Add overloads and cleanup

JimBobSquarePants · JimBobSquarePants · commit 879f990ba880 · 2022-07-06T13:03:56.000+10:00
diff --git a/src/ImageSharp.Web.Providers.AWS/Caching/AWSS3StorageCache.cs b/src/ImageSharp.Web.Providers.AWS/Caching/AWSS3StorageCache.cs
@@ -1,8 +1,11 @@
 // Copyright (c) Six Labors.
 // Licensed under the Apache License, Version 2.0.
 
+using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.IO;
+using System.Threading;
 using System.Threading.Tasks;
 using Amazon.S3;
 using Amazon.S3.Model;
@@ -119,5 +122,53 @@ private static async Task<PutBucketResponse> CreateIfNotExistsAsync(
 
             return null;
         }
+
+        /// <summary>
+        /// <see href="https://github.com/aspnet/AspNetIdentity/blob/b7826741279450c58b230ece98bd04b4815beabf/src/Microsoft.AspNet.Identity.Core/AsyncHelper.cs"/>
+        /// </summary>
+        internal static class AsyncHelper
+        {
+            private static readonly TaskFactory TaskFactory
+                = new(
+                    CancellationToken.None,
+                    TaskCreationOptions.None,
+                    TaskContinuationOptions.None,
+                    TaskScheduler.Default);
+
+            /// <summary>
+            /// Executes an async <see cref="Task"/> method synchronously.
+            /// </summary>
+            /// <param name="task">The task to excecute.</param>
+            public static void RunSync(Func<Task> task)
+            {
+                CultureInfo cultureUi = CultureInfo.CurrentUICulture;
+                CultureInfo culture = CultureInfo.CurrentCulture;
+                TaskFactory.StartNew(() =>
+                {
+                    Thread.CurrentThread.CurrentCulture = culture;
+                    Thread.CurrentThread.CurrentUICulture = cultureUi;
+                    return task();
+                }).Unwrap().GetAwaiter().GetResult();
+            }
+
+            /// <summary>
+            /// Executes an async <see cref="Task{TResult}"/> method which has
+            /// a <paramref name="task"/> return type synchronously.
+            /// </summary>
+            /// <typeparam name="TResult">The type of result to return.</typeparam>
+            /// <param name="task">The task to excecute.</param>
+            /// <returns>The <typeparamref name="TResult"/>.</returns>
+            public static TResult RunSync<TResult>(Func<Task<TResult>> task)
+            {
+                CultureInfo cultureUi = CultureInfo.CurrentUICulture;
+                CultureInfo culture = CultureInfo.CurrentCulture;
+                return TaskFactory.StartNew(() =>
+                {
+                    Thread.CurrentThread.CurrentCulture = culture;
+                    Thread.CurrentThread.CurrentUICulture = cultureUi;
+                    return task();
+                }).Unwrap().GetAwaiter().GetResult();
+            }
+        }
     }
 }
diff --git a/src/ImageSharp.Web/CommandHandling.cs b/src/ImageSharp.Web/CommandHandling.cs
@@ -0,0 +1,24 @@
+// Copyright (c) Six Labors.
+// Licensed under the Apache License, Version 2.0.
+
+using SixLabors.ImageSharp.Web.Commands;
+
+namespace SixLabors.ImageSharp.Web
+{
+    /// <summary>
+    /// Provides enumeration for handling <see cref="CommandCollection"/> instances
+    /// when processing a request.
+    /// </summary>
+    public enum CommandHandling
+    {
+        /// <summary>
+        /// The command collection will be stripped of any unknown commands.
+        /// </summary>
+        Sanitize,
+
+        /// <summary>
+        /// The command collection will be processed unaltered.
+        /// </summary>
+        None
+    }
+}
diff --git a/src/ImageSharp.Web/ImageSharpRequestAuthorizationUtilities.cs b/src/ImageSharp.Web/ImageSharpRequestAuthorizationUtilities.cs
@@ -3,7 +3,7 @@
 
 using System;
 using System.Collections.Generic;
-using System.Runtime.CompilerServices;
+using System.Globalization;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 
@@ -28,10 +28,11 @@ public sealed class ImageSharpRequestAuthorizationUtilities
         /// The command used by image requests for transporting Hash-based Message Authentication Code (HMAC) tokens.
         /// </summary>
         public const string TokenCommand = HMACUtilities.TokenCommand;
-
         private static readonly Uri FallbackBaseUri = new("http://localhost/");
         private readonly HashSet<string> knownCommands;
         private readonly ImageSharpMiddlewareOptions options;
+        private readonly CommandParser commandParser;
+        private readonly CultureInfo parserCulture;
         private readonly IRequestParser requestParser;
         private readonly IServiceProvider serviceProvider;
 
