public static HttpRequestMessage CreateProxyHttpRequest(HttpContext context, Uri uri)
{
var request = context.Request;
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
foreach (var header in request.Headers)
{
if (NotForwardedHttpHeaders.Contains(header.Key, StringComparer.OrdinalIgnoreCase))
{
continue;
}
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
private static bool CanRequestContainBody(string requestMethod)
{
return(!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod));
}
private static HttpRequestMessage CreateHttpRequestMessage(HttpRequest request, string requestUri)
{
var httpRequestMessage = new HttpRequestMessage(new HttpMethod(request.Method), requestUri);
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
httpRequestMessage.Content = new StreamContent(request.Body);
}
foreach (var header in request.Headers)
{
if (!httpRequestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()))
{
httpRequestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
return(httpRequestMessage);
}
public static HttpRequestMessage Forward(this HttpRequest request, Uri uri)
{
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
request.Body.Position = 0;
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
foreach (var header in request.Headers)
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
internal static HttpRequestMessage CreateProxyHttpRequest(this HttpRequest request)
{
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
// Copy the request headers
foreach (var header in request.Headers)
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()))
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
public void Inspect(RequestAnalysisContext context, CancellationToken cancellationToken)
{
var method = context.Request.Method;
if (!HttpMethods.IsGet(method) &&
!HttpMethods.IsHead(method) &&
!HttpMethods.IsOptions(method) &&
!HttpMethods.IsPost(method) &&
!HttpMethods.IsDelete(method) &&
!HttpMethods.IsPut(method) &&
!HttpMethods.IsPatch(method) &&
!HttpMethods.IsConnect(method)
)
{
// TRACE must be disabled
if (HttpMethods.IsTrace(method))
{
context.ReportDiagnostic(new Diagnostic(RuleTrace, Location.Method));
return;
}
// unknown method
context.ReportDiagnostic(new Diagnostic(Rule, Location.Method));
// Apache directory listing exploit
if (method.Equals("GETS", StringComparison.OrdinalIgnoreCase))
{
context.ReportDiagnostic(new Diagnostic(RuleGets, Location.Method));
}
}
}
internal HttpRequestMessage CreateProxyRequestMessage(HttpContext context, Uri destinationUri)
{
HttpRequest request = context.Request;
var requestMessage = new HttpRequestMessage();
string requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
foreach (var header in request.Headers)
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.RequestUri = destinationUri;
requestMessage.Headers.Host = destinationUri.Authority;
requestMessage.Method = new HttpMethod(requestMethod);
return(requestMessage);
}
/// <summary>
/// Creates the proxy HTTP request.
/// </summary>
/// <param name="_self">The self.</param>
/// <param name="uri">The URI.</param>
/// <returns>HttpRequestMessage.</returns>
public static HttpRequestMessage CreateProxyHttpRequest(this HttpContext _self, Uri uri)
{
var result = new HttpRequestMessage();
var request = _self.Request;
var requestMethod = _self.Request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
result.Content = streamContent;
}
// Copy the request headers
foreach (var header in request.Headers)
{
if (!result.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && result.Content is not null)
{
result.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
result.Headers.Host = uri.Authority;
result.RequestUri = uri;
result.Method = new HttpMethod(request.Method);
return(result);
}
private static HttpRequestMessage CreateProxyHttpRequest(HttpRequest request, Uri uri)
{
var requestMessage = new HttpRequestMessage();
if (!HttpMethods.IsGet(request.Method) &&
!HttpMethods.IsHead(request.Method) &&
!HttpMethods.IsDelete(request.Method) &&
!HttpMethods.IsTrace(request.Method))
{
requestMessage.Content = new StreamContent(request.Body);
}
// Copy the request headers
foreach (var header in request.Headers)
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
public static HttpRequestMessage ToHttpRequestMessage(this HttpContext context)
{
var request = context.Request;
var uri = new Uri(request.GetDisplayUrl());
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
// Copy the request headers
foreach (var header in request.Headers)
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(request.Method);
requestMessage.Properties["MS_IsLocal"] = IPAddress.IsLoopback(request.HttpContext.Connection.RemoteIpAddress);
requestMessage.Properties["RemoteEndPoint"] = new IPEndPoint(request.HttpContext.Connection.RemoteIpAddress, request.HttpContext.Connection.RemotePort);
return(requestMessage);
}
internal static HttpRequestMessage CreateProxyHttpRequest(this HttpRequest request)
{
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
// Copy the request headers *except* x-forwarded-* headers.
