public async Task Invoke(HttpContext context)
{
if (context.Request.Path.ToString().StartsWith("/private"))
{
if (!context.Request.Headers.Keys.Contains("Authorize"))
{
context.Response.StatusCode = 400; //Bad Request
await context.Response.WriteAsync("Authorize attribute is missing " + context.Request.Path.ToString());
return;
}
else
{
try {
if (!JWT.Verify(_secrets, context.Request.Headers["Authorize"]))
{
context.Response.StatusCode = 401; //UnAuthorized
await context.Response.WriteAsync("Invalid auth");
return;
}
} catch (Exception ex) {
context.Response.StatusCode = 401; //UnAuthorized
System.Console.WriteLine(ex.ToString());
await context.Response.WriteAsync("Invalid auth");
return;
}
}
}
await _next.Invoke(context);
}
public void TestVerifyWorks()
{
Secrets settings = new Secrets()
{
SecretKey = "Hello, World"
};
Dictionary <string, object> claims = new Dictionary <string, object>();
claims.Add("email", "*****@*****.**");
string token = JWT.Create(settings, claims);
Assert.True(JWT.Verify(settings, token));
string badToken = "P" + token;
Assert.False(JWT.Verify(settings, badToken));
}
