Engine/Source/Programs/UnrealCloudDDC/Jupiter/Controllers/RequestHelper.cs

// Copyright Epic Games, Inc. All Rights Reserved.

using System;
using System.Security.Claims;
using System.Threading.Tasks;
using EpicGames.Horde.Storage;
using Jupiter.Common;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Microsoft.Extensions.Primitives;
using OpenTelemetry.Trace;

namespace Jupiter.Controllers;

public class RequestHelper : IRequestHelper
{
	private readonly IAuthorizationService _authorizationService;
	private readonly INamespacePolicyResolver _namespacePolicyResolver;
	private readonly IOptionsMonitor<JupiterSettings> _settings;
	private readonly Tracer _tracer;

	public RequestHelper(IAuthorizationService authorizationService, INamespacePolicyResolver namespacePolicyResolver, IOptionsMonitor<JupiterSettings> settings, Tracer tracer)
	{
		_authorizationService = authorizationService;
		_namespacePolicyResolver = namespacePolicyResolver;
		_settings = settings;
		_tracer = tracer;
	}

	public async Task<ActionResult?> HasAccessToNamespaceAsync(ClaimsPrincipal user, HttpRequest request, NamespaceId ns, JupiterAclAction[] aclActions)
	{
		using TelemetrySpan _ = _tracer.StartActiveSpan("authorize").SetAttribute("operation.name", "authorize");
		AuthorizationResult authorizationResult = await _authorizationService.AuthorizeAsync(user, new NamespaceAccessRequest
		{
			Namespace = ns,
			Actions = aclActions
		}, NamespaceAccessRequirement.Name);

		if (!authorizationResult.Succeeded)
		{
			return new ForbidResult();
		}

		bool isPublicNamespace = _namespacePolicyResolver.GetPoliciesForNs(ns).IsPublicNamespace;

		// public namespaces are always accessible
		if (isPublicNamespace)
		{
			return null;
		}

		// namespace is a restricted namespace, check which port it is being accessed on
		bool isPublicPort = IsPublicPort(request.HttpContext);

		if (isPublicPort)
		{
			// trying to access restricted namespace on a public port, this is not allowed
			return new ForbidResult();
		}

		// restricted namespace in corp or internal port, this is okay
		return null;
	}

	public async Task<ActionResult?> HasAccessForGlobalOperationsAsync(ClaimsPrincipal user, JupiterAclAction[] aclActions)
	{
		using TelemetrySpan _ = _tracer.StartActiveSpan("authorize").SetAttribute("operation.name", "authorize");
		AuthorizationResult authorizationResult = await _authorizationService.AuthorizeAsync(user, new GlobalAccessRequest
		{
			Actions = aclActions
		}, GlobalAccessRequirement.Name);

		if (!authorizationResult.Succeeded)
		{
			return new ForbidResult();
		}

		return null;
	}

	public bool IsPublicPort(HttpContext context)
	{
		string? portHeaderValue = null;
		if (context.Request.Headers.TryGetValue("X-Jupiter-Port", out StringValues values))
		{
			portHeaderValue = values.ToString();
		}

		// unit tests do not run on ports, we consider them always on the internal port
		bool isLocalConnection = context.Connection.LocalPort == 0 && context.Connection.LocalIpAddress == null;
		// public port is either running on the public port, or if using domain sockets we check the header that is passed along instead
		bool isPublicPort = _settings!.CurrentValue.PublicApiPorts.Contains(context.Connection.LocalPort);

		if (isLocalConnection && _settings.CurrentValue.AssumeLocalConnectionsHasFullAccess)
		{
			// local connection so granting it full access
			isPublicPort = false;
		}

		if (isLocalConnection && portHeaderValue != null)
		{
			if (string.Equals(portHeaderValue, "Public", StringComparison.OrdinalIgnoreCase))
			{
				isPublicPort = true;
			}
			else if (string.Equals(portHeaderValue, "Corp", StringComparison.OrdinalIgnoreCase))
			{
				isPublicPort = false;
			}
		}

		return isPublicPort;
	}
}
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00			`// Copyright Epic Games, Inc. All Rights Reserved.`

