/// <summary>
/// Checks for the presence of API Key that is configured in Freshchat webhook.
/// </summary>
/// <param name="context"></param>
void IAuthorizationFilter.OnAuthorization(AuthorizationFilterContext context)
{
var freshChatHeaderPresent = context.HttpContext.Request.Headers.Keys.Where(k => string.Compare(k, "X-Freshchat-Signature", true) == 0);
if (!freshChatHeaderPresent.Any())
{
context.Result = new BadRequestObjectResult("Missing X-Freshchat-Signature header.");
}
else
{
Microsoft.Extensions.Primitives.StringValues apiKeyValues = default(Microsoft.Extensions.Primitives.StringValues);
if (context.HttpContext.Request.Query.TryGetValue("freshchatAPIKey", out apiKeyValues))
{
if (apiKeyValues.Count > 0)
{
string apiKey = apiKeyValues[0];
IFreshChatClientService freshChatClient = (IFreshChatClientService)context.HttpContext.RequestServices.GetService(typeof(IFreshChatClientService));
if (!freshChatClient.VerifyCall(apiKey))
{
context.Result = new UnauthorizedResult();
}
}
else
{
context.Result = new BadRequestObjectResult("Missing freshchatAPIKey.");
}
}
else
{
context.Result = new BadRequestObjectResult("Missing freshchatAPIKey.");
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="FreshChatController"/> class.
/// </summary>
/// <param name="freshChatClientService">Will be injected by DI.</param>
public FreshChatController(IFreshChatClientService freshChatClientService)
{
_freshChatClientService = freshChatClientService;
}