "https://mb3admin.com/admin/service/registration/validate";
private const string AppstoreRegUrl = /*MbAdmin.HttpsUrl*/ "https://mb3admin.com/admin/service/appstore/register";
public async Task<bool> IsSupporter()
{
var result = await GetRegistrationStatusInternal("MBSupporter", false, _appHost.ApplicationVersion.ToString(), CancellationToken.None).ConfigureAwait(false);
return result.IsRegistered;
}
private MBLicenseFile _licenseFile;
private MBLicenseFile LicenseFile
{
get { return _licenseFile ?? (_licenseFile = new MBLicenseFile(_appPaths, _fileSystem, _cryptographyProvider)); }
}
private readonly IHttpClient _httpClient;
private readonly IJsonSerializer _jsonSerializer;
private readonly IServerApplicationHost _appHost;
private readonly ILogger _logger;
private readonly IApplicationPaths _appPaths;
private readonly IFileSystem _fileSystem;
private readonly ICryptoProvider _cryptographyProvider;
/// <summary>
/// Initializes a new instance of the <see cref="PluginSecurityManager" /> class.
/// </summary>
public PluginSecurityManager(IServerApplicationHost appHost, IHttpClient httpClient, IJsonSerializer jsonSerializer,
IApplicationPaths appPaths, ILogManager logManager, IFileSystem fileSystem, ICryptoProvider cryptographyProvider)
{
if (httpClient == null)
{
throw new ArgumentNullException("httpClient");
}
_appHost = appHost;
_httpClient = httpClient;
_jsonSerializer = jsonSerializer;
_appPaths = appPaths;
_fileSystem = fileSystem;
_cryptographyProvider = cryptographyProvider;
_logger = logManager.GetLogger("SecurityManager");
}
/// <summary>
/// Gets the registration status.
/// This overload supports existing plug-ins.
/// </summary>
public Task<MBRegistrationRecord> GetRegistrationStatus(string feature)
{
return GetRegistrationStatusInternal(feature, false, null, CancellationToken.None);
}
/// <summary>
/// Gets or sets the supporter key.
/// </summary>
/// <value>The supporter key.</value>
public string SupporterKey
{
get
{
return LicenseFile.RegKey;
}
set
{
throw new Exception("Please call UpdateSupporterKey");
}
}
public async Task UpdateSupporterKey(string newValue)
{
if (newValue != null)
{
newValue = newValue.Trim();
}
if (!string.Equals(newValue, LicenseFile.RegKey, StringComparison.Ordinal))
{
LicenseFile.RegKey = newValue;
LicenseFile.Save();
// Reset this
await GetRegistrationStatusInternal("MBSupporter", true, _appHost.ApplicationVersion.ToString(), CancellationToken.None).ConfigureAwait(false);
}
}
/// <summary>
/// Register an app store sale with our back-end. It will validate the transaction with the store
/// and then register the proper feature and then fill in the supporter key on success.
/// </summary>
/// <param name="parameters">Json parameters to send to admin server</param>
public async Task RegisterAppStoreSale(string parameters)
{
var options = new HttpRequestOptions()
{
Url = AppstoreRegUrl,
CancellationToken = CancellationToken.None,
BufferContent = false
};
options.RequestHeaders.Add("X-Emby-Token", _appHost.SystemId);
options.RequestContent = parameters;
options.RequestContentType = "application/json";
try
{
using (var response = await _httpClient.Post(options).ConfigureAwait(false))
{
var reg = await _jsonSerializer.DeserializeFromStreamAsync<RegRecord>(response.Content).ConfigureAwait(false);
if (reg == null)
{
var msg = "Result from appstore registration was null.";
_logger.Error(msg);
throw new ArgumentException(msg);
}
if (!String.IsNullOrEmpty(reg.key))
{
await UpdateSupporterKey(reg.key).ConfigureAwait(false);
}
}
}
catch (ArgumentException)
{
SaveAppStoreInfo(parameters);
throw;
}
catch (HttpException e)
{
_logger.ErrorException("Error registering appstore purchase {0}", e, parameters ?? "NO PARMS SENT");
if (e.StatusCode.HasValue && e.StatusCode.Value == HttpStatusCode.PaymentRequired)
{
throw new PaymentRequiredException();
}
throw new Exception("Error registering store sale");
}
catch (Exception e)
{
_logger.ErrorException("Error registering appstore purchase {0}", e, parameters ?? "NO PARMS SENT");
SaveAppStoreInfo(parameters);
//TODO - could create a re-try routine on start-up if this file is there. For now we can handle manually.