foreach (var header in request.Headers)
{
if (header.Key.StartsWith("X-Forwarded-", StringComparison.OrdinalIgnoreCase))
{
continue;
}
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()))
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
private static HttpMethod GetMethod(string method)
{
if (HttpMethods.IsDelete(method))
{
return(HttpMethod.Delete);
}
if (HttpMethods.IsGet(method))
{
return(HttpMethod.Get);
}
if (HttpMethods.IsHead(method))
{
return(HttpMethod.Head);
}
if (HttpMethods.IsOptions(method))
{
return(HttpMethod.Options);
}
if (HttpMethods.IsPost(method))
{
return(HttpMethod.Post);
}
if (HttpMethods.IsPut(method))
{
return(HttpMethod.Put);
}
if (HttpMethods.IsTrace(method))
{
return(HttpMethod.Trace);
}
return(new HttpMethod(method));
}
private static HttpRequestMessage CreateProxyHttpRequest(this HttpContext context, string uriString)
{
var uri = new Uri(uriString);
var request = context.Request;
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
// Write to request conent, when necessary.
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
// Copy the request headers.
foreach (var header in context.Request.Headers)
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()))
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
private void CopyFromOriginalRequestContentAndHeaders(HttpContext context, HttpRequestMessage requestMessage)
{
var requestMethod = context.Request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
requestMessage.Content = new StreamContent(context.Request.Body);
}
if (requestMessage.Content != null)
{
foreach (var header in context.Request.Headers)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
else
{
foreach (string key in context.Request.Headers.Keys)
{
requestMessage.Headers.TryAddWithoutValidation(key, context.Request.Headers[key].ToString());
}
}
}
private HttpRequestMessage BuildRequestMessage(HttpContext context, Uri requestUri)
{
var request = new HttpRequestMessage
{
RequestUri = requestUri,
Method = GetMethod(context.Request.Method)
};
var method = context.Request.Method;
if (!HttpMethods.IsGet(method) &&
!HttpMethods.IsHead(method) &&
!HttpMethods.IsDelete(method) &&
!HttpMethods.IsTrace(method))
{
var streamContent = new StreamContent(context.Request.Body);
request.Content = streamContent;
}
foreach (var header in context.Request.Headers)
{
request.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", _authenticator.GetAccessToken());
//request.Content?.Headers.TryAddWithoutValidation("OData-MaxVersion", "4.0");
//request.Content?.Headers.TryAddWithoutValidation("OData-Version", "4.0");
// request.Content?.Headers.TryAddWithoutValidation("Content-Type", "application/json");
request.Headers.Host = requestUri.Host;
return(request);
}
private static void CopyFromOriginalRequestContentAndHeaders(HttpContext context, HttpRequestMessage requestMessage)
{
var requestMethod = context.Request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(context.Request.Body);
requestMessage.Content = streamContent;
foreach (var(key, value) in context.Request.Headers)
{
requestMessage.Content.Headers.TryAddWithoutValidation(key, value.ToArray());
}
}
else
{
foreach (var(key, value) in context.Request.Headers)
{
requestMessage.Headers.TryAddWithoutValidation(key, value.ToArray());
}
}
}
/// <summary>
/// Генерация заголовков
/// </summary>
/// <param name="request"></param>
/// <param name="uri"></param>
/// <returns></returns>
private static HttpRequestMessage CreateProxyHttpRequest(Microsoft.AspNetCore.Http.HttpRequest request, Uri uri)
{
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
// Copy the request headers
foreach (var header in request.Headers)
{
if (string.Compare(header.Key, "port", StringComparison.OrdinalIgnoreCase) == 0)
{
continue;
}
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
private HttpRequestMessage ConvertHttpRequestToHttpRequestMessage(HttpRequest request)
{
var uri = new Uri(request.GetDisplayUrl());
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
// Copy the request headers
foreach (var header in request.Headers)
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
public static HttpRequestMessage CreateProxyRequest(this HttpContext context, Uri uri)
{
var request = context.Request;
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
// Copy the request headers
foreach (var header in request.Headers)
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.TryAddWithoutValidation("X-Forwarded-Host", context.Request.Host.ToString());
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(request.Method);
return(requestMessage);
}
public async Task Invoke(HttpContext context)
{
if (!HttpMethods.IsGet(context.Request.Method) &&
!HttpMethods.IsHead(context.Request.Method) &&
!HttpMethods.IsDelete(context.Request.Method) &&
!HttpMethods.IsTrace(context.Request.Method) &&
context.Request.ContentLength > 0)
{
//This line allows us to set the reader for the request back at the beginning of its stream.
