/// <summary>
/// Function that checks if user data inside the request headers are valid (authentication)
/// </summary>
/// <param name="user">requesting user</param>
/// <param name="db">database</param>
/// <param name="headers">header data</param>
/// <param name="accessLevel">accesslevel required</param>
/// <returns>
/// Enum based on checks
/// </returns>
public static AuthorizatedMessage CheckIfAuthorized(ref User user, ref IDatabaseServiceProvider db, HttpRequestHeaders headers, AccessLevel accessLevel)
{
if (!headers.TryGetValues("username", out var usernameValues) || !headers.TryGetValues("token", out var tokenValues))
{
return(AuthorizatedMessage.NoUserError);
}
var username = usernameValues.FirstOrDefault();
var token = tokenValues.FirstOrDefault();
user = db.Users.Where(x => x.Username == username && x.Token == token).FirstOrDefault();
if (user == null)
{
return(AuthorizatedMessage.WrongCredentialsError);
}
if (user.IsActive == false)
{
return(AuthorizatedMessage.NotActiveError);
}
if ((int)accessLevel == 1 && user.AccessLevel != "Admin")
{
return(AuthorizatedMessage.AccessLevelError);
}
return(AuthorizatedMessage.Authorized);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
//如果Action带有AllowAnonymousAttribute,则不进行授权验证
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return;
}
HttpRequestHeaders Headers = actionContext.Request.Headers;
if (Headers != null)
{
IEnumerable <string> users = null;
IEnumerable <string> tokens = null;
if (Headers.TryGetValues("user", out users) && Headers.TryGetValues("token", out tokens))
{
string key2 = key + users.ElementAt(0);
string key3 = GetMd5_32byteANSI(key2);
if (tokens.ElementAt(0) == key3)
{
verifyResult = true;
}
else
{
verifyResult = false;
}
}
}
if (!verifyResult)
{
//如果验证不通过,则返回401错误,并且Body中写入错误原因
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Token 不正确");
}
}
internal static PageInfo ResolvePageInfoHeaders(HttpRequestHeaders headers)
{
PageInfo pageInfo = new PageInfo();
IEnumerable <string> values = Enumerable.Empty <string>();
pageInfo.Page = headers.TryGetValues(HeaderValues.KRYPTON_PAGE, out values) ? int.Parse(values.FirstOrDefault()) : pageInfo.Page;
pageInfo.Total = headers.TryGetValues(HeaderValues.KRYPTON_TOTAL, out values) ? int.Parse(values.FirstOrDefault()) : pageInfo.Total;
pageInfo.PageSize = headers.TryGetValues(HeaderValues.KRYPTON_PAGE_SIZE, out values) ? int.Parse(values.FirstOrDefault()) : pageInfo.PageSize;
return(pageInfo);
}
public void Test1()
{
object responseResult;
IStudentService student = Lark.Core.Lark.Wrap <IStudentService>("http://localhost:6346");
responseResult = student.QueryName(12, "upper", "234");
System.Console.WriteLine(responseResult.ToString());
WrapBase wrap = (WrapBase)student;
HttpRequestHeaders HttpRequestHeaders = wrap.MyHttpRequestMessagea.Headers;
HttpContent httpContent = wrap.MyHttpRequestMessagea.Content;
List <string> values = new List <string>();
IEnumerable <string> valuesEnumrable = null;
//appcode:just one
Assert.IsTrue(HttpRequestHeaders.Contains("appcode") || httpContent.Headers.Contains("appcode"));
bool l = HttpRequestHeaders.TryGetValues("appcode", out valuesEnumrable) ? true : httpContent.Headers.TryGetValues("appcode", out valuesEnumrable);
values = valuesEnumrable.ToList();
values.Sort();
string valuestr = string.Join(",", values);
Assert.IsTrue("appcode111111111111" == valuestr);
//supportversion:3
Assert.IsTrue(HttpRequestHeaders.Contains("supportversion") || httpContent.Headers.Contains("supportversion"));
l = HttpRequestHeaders.TryGetValues("supportversion", out valuesEnumrable) ? true : httpContent.Headers.TryGetValues("supportversion", out valuesEnumrable);
values = valuesEnumrable.ToList();
Assert.IsTrue(l && values.Count == 3);