throw new Exception("Error registering store sale");
}
}
private void SaveAppStoreInfo(string info)
{
// Save all transaction information to a file
try
{
_fileSystem.WriteAllText(Path.Combine(_appPaths.ProgramDataPath, "apptrans-error.txt"), info);
}
catch (IOException)
{
}
}
private SemaphoreSlim _regCheckLock = new SemaphoreSlim(1, 1);
private async Task<MBRegistrationRecord> GetRegistrationStatusInternal(string feature, bool forceCallToServer, string version, CancellationToken cancellationToken)
{
await _regCheckLock.WaitAsync(cancellationToken).ConfigureAwait(false);
try
{
var regInfo = LicenseFile.GetRegInfo(feature);
var lastChecked = regInfo == null ? DateTime.MinValue : regInfo.LastChecked;
var expDate = regInfo == null ? DateTime.MinValue : regInfo.ExpirationDate;
var maxCacheDays = 14;
var nextCheckDate = new[] { expDate, lastChecked.AddDays(maxCacheDays) }.Min();
if (nextCheckDate > DateTime.UtcNow.AddDays(maxCacheDays))
{
nextCheckDate = DateTime.MinValue;
}
//check the reg file first to alleviate strain on the MB admin server - must actually check in every 30 days tho
var reg = new RegRecord
{
// Cache the result for up to a week
registered = regInfo != null && nextCheckDate >= DateTime.UtcNow && expDate >= DateTime.UtcNow,
expDate = expDate
};
var key = SupporterKey;
if (!forceCallToServer && string.IsNullOrWhiteSpace(key))
{
return new MBRegistrationRecord();
}
var success = reg.registered;
if (!(lastChecked > DateTime.UtcNow.AddDays(-1)) || (!reg.registered))
{
var data = new Dictionary<string, string>
{
{ "feature", feature },
{ "key", key },
{ "mac", _appHost.SystemId },
{ "systemid", _appHost.SystemId },
{ "ver", version },
{ "platform", _appHost.OperatingSystemDisplayName }
};
try
{
var options = new HttpRequestOptions
{
Url = MBValidateUrl,
// Seeing block length errors
EnableHttpCompression = false,
BufferContent = false,
CancellationToken = cancellationToken
};
options.SetPostData(data);
using (var response = (await _httpClient.Post(options).ConfigureAwait(false)))
{
using (var json = response.Content)
{
reg = await _jsonSerializer.DeserializeFromStreamAsync<RegRecord>(json).ConfigureAwait(false);
success = true;
}
}
if (reg.registered)
{
_logger.Info("Registered for feature {0}", feature);
LicenseFile.AddRegCheck(feature, reg.expDate);
}
else
{
_logger.Info("Not registered for feature {0}", feature);
LicenseFile.RemoveRegCheck(feature);
}
}
catch (Exception e)
{
_logger.ErrorException("Error checking registration status of {0}", e, feature);
}
}
var record = new MBRegistrationRecord
{
IsRegistered = reg.registered,
ExpirationDate = reg.expDate,
RegChecked = true,
RegError = !success
};
record.TrialVersion = IsInTrial(reg.expDate, record.RegChecked, record.IsRegistered);
record.IsValid = !record.RegChecked || record.IsRegistered || record.TrialVersion;
return record;
}
finally
{
_regCheckLock.Release();
}
}
private bool IsInTrial(DateTime expirationDate, bool regChecked, bool isRegistered)
{
//don't set this until we've successfully obtained exp date
if (!regChecked)
{
return false;
}
var isInTrial = expirationDate > DateTime.UtcNow;
return isInTrial && !isRegistered;
}
}
}