public CategoriesModule(NorthwindEntities context)
: base("api")
{
SetupContext(context);
//Before += ctx => OAuthChecker.CheckOAuth(ctx);
Get[@"/Categories"] = r => GetCategories();
Get[@"/Categories/{id}"] = r => GetCategory(r);
Put[@"/Categories/{id}"] = r => PutCategory(r);
Post[@"/Categories"] = r => PostCategory(r);
Delete[@"/Categories/{id}"] = r => DeleteCategory(r);
}
internal static dynamic CheckOAuth( NancyContext ctx)
{
try
{
string query = ctx.Request.Url.Query;
var qs = HttpUtility.ParseQueryString(query);
var auth = new OAuth();
string clientID = qs.Get("cid");
string clientSignature = qs.Get("cs");
string clientTimestamp = qs.Get("cts");
if (string.IsNullOrEmpty(clientID) || string.IsNullOrEmpty(clientSignature) || string.IsNullOrEmpty(clientTimestamp))
throw new Exception("You must supply valid authentication arguments to access method!");
qs.Remove("cs");
var original = ctx.Request.Url.SiteBase + ctx.Request.Url.Path + ConstructQueryString(qs);
int ts = int.Parse(clientTimestamp);
int now = int.Parse(auth.GenerateTimeStamp());
if ((now - ts) > 60) throw new Exception("Invalid Timestamp");
using (var db = new NorthwindEntities())
{
var clientSecret = "j98byb78yg78n";
string normalized;
string normalizedParams;
var signature = auth.GenerateSignature(new Uri(original), clientID, clientSecret,
null, null, ctx.Request.Method, clientTimestamp, null, Api.OAuth.OAuth.SignatureTypes.HMACSHA1, out normalized, out normalizedParams);
if (!signature.Equals(clientSignature)) throw new Exception("Authentication failed!");
}
return ctx.Response;
}
catch (Exception ex)
{
return HttpStatusCode.Unauthorized;
}
}
private void SetupContext(NorthwindEntities context)
{
_db = context;
_db.Configuration.ProxyCreationEnabled = false;
JsonSettings.MaxJsonLength = Int32.MaxValue;
}