context.Request.EnableRewind();
var buffer = new byte[Convert.ToInt32(context.Request.ContentLength)];
await context.Request.Body.ReadAsync(buffer, 0, buffer.Length);
var bodyAsText = Encoding.UTF8.GetString(buffer);
var secondRequest = JObject.Parse(bodyAsText);
secondRequest["token"] = "test";
secondRequest["newId"] = Guid.NewGuid();
var requestContent = new StringContent(secondRequest.ToString(), Encoding.UTF8, "application/json");
context.Request.Body = await requestContent.ReadAsStreamAsync();
}
await _next(context);
}
private HttpRequestMessage CloneRequest(HttpRequest request, string uri)
{
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(request.Body);
requestMessage.Content = streamContent;
}
requestMessage.RequestUri = new Uri(uri, UriKind.Relative);
requestMessage.Method = new HttpMethod(request.Method);
requestMessage.Content?.Headers.Add("Content-Type", request.ContentType);
if (request.ContentLength.HasValue)
{
requestMessage.Headers.TryAddWithoutValidation("Content-Length", request.ContentLength.Value.ToString());
}
return(requestMessage);
}
private async void CopyFromOriginalRequestContentAndHeaders(HttpContext context, HttpRequestMessage requestMessage)
{
var requestMethod = context.Request.Method;
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(context.Request.Body);
if (!string.IsNullOrEmpty(context.Request.ContentType))
{
streamContent.Headers.Add("Content-Type", context.Request.ContentType);
}
requestMessage.Content = streamContent;
#region 因为请求数据类型不对导致访问失败的尝试
//if (context.Request.ContentType== "application/json;charset=UTF-8")
//{
// var reader = new StreamReader(context.Request.Body);
// var content = await reader.ReadToEndAsync();
// requestMessage.Content = new StringContent(content, Encoding.UTF8, "application/json");
//}
//else if(context.Request.ContentType.Contains("multipart/form-data;"))
//{
// //var stream = context.Request.Body;
// //byte[] buffer = new byte[(int)context.Request.ContentLength];
// //stream.Read(buffer, 0, buffer.Length);
// //var formContent = new MultipartFormDataContent();
// //formContent.Add(new ByteArrayContent(buffer));
// //using (var fs =new FileStream("test.xlsx",FileMode.OpenOrCreate))
// //{
// // await fs.WriteAsync(buffer);
// //}
// var formContent = new MultipartFormDataContent();
// formContent.Add(new StreamContent(context.Request.Body));
// formContent.Headers
// requestMessage.Content = formContent;
//}
#endregion
}
foreach (var header in context.Request.Headers)
{
requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
/// <inheritdoc />
public async Task <bool> IsRequestValidAsync(HttpContext httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException(nameof(httpContext));
}
CheckSSLConfig(httpContext);
var method = httpContext.Request.Method;
if (HttpMethods.IsGet(method) ||
HttpMethods.IsHead(method) ||
HttpMethods.IsOptions(method) ||
HttpMethods.IsTrace(method))
{
// Validation not needed for these request types.
