async Task ValidateApiRoleResourceRole(HttpContext context, ApiResourceRouteEntity apiResourceRouteEntity, JwtSecurityToken jwtSecurityToken = null)
{
try
{
var apiRoleResourceRoutes = _restneerCacheService.GetApRoleResourceRoute();
var apiRoleResourceRoute = apiRoleResourceRoutes.Where(
x => x.ApiRole.Id == Convert.ToInt64(jwtSecurityToken.Issuer) &&
x.ApiResourceRoute.Id == apiResourceRouteEntity.Id
).ToList();
if (!apiRoleResourceRoute.Any())
{
await RespondError(context, "You do not have the permission to call this resource.", HttpStatusCode.Forbidden);
}
if (apiResourceRouteEntity.IsLogged)
{
LogRequest(context, apiResourceRouteEntity, apiRoleResourceRoute.ElementAt(0), jwtSecurityToken);
}
return;
}
catch
{
throw;
}
}
async Task ValidateAuthorization(HttpContext context, RequestDelegate next, ApiResourceRouteEntity apiResourceRoute)
{
try
{
var authorizationHeader = (string)context.Request.Headers["Authorization"];
if (authorizationHeader == null)
{
await RespondError(context, "Invalid authorization token", HttpStatusCode.Forbidden);
return;
}
var parts = authorizationHeader.Split(" ");
var audience = $"{context.Request.Scheme}://{context.Request.Host.Value}";
if (parts.Length != 2)
{
await RespondError(context, "Invalid authorization token", HttpStatusCode.Forbidden);
return;
}
var jwtToken = _jwtUtility.DecodeJwt(parts[1]);
if (jwtToken == null)
{
await RespondError(context, "Invalid authorization token", HttpStatusCode.Forbidden);
return;
}
var isValidToken = _jwtUtility.ValidateJwt(parts[1], Configuration.GetSection("Server:Jwt:SecretKey").Value, audience, jwtToken.Issuer);
if (parts[0] != "Bearer" || !isValidToken)
{
await RespondError(context, "Invalid authorization token", HttpStatusCode.Forbidden);
}
else
{
await ValidateApiRoleResourceRole(context, apiResourceRoute, jwtToken);
await next(context);
}
return;
}
catch
{
throw;
}
}
void LogRequest(HttpContext context, ApiResourceRouteEntity apiResourceRoute, ApiRoleResourceRouteEntity apiRoleResourceRoute = null, JwtSecurityToken jwtSecurityToken = null)
{
try
{
var logObj = new
{
// body = await context.ReadAsStringAsync(),
cookie = context.Request.Cookies,
query = context.Request.QueryString.Value,
headers = context.Request.Headers,
apiResourceRoute,
apiRoleResourceRoute,
jwtSecurityToken,
timestamp = DateTime.UtcNow
};
Logger.LogInformation(JsonConvert.SerializeObject(logObj));
}
catch
{
throw;
}
}
