private string RefreshPublicKey(string headerTimespan, string headerPublicKey, string headerLoginType)
{
var loginType = new LoginType().ConvertToCollection().FirstOrDefault(loginTp => loginTp.Value == int.Parse(headerLoginType));
var hmacHelper = SimpleInjectorModule.GetContainer().GetInstance <IHmacHelper>();
if (loginType.Value == LoginType.User.GetValue())
{
var user = hmacHelper.FindUserByPublicKey(headerPublicKey);
if (user.IsNotNull())
{
user.RefreshAuthenticationHmac(headerTimespan);
hmacHelper.UpdateHmacOfUser(user);
return(user.PublicKey);
}
}
if (loginType.Value == LoginType.Worker.GetValue())
{
var worker = hmacHelper.FindWorkerByPublicKey(headerPublicKey);
if (worker.IsNotNull())
{
worker.RefreshAuthenticationHmac(headerTimespan);
hmacHelper.UpdateHmacOfWorker(worker);
return(worker.PublicKey);
}
}
return(string.Empty);
}
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
if (LoginValidator.ActionValