public static bool Check(IOwinContext ctx)
{
if (ctx.Request.Headers["_Autorize"] != null)
{
string[] base_path = ctx.Request.PathBase.ToString().Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
if (base_path.Length < 2)
{
return(false);
}
string jwt = ctx.Request.Headers["_Autorize"].ToString();
if (String.IsNullOrEmpty(jwt))
{
return(false);
}
Dictionary <string, object> claims = Jwt.Decode(jwt);
if (claims == null)
{
return(false);
}
if (Jwt.Check(claims, null, null))
{
return(true);
}
}
return(true);
}
public static Dictionary <string, object> Check(System.Web.HttpContext context,
string role, string secret = null)
{
String token = context.Authorization();
if (token == null)
{
token = context.Request.QueryString.Get(".jwt");
}
if (token == null)
{
token = context.Request.Cookies.Get(".jwt")?.Value;
}
return(Jwt.Check(token, role, context.Request.UserHostAddress, secret));
}
public static Dictionary <string, object> Check(Microsoft.Owin.IOwinContext context,
string role, string secret = null)
{
String token = context.Request.Query.Get(".jwt");
if (token == null)
{
token = context.Request.Headers["Authorization"];
if (token != null)
{
if (token.StartsWith("Bearer"))
{
token = token.Remove(0, "Bearer".Length);
}
token = token.Trim();
}
}
return(Jwt.Check(token, role, context.Request.RemoteIpAddress, secret));
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext.Request.Cookies["_Autorize"] == null)
{
return(false);
}
string jwt = httpContext.Request.Cookies["_Autorize"].Value;
if (String.IsNullOrEmpty(jwt))
{
return(false);
}
Dictionary <string, object> claims = Jwt.Decode(jwt);
if (claims == null)
{
return(false);
}
if (Jwt.Check(claims, this.Role, null))
{
string[] base_path = httpContext.Request.Url.AbsolutePath.ToString().Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
string controller = String.Empty;
string action = "";
if (base_path.Length == 0)
{
controller = "roulet";
}
else
{
controller = base_path[0];
action = base_path[1];
}
object user_access_level;
if (!claims.TryGetValue("access_level", out user_access_level))
{
return(false);
}
if ((controller == "roulet") && (Convert.ToInt32(user_access_level) == 0 ||
Convert.ToInt32(user_access_level) == 1 ||
Convert.ToInt32(user_access_level) == 2))
{
return(true);
}
else if ((controller == "games") &&
(Convert.ToInt32(user_access_level) == (int)AccessLevel.Admin))
{
return(true);
}
else if ((controller == "logs") && (Convert.ToInt32(user_access_level) == 3))
{
return(true);
}
else if ((controller == "users") && (Convert.ToInt32(user_access_level) == 3))
{
return(true);
}
else if ((controller == "roulet" && action == "managepoints"))
{
return(true);
}
else if ((controller == "games" && action == "managepoints"))
{
return(true);
}
return(false);
}
return(true);
}
