private async Task <Payload> CreateAndValidatePayloadAsync(Rule rule, HttpRequest request)
{
var payloadContent = rule switch
{
GitHubRule gitHubRule => await ReadAndValidateContentFromGitHubAsync(gitHubRule, request),
AzureDevOpsRule azureDevopsRule => await ReadAndValidateContentFromAzureDevOpsAsync(azureDevopsRule, request),
_ => await ReadAndValidateContentFromGenericAsync(rule, request)
};
var payload = new Payload(request.Headers, payloadContent);
return(payload);
}
private async Task <byte[]> ReadAndValidateContentFromAzureDevOpsAsync(AzureDevOpsRule rule, HttpRequest request)
{
var payloadContent = await ReadAndValidateContentFromGenericAsync(rule, request);
var credentialHash = await GetSecretAsync(rule.CredentialHash);
var credentialSalt = await GetSecretAsync(rule.CredentialSalt);
var authorizationHeader = request.Headers["Authorization"].ToString();
var base64EncodedCredentials = authorizationHeader.Replace("Basic ", "");
var base64EncodedCredentialsWithSalt = $"{base64EncodedCredentials}{credentialSalt}";
var base64EncodedCredentialsWithSaltBytes = Encoding.UTF8.GetBytes(base64EncodedCredentialsWithSalt);
var generatedCredentialHashBytes = sha256.ComputeHash(base64EncodedCredentialsWithSaltBytes);
var generatedCredentialHash = Convert.ToBase64String(generatedCredentialHashBytes);
if (credentialHash != generatedCredentialHash)
{
throw new RouterAuthorizationException("Credential validation failed.");
}
return(payloadContent);
}
private async Task <byte[]> ReadAndValidateContentFromAzureDevOpsAsync(AzureDevOpsRule rule, HttpRequest request)
{
var payloadContent = await ReadAndValidateContentFromGenericAsync(rule, request);
return(payloadContent);
}