InventoryServerInConnector.cs 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections;
  29. using System.Collections.Generic;
  30. using System.Net;
  31. using System.Reflection;
  32. using log4net;
  33. using Nini.Config;
  34. using Nwc.XmlRpc;
  35. using OpenSim.Server.Base;
  36. using OpenSim.Services.Interfaces;
  37. using OpenSim.Framework;
  38. using OpenSim.Framework.Servers.HttpServer;
  39. using OpenSim.Server.Handlers.Base;
  40. using OpenMetaverse;
  41. namespace OpenSim.Server.Handlers.Inventory
  42. {
  43. public class InventoryServiceInConnector : ServiceConnector
  44. {
  45. private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  46. protected IInventoryService m_InventoryService;
  47. private bool m_doLookup = false;
  48. //private static readonly int INVENTORY_DEFAULT_SESSION_TIME = 30; // secs
  49. //private AuthedSessionCache m_session_cache = new AuthedSessionCache(INVENTORY_DEFAULT_SESSION_TIME);
  50. private string m_userserver_url;
  51. protected string m_ConfigName = "InventoryService";
  52. public InventoryServiceInConnector(IConfigSource config, IHttpServer server, string configName) :
  53. base(config, server, configName)
  54. {
  55. if (configName != string.Empty)
  56. m_ConfigName = configName;
  57. IConfig serverConfig = config.Configs[m_ConfigName];
  58. if (serverConfig == null)
  59. throw new Exception(String.Format("No section '{0}' in config file", m_ConfigName));
  60. string inventoryService = serverConfig.GetString("LocalServiceModule",
  61. String.Empty);
  62. if (inventoryService == String.Empty)
  63. throw new Exception("No LocalServiceModule in config file");
  64. Object[] args = new Object[] { config };
  65. m_InventoryService =
  66. ServerUtils.LoadPlugin<IInventoryService>(inventoryService, args);
  67. m_userserver_url = serverConfig.GetString("UserServerURI", String.Empty);
  68. m_doLookup = serverConfig.GetBoolean("SessionAuthentication", false);
  69. AddHttpHandlers(server);
  70. m_log.Debug("[INVENTORY HANDLER]: handlers initialized");
  71. }
  72. protected virtual void AddHttpHandlers(IHttpServer m_httpServer)
  73. {
  74. m_httpServer.AddStreamHandler(
  75. new RestDeserialiseSecureHandler<Guid, List<InventoryFolderBase>>(
  76. "POST", "/SystemFolders/", GetSystemFolders, CheckAuthSession));
  77. m_httpServer.AddStreamHandler(
  78. new RestDeserialiseSecureHandler<Guid, InventoryCollection>(
  79. "POST", "/GetFolderContent/", GetFolderContent, CheckAuthSession));
  80. m_httpServer.AddStreamHandler(
  81. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  82. "POST", "/UpdateFolder/", m_InventoryService.UpdateFolder, CheckAuthSession));
  83. m_httpServer.AddStreamHandler(
  84. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  85. "POST", "/MoveFolder/", m_InventoryService.MoveFolder, CheckAuthSession));
  86. m_httpServer.AddStreamHandler(
  87. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  88. "POST", "/PurgeFolder/", m_InventoryService.PurgeFolder, CheckAuthSession));
  89. m_httpServer.AddStreamHandler(
  90. new RestDeserialiseSecureHandler<List<Guid>, bool>(
  91. "POST", "/DeleteFolders/", DeleteFolders, CheckAuthSession));
  92. m_httpServer.AddStreamHandler(
  93. new RestDeserialiseSecureHandler<List<Guid>, bool>(
  94. "POST", "/DeleteItem/", DeleteItems, CheckAuthSession));
  95. m_httpServer.AddStreamHandler(
  96. new RestDeserialiseSecureHandler<InventoryItemBase, InventoryItemBase>(
  97. "POST", "/QueryItem/", m_InventoryService.GetItem, CheckAuthSession));
  98. m_httpServer.AddStreamHandler(
  99. new RestDeserialiseSecureHandler<InventoryFolderBase, InventoryFolderBase>(
  100. "POST", "/QueryFolder/", m_InventoryService.GetFolder, CheckAuthSession));
  101. m_httpServer.AddStreamHandler(
  102. new RestDeserialiseTrustedHandler<Guid, bool>(
  103. "POST", "/CreateInventory/", CreateUsersInventory, CheckTrustSource));
  104. m_httpServer.AddStreamHandler(