@@ -41,18 +42,26 @@ public sealed class ImageSharpRequestAuthorizationUtilities
         /// <param name="options">The middleware configuration options.</param>
         /// <param name="requestParser">An <see cref="IRequestParser"/> instance used to parse image requests for commands.</param>
         /// <param name="processors">A collection of <see cref="IImageWebProcessor"/> instances used to process images.</param>
+        /// <param name="commandParser">The command parser.</param>
         /// <param name="serviceProvider">The service provider.</param>
         public ImageSharpRequestAuthorizationUtilities(
             IOptions<ImageSharpMiddlewareOptions> options,
             IRequestParser requestParser,
             IEnumerable<IImageWebProcessor> processors,
+            CommandParser commandParser,
             IServiceProvider serviceProvider)
         {
             Guard.NotNull(options, nameof(options));
             Guard.NotNull(requestParser, nameof(requestParser));
             Guard.NotNull(processors, nameof(processors));
             Guard.NotNull(serviceProvider, nameof(serviceProvider));
 
+            this.options = options.Value;
+            this.commandParser = commandParser;
+            this.parserCulture = this.options.UseInvariantParsingCulture
+                ? CultureInfo.InvariantCulture
+                : CultureInfo.CurrentCulture;
+
             HashSet<string> commands = new(StringComparer.OrdinalIgnoreCase);
             foreach (IImageWebProcessor processor in processors)
             {
@@ -63,7 +72,6 @@ public ImageSharpRequestAuthorizationUtilities(
             }
 
             this.knownCommands = commands;
-            this.options = options.Value;
         }
 
         /// <summary>
@@ -90,91 +98,165 @@ public void StripUnknownCommands(CommandCollection commands)
         /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
         /// </summary>
         /// <param name="uri">The uri to compute the code from.</param>
+        /// <param name="handling">The command collection handling.</param>
         /// <returns>The computed HMAC.</returns>
-        public string ComputeHMAC(string uri)
-            => this.ComputeHMAC(new Uri(uri));
+        public string ComputeHMAC(string uri, CommandHandling handling)
+            => this.ComputeHMAC(new Uri(uri), handling);
 
         /// <summary>
         /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
         /// </summary>
         /// <param name="uri">The uri to compute the code from.</param>
+        /// <param name="handling">The command collection handling.</param>
         /// <returns>The computed HMAC.</returns>
-        public string ComputeHMAC(Uri uri)
-            => AsyncHelper.RunSync(() => this.ComputeHMACAsync(uri));
+        public Task<string> ComputeHMACAsync(string uri, CommandHandling handling)
+            => this.ComputeHMACAsync(new Uri(uri), handling);
 
         /// <summary>
         /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
         /// </summary>
         /// <param name="uri">The uri to compute the code from.</param>
+        /// <param name="handling">The command collection handling.</param>
         /// <returns>The computed HMAC.</returns>
-        public Task<string> ComputeHMACAsync(string uri)
-            => this.ComputeHMACAsync(new Uri(uri));
+        public string ComputeHMAC(Uri uri, CommandHandling handling)
+        {
+            ToComponents(
+                uri,
+                out HostString host,
+                out PathString path,
+                out QueryString queryString);
+
+            return this.ComputeHMAC(host, path, queryString, handling);
+        }
 
         /// <summary>
         /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
         /// </summary>
         /// <param name="uri">The uri to compute the code from.</param>
+        /// <param name="handling">The command collection handling.</param>
         /// <returns>The computed HMAC.</returns>
-        public async Task<string> ComputeHMACAsync(Uri uri)
+        public Task<string> ComputeHMACAsync(Uri uri, CommandHandling handling)
         {
-            byte[] secret = this.options.HMACSecretKey;
-            if (secret is null || secret.Length == 0)
-            {
-                return null;
-            }
-
-            // We need to generate a HttpRequest to use the rest of the services.
-            DefaultHttpContext context = new() { RequestServices = this.serviceProvider };
-            HttpRequest request = context.Request;
-
             ToComponents(
                 uri,
                 out HostString host,
                 out PathString path,
-                out QueryString queryString,
-                out QueryCollection query);
+                out QueryString queryString);
 
-            request.Host = host;
-            request.Path = path;
-            request.QueryString = queryString;
-            request.Query = query;
+            return this.ComputeHMACAsync(host, path, queryString, handling);
+        }
 
-            CommandCollection commands = this.requestParser.ParseRequestCommands(context);
+        /// <summary>
+        /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
+        /// </summary>
+        /// <param name="host">The host header.</param>
+        /// <param name="path">The path or pathbase.</param>
+        /// <param name="queryString">The querystring.</param>
+        /// <param name="handling">The command collection handling.</param>
+        /// <returns>The computed HMAC.</returns>
+        public string ComputeHMAC(HostString host, PathString path, QueryString queryString, CommandHandling handling)
+            => this.ComputeHMAC(host, path, queryString, handling);
 
-            // The provided URI should not contain invalid commands since image URI geneneration
-            // should be tightly controlled by the running application but we will strip any out anyway.
-            this.StripUnknownCommands(commands);
+        /// <summary>
+        /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
+        /// </summary>
+        /// <param name="host">The host header.</param>
+        /// <param name="path">The path or pathbase.</param>
+        /// <param name="queryString">The querystring.</param>
+        /// <param name="handling">The command collection handling.</param>
+        /// <returns>The computed HMAC.</returns>
+        public Task<string> ComputeHMACAsync(HostString host, PathString path, QueryString queryString, CommandHandling handling)
+            => this.ComputeHMACAsync(host, path, queryString, new(QueryHelpers.ParseQuery(queryString.Value)), handling);
 
