1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-28 17:57:37 +01:00

hibp breach api proxy

This commit is contained in:
Kyle Spearrin 2019-01-17 01:03:11 -05:00
parent c3563db4d2
commit 7f9d979346
3 changed files with 84 additions and 0 deletions

View File

@ -0,0 +1,78 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using System.Net.Http;
using System.Security.Cryptography;
using Bit.Core.Services;
using Bit.Core;
using System.Net;
using Bit.Core.Exceptions;
namespace Bit.Api.Controllers
{
[Route("hibp")]
[Authorize("Application")]
public class HibpController : Controller
{
private const string HibpBreachApi = "https://haveibeenpwned.com/api/v2/breachedaccount/{0}";
private static HttpClient _httpClient;
private readonly IUserService _userService;
private readonly CurrentContext _currentContext;
private readonly GlobalSettings _globalSettings;
static HibpController()
{
_httpClient = new HttpClient();
_httpClient.DefaultRequestHeaders.Add("User-Agent", "Bitwarden");
}
public HibpController(
IUserService userService,
CurrentContext currentContext,
GlobalSettings globalSettings)
{
_userService = userService;
_currentContext = currentContext;
_globalSettings = globalSettings;
}
[HttpGet("breach")]
public async Task<IActionResult> Get(string email)
{
var encodedEmail = WebUtility.UrlEncode(email);
var request = new HttpRequestMessage(HttpMethod.Get, string.Format(HibpBreachApi, encodedEmail));
if(!string.IsNullOrWhiteSpace(_globalSettings.HibpBreachApiKey))
{
request.Headers.Add("Authorization", $"Basic {_globalSettings.HibpBreachApiKey}");
}
request.Headers.Add("Client-Id", GetClientId());
request.Headers.Add("Client-Ip", _currentContext.IpAddress);
var response = await _httpClient.SendAsync(request);
if(response.IsSuccessStatusCode)
{
var data = await response.Content.ReadAsStringAsync();
return Content(data, "application/json");
}
else if(response.StatusCode == HttpStatusCode.NotFound)
{
return new NotFoundResult();
}
else
{
throw new BadRequestException("Request failed. Status code: " + response.StatusCode);
}
}
private string GetClientId()
{
var userId = _userService.GetProperUserId(User).Value;
using(var sha256 = SHA256.Create())
{
var hash = sha256.ComputeHash(userId.ToByteArray());
return Convert.ToBase64String(hash);
}
}
}
}

View File

@ -174,6 +174,11 @@
"Period": "1m",
"Limit": 5
},
{
"Endpoint": "get:/hibp/breach",
"Period": "2s",
"Limit": 1
},
{
"Endpoint": "post:/installations",
"Period": "2m",

View File

@ -12,6 +12,7 @@ namespace Bit.Core
public virtual string LicenseDirectory { get; set; }
public virtual string PushRelayBaseUri { get; set; }
public virtual string InternalIdentityKey { get; set; }
public virtual string HibpBreachApiKey { get; set; }
public virtual bool DisableUserRegistration { get; set; }
public virtual InstallationSettings Installation { get; set; } = new InstallationSettings();
public virtual BaseServiceUriSettings BaseServiceUri { get; set; } = new BaseServiceUriSettings();