  105. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  106. "POST", "/NewFolder/", m_InventoryService.AddFolder, CheckAuthSession));
  107. m_httpServer.AddStreamHandler(
  108. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  109. "POST", "/CreateFolder/", m_InventoryService.AddFolder, CheckAuthSession));
  110. m_httpServer.AddStreamHandler(
  111. new RestDeserialiseSecureHandler<InventoryItemBase, bool>(
  112. "POST", "/NewItem/", m_InventoryService.AddItem, CheckAuthSession));
  113. m_httpServer.AddStreamHandler(
  114. new RestDeserialiseTrustedHandler<InventoryItemBase, bool>(
  115. "POST", "/AddNewItem/", m_InventoryService.AddItem, CheckTrustSource));
  116. m_httpServer.AddStreamHandler(
  117. new RestDeserialiseSecureHandler<Guid, List<InventoryItemBase>>(
  118. "POST", "/GetItems/", GetFolderItems, CheckAuthSession));
  119. m_httpServer.AddStreamHandler(
  120. new RestDeserialiseSecureHandler<List<InventoryItemBase>, bool>(
  121. "POST", "/MoveItems/", MoveItems, CheckAuthSession));
  122. m_httpServer.AddStreamHandler(new InventoryServerMoveItemsHandler(m_InventoryService));
  123. // for persistent active gestures
  124. m_httpServer.AddStreamHandler(
  125. new RestDeserialiseTrustedHandler<Guid, List<InventoryItemBase>>
  126. ("POST", "/ActiveGestures/", GetActiveGestures, CheckTrustSource));
  127. // WARNING: Root folders no longer just delivers the root and immediate child folders (e.g
  128. // system folders such as Objects, Textures), but it now returns the entire inventory skeleton.
  129. // It would have been better to rename this request, but complexities in the BaseHttpServer
  130. // (e.g. any http request not found is automatically treated as an xmlrpc request) make it easier
  131. // to do this for now.
  132. m_httpServer.AddStreamHandler(
  133. new RestDeserialiseTrustedHandler<Guid, List<InventoryFolderBase>>
  134. ("POST", "/RootFolders/", GetInventorySkeleton, CheckTrustSource));
  135. m_httpServer.AddStreamHandler(
  136. new RestDeserialiseTrustedHandler<InventoryItemBase, int>
  137. ("POST", "/AssetPermissions/", GetAssetPermissions, CheckTrustSource));
  138. }
  139. #region Wrappers for converting the Guid parameter
  140. public List<InventoryFolderBase> GetSystemFolders(Guid guid)
  141. {
  142. UUID userID = new UUID(guid);
  143. return new List<InventoryFolderBase>(GetSystemFolders(userID).Values);
  144. }
  145. // This shouldn't be here, it should be in the inventory service.
  146. // But I don't want to deal with types and dependencies for now.
  147. private Dictionary<AssetType, InventoryFolderBase> GetSystemFolders(UUID userID)
  148. {
  149. InventoryFolderBase root = m_InventoryService.GetRootFolder(userID);
  150. if (root != null)
  151. {
  152. InventoryCollection content = m_InventoryService.GetFolderContent(userID, root.ID);
  153. if (content != null)
  154. {
  155. Dictionary<AssetType, InventoryFolderBase> folders = new Dictionary<AssetType, InventoryFolderBase>();
  156. foreach (InventoryFolderBase folder in content.Folders)
  157. {
  158. if ((folder.Type != (short)AssetType.Folder) && (folder.Type != (short)AssetType.Unknown))
  159. folders[(AssetType)folder.Type] = folder;
  160. }
  161. // Put the root folder there, as type Folder
  162. folders[AssetType.Folder] = root;
  163. return folders;
  164. }
  165. }
  166. m_log.WarnFormat("[INVENTORY SERVICE]: System folders for {0} not found", userID);
  167. return new Dictionary<AssetType, InventoryFolderBase>();
  168. }
  169. public InventoryCollection GetFolderContent(Guid guid)
  170. {
  171. return m_InventoryService.GetFolderContent(UUID.Zero, new UUID(guid));
  172. }
  173. public List<InventoryItemBase> GetFolderItems(Guid folderID)
  174. {
  175. List<InventoryItemBase> allItems = new List<InventoryItemBase>();
  176. // TODO: UUID.Zero is passed as the userID here, making the old assumption that the OpenSim
  177. // inventory server only has a single inventory database and not per-user inventory databases.
