public async Task InvokeAsync(HttpContext context)
{
Console.WriteLine(">>>>>>>>>>>>>>>>>>> from class middle ware ");
var cookies = context.Request.Cookies;
//TODO: we need to figure out some way that we don't have to replicate the logic for authorization here.
if (cookies.TryGetValue(Constants.AuthCookieName, out var value))
{
Console.WriteLine($"path: {context.Request.Path}\nmethod: {context.Request.Method}");
UserAuthDto userAuthDto = null;
if (_userUtils.TryValidatedAuthCookie(value, out userAuthDto))
{
var shouldThrottle = await _rateLimiter.ShouldThrottle(context.Request.Method, context.Request.Path, userAuthDto.UserId.ToString());
if (shouldThrottle)
{
Console.WriteLine("throttling the api");
context.Response.StatusCode = 429;
return;
}
}
}
Console.WriteLine("next middleware in the pipleine is called");
await _next(context);
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var cookies = context.HttpContext.Request.Cookies;
cookies.TryGetValue(Constants.AuthCookieName, out var value);
UserAuthDto userAuthDto = null;
if (!_userUtils.TryValidatedAuthCookie(value, out userAuthDto))
{
context.Result = new UnauthorizedResult();
return;
}
Console.WriteLine(">>>>>>>>>>>>>authorization cleared <<<<<<<<<<<<<<<");
context.HttpContext.Items.Add(Constants.AuthenticatedUserKey, userAuthDto);
return;
}