UnrealCloudDDC - Virtual assets permanent storage We can now configure fallback namespaces, when a request for a blob in a namespace fails we can now fallback to another namespace. You will need to be authenticated for the second namespace as well. This allows us to configure virtual assets to query one namespace in the ddc pool (which is short lived) and if that fails it can fallback to the permanent VA storage, which is never GCed and only replicated on demand. This also makes it possible to test the acl mapping even though auth is disabled. #preflight 63e122d91b44ee7cb1da5da2 [CL 24047315 by Joakim Lindqvist in ue5-main branch] 2023-02-07 07:59:36 -05:00			`using System;`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00			`using System.Security.Claims;`
			`using System.Threading.Tasks;`
			`using EpicGames.Horde.Storage;`
			`using Jupiter.Common;`
			`using Microsoft.AspNetCore.Authorization;`
			`using Microsoft.AspNetCore.Http;`
			`using Microsoft.AspNetCore.Mvc;`
			`using Microsoft.Extensions.Options;`
Unreal Cloud DDC - Fixed issue with domain sockets not being correctly identified as public or corp, added header which can be sent if on a local connection to indicate port used (which can be sent from nginx). Fixed up assumption that all local connections are test (with domain sockets this is no longer the case). Reconciled our domain sockets into 2, one for http1.1 and one for http2. #preflight none [CL 24497600 by Joakim Lindqvist in ue5-main branch] 2023-03-03 09:07:19 -05:00			`using Microsoft.Extensions.Primitives;`
UnrealCloudDDC - Reworked all datadog tracing to use OpenTelemetry instead, sending the traces to datadog as OTLP streams instead (this is not fully tested how it looks like on datadog). Added ability to export to Azure monitor as well (though it would be preferable to use the OTLP stream there as well). Also reworked a few places were we were not using dependency injection to create objects causing a lot of frustration as we added more things that assumed DI. #preflight 6372532c232e3d12cb5bdd64 [CL 23117833 by Joakim Lindqvist in ue5-main branch] 2022-11-14 10:12:52 -05:00			`using OpenTelemetry.Trace;`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00
Renamed Horde.Storage to UnrealCloudDDC - This is more descriptive of its current functionality (a distributed cloud based ddc cache). This also helps seperate it from Hordes internal storage. #preflight none [CL 22476446 by Joakim Lindqvist in ue5-main branch] 2022-10-12 06:36:30 -04:00			`namespace Jupiter.Controllers;`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00
UnrealCloudDDC: Create an interface for IRequestHelper so that Horde can use a different implementation. #fyi Joakim.Lindqvist [CL 26322345 by Ben Marsh in ue5-main branch] 2023-06-29 14:45:59 -04:00			`public class RequestHelper : IRequestHelper`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00			`{`
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`private readonly IAuthorizationService _authorizationService;`
			`private readonly INamespacePolicyResolver _namespacePolicyResolver;`
			`private readonly IOptionsMonitor<JupiterSettings> _settings;`
			`private readonly Tracer _tracer;`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`public RequestHelper(IAuthorizationService authorizationService, INamespacePolicyResolver namespacePolicyResolver, IOptionsMonitor<JupiterSettings> settings, Tracer tracer)`
			`{`
			`_authorizationService = authorizationService;`
			`_namespacePolicyResolver = namespacePolicyResolver;`
			`_settings = settings;`
			`_tracer = tracer;`
			`}`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00
UnrealCloudDDC: Few more async naming fixups for interfaces. [CL 27021904 by Ben Marsh in ue5-main branch] 2023-08-10 23:09:40 -04:00			`public async Task<ActionResult?> HasAccessToNamespaceAsync(ClaimsPrincipal user, HttpRequest request, NamespaceId ns, JupiterAclAction[] aclActions)`
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`{`
			`using TelemetrySpan _ = _tracer.StartActiveSpan("authorize").SetAttribute("operation.name", "authorize");`
			`AuthorizationResult authorizationResult = await _authorizationService.AuthorizeAsync(user, new NamespaceAccessRequest`
			`{`
			`Namespace = ns,`
			`Actions = aclActions`
			`}, NamespaceAccessRequirement.Name);`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`if (!authorizationResult.Succeeded)`
			`{`
			`return new ForbidResult();`
			`}`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`bool isPublicNamespace = _namespacePolicyResolver.GetPoliciesForNs(ns).IsPublicNamespace;`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`// public namespaces are always accessible`
			`if (isPublicNamespace)`
			`{`
			`return null;`
			`}`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00
Unreal Cloud DDC - Added operation for enumerating contents in a bucket with explicit ACL that is not normally granted and with a option to require corp endpoint to be useable (which is set by default) - will be used for oplogs and other non DDC use cases were the number of objects are small and enumeration is useful. [CL 33165582 by joakim lindqvist in ue5-main branch] 2024-04-23 08:00:22 -04:00			`// namespace is a restricted namespace, check which port it is being accessed on`
			`bool isPublicPort = IsPublicPort(request.HttpContext);`

			`if (isPublicPort)`
			`{`
			`// trying to access restricted namespace on a public port, this is not allowed`
			`return new ForbidResult();`
			`}`

			`// restricted namespace in corp or internal port, this is okay`
			`return null;`
			`}`