  178. // This could be changed but it requirs a bit of hackery to pass another parameter into this
  179. // callback
  180. List<InventoryItemBase> items = m_InventoryService.GetFolderItems(UUID.Zero, new UUID(folderID));
  181. if (items != null)
  182. {
  183. allItems.InsertRange(0, items);
  184. }
  185. return allItems;
  186. }
  187. public bool CreateUsersInventory(Guid rawUserID)
  188. {
  189. UUID userID = new UUID(rawUserID);
  190. return m_InventoryService.CreateUserInventory(userID);
  191. }
  192. public List<InventoryItemBase> GetActiveGestures(Guid rawUserID)
  193. {
  194. UUID userID = new UUID(rawUserID);
  195. return m_InventoryService.GetActiveGestures(userID);
  196. }
  197. public List<InventoryFolderBase> GetInventorySkeleton(Guid rawUserID)
  198. {
  199. UUID userID = new UUID(rawUserID);
  200. return m_InventoryService.GetInventorySkeleton(userID);
  201. }
  202. public int GetAssetPermissions(InventoryItemBase item)
  203. {
  204. return m_InventoryService.GetAssetPermissions(item.Owner, item.AssetID);
  205. }
  206. public bool DeleteFolders(List<Guid> items)
  207. {
  208. List<UUID> uuids = new List<UUID>();
  209. foreach (Guid g in items)
  210. uuids.Add(new UUID(g));
  211. // oops we lost the user info here. Bad bad handlers
  212. return m_InventoryService.DeleteFolders(UUID.Zero, uuids);
  213. }
  214. public bool DeleteItems(List<Guid> items)
  215. {
  216. List<UUID> uuids = new List<UUID>();
  217. foreach (Guid g in items)
  218. uuids.Add(new UUID(g));
  219. // oops we lost the user info here. Bad bad handlers
  220. return m_InventoryService.DeleteItems(UUID.Zero, uuids);
  221. }
  222. public bool MoveItems(List<InventoryItemBase> items)
  223. {
  224. // oops we lost the user info here. Bad bad handlers
  225. // let's peek at one item
  226. UUID ownerID = UUID.Zero;
  227. if (items.Count > 0)
  228. ownerID = items[0].Owner;
  229. return m_InventoryService.MoveItems(ownerID, items);
  230. }
  231. #endregion
  232. /// <summary>
  233. /// Check that the source of an inventory request is one that we trust.
  234. /// </summary>
  235. /// <param name="peer"></param>
  236. /// <returns></returns>
  237. public bool CheckTrustSource(IPEndPoint peer)
  238. {
  239. if (m_doLookup)
  240. {
  241. m_log.InfoFormat("[INVENTORY IN CONNECTOR]: Checking trusted source {0}", peer);
  242. UriBuilder ub = new UriBuilder(m_userserver_url);
  243. IPAddress[] uaddrs = Dns.GetHostAddresses(ub.Host);
  244. foreach (IPAddress uaddr in uaddrs)
  245. {
  246. if (uaddr.Equals(peer.Address))
  247. {
  248. return true;
  249. }
  250. }
  251. m_log.WarnFormat(
  252. "[INVENTORY IN CONNECTOR]: Rejecting request since source {0} was not in the list of trusted sources",
  253. peer);
  254. return false;
  255. }
  256. else
  257. {
  258. return true;
  259. }
  260. }
  261. /// <summary>
  262. /// Check that the source of an inventory request for a particular agent is a current session belonging to
  263. /// that agent.
  264. /// </summary>
  265. /// <param name="session_id"></param>
  266. /// <param name="avatar_id"></param>
  267. /// <returns></returns>
  268. public virtual bool CheckAuthSession(string session_id, string avatar_id)
  269. {
  270. return true;
  271. }
  272. }
  273. }