return(true);
}
var tokens = await _tokenStore.GetRequestTokensAsync(httpContext);
if (tokens.CookieToken == null)
{
_logger.MissingCookieToken(_options.Cookie.Name);
return(false);
}
if (tokens.RequestToken == null)
{
_logger.MissingRequestToken(_options.FormFieldName, _options.HeaderName);
return(false);
}
// Extract cookie & request tokens
if (!TryDeserializeTokens(httpContext, tokens, out var deserializedCookieToken, out var deserializedRequestToken))
{
return(false);
}
// Validate
var result = _tokenGenerator.TryValidateTokenSet(
httpContext,
deserializedCookieToken,
deserializedRequestToken,
out var message);
if (result)
{
_logger.ValidatedAntiforgeryToken();
}
else
{
_logger.ValidationFailed(message !);
}
return(result);
}
private async Task HandleHttpRequest(HttpContext context)
{
var requestMessage = new HttpRequestMessage();
var requestMethod = context.Request.Method;
var methodHeader = context.Request.Headers.FirstOrDefault(x => XHTTPMethodOverride.Equals(x.Key, StringComparison.OrdinalIgnoreCase)).Value;
if (methodHeader != Microsoft.Extensions.Primitives.StringValues.Empty)
{
requestMethod = methodHeader;
}
var httpMethod = new HttpMethod(requestMethod);
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
var streamContent = new StreamContent(context.Request.Body);
requestMessage.Content = streamContent;
}
// Copy the request headers
foreach (var header in context.Request.Headers.Where(x => !XHTTPMethodOverride.Equals(x.Key, StringComparison.OrdinalIgnoreCase)))
{
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()) && requestMessage.Content != null)
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
requestMessage.Headers.Host = _hostWithPort;
//var uriString = $"{_options.Scheme}://{_options.Host}:{_options.Port}{context.Request.PathBase}{context.Request.Path}{context.Request.QueryString}";
var uriString = $"{_options.Scheme}://{_options.Host}:{_options.Port}{context.Request.Path}{context.Request.QueryString}";
requestMessage.RequestUri = new Uri(uriString);
requestMessage.Method = httpMethod;
using (var responseMessage = await _httpClient.SendAsync(requestMessage, HttpCompletionOption.ResponseHeadersRead, context.RequestAborted))
{
context.Response.StatusCode = (int)responseMessage.StatusCode;
foreach (var header in responseMessage.Headers)
{
context.Response.Headers[header.Key] = header.Value.ToArray();
}
foreach (var header in responseMessage.Content.Headers)
{
context.Response.Headers[header.Key] = header.Value.ToArray();
}
// SendAsync removes chunking from the response. This removes the header so it doesn't expect a chunked response.
context.Response.Headers.Remove("transfer-encoding");
await responseMessage.Content.CopyToAsync(context.Response.Body);
}
}
private static bool ShouldValidate(HttpContext context)
{
// as seen on https://github.com/aspnet/AspNetCore/blob/release/3.0/src/Mvc/Mvc.ViewFeatures/src/Filters/AutoValidateAntiforgeryTokenAuthorizationFilter.cs
var method = context.Request.Method;
return(!(HttpMethods.IsGet(method) ||
HttpMethods.IsHead(method) ||
HttpMethods.IsTrace(method) ||
HttpMethods.IsOptions(method)));
}
private static HttpRequestMessage CreateProxiedHttpRequest(this HttpContext context, string uriString, bool shouldAddForwardedHeaders)
{
var uri = new Uri(uriString);
var request = context.Request;
var requestMessage = new HttpRequestMessage();
var requestMethod = request.Method;
var usesStreamContent = true; // When using other content types, they specify the Content-Type header, and may also change the Content-Length.