-            ImageCommandContext imageCommandContext = new(context, commands, null, null);
+        /// <summary>
+        /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
+        /// </summary>
+        /// <param name="host">The host header.</param>
+        /// <param name="path">The path or pathbase.</param>
+        /// <param name="queryString">The querystring.</param>
+        /// <param name="query">The query collection.</param>
+        /// <param name="handling">The command collection handling.</param>
+        /// <returns>The computed HMAC.</returns>
+        public string ComputeHMAC(HostString host, PathString path, QueryString queryString, QueryCollection query, CommandHandling handling)
+            => this.ComputeHMAC(this.ToHttpContext(host, path, queryString, query), handling);
+
+        /// <summary>
+        /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
+        /// </summary>
+        /// <param name="host">The host header.</param>
+        /// <param name="path">The path or pathbase.</param>
+        /// <param name="queryString">The querystring.</param>
+        /// <param name="query">The query collection.</param>
+        /// <param name="handling">The command collection handling.</param>
+        /// <returns>The computed HMAC.</returns>
+        public Task<string> ComputeHMACAsync(HostString host, PathString path, QueryString queryString, QueryCollection query, CommandHandling handling)
+            => this.ComputeHMACAsync(this.ToHttpContext(host, path, queryString, query), handling);
+
+        /// <summary>
+        /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
+        /// </summary>
+        /// <param name="context">The request HTTP context.</param>
+        /// <param name="handling">The command collection handling.</param>
+        /// <returns>The computed HMAC.</returns>
+        public string ComputeHMAC(HttpContext context, CommandHandling handling)
+            => AsyncHelper.RunSync(() => this.ComputeHMACAsync(context, handling));
+
+        /// <summary>
+        /// Compute a Hash-based Message Authentication Code (HMAC) for request authentication.
+        /// </summary>
+        /// <param name="context">The request HTTP context.</param>
+        /// <param name="handling">The command collection handling.</param>
+        /// <returns>The computed HMAC.</returns>
+        public async Task<string> ComputeHMACAsync(HttpContext context, CommandHandling handling)
+        {
+            byte[] secret = this.options.HMACSecretKey;
+            if (secret is null || secret.Length == 0)
+            {
+                return null;
+            }
+
+            CommandCollection commands = this.requestParser.ParseRequestCommands(context);
+            if (handling == CommandHandling.Sanitize)
+            {
+                this.StripUnknownCommands(commands);
+            }
+
+            ImageCommandContext imageCommandContext = new(context, commands, this.commandParser, this.parserCulture);
             return await this.options.OnComputeHMACAsync(imageCommandContext, secret);
         }
 
         private static void ToComponents(
             Uri uri,
             out HostString host,
             out PathString path,
-            out QueryString queryString,
-            out QueryCollection query)
+            out QueryString queryString)
         {
             if (uri.IsAbsoluteUri)
             {
                 host = HostString.FromUriComponent(uri);
                 path = PathString.FromUriComponent(uri);
                 queryString = QueryString.FromUriComponent(uri);
-                query = GetQueryComponent(queryString);
             }
             else
             {
                 Uri faux = new(FallbackBaseUri, uri);
                 host = default;
                 path = PathString.FromUriComponent(faux);
                 queryString = QueryString.FromUriComponent(faux);
-                query = GetQueryComponent(queryString);
             }
         }
 
-        [MethodImpl(MethodImplOptions.AggressiveInlining)]
-        private static QueryCollection GetQueryComponent(QueryString query)
-            => new(QueryHelpers.ParseQuery(query.Value));
+        private HttpContext ToHttpContext(HostString host, PathString path, QueryString queryString, QueryCollection query)
+        {
+            DefaultHttpContext context = new() { RequestServices = this.serviceProvider };
+            HttpRequest request = context.Request;
+            request.Method = HttpMethods.Get;
+            request.Host = host;
+            request.Path = path;
+            request.QueryString = queryString;
+            request.Query = query;
+
+            return context;
+        }
     }
 }
diff --git a/src/ImageSharp.Web/Middleware/ImageSharpMiddleware.cs b/src/ImageSharp.Web/Middleware/ImageSharpMiddleware.cs
@@ -129,7 +129,7 @@ private static readonly ConcurrentTLruCache<string, string> HMACTokenLru
         /// <param name="cache">An <see cref="IImageCache"/> instance used for caching images.</param>
         /// <param name="cacheKey">An <see cref="ICacheKey"/> instance used for creating cache keys.</param>
         /// <param name="cacheHash">An <see cref="ICacheHash"/>instance used for calculating cached file names.</param>
-        /// <param name="commandParser">The command parser</param>
+        /// <param name="commandParser">The command parser.</param>
         /// <param name="formatUtilities">Contains various format helper methods based on the current configuration.</param>
         /// <param name="asyncKeyLock">The async key lock</param>
         public ImageSharpMiddleware(
