public async Task InvokeAsync(IMiddlewareContext context)
{
if (context.ContextData.TryGetValue(BewitTokenHeader.Value, out var objectToken) &&
objectToken is string bewitToken)
{
try
{
object payload = await _tokenValidator.ValidateBewitTokenAsync(
new BewitToken <T>(bewitToken),
context.RequestAborted);
_httpContextAccessor.SetBewitPayload(payload);
}
catch (Exception ex)
{
CreateError(context, ex);
}
await _next(context);
}
else
{
CreateError(context);
}
}
private async Task OnActionExecutingAsync(
ActionExecutingContext context,
CancellationToken cancellationToken)
{
List <ControllerParameterDescriptor> parameters =
context.ActionDescriptor.Parameters
.OfType <ControllerParameterDescriptor>()
.Where(p => p.ParameterInfo
.CustomAttributes.Any(a =>
a.AttributeType == typeof(FromBewitAttribute)))
.ToList();
IBewitTokenValidator <IDictionary <string, object> > tokenValidator =
GetBewitTokenValidator(context);
string bewitToken = GetBewitFromUrl(context);
IDictionary <string, object> bewit = await
tokenValidator.ValidateBewitTokenAsync(
new BewitToken <IDictionary <string, object> >(bewitToken),
cancellationToken);
foreach (ControllerParameterDescriptor param in parameters)
{
string bewitParameter
= bewit.Keys.LastOrDefault(b =>
string.Equals(b, param.Name,
StringComparison.CurrentCultureIgnoreCase));
if (bewitParameter != null)
{
context.ActionArguments[param.Name] = bewit[bewitParameter];
}
}
}
public async Task Invoke(HttpContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
BewitEndpointAttribute endpointAttribute =
context.GetEndpoint()?.Metadata.GetMetadata <BewitEndpointAttribute>();
if (endpointAttribute == null)
{
await _next(context);
return;
}
const string bewitQueryStringParameter = "bewit";
string bewitToken =
context.Request.Query[bewitQueryStringParameter];
if (string.IsNullOrEmpty(bewitToken))
{
Unauthorize(context);
return;
}
bewitToken = WebUtility.UrlDecode(bewitToken);
string payload;
try
{
payload = await _tokenValidator.ValidateBewitTokenAsync(
new BewitToken <string>(bewitToken),
context.RequestAborted);
}
catch (BewitException)
{
Unauthorize(context);
return;
}
string url = GetRelativeUrl(context, bewitQueryStringParameter);
if (!string.Equals(url, payload,
StringComparison.CurrentCultureIgnoreCase))
{
Unauthorize(context);
return;
}
await _next(context);
}
private async Task OnAuthorizationAsync(
AuthorizationFilterContext context,
CancellationToken cancellationToken)
{
const string bewitQueryStringParameter = "bewit";
IBewitTokenValidator <string> tokenValidator =
GetBewitTokenValidator(context);
string path = GetRelativeUrl(context, bewitQueryStringParameter);
string bewitToken =
context.HttpContext.Request.Query[bewitQueryStringParameter];
if (bewitToken != null)
{
bewitToken = WebUtility.UrlDecode(bewitToken);
string payload;
try
{
payload = await tokenValidator.ValidateBewitTokenAsync(
new BewitToken <string>(bewitToken),
cancellationToken);
}
catch (BewitException)
{
Unauthorize(context);
return;
}
if (string.Equals(path, payload,
StringComparison.CurrentCultureIgnoreCase))
{
return;
}
}
Unauthorize(context);
}