// Write to request content, when necessary.
if (!HttpMethods.IsGet(requestMethod) &&
!HttpMethods.IsHead(requestMethod) &&
!HttpMethods.IsDelete(requestMethod) &&
!HttpMethods.IsTrace(requestMethod))
{
if (request.HasFormContentType)
{
usesStreamContent = false;
requestMessage.Content = request.Form.ToHttpContent(request.ContentType);
}
else
{
requestMessage.Content = new StreamContent(request.Body);
}
}
// Copy the request headers.
foreach (var header in request.Headers)
{
if (!usesStreamContent && (header.Key.Equals("Content-Type", StringComparison.OrdinalIgnoreCase) || header.Key.Equals("Content-Length", StringComparison.OrdinalIgnoreCase)))
{
continue;
}
if (!requestMessage.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray()))
{
requestMessage.Content?.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
}
}
// Add forwarded headers.
if (shouldAddForwardedHeaders)
{
AddForwardedHeadersToHttpRequest(context, requestMessage);
}
// Set destination and method.
requestMessage.Headers.Host = uri.Authority;
requestMessage.RequestUri = uri;
requestMessage.Method = new HttpMethod(requestMethod);
return(requestMessage);
}
static bool SetupMethodAndContent(HttpRequest request, HttpRequestMessage proxiedMessage)
{
var hasContent = false;
var requestMethod = request.Method;
// Try to use the static HttpMethods rather than creating a new one.
if (HttpMethods.IsGet(requestMethod))
{
proxiedMessage.Method = HttpMethod.Get;
}
else if (HttpMethods.IsHead(requestMethod))
{
proxiedMessage.Method = HttpMethod.Head;
}
else if (HttpMethods.IsDelete(requestMethod))
{
proxiedMessage.Method = HttpMethod.Delete;
}
else if (HttpMethods.IsTrace(requestMethod))
{
proxiedMessage.Method = HttpMethod.Trace;
}
else
{
hasContent = true;
if (HttpMethods.IsPost(requestMethod))
{
proxiedMessage.Method = HttpMethod.Post;
}
else if (HttpMethods.IsOptions(requestMethod))
{
proxiedMessage.Method = HttpMethod.Options;
}
else if (HttpMethods.IsPut(requestMethod))
{
proxiedMessage.Method = HttpMethod.Put;
}
else if (HttpMethods.IsPatch(requestMethod))
{
proxiedMessage.Method = HttpMethod.Patch;
}
else
{
proxiedMessage.Method = new HttpMethod(request.Method);
}
proxiedMessage.Content = new StreamContent(request.Body);
}
return(hasContent);
}
private static void SetProxyRequestBody(HttpRequestMessage requestMessage, HttpContext context)
{
var requestMethod = context.Request.Method;
if (HttpMethods.IsGet(requestMethod) ||
HttpMethods.IsHead(requestMethod) ||
HttpMethods.IsDelete(requestMethod) ||
HttpMethods.IsTrace(requestMethod))
{
return;
}
requestMessage.Content = new StreamContent(context.Request.Body);
}
private static void SetProxyRequestBody(HttpRequestMessage requestMessage, HttpContext context)
{
var requestMethod = context.Request.Method;
//previously had DELETE as a part of this but we were actually passing up body content as part of our delete wallet calls :-|
if (HttpMethods.IsGet(requestMethod) ||
HttpMethods.IsHead(requestMethod) ||
HttpMethods.IsTrace(requestMethod))
{
return;
}
requestMessage.Content = new StreamContent(context.Request.Body);
}
public async void HealthCheck_Get_Status200(string method)
{
var response = await _client.SendAsync(new HttpRequestMessage(new HttpMethod(method), "api/_system/healthcheck"));
if (!HttpMethods.IsHead(method) &&
!HttpMethods.IsDelete(method) &&
!HttpMethods.IsTrace(method))
{
Assert.Equal("system_ok", await response.Content.ReadAsStringAsync());
}
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
