Skip to content

Commit

Permalink
Merge pull request #4359 from cisagov/feature/CSET-2975
Browse files Browse the repository at this point in the history 
Exclude test harness endpoints from Release build
  • Loading branch information
@Marcus-Goectau
Marcus-Goectau authored Jan 16, 2025
2 parents 86dd461 + 5119d28 commit f41a6b7
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 42 deletions.
4 changes: 4 additions & 0 deletions CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/CSETWebCore.Api.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@
<AssemblyVersion>12.3.0.2</AssemblyVersion>
</PropertyGroup>

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
<DefineConstants>EXCLUDE_FROM_PUBLISH</DefineConstants>
</PropertyGroup>

<PropertyGroup Condition=" '$(RunConfiguration)' == 'CSETWeb_ApiCore' " />
<ItemGroup>
<PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="6.0.0" />
Expand Down
128 changes: 86 additions & 42 deletions CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/AngularConfigController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
using Microsoft.AspNetCore.Http;
using System.Text.Json;
using Newtonsoft.Json.Linq;
using DocumentFormat.OpenXml.InkML;


namespace CSETWebCore.Api.Controllers
Expand All @@ -21,47 +20,28 @@ namespace CSETWebCore.Api.Controllers
public class AngularConfigController : ControllerBase
{
private readonly IWebHostEnvironment _webHost;

public AngularConfigController(IWebHostEnvironment webHost)
{
_webHost = webHost;
}
/// <summary>
/// NOTE THIS APOLOGY
/// this call returns the config.json file
/// but modifies the port to be the current port
/// the application is running on.
/// (IE the file may be different from what is returned)
/// </summary>
/// <returns></returns>
[HttpGet]
[Route("api/assets/config")]
public IActionResult GetConfigURLRewrite()
{
try
{
Console.WriteLine("Reading the path test");
if (System.IO.File.Exists(Path.Combine(_webHost.ContentRootPath, "WebApp/index.html")))
{
Console.WriteLine(Path.Combine(_webHost.ContentRootPath, "WebApp/index.html"));

//process this as if we are running internally else do what ever used to be the case
//in this case they are running together and we can just replace the config document.
var jd = processUpdatedJson(HttpContext.Request);
return Ok(jd);
}
Console.WriteLine("Path didn't exist");

return Ok(processConfig(HttpContext.Request.Host, HttpContext.Request.Scheme));
}
catch (Exception)
{
return BadRequest("assets/config.json file not found");
}
}
// SECURITY NOTE: The following two endpoints should not be included in a Release build

#if !EXCLUDE_FROM_PUBLISH

/// <summary>
/// This method is only used by an internal test harness. It exposes
/// secrets and should not be published in the production API.
///
/// SECURITY NOTE:
/// If we ever remove the EXCLUDE_FROM_PUBLISH preprocessor directive,
/// some kind of private/internal authentication will need to be added to this method
/// to prevent it from being open to the public.
/// </summary>
[HttpPost]
[Route("api/assets/changeConnectionString")]
[Route("api/assets/changeconnectionstring")]
public string ChangeConnectionString([FromBody] string connString)
{
try
Expand Down Expand Up @@ -94,8 +74,17 @@ public string ChangeConnectionString([FromBody] string connString)
}


/// <summary>
/// This method is only used by an internal test harness. It exposes
/// secrets and should not be published in the production API.
///
/// SECURITY NOTE:
/// If we ever remove the EXCLUDE_FROM_PUBLISH preprocessor directive,
/// some kind of private/internal authentication will need to be added to this method
/// to prevent it from being open to the public.
/// </summary>
[HttpGet]
[Route("api/assets/getConnectionString")]
[Route("api/assets/getconnectionstring")]
public string GetConnectionString()
{
try
Expand All @@ -121,8 +110,51 @@ public string GetConnectionString()
}
}

#endif


Newtonsoft.Json.Linq.JObject processUpdatedJson(HttpRequest context)
/// <summary>
/// NOTE THIS APOLOGY
/// this call returns the config.json file
/// but modifies the port to be the current port
/// the application is running on.
/// (IE the file may be different from what is returned)
/// </summary>
/// <returns></returns>
[HttpGet]
[Route("api/assets/config")]
public IActionResult GetConfigURLRewrite()
{
try
{
Console.WriteLine("Reading the path test");
if (System.IO.File.Exists(Path.Combine(_webHost.ContentRootPath, "WebApp/index.html")))
{
Console.WriteLine(Path.Combine(_webHost.ContentRootPath, "WebApp/index.html"));

//process this as if we are running internally else do what ever used to be the case
//in this case they are running together and we can just replace the config document.
var jd = ProcessUpdatedJson(HttpContext.Request);
return Ok(jd);
}
Console.WriteLine("Path didn't exist");

return Ok(ProcessConfig(HttpContext.Request.Host, HttpContext.Request.Scheme));
}
catch (Exception)
{
return BadRequest("assets/config.json file not found");
}
}


/// <summary>
///
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
/// <exception cref="Exception"></exception>
private JObject ProcessUpdatedJson(HttpRequest context)
{
string webpath = _webHost.ContentRootPath;
if (!webpath.Contains("WebApp"))
Expand Down Expand Up @@ -201,9 +233,14 @@ Newtonsoft.Json.Linq.JObject processUpdatedJson(HttpRequest context)
}




private JsonElement processConfig(HostString newBase, string scheme)
/// <summary>
///
/// </summary>
/// <param name="newBase"></param>
/// <param name="scheme"></param>
/// <returns></returns>
/// <exception cref="Exception"></exception>
private JsonElement ProcessConfig(HostString newBase, string scheme)
{
_webHost.WebRootPath = Path.Combine(_webHost.ContentRootPath, "../../../CSETWebNg/src");
var path = Path.Combine(_webHost.WebRootPath, "assets/settings/config.json");
Expand Down Expand Up @@ -238,17 +275,17 @@ private JsonElement processConfig(HostString newBase, string scheme)
if (element.Name == "appUrl")
{
writer.WritePropertyName(element.Name);
writer.WriteStringValue(newUri(newBase, scheme, root.GetProperty("appUrl").ToString()).ToString());
writer.WriteStringValue(NewUri(newBase, scheme, root.GetProperty("appUrl").ToString()).ToString());
}
else if (element.Name == "apiUrl")
{
writer.WritePropertyName(element.Name);
writer.WriteStringValue(newUri(newBase, scheme, root.GetProperty("apiUrl").ToString()).ToString());
writer.WriteStringValue(NewUri(newBase, scheme, root.GetProperty("apiUrl").ToString()).ToString());
}
else if (element.Name == "docUrl")
{
writer.WritePropertyName(element.Name);
writer.WriteStringValue(newUri(newBase, scheme, root.GetProperty("docUrl").ToString()).ToString());
writer.WriteStringValue(NewUri(newBase, scheme, root.GetProperty("docUrl").ToString()).ToString());
}
// write same value as original config json
else
Expand All @@ -270,7 +307,14 @@ private JsonElement processConfig(HostString newBase, string scheme)
}


private Uri newUri(HostString newBase, string scheme, string oldUri)
/// <summary>
///
/// </summary>
/// <param name="newBase"></param>
/// <param name="scheme"></param>
/// <param name="oldUri"></param>
/// <returns></returns>
private Uri NewUri(HostString newBase, string scheme, string oldUri)
{
//set the hostname and port to the same as the new base return the new uri
UriBuilder tmp = new UriBuilder(oldUri);
Expand Down

0 comments on commit f41a6b7

Please sign in to comment.