InventoryServerInConnector.cs 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections;
  29. using System.Collections.Generic;
  30. using System.Net;
  31. using System.Reflection;
  32. using log4net;
  33. using Nini.Config;
  34. using Nwc.XmlRpc;
  35. using OpenSim.Server.Base;
  36. using OpenSim.Services.Interfaces;
  37. using OpenSim.Framework;
  38. using OpenSim.Framework.Servers.HttpServer;
  39. using OpenSim.Server.Handlers.Base;
  40. using OpenMetaverse;
  41. namespace OpenSim.Server.Handlers.Inventory
  42. {
  43. public class InventoryServiceInConnector : ServiceConnector
  44. {
  45. private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  46. private IInventoryService m_InventoryService;
  47. private bool m_doLookup = false;
  48. //private static readonly int INVENTORY_DEFAULT_SESSION_TIME = 30; // secs
  49. //private AuthedSessionCache m_session_cache = new AuthedSessionCache(INVENTORY_DEFAULT_SESSION_TIME);
  50. private string m_userserver_url;
  51. private string m_ConfigName = "InventoryService";
  52. public InventoryServiceInConnector(IConfigSource config, IHttpServer server, string configName) :
  53. base(config, server, configName)
  54. {
  55. IConfig serverConfig = config.Configs[m_ConfigName];
  56. if (serverConfig == null)
  57. throw new Exception(String.Format("No section '{0}' in config file", m_ConfigName));
  58. string inventoryService = serverConfig.GetString("LocalServiceModule",
  59. String.Empty);
  60. if (inventoryService == String.Empty)
  61. throw new Exception("No LocalServiceModule in config file");
  62. Object[] args = new Object[] { config };
  63. m_InventoryService =
  64. ServerUtils.LoadPlugin<IInventoryService>(inventoryService, args);
  65. m_userserver_url = serverConfig.GetString("UserServerURI", String.Empty);
  66. m_doLookup = serverConfig.GetBoolean("SessionAuthentication", false);
  67. AddHttpHandlers(server);
  68. m_log.Debug("[INVENTORY HANDLER]: handlers initialized");
  69. }
  70. protected virtual void AddHttpHandlers(IHttpServer m_httpServer)
  71. {
  72. m_httpServer.AddStreamHandler(
  73. new RestDeserialiseSecureHandler<Guid, InventoryCollection>(
  74. "POST", "/GetInventory/", GetUserInventory, CheckAuthSession));
  75. m_httpServer.AddStreamHandler(
  76. new RestDeserialiseSecureHandler<Guid, List<InventoryFolderBase>>(
  77. "POST", "/SystemFolders/", GetSystemFolders, CheckAuthSession));
  78. m_httpServer.AddStreamHandler(
  79. new RestDeserialiseSecureHandler<Guid, InventoryCollection>(
  80. "POST", "/GetFolderContent/", GetFolderContent, CheckAuthSession));
  81. m_httpServer.AddStreamHandler(
  82. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  83. "POST", "/UpdateFolder/", m_InventoryService.UpdateFolder, CheckAuthSession));
  84. m_httpServer.AddStreamHandler(
  85. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  86. "POST", "/MoveFolder/", m_InventoryService.MoveFolder, CheckAuthSession));
  87. m_httpServer.AddStreamHandler(
  88. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  89. "POST", "/PurgeFolder/", m_InventoryService.PurgeFolder, CheckAuthSession));
  90. m_httpServer.AddStreamHandler(
  91. new RestDeserialiseSecureHandler<List<Guid>, bool>(
  92. "POST", "/DeleteFolders/", DeleteFolders, CheckAuthSession));
  93. m_httpServer.AddStreamHandler(
  94. new RestDeserialiseSecureHandler<List<Guid>, bool>(
  95. "POST", "/DeleteItem/", DeleteItems, CheckAuthSession));
  96. m_httpServer.AddStreamHandler(
  97. new RestDeserialiseSecureHandler<InventoryItemBase, InventoryItemBase>(
  98. "POST", "/QueryItem/", m_InventoryService.GetItem, CheckAuthSession));
  99. m_httpServer.AddStreamHandler(
  100. new RestDeserialiseSecureHandler<InventoryFolderBase, InventoryFolderBase>(
  101. "POST", "/QueryFolder/", m_InventoryService.GetFolder, CheckAuthSession));
  102. m_httpServer.AddStreamHandler(
  103. new RestDeserialiseTrustedHandler<Guid, bool>(
  104. "POST", "/CreateInventory/", CreateUsersInventory, CheckTrustSource));
  105. m_httpServer.AddStreamHandler(
  106. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  107. "POST", "/NewFolder/", m_InventoryService.AddFolder, CheckAuthSession));
