public async Task Invoke(HttpContext httpContext, IClientAuthorizeBusiness bizAuthorize, CurrentProcess process)
{
var path = httpContext.Request.Path;
if (!path.HasValue)
{
httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return;
}
if (!_listPathByPass.Any(a => path.Value.StartsWith(a)))
{
var headers = ClientAuthorizeModel.Create(
httpContext.Request.Headers["X-my8-Key"].FirstOrDefault(),
httpContext.Request.Headers["X-my8-Signature"].FirstOrDefault());
var personId = httpContext.Request.Headers["X-my8-PersonId"].FirstOrDefault();
process.PersonId = personId;
if (!headers.IsValid)
{
httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return;
}
var client = await _getClient(headers, bizAuthorize);
if (client == null)
{
httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return;
}
var originalData = _getOriginalDataToHash(httpContext);
var checksum = string.Empty;
var segments = path.Value.Split('/');
checksum = Utils.HmacSha256ToBase64(client.ApiKey + originalData, client.SecretKey);
if (checksum != headers.Signature)
{
httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return;
}
}
await _next(httpContext);
}
private async Task <ClientAuthorize> _getClient(ClientAuthorizeModel headers, IClientAuthorizeBusiness bizAuthorize)
{
var client = await bizAuthorize.Get(headers.ClientKey);
return(client);
}
