Adds ETag support for read-only requests

Bart Koelman · Bart Koelman · commit 4df5ead7877c · 2021-05-14T15:20:19.000+02:00
diff --git a/src/JsonApiDotNetCore/Configuration/JsonApiApplicationBuilder.cs b/src/JsonApiDotNetCore/Configuration/JsonApiApplicationBuilder.cs
@@ -285,6 +285,7 @@ private void AddSerializationLayer()
             _services.AddScoped(typeof(AtomicOperationsResponseSerializer));
             _services.AddScoped(sp => sp.GetRequiredService<IJsonApiSerializerFactory>().GetSerializer());
             _services.AddScoped<IResourceObjectBuilder, ResponseResourceObjectBuilder>();
+            _services.AddSingleton<IETagGenerator, ETagGenerator>();
         }
 
         private void AddOperationsLayer()
diff --git a/src/JsonApiDotNetCore/Middleware/JsonApiMiddleware.cs b/src/JsonApiDotNetCore/Middleware/JsonApiMiddleware.cs
@@ -45,6 +45,11 @@ public async Task InvokeAsync(HttpContext httpContext, IControllerResourceMappin
             ArgumentGuard.NotNull(request, nameof(request));
             ArgumentGuard.NotNull(resourceContextProvider, nameof(resourceContextProvider));
 
+            if (!await ValidateIfMatchHeaderAsync(httpContext, options.SerializerSettings))
+            {
+                return;
+            }
+
             RouteValueDictionary routeValues = httpContext.GetRouteData().Values;
             ResourceContext primaryResourceContext = CreatePrimaryResourceContext(httpContext, controllerResourceMapping, resourceContextProvider);
 
@@ -76,6 +81,21 @@ public async Task InvokeAsync(HttpContext httpContext, IControllerResourceMappin
             await _next(httpContext);
         }
 
+        private async Task<bool> ValidateIfMatchHeaderAsync(HttpContext httpContext, JsonSerializerSettings serializerSettings)
+        {
+            if (httpContext.Request.Headers.ContainsKey(HeaderNames.IfMatch))
+            {
+                await FlushResponseAsync(httpContext.Response, serializerSettings, new Error(HttpStatusCode.PreconditionFailed)
+                {
+                    Title = "Detection of mid-air edit collisions using ETags is not supported."
+                });
+
+                return false;
+            }
+
+            return true;
+        }
+
         private static ResourceContext CreatePrimaryResourceContext(HttpContext httpContext, IControllerResourceMapping controllerResourceMapping,
             IResourceContextProvider resourceContextProvider)
         {
diff --git a/src/JsonApiDotNetCore/Serialization/ETagGenerator.cs b/src/JsonApiDotNetCore/Serialization/ETagGenerator.cs
@@ -0,0 +1,46 @@
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+using Microsoft.Net.Http.Headers;
+
+namespace JsonApiDotNetCore.Serialization
+{
+    /// <inheritdoc />
+    internal sealed class ETagGenerator : IETagGenerator
+    {
+        private static readonly uint[] LookupTable = Enumerable.Range(0, 256).Select(ToLookupEntry).ToArray();
+
+        private static uint ToLookupEntry(int index)
+        {
+            string hex = index.ToString("X2");
+            return hex[0] + ((uint)hex[1] << 16);
+        }
+
+        /// <inheritdoc />
+        public EntityTagHeaderValue Generate(string requestUrl, string responseBody)
+        {
+            byte[] buffer = Encoding.UTF8.GetBytes(requestUrl + "|" + responseBody);
+
+            using HashAlgorithm hashAlgorithm = MD5.Create();
+            byte[] hash = hashAlgorithm.ComputeHash(buffer);
+
+            string eTagValue = "\"" + ByteArrayToHex(hash) + "\"";
+            return EntityTagHeaderValue.Parse(eTagValue);
+        }
+
+        // https://stackoverflow.com/questions/311165/how-do-you-convert-a-byte-array-to-a-hexadecimal-string-and-vice-versa
+        private static string ByteArrayToHex(byte[] bytes)
+        {
+            char[] buffer = new char[bytes.Length * 2];
+
+            for (int index = 0; index < bytes.Length; index++)
+            {
+                uint value = LookupTable[bytes[index]];
+                buffer[2 * index] = (char)value;
+                buffer[2 * index + 1] = (char)(value >> 16);
+            }
+
+            return new string(buffer);
+        }
+    }
+}
diff --git a/src/JsonApiDotNetCore/Serialization/IETagGenerator.cs b/src/JsonApiDotNetCore/Serialization/IETagGenerator.cs
@@ -0,0 +1,24 @@
+using Microsoft.Net.Http.Headers;
+
+namespace JsonApiDotNetCore.Serialization
+{
+    /// <summary>
+    /// Provides generation of an ETag HTTP response header.
+    /// </summary>
+    public interface IETagGenerator
+    {
+        /// <summary>
+        /// Generates an ETag HTTP response header value for the response to an incoming request.
+        /// </summary>
+        /// <param name="requestUrl">
+        /// The incoming request URL, including query string.
+        /// </param>
+        /// <param name="responseBody">
+        /// The produced response body.
+        /// </param>
+        /// <returns>
+        /// The ETag, or <c>null</c> to disable saving bandwidth.
+        /// </returns>
+        public EntityTagHeaderValue Generate(string requestUrl, string responseBody);
+    }
+}
diff --git a/src/JsonApiDotNetCore/Serialization/JsonApiWriter.cs b/src/JsonApiDotNetCore/Serialization/JsonApiWriter.cs
@@ -14,6 +14,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Formatters;
 using Microsoft.Extensions.Logging;
+using Microsoft.Net.Http.Headers;
 