values.Sort();
valuestr = string.Join(",", values);
Assert.IsTrue("1.0,2.0,3.0" == valuestr);
//case:2
Assert.IsTrue(HttpRequestHeaders.Contains("case") || httpContent.Headers.Contains("case"));
l = HttpRequestHeaders.TryGetValues("case", out valuesEnumrable) ? true : httpContent.Headers.TryGetValues("case", out valuesEnumrable);
values = valuesEnumrable.ToList();
Assert.IsTrue(l && values.Count == 2);
values.Sort();
valuestr = string.Join(",", values);
Assert.IsTrue("lower,upper" == valuestr);
//prefix:1
Assert.IsTrue(HttpRequestHeaders.Contains("prefix") || httpContent.Headers.Contains("prefix"));
l = HttpRequestHeaders.TryGetValues("prefix", out valuesEnumrable) ? true : httpContent.Headers.TryGetValues("prefix", out valuesEnumrable);
values = valuesEnumrable.ToList();
Assert.IsTrue(l && values.Count == 1);
values.Sort();
valuestr = string.Join(",", values);
Assert.IsTrue("234" == valuestr);
}
private static string GetCookie(HttpRequestHeaders header, string headerName)
{
IEnumerable <string> cookies;
if (header.TryGetValues("Cookie", out cookies))
{
return(giveMeAuth(cookies, headerName));
}
if (header.TryGetValues("header", out cookies))
{
return(giveMeAuth(cookies, headerName));
}
return(null);
}
/// <summary>
/// 读取header标头,如果不存在,返回空字符串
/// </summary>
/// <param name="headers">The headers</param>
/// <param name="key">The key</param>
/// <returns>
/// The String
/// </returns>
public static string Read(this HttpRequestHeaders headers, string key)
{
IEnumerable <string> values;
headers.TryGetValues(key, out values);
return(values == null ? string.Empty : values.FirstOrDefault() ?? string.Empty);
}
internal static string ResolveSortHeader(HttpRequestHeaders headers)
{
IEnumerable <string> values = Enumerable.Empty <string>();
headers.TryGetValues(HeaderValues.KRYPTON_SORT, out values);
return(values?.FirstOrDefault() ?? null);
}
public async Task User_Authorization_Is_Propagated()
{
// Arrange
HttpRequestHeaders actualHeaders = null;
var sut = new AddUserAuthorizationForTest
{
UnitTest_SendAsyncDependencyInjection = (req, cancellationToken) =>
{
actualHeaders = req.Headers;
return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)));
}
};
const string userAuthorization = "eymannen";
FulcrumApplication.Context.ValueProvider.SetValue(Constants.NexusUserAuthorizationKeyName, userAuthorization);
// Act
var request = new HttpRequestMessage(HttpMethod.Post, "http://example.com/");
await sut.SendAsync(request);
// Assert
Assert.IsNotNull(actualHeaders);
Assert.IsTrue(actualHeaders.TryGetValues(Constants.NexusUserAuthorizationHeaderName, out var header));
Assert.AreEqual(userAuthorization, header.First());
}
/// <summary>
/// Retrieve the value of an optional HTTP request header.
/// </summary>
/// <param name="requestHeaders">
/// The HTTP request headers to examine.
/// </param>
/// <param name="headerName">
/// The name of the target header.
/// </param>
/// <returns>
/// The header value, or <c>null</c> if the header is not present (or an <see cref="string.Empty"/> string if the header is present but has no value).
/// </returns>
public static string GetOptionalHeaderValue(this HttpRequestHeaders requestHeaders, string headerName)
{
if (requestHeaders == null)
{
throw new ArgumentNullException(nameof(requestHeaders));
}
if (String.IsNullOrWhiteSpace(headerName))
{
throw new ArgumentException("Argument cannot be null, empty, or composed entirely of whitespace: 'headerName'.", nameof(headerName));
}
IEnumerable <string> headerValues;
if (!requestHeaders.TryGetValues(headerName, out headerValues))
{
return(null);
}
return
(headerValues.DefaultIfEmpty(
String.Empty
)
.FirstOrDefault());
}
/// <summary>
/// This method extracts a token from the HttpRequestHeaders.
