private bool Check(HttpContext context, MerchantManagerService merchantManager)
{
if (!context.Request.Path.Value.StartsWith("/api/"))
{
return(true);
}
if (context.Request.Headers[GlobalConstants.AuthHeader].Count == 0 ||
context.Request.Headers[GlobalConstants.SignHeader].Count == 0)
{
_logger.LogWarning("Required headers are missing");
return(false);
}
var token = context.Request.Headers[GlobalConstants.AuthHeader][0];
var merchant = merchantManager.GetMerchant(token);
context.Items.Add("Merchant", merchant);
if (merchant == null)
{
_logger.LogWarning("No merchant with token");
return(false);
}
if (!merchant.Active)
{
_logger.LogWarning($"Merchant id-[{merchant.Id}] name-[{merchant.ShortName}] deactivated");
return(false);
}
if (!_env.IsDevelopment() || _configuration.GetSection("DebugFlags").GetValue <bool>("CheckSign"))
{
var sign = context.Request.Headers[GlobalConstants.SignHeader][0];
var body = HttpContextHelper.GetBody(context.Request);
using var mySha256 = SHA256.Create();
var calculatedSign =
Convert.ToBase64String(mySha256.ComputeHash(Encoding.UTF8.GetBytes(body + merchant.SignKey)));
if (sign != calculatedSign)
{
_logger.LogWarning("Bad sign");
return(false);
}
}
if (!_env.IsDevelopment() || _configuration.GetSection("DebugFlags").GetValue <bool>("CheckIP"))
{
if (merchant.MerchantIpRange.Count != 0)
{
var ip = context.Connection.RemoteIpAddress.ToString();
var set = IpSet.ParseOrDefault(merchant.MerchantIpRange.Select(x => x.Iprange));
if (!set.Contains(ip))
{
_logger.LogWarning($"Ip [{ip}] not allowed");
return(false);
}
}
}
return(true);
}
public async Task InvokeAsync(HttpContext context, MerchantManagerService merchantManager)
{
if (Check(context, merchantManager))
{
await _next.Invoke(context);
}
else
{
context.Response.StatusCode = 403;
await context.Response.WriteAsync("Forbidden");
}
}
