Merge pull request #2080 from MediaBrowser/beta

Beta
author: Luke <luke.pulverenti@gmail.com> 2016-08-19 14:57:01 -0400
committer: GitHub <noreply@github.com> 2016-08-19 14:57:01 -0400
commit: 0780889c51819c9f1c3b01f5bcdae9806c219c10 (patch)
tree: e91e8542e997c25992fd24e0b40fd7a765c45d62 /MediaBrowser.Server.Implementations/HttpServer
parent: ac8c4ccc3ce53a4eafbd0493e9fe333d95b28730 (diff)
parent: 003f61c8914706c6ea1d211644dabf5a5fbd759e (diff)
3 files changed, 73 insertions, 20 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/AsyncStreamWriterFunc.cs b/MediaBrowser.Server.Implementations/HttpServer/AsyncStreamWriter.cs
index 5aa01c706..e44b0c6af 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/AsyncStreamWriterFunc.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/AsyncStreamWriter.cs
@@ -4,38 +4,41 @@ using System.IO;
 using System.Threading.Tasks;
 using ServiceStack;
 using ServiceStack.Web;
+using MediaBrowser.Controller.Net;
 
 namespace MediaBrowser.Server.Implementations.HttpServer
 {
-    public class AsyncStreamWriterFunc : IStreamWriter, IAsyncStreamWriter, IHasOptions
+    public class AsyncStreamWriter : IStreamWriter, IAsyncStreamWriter, IHasOptions
     {
         /// <summary>
         /// Gets or sets the source stream.
         /// </summary>
         /// <value>The source stream.</value>
-        private Func<Stream, Task> Writer { get; set; }
-
-        /// <summary>
-        /// Gets the options.
-        /// </summary>
-        /// <value>The options.</value>
-        public IDictionary<string, string> Options { get; private set; }
+        private IAsyncStreamSource _source;
 
         public Action OnComplete { get; set; }
         public Action OnError { get; set; }
 
         /// <summary>
-        /// Initializes a new instance of the <see cref="StreamWriter" /> class.
+        /// Initializes a new instance of the <see cref="AsyncStreamWriter" /> class.
         /// </summary>
-        public AsyncStreamWriterFunc(Func<Stream, Task> writer, IDictionary<string, string> headers)
+        public AsyncStreamWriter(IAsyncStreamSource source)
         {
-            Writer = writer;
+            _source = source;
+        }
 
-            if (headers == null)
+        public IDictionary<string, string> Options
+        {
+            get
             {
-                headers = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+                var hasOptions = _source as IHasOptions;
+                if (hasOptions != null)
+                {
+                    return hasOptions.Options;
+                }
+
+                return new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
             }
-            Options = headers;
         }
 
         /// <summary>
@@ -44,13 +47,13 @@ namespace MediaBrowser.Server.Implementations.HttpServer
         /// <param name="responseStream">The response stream.</param>
         public void WriteTo(Stream responseStream)
         {
-            var task = Writer(responseStream);
+            var task = _source.WriteToAsync(responseStream);
             Task.WaitAll(task);
         }
 
         public async Task WriteToAsync(Stream responseStream)
         {
-            await Writer(responseStream).ConfigureAwait(false);
+            await _source.WriteToAsync(responseStream).ConfigureAwait(false);
         }
     }
 }
diff --git a/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs b/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
index 90055d8ec..633208739 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
@@ -331,6 +331,46 @@ namespace MediaBrowser.Server.Implementations.HttpServer
             return url;
         }
 
+        private string NormalizeConfiguredLocalAddress(string address)
+        {
+            var index = address.Trim('/').IndexOf('/');
+
+            if (index != -1)
+            {
+                address = address.Substring(index + 1);
+            }
+
+            return address.Trim('/');
+        }
+
+        private bool ValidateHost(Uri url)
+        {
+            var hosts = _config
+                .Configuration
+                .LocalNetworkAddresses
+                .Select(NormalizeConfiguredLocalAddress)
+                .ToList();
+
+            if (hosts.Count == 0)
+            {
+                return true;
+            }
+
+            var host = url.Host ?? string.Empty;
+
+            _logger.Debug("Validating host {0}", host);
+
+            if (_networkManager.IsInPrivateAddressSpace(host))
+            {
+                hosts.Add("localhost");
+                hosts.Add("127.0.0.1");
+
+                return hosts.Any(i => host.IndexOf(i, StringComparison.OrdinalIgnoreCase) != -1);
+            }
+
+            return true;
+        }
+
         /// <summary>
         /// Overridable method that can be used to implement a custom hnandler
         /// </summary>
@@ -350,6 +390,16 @@ namespace MediaBrowser.Server.Implementations.HttpServer
                 return ;
             }
 
+            if (!ValidateHost(url))
+            {
+                httpRes.StatusCode = 400;
+                httpRes.ContentType = "text/plain";
+                httpRes.Write("Invalid host");
+
+                httpRes.Close();
+                return;
+            }
+
             var operationName = httpReq.OperationName;
             var localPath = url.LocalPath;
 
diff --git a/MediaBrowser.Server.Implementations/HttpServer/HttpResultFactory.cs b/MediaBrowser.Server.Implementations/HttpServer/HttpResultFactory.cs
index c0a2a5eb3..c55e98388 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/HttpResultFactory.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/HttpResultFactory.cs
@@ -275,7 +275,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer
         /// <returns>System.Object.</returns>
         private object GetCachedResult(IRequest requestContext, IDictionary<string, string> responseHeaders, Guid cacheKey, string cacheKeyString, DateTime? lastDateModified, TimeSpan? cacheDuration, string contentType)
         {
-            responseHeaders["ETag"] = cacheKeyString;
+            responseHeaders["ETag"] = string.Format("\"{0}\"", cacheKeyString);
 
             if (IsNotModified(requestContext, cacheKey, lastDateModified, cacheDuration))
             {
@@ -534,7 +534,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer
             if (lastDateModified.HasValue && (string.IsNullOrEmpty(cacheKey) || cacheDuration.HasValue))
             {
                 AddAgeHeader(responseHeaders, lastDateModified);
-                responseHeaders["LastModified"] = lastDateModified.Value.ToString("r");
+                responseHeaders["Last-Modified"] = lastDateModified.Value.ToString("r");
             }
 
             if (cacheDuration.HasValue)
@@ -704,9 +704,9 @@ namespace MediaBrowser.Server.Implementations.HttpServer
             throw error;
         }
 
-        public object GetAsyncStreamWriter(Func<Stream, Task> streamWriter, IDictionary<string, string> responseHeaders = null)
+        public object GetAsyncStreamWriter(IAsyncStreamSource streamSource)
         {
-            return new AsyncStreamWriterFunc(streamWriter, responseHeaders);
+            return new AsyncStreamWriter(streamSource);
         }
     }
 }
 \ No newline at end of file
author	Luke <luke.pulverenti@gmail.com>	2016-08-19 14:57:01 -0400
committer	GitHub <noreply@github.com>	2016-08-19 14:57:01 -0400
commit	0780889c51819c9f1c3b01f5bcdae9806c219c10 (patch)
tree	e91e8542e997c25992fd24e0b40fd7a765c45d62 /MediaBrowser.Server.Implementations/HttpServer
parent	ac8c4ccc3ce53a4eafbd0493e9fe333d95b28730 (diff)
parent	003f61c8914706c6ea1d211644dabf5a5fbd759e (diff)