/// </summary>
/// <param name="headers">The headers of a HttpRequest.</param>
/// <returns>Returns the token or null.</returns>
public static void GetTokenFromHeader(HttpRequestHeaders headers, out string token)
{
IEnumerable <string> key;
// If the headers contain the key "token".
if (headers.TryGetValues("token", out key) != false)
{
headers.TryGetValues("token", out key);
token = key.First <string>().Trim('"');
}
else
{
token = null;
}
return;
}
public static IEnumerable <string> FindValues(this HttpRequestHeaders headers, string name)
{
IEnumerable <string> apiKeys;
headers.TryGetValues(name, out apiKeys);
return(apiKeys ?? Enumerable.Empty <string>());
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
HttpRequestHeaders headers = actionContext.Request.Headers;
IEnumerable <string> xsrfTokenList;
if (actionContext.Request.Method == HttpMethod.Get || SkipFilterCheck(actionContext))
{
return;
}
if (!headers.TryGetValues(AppConstants.XsrfHeader, out xsrfTokenList))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.BadRequest);
return;
}
string tokenHeaderValue = xsrfTokenList.First();
CookieState tokenCookie = actionContext.Request.Headers.GetCookies().Select(c => c[AppConstants.XsrfCookie]).FirstOrDefault();
if (tokenCookie == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.BadRequest);
return;
}
try
{
AntiForgery.Validate(tokenCookie.Value, tokenHeaderValue);
}
catch (HttpAntiForgeryException ex)
{
NLogLogger.Instance.Log(ex);
actionContext.Response = new HttpResponseMessage(HttpStatusCode.BadRequest);
}
}
public override bool TryParse(out ArmorTokenHeader armorTokenHeader)
{
armorTokenHeader = new ArmorTokenHeader();
IEnumerable <string> authHeaders;
var hasAuthHeader = headers.TryGetValues("Authorization",
out authHeaders);
if (!hasAuthHeader)
{
return(false);
}
var armorHeader =
authHeaders.SingleOrDefault(header => header.StartsWith("ARMOR"));
if (armorHeader == null)
{
return(false);
}
armorTokenHeader.IsValid = true;
armorTokenHeader.ArmorToken = armorHeader.Replace("ARMOR ",
string.Empty);
return(true);
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
HttpRequestHeaders headers = actionContext.Request.Headers;
IEnumerable <string> xsrfTokenList;
if (!headers.TryGetValues(XsrfHeader, out xsrfTokenList))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.BadRequest);
return;
}
string tokenHeaderValue = xsrfTokenList.First();
//CookieState tokenCookie = actionContext.Request.Headers.GetCookies()
// .Select(x => x.Cookies.FirstOrDefault(y => y.Name == "XsrfCookie")).FirstOrDefault();
var tokenCookie = actionContext.Request.Headers.GetCookies().FirstOrDefault()?[XsrfCookie];
if (tokenCookie == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.BadRequest);
return;
}
try
{
AntiForgery.Validate(tokenCookie.Value, tokenHeaderValue);
}
catch (HttpAntiForgeryException)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.BadRequest);
}
}
public bool IsDateValid(HttpRequestHeaders headers)
{
DateTime utcNow = DateTime.UtcNow;
DateTime date;
IEnumerable <string> dateStrings;
if (headers.TryGetValues(AbsDateHeader, out dateStrings))
{
var dateString = dateStrings.FirstOrDefault();
if (!DateTime.TryParseExact(dateString, "r", CultureInfo.InvariantCulture, DateTimeStyles.AdjustToUniversal, out date))
{
return(false);
}
}
else
{
if (headers.Date.HasValue)
{
date = headers.Date.Value.UtcDateTime;
}
else
{
return(false);
}
}
return(date >= utcNow.AddMinutes(-ValidityPeriodInMinutes) && date <= utcNow.AddMinutes(ValidityPeriodInMinutes));
}
private void ParseHeaders(HttpRequestHeaders headers)
{
IEnumerable <string> vals;
Func <string, string> parseHeader = (k) =>
{
if (headers.TryGetValues(k, out vals))
{
return(vals.First());
}
return(null);
};
foreach (string key in RequiredHeaders)
{
payloadArgs[key] = parseHeader(key);
}
payloadArgs[Constants.XHubSignature] = parseHeader(Constants.XHubSignature);
var missingRequiredArgs = payloadArgs.Where(kvp => RequiredHeaders.Contains(kvp.Key) && string.IsNullOrWhiteSpace(kvp.Value));
if (missingRequiredArgs.Any())
{
