public static bool IsAuthorizedFor(this IHttpRequest request,
Uri claimType, string claimValue)
{
var jwtString = request.GetAuthorization();
if (jwtString.IsNullOrWhiteSpace())
{
return(false);
}
return(jwtString.GetClaimsJwtString(
claims =>
{
var providedClaims = claims
.Where(claim => String.Compare(claim.Type, claimType.OriginalString) == 0)
.SelectMany(claim => claim.Value.Split(','.AsArray()))
.Select(claimValue => claimValue.Trim())
.ToArray();
var requiredClaims = claimValue.Split(','.AsArray());
var matchedAllClaims = requiredClaims.Except(providedClaims).Count() == 0;
return matchedAllClaims;
//return claims.First(
// (claim, next) =>
// {
// if (String.Compare(claim.Type, claimType.OriginalString) == 0)
// {
// if(claim.Value.Split(','.AsArray()).Contains(claimValue))
// return true;
// }
// return next();
// },
// () => false);
},
(why) => false));
}
public Task <IHttpResponse> Instigate(IApplication httpApp,
IHttpRequest request,
ParameterInfo parameterInfo,
Func <object, Task <IHttpResponse> > onSuccess)
{
return(EastFive.Web.Configuration.Settings.GetString(AppSettings.ApiKey,
(authorizedApiKey) =>
{
var queryParams = request.GetAbsoluteUri().ParseQueryString();
if (queryParams["ApiKeySecurity"] == authorizedApiKey)
{
return onSuccess(new Controllers.ApiSecurity
{
key = queryParams["ApiKeySecurity"],
});
}
var authorization = request.GetAuthorization();
if (authorization == authorizedApiKey)
{
return onSuccess(new Controllers.ApiSecurity
{
key = authorization,
});
}
return request.CreateResponse(HttpStatusCode.Unauthorized).AsTask();
},
(why) => request.CreateResponse(HttpStatusCode.Unauthorized).AddReason(why).AsTask()));
}
public static bool IsAuthorizedFor(this IHttpRequest request,
string claimType)
{
var jwtString = request.GetAuthorization();
if (jwtString.IsNullOrWhiteSpace())
{
return(false);
}
return(jwtString.GetClaimsJwtString(
claims =>
{
return claims.First(
(claim, next) =>
{
if (String.Compare(claim.Type, claimType) == 0)
{
return true;
}
return next();
},
() => false);
},
(why) => false));
}
public static bool TryParseJwt(this IHttpRequest request,
out System.IdentityModel.Tokens.Jwt.JwtSecurityToken securityToken)
{
securityToken = default;
var jwtString = request.GetAuthorization();
if (jwtString.IsNullOrWhiteSpace())
{
return(false);
}
var kvp = jwtString.ParseJwtString(
st => st.PairWithKey(true),
(why) => default);
securityToken = kvp.Value;
return(kvp.Key);
}
public Task <IHttpResponse> HandleRouteAsync(Type controllerType, IInvokeResource resourceInvoker,
IApplication httpApp, IHttpRequest request,
RouteHandlingDelegate continueExecution)
{
if (!request.RequestUri.TryGetQueryParam(
AccessTokenAccountExtensions.QueryParameter,
out string accessToken))
{
return(continueExecution(controllerType, httpApp, request));
}
if (request.GetAuthorization().HasBlackSpace())
{
return(continueExecution(controllerType, httpApp, request));
}
return(request.RequestUri.ValidateAccessTokenAccount(
accessTokenInfo =>
{
return EastFive.Security.AppSettings.TokenScope.ConfigurationUri(
scope =>
{
var tokenExpiration = TimeSpan.FromMinutes(1.0);
request.RequestUri = request.RequestUri.RemoveQueryParameter(
AccessTokenAccountExtensions.QueryParameter);
var sessionId = accessTokenInfo.sessionId;
var authId = accessTokenInfo.accountId;
var duration = accessTokenInfo.expirationUtc - DateTime.UtcNow;
return JwtTools.CreateToken(sessionId, authId, scope, duration,
tokenCreated:
(tokenNew) =>
{
request.SetAuthorization(tokenNew);
return continueExecution(controllerType, httpApp, request);
},
missingConfigurationSetting:
(configName) => continueExecution(controllerType, httpApp, request),
invalidConfigurationSetting:
(configName, issue) => continueExecution(controllerType, httpApp, request));
},
(why) => continueExecution(controllerType, httpApp, request),
() => continueExecution(controllerType, httpApp, request));
},
onAccessTokenNotProvided: () => continueExecution(controllerType, httpApp, request),
onAccessTokenInvalid:
() =>
{
return request
.CreateResponse(System.Net.HttpStatusCode.Forbidden)
.AddReason("Access token is invalid")
.AsTask();
},
onAccessTokenExpired:
() =>
{
return request
.CreateResponse(System.Net.HttpStatusCode.Forbidden)
.AddReason("Access token is expired")
.AsTask();
},
onInvalidSignature:
() =>
{
return request
.CreateResponse(System.Net.HttpStatusCode.Forbidden)
.AddReason("Access token has an invalid signature")
.AsTask();
},
onSystemNotConfigured: () => continueExecution(controllerType, httpApp, request)));
}
