mirror of
https://github.com/immense/Remotely.git
synced 2025-10-26 11:27:15 +00:00
118 lines
3.8 KiB
C#
118 lines
3.8 KiB
C#
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.SignalR;
|
|
using Remotely.Server.Hubs;
|
|
using Remotely.Server.Services;
|
|
using Remotely.Shared.Utilities;
|
|
using Remotely.Shared.Models;
|
|
using System;
|
|
using System.IO;
|
|
using System.Threading.Tasks;
|
|
using Remotely.Shared.Enums;
|
|
using Remotely.Server.Auth;
|
|
using Immense.RemoteControl.Shared.Helpers;
|
|
using Remotely.Shared;
|
|
using Remotely.Server.Extensions;
|
|
|
|
namespace Remotely.Server.API;
|
|
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
public class ScriptingController : ControllerBase
|
|
{
|
|
private readonly IHubContext<AgentHub> _agentHubContext;
|
|
|
|
private readonly IDataService _dataService;
|
|
private readonly IAgentHubSessionCache _serviceSessionCache;
|
|
private readonly IExpiringTokenService _expiringTokenService;
|
|
|
|
private readonly UserManager<RemotelyUser> _userManager;
|
|
|
|
public ScriptingController(UserManager<RemotelyUser> userManager,
|
|
IDataService dataService,
|
|
IAgentHubSessionCache serviceSessionCache,
|
|
IExpiringTokenService expiringTokenService,
|
|
IHubContext<AgentHub> agentHub)
|
|
{
|
|
_dataService = dataService;
|
|
_serviceSessionCache = serviceSessionCache;
|
|
_expiringTokenService = expiringTokenService;
|
|
_userManager = userManager;
|
|
_agentHubContext = agentHub;
|
|
}
|
|
|
|
[ServiceFilter(typeof(ApiAuthorizationFilter))]
|
|
[HttpPost("[action]/{mode}/{deviceID}")]
|
|
public async Task<ActionResult<ScriptResult>> ExecuteCommand(string mode, string deviceID)
|
|
{
|
|
if (!Request.Headers.TryGetOrganizationId(out var orgId))
|
|
{
|
|
return Unauthorized();
|
|
}
|
|
|
|
if (!Enum.TryParse<ScriptingShell>(mode, true, out var shell))
|
|
{
|
|
return BadRequest("Unable to parse shell type. Use either PSCore, WinPS, Bash, or CMD.");
|
|
}
|
|
|
|
var command = string.Empty;
|
|
using (var sr = new StreamReader(Request.Body))
|
|
{
|
|
command = await sr.ReadToEndAsync();
|
|
}
|
|
|
|
var userID = string.Empty;
|
|
if (Request.HttpContext.User.Identity?.IsAuthenticated == true)
|
|
{
|
|
var username = Request.HttpContext.User.Identity.Name;
|
|
var userResult = await _dataService.GetUserByName($"{username}");
|
|
|
|
if (!userResult.IsSuccess)
|
|
{
|
|
return Unauthorized();
|
|
}
|
|
|
|
if (!_dataService.DoesUserHaveAccessToDevice(deviceID, userResult.Value))
|
|
{
|
|
return Unauthorized();
|
|
}
|
|
}
|
|
|
|
if (!_serviceSessionCache.TryGetByDeviceId(deviceID, out var device))
|
|
{
|
|
return NotFound();
|
|
}
|
|
|
|
if (!_serviceSessionCache.TryGetConnectionId(deviceID, out var connectionId))
|
|
{
|
|
return NotFound();
|
|
}
|
|
|
|
if (device.OrganizationID != orgId)
|
|
{
|
|
return Unauthorized();
|
|
}
|
|
|
|
var requestID = Guid.NewGuid().ToString();
|
|
var authToken = _expiringTokenService.GetToken(Time.Now.AddMinutes(AppConstants.ScriptRunExpirationMinutes));
|
|
|
|
// TODO: Replace with new invoke capability in .NET 7.
|
|
await _agentHubContext.Clients.Client(connectionId).SendAsync("ExecuteCommandFromApi", shell, authToken, requestID, command, User?.Identity?.Name);
|
|
|
|
var success = await WaitHelper.WaitForAsync(() => AgentHub.ApiScriptResults.TryGetValue(requestID, out _), TimeSpan.FromSeconds(30));
|
|
if (!success)
|
|
{
|
|
return NotFound();
|
|
}
|
|
AgentHub.ApiScriptResults.TryGetValue(requestID, out var commandId);
|
|
AgentHub.ApiScriptResults.Remove(requestID);
|
|
|
|
var scriptResult = await _dataService.GetScriptResult($"{commandId}", orgId);
|
|
if (!scriptResult.IsSuccess)
|
|
{
|
|
return NotFound();
|
|
}
|
|
return scriptResult.Value;
|
|
}
|
|
}
|