ThrowMissingParameter(missingRequiredArgs.Select(ma => ma.Key));
}
}
private string ExtractTokenValue(HttpRequestHeaders headers)
{
IEnumerable <string> tokenValues;
headers.TryGetValues("authToken", out tokenValues);
return(tokenValues == null ? null : tokenValues.SingleOrDefault());
}
public ValueProviderResult GetValue(string key)
{
IEnumerable <string> values;
return(_headers.TryGetValues(XHeaderPrefix + key, out values)
? new ValueProviderResult(values.First(), values.First(), CultureInfo.CurrentCulture)
: null);
}
private string GetHeader(HttpRequestHeaders headers, string name)
{
if (headers.TryGetValues(name, out var values))
{
return(values.First());
}
return(null);
}
private static bool IsHeaderSet(HttpRequestHeaders headers, string name, params string[] expectedValues)
{
if (!headers.TryGetValues(name, out var actualValues))
{
return(false);
}
return(actualValues.SequenceEqual(expectedValues));
}
public static SiteSettingViewModel GetSiteSettingViewModel(this HttpRequestHeaders httpHeaders)
{
if (httpHeaders.TryGetValues("litium-request-context", out var items))
{
var json = items.First();
var jObject = JObject.Parse(json);
return(jObject.ToObject <SiteSettingViewModel>());
}
return(null);
}
public static async Task <bool> ValidateRequest(HttpRequestHeaders requestHeaders, string requestBody, TraceWriter log)
{
requestHeaders.TryGetValues("SignatureCertChainUrl", out var signatureChainUrls);
var signatureChainUrl = signatureChainUrls == null ? null : signatureChainUrls.FirstOrDefault();
if (String.IsNullOrWhiteSpace(signatureChainUrl))
{
return(false);
}
Uri certUrl;
try
{
certUrl = new Uri(signatureChainUrl);
}
catch
{
return(false);
}
requestHeaders.TryGetValues("Signature", out var signatures);
var signature = signatures == null ? null : signatures.FirstOrDefault();
if (String.IsNullOrWhiteSpace(signature))
{
return(false);
}
if (String.IsNullOrWhiteSpace(requestBody))
{
return(false);
}
var valid = await AlexaRequestSecurity.Verify(signature, certUrl, requestBody, log);
if (!valid)
{
return(false);
}
return(true);
}
internal static JObject ResolveFilterInfoHeader(HttpRequestHeaders headers)
{
IEnumerable <string> values = Enumerable.Empty <string>();
if (!headers.TryGetValues(HeaderValues.KRYPTON_FILTER_INFO, out values))
{
return(null);
}
return(JsonConvert.DeserializeObject <JObject>(values.FirstOrDefault()));
}
private bool TryGetHeaderValue(HttpRequestHeaders headers, string name, out string value)
{
if (headers.TryGetValues(name, out IEnumerable <string> values) && values.Any())
{
value = values.First();
return(true);
}
value = null;
return(false);
}
public static bool TryGetHeaderValue(this HttpRequestHeaders n, string key, out string header)
{
if (n.TryGetValues(key, out var vs))
{
header = vs.First();
return(true);
}
header = null;
return(false);
}
protected string GetHeaderValue(HttpRequestHeaders headers, string key)
{
IEnumerable <string> values;
if (headers.TryGetValues(key, out values))
{
return(values.FirstOrDefault());
}
return(null);
}
private static string GetFirstOrNull(this HttpRequestHeaders headers, string key)
{
IEnumerable <string> values;
if (headers.TryGetValues(key, out values))
{
return(values.FirstOrDefault());
}
return(null);
}
/// <summary>
/// 获取值
/// </summary>
/// <param name="requestheaders"></param>
/// <param name="name"></param>
/// <returns></returns>
private string GetValue(HttpRequestHeaders requestheaders, string name)
{
IEnumerable <string> values;
if (requestheaders.TryGetValues(name, out values))
{
return(values.First());
}
return("");
}
public static string GetHeaderValue(this HttpRequestHeaders headers, string name)
{
IEnumerable <string> values;
if (headers.TryGetValues(name, out values))
{
return(values.FirstOrDefault());
}
return(null);
}
public static bool CompareValue(this HttpRequestHeaders headers, string key, string value)
{
var result = false;
if (headers.TryGetValues(key, out IEnumerable <string> results))
{
var first = results.FirstOrDefault();
result = first != null?first.Equals(value) : false;
}
return(result);
}