 namespace JsonApiDotNetCore.Serialization
 {
@@ -26,16 +27,19 @@ public class JsonApiWriter : IJsonApiWriter
     {
         private readonly IJsonApiSerializer _serializer;
         private readonly IExceptionHandler _exceptionHandler;
+        private readonly IETagGenerator _eTagGenerator;
         private readonly TraceLogWriter<JsonApiWriter> _traceWriter;
 
-        public JsonApiWriter(IJsonApiSerializer serializer, IExceptionHandler exceptionHandler, ILoggerFactory loggerFactory)
+        public JsonApiWriter(IJsonApiSerializer serializer, IExceptionHandler exceptionHandler, IETagGenerator eTagGenerator, ILoggerFactory loggerFactory)
         {
             ArgumentGuard.NotNull(serializer, nameof(serializer));
             ArgumentGuard.NotNull(exceptionHandler, nameof(exceptionHandler));
+            ArgumentGuard.NotNull(eTagGenerator, nameof(eTagGenerator));
             ArgumentGuard.NotNull(loggerFactory, nameof(loggerFactory));
 
             _serializer = serializer;
             _exceptionHandler = exceptionHandler;
+            _eTagGenerator = eTagGenerator;
             _traceWriter = new TraceLogWriter<JsonApiWriter>(loggerFactory);
         }
 
@@ -63,6 +67,14 @@ public async Task WriteAsync(OutputFormatterWriteContext context)
                 response.StatusCode = (int)errorDocument.GetErrorStatusCode();
             }
 
+            bool hasMatchingETag = SetETagResponseHeader(context.HttpContext.Request, response, responseContent);
+
+            if (hasMatchingETag)
+            {
+                response.StatusCode = (int)HttpStatusCode.NotModified;
+                responseContent = string.Empty;
+            }
+
             if (context.HttpContext.Request.Method == HttpMethod.Head.Method)
             {
                 responseContent = string.Empty;
@@ -122,5 +134,42 @@ private static object WrapErrors(object contextObject)
 
             return contextObject;
         }
+
+        private bool SetETagResponseHeader(HttpRequest request, HttpResponse response, string responseContent)
+        {
+            bool isReadOnly = request.Method == HttpMethod.Get.Method || request.Method == HttpMethod.Head.Method;
+
+            if (isReadOnly && response.StatusCode == (int)HttpStatusCode.OK)
+            {
+                string url = request.GetEncodedUrl();
+                EntityTagHeaderValue responseETag = _eTagGenerator.Generate(url, responseContent);
+
+                if (responseETag != null)
+                {
+                    response.Headers.Add(HeaderNames.ETag, responseETag.ToString());
+
+                    return RequestContainsMatchingETag(request.Headers, responseETag);
+                }
+            }
+
+            return false;
+        }
+
+        private static bool RequestContainsMatchingETag(IHeaderDictionary requestHeaders, EntityTagHeaderValue responseETag)
+        {
+            if (requestHeaders.Keys.Contains(HeaderNames.IfNoneMatch) &&
+                EntityTagHeaderValue.TryParseList(requestHeaders[HeaderNames.IfNoneMatch], out IList<EntityTagHeaderValue> requestETags))
+            {
+                foreach (EntityTagHeaderValue requestETag in requestETags)
+                {
+                    if (responseETag.Equals(requestETag))
+                    {
+                        return true;
+                    }
+                }
+            }
+
+            return false;
+        }
     }
 }
diff --git a/test/JsonApiDotNetCoreExampleTests/IntegrationTests/Serialization/ETagTests.cs b/test/JsonApiDotNetCoreExampleTests/IntegrationTests/Serialization/ETagTests.cs

Original file line number	Diff line number	Diff line change
`@@ -285,6 +285,7 @@ private void AddSerializationLayer()`
`285`	`285`	`_services.AddScoped(typeof(AtomicOperationsResponseSerializer));`
`286`	`286`	`_services.AddScoped(sp => sp.GetRequiredService<IJsonApiSerializerFactory>().GetSerializer());`
`287`	`287`	`_services.AddScoped<IResourceObjectBuilder, ResponseResourceObjectBuilder>();`
	`288`	`+ _services.AddSingleton<IETagGenerator, ETagGenerator>();`
`288`	`289`	`}`
`289`	`290`
`290`	`291`	`private void AddOperationsLayer()`