  108. m_httpServer.AddStreamHandler(
  109. new RestDeserialiseSecureHandler<InventoryFolderBase, bool>(
  110. "POST", "/CreateFolder/", m_InventoryService.AddFolder, CheckAuthSession));
  111. m_httpServer.AddStreamHandler(
  112. new RestDeserialiseSecureHandler<InventoryItemBase, bool>(
  113. "POST", "/NewItem/", m_InventoryService.AddItem, CheckAuthSession));
  114. m_httpServer.AddStreamHandler(
  115. new RestDeserialiseTrustedHandler<InventoryItemBase, bool>(
  116. "POST", "/AddNewItem/", m_InventoryService.AddItem, CheckTrustSource));
  117. m_httpServer.AddStreamHandler(
  118. new RestDeserialiseSecureHandler<Guid, List<InventoryItemBase>>(
  119. "POST", "/GetItems/", GetFolderItems, CheckAuthSession));
  120. m_httpServer.AddStreamHandler(
  121. new RestDeserialiseSecureHandler<List<InventoryItemBase>, bool>(
  122. "POST", "/MoveItems/", MoveItems, CheckAuthSession));
  123. m_httpServer.AddStreamHandler(new InventoryServerMoveItemsHandler(m_InventoryService));
  124. // for persistent active gestures
  125. m_httpServer.AddStreamHandler(
  126. new RestDeserialiseTrustedHandler<Guid, List<InventoryItemBase>>
  127. ("POST", "/ActiveGestures/", GetActiveGestures, CheckTrustSource));
  128. // WARNING: Root folders no longer just delivers the root and immediate child folders (e.g
  129. // system folders such as Objects, Textures), but it now returns the entire inventory skeleton.
  130. // It would have been better to rename this request, but complexities in the BaseHttpServer
  131. // (e.g. any http request not found is automatically treated as an xmlrpc request) make it easier
  132. // to do this for now.
  133. m_httpServer.AddStreamHandler(
  134. new RestDeserialiseTrustedHandler<Guid, List<InventoryFolderBase>>
  135. ("POST", "/RootFolders/", GetInventorySkeleton, CheckTrustSource));
  136. m_httpServer.AddStreamHandler(
  137. new RestDeserialiseTrustedHandler<InventoryItemBase, int>
  138. ("POST", "/AssetPermissions/", GetAssetPermissions, CheckTrustSource));
  139. }
  140. #region Wrappers for converting the Guid parameter
  141. public InventoryCollection GetUserInventory(Guid guid)
  142. {
  143. UUID userID = new UUID(guid);
  144. return m_InventoryService.GetUserInventory(userID);
  145. }
  146. public List<InventoryFolderBase> GetSystemFolders(Guid guid)
  147. {
  148. UUID userID = new UUID(guid);
  149. return new List<InventoryFolderBase>(GetSystemFolders(userID).Values);
  150. }
  151. // This shouldn't be here, it should be in the inventory service.
  152. // But I don't want to deal with types and dependencies for now.
  153. private Dictionary<AssetType, InventoryFolderBase> GetSystemFolders(UUID userID)
  154. {
  155. InventoryFolderBase root = m_InventoryService.GetRootFolder(userID);
  156. if (root != null)
  157. {
  158. InventoryCollection content = m_InventoryService.GetFolderContent(userID, root.ID);
  159. if (content != null)
  160. {
  161. Dictionary<AssetType, InventoryFolderBase> folders = new Dictionary<AssetType, InventoryFolderBase>();
  162. foreach (InventoryFolderBase folder in content.Folders)
  163. {
  164. if ((folder.Type != (short)AssetType.Folder) && (folder.Type != (short)AssetType.Unknown))
  165. folders[(AssetType)folder.Type] = folder;
  166. }
  167. // Put the root folder there, as type Folder
  168. folders[AssetType.Folder] = root;
  169. return folders;
  170. }
  171. }
  172. m_log.WarnFormat("[INVENTORY SERVICE]: System folders for {0} not found", userID);
  173. return new Dictionary<AssetType, InventoryFolderBase>();
  174. }
  175. public InventoryCollection GetFolderContent(Guid guid)
  176. {
  177. return m_InventoryService.GetFolderContent(UUID.Zero, new UUID(guid));
  178. }
  179. public List<InventoryItemBase> GetFolderItems(Guid folderID)
  180. {
  181. List<InventoryItemBase> allItems = new List<InventoryItemBase>();
  182. // TODO: UUID.Zero is passed as the userID here, making the old assumption that the OpenSim
  183. // inventory server only has a single inventory database and not per-user inventory databases.
