public WebhooksManager(IWebhooksStorageProvider storageProvider, WebhooksHttpClientOptions options)
{
_storageProvider = storageProvider;
Options = options;
_httpClient = new WebhooksHttpClient(Options.PayloadSigningSecret)
{
BaseAddress = Options.ServerBaseUri,
Timeout = Options.RequestTimeout
};
}
public async Task Invoke(HttpContext httpContext, WebhooksAuthorizationOptions options)
{
if (httpContext.Request.Path.StartsWithSegments(options.Segments) && httpContext.Request.Method.ToUpper() != "GET")
{
if (httpContext.Request.Headers.ContainsKey(WebhooksHttpClient.PayloadSignatureHeaderName) && !String.IsNullOrWhiteSpace(options.PayloadSigningSecret))
{
httpContext.Request.EnableBuffering();
var requestPayload = new byte[Convert.ToInt32(httpContext.Request.ContentLength)];
await httpContext.Request.Body.ReadAsync(requestPayload, 0, requestPayload.Length).ConfigureAwait(false);
httpContext.Request.Body.Position = 0;
if (httpContext.Request.Headers[WebhooksHttpClient.PayloadSignatureHeaderName] != WebhooksHttpClient.GetSignature(options.PayloadSigningSecret, Encoding.UTF8.GetString(requestPayload)))
{
httpContext.Response.ContentType = "application/json";
httpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
var error = await CreateResponseBodyAsync("The request payload does not match the request payload signature.").ConfigureAwait(false);
await httpContext.Response.Body.WriteAsync(error, 0, error.Length).ConfigureAwait(false);
return;
}
}
else
{
httpContext.Response.ContentType = "application/json";
httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
var error = await CreateResponseBodyAsync($"The '{WebhooksHttpClient.PayloadSignatureHeaderName}' request header or payload signing secret is missing.").ConfigureAwait(false);
await httpContext.Response.Body.WriteAsync(error, 0, error.Length).ConfigureAwait(false);
return;
}
}
await _next(httpContext);
}