			`public async Task<ActionResult?> HasAccessForGlobalOperationsAsync(ClaimsPrincipal user, JupiterAclAction[] aclActions)`
			`{`
			`using TelemetrySpan _ = _tracer.StartActiveSpan("authorize").SetAttribute("operation.name", "authorize");`
			`AuthorizationResult authorizationResult = await _authorizationService.AuthorizeAsync(user, new GlobalAccessRequest`
			`{`
			`Actions = aclActions`
			`}, GlobalAccessRequirement.Name);`

			`if (!authorizationResult.Succeeded)`
			`{`
			`return new ForbidResult();`
			`}`

			`return null;`
			`}`

			`public bool IsPublicPort(HttpContext context)`
			`{`
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`string? portHeaderValue = null;`
			`if (context.Request.Headers.TryGetValue("X-Jupiter-Port", out StringValues values))`
			`{`
			`portHeaderValue = values.ToString();`
			`}`
Unreal Cloud DDC - Fixed issue with domain sockets not being correctly identified as public or corp, added header which can be sent if on a local connection to indicate port used (which can be sent from nginx). Fixed up assumption that all local connections are test (with domain sockets this is no longer the case). Reconciled our domain sockets into 2, one for http1.1 and one for http2. #preflight none [CL 24497600 by Joakim Lindqvist in ue5-main branch] 2023-03-03 09:07:19 -05:00
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`// unit tests do not run on ports, we consider them always on the internal port`
			`bool isLocalConnection = context.Connection.LocalPort == 0 && context.Connection.LocalIpAddress == null;`
			`// public port is either running on the public port, or if using domain sockets we check the header that is passed along instead`
			`bool isPublicPort = _settings!.CurrentValue.PublicApiPorts.Contains(context.Connection.LocalPort);`
Unreal Cloud DDC - Fixed issue with domain sockets not being correctly identified as public or corp, added header which can be sent if on a local connection to indicate port used (which can be sent from nginx). Fixed up assumption that all local connections are test (with domain sockets this is no longer the case). Reconciled our domain sockets into 2, one for http1.1 and one for http2. #preflight none [CL 24497600 by Joakim Lindqvist in ue5-main branch] 2023-03-03 09:07:19 -05:00
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`if (isLocalConnection && _settings.CurrentValue.AssumeLocalConnectionsHasFullAccess)`
			`{`
			`// local connection so granting it full access`
			`isPublicPort = false;`
			`}`
Unreal Cloud DDC - Fixed issue with domain sockets not being correctly identified as public or corp, added header which can be sent if on a local connection to indicate port used (which can be sent from nginx). Fixed up assumption that all local connections are test (with domain sockets this is no longer the case). Reconciled our domain sockets into 2, one for http1.1 and one for http2. #preflight none [CL 24497600 by Joakim Lindqvist in ue5-main branch] 2023-03-03 09:07:19 -05:00
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`if (isLocalConnection && portHeaderValue != null)`
			`{`
			`if (string.Equals(portHeaderValue, "Public", StringComparison.OrdinalIgnoreCase))`
			`{`
			`isPublicPort = true;`
			`}`
			`else if (string.Equals(portHeaderValue, "Corp", StringComparison.OrdinalIgnoreCase))`
			`{`
			`isPublicPort = false;`
			`}`
			`}`
Unreal Cloud DDC - Fixed issue with domain sockets not being correctly identified as public or corp, added header which can be sent if on a local connection to indicate port used (which can be sent from nginx). Fixed up assumption that all local connections are test (with domain sockets this is no longer the case). Reconciled our domain sockets into 2, one for http1.1 and one for http2. #preflight none [CL 24497600 by Joakim Lindqvist in ue5-main branch] 2023-03-03 09:07:19 -05:00
Unreal Cloud DDC - Added operation for enumerating contents in a bucket with explicit ACL that is not normally granted and with a option to require corp endpoint to be useable (which is set by default) - will be used for oplogs and other non DDC use cases were the number of objects are small and enumeration is useful. [CL 33165582 by joakim lindqvist in ue5-main branch] 2024-04-23 08:00:22 -04:00			`return isPublicPort;`
UnrealCloudDDC: Convert spaces to tabs for indentation. #fyi Joakim.Lindqvist [CL 26641535 by Ben Marsh in ue5-main branch] 2023-07-27 11:20:47 -04:00			`}`
Horde Storage - Added option to control if namespaces have to be required from non-public endpoints (meaning not exposed to the internet). Namespaces are public by default for backwards compatability. These non-public endpoints is mostly intended for buildfarm only storage - were we are guaranteed to be on a appopriate network. #preflight https://horde.devtools.epicgames.com/job/6278efa77e7140590c008ffb [CL 20101014 by Joakim Lindqvist in ue5-main branch] 2022-05-09 07:07:35 -04:00			`}`