  184. // This could be changed but it requirs a bit of hackery to pass another parameter into this
  185. // callback
  186. List<InventoryItemBase> items = m_InventoryService.GetFolderItems(UUID.Zero, new UUID(folderID));
  187. if (items != null)
  188. {
  189. allItems.InsertRange(0, items);
  190. }
  191. return allItems;
  192. }
  193. public bool CreateUsersInventory(Guid rawUserID)
  194. {
  195. UUID userID = new UUID(rawUserID);
  196. return m_InventoryService.CreateUserInventory(userID);
  197. }
  198. public List<InventoryItemBase> GetActiveGestures(Guid rawUserID)
  199. {
  200. UUID userID = new UUID(rawUserID);
  201. return m_InventoryService.GetActiveGestures(userID);
  202. }
  203. public List<InventoryFolderBase> GetInventorySkeleton(Guid rawUserID)
  204. {
  205. UUID userID = new UUID(rawUserID);
  206. return m_InventoryService.GetInventorySkeleton(userID);
  207. }
  208. public int GetAssetPermissions(InventoryItemBase item)
  209. {
  210. return m_InventoryService.GetAssetPermissions(item.Owner, item.AssetID);
  211. }
  212. public bool DeleteFolders(List<Guid> items)
  213. {
  214. List<UUID> uuids = new List<UUID>();
  215. foreach (Guid g in items)
  216. uuids.Add(new UUID(g));
  217. // oops we lost the user info here. Bad bad handlers
  218. return m_InventoryService.DeleteFolders(UUID.Zero, uuids);
  219. }
  220. public bool DeleteItems(List<Guid> items)
  221. {
  222. List<UUID> uuids = new List<UUID>();
  223. foreach (Guid g in items)
  224. uuids.Add(new UUID(g));
  225. // oops we lost the user info here. Bad bad handlers
  226. return m_InventoryService.DeleteItems(UUID.Zero, uuids);
  227. }
  228. public bool MoveItems(List<InventoryItemBase> items)
  229. {
  230. // oops we lost the user info here. Bad bad handlers
  231. // let's peek at one item
  232. UUID ownerID = UUID.Zero;
  233. if (items.Count > 0)
  234. ownerID = items[0].Owner;
  235. return m_InventoryService.MoveItems(ownerID, items);
  236. }
  237. #endregion
  238. /// <summary>
  239. /// Check that the source of an inventory request is one that we trust.
  240. /// </summary>
  241. /// <param name="peer"></param>
  242. /// <returns></returns>
  243. public bool CheckTrustSource(IPEndPoint peer)
  244. {
  245. if (m_doLookup)
  246. {
  247. m_log.InfoFormat("[INVENTORY IN CONNECTOR]: Checking trusted source {0}", peer);
  248. UriBuilder ub = new UriBuilder(m_userserver_url);
  249. IPAddress[] uaddrs = Dns.GetHostAddresses(ub.Host);
  250. foreach (IPAddress uaddr in uaddrs)
  251. {
  252. if (uaddr.Equals(peer.Address))
  253. {
  254. return true;
  255. }
  256. }
  257. m_log.WarnFormat(
  258. "[INVENTORY IN CONNECTOR]: Rejecting request since source {0} was not in the list of trusted sources",
  259. peer);
  260. return false;
  261. }
  262. else
  263. {
  264. return true;
  265. }
  266. }
  267. /// <summary>
  268. /// Check that the source of an inventory request for a particular agent is a current session belonging to
  269. /// that agent.
  270. /// </summary>
  271. /// <param name="session_id"></param>
  272. /// <param name="avatar_id"></param>
  273. /// <returns></returns>
  274. public bool CheckAuthSession(string session_id, string avatar_id)
  275. {
  276. if (m_doLookup)
  277. {
  278. m_log.InfoFormat("[INVENTORY IN CONNECTOR]: checking authed session {0} {1}", session_id, avatar_id);
  279. //if (m_session_cache.getCachedSession(session_id, avatar_id) == null)
  280. //{
  281. // cache miss, ask userserver
  282. Hashtable requestData = new Hashtable();
  283. requestData["avatar_uuid"] = avatar_id;
  284. requestData["session_id"] = session_id;
  285. ArrayList SendParams = new ArrayList();
  286. SendParams.Add(requestData);
  287. XmlRpcRequest UserReq = new XmlRpcRequest("check_auth_session", SendParams);
  288. XmlRpcResponse UserResp = UserReq.Send(m_userserver_url, 3000);
  289. Hashtable responseData = (Hashtable)UserResp.Value;
  290. if (responseData.ContainsKey("auth_session") && responseData["auth_session"].ToString() == "TRUE")
  291. {
  292. m_log.Info("[INVENTORY IN CONNECTOR]: got authed session from userserver");
  293. //// add to cache; the session time will be automatically renewed
  294. //m_session_cache.Add(session_id, avatar_id);
  295. return true;
  296. }
  297. //}
  298. //else
  299. //{
  300. // // cache hits
  301. // m_log.Info("[GRID AGENT INVENTORY]: got authed session from cache");
  302. // return true;
  303. //}
  304. m_log.Warn("[INVENTORY IN CONNECTOR]: unknown session_id, request rejected");
  305. return false;
  306. }
  307. else
  308. {
  309. return true;
  310. }
  311. }
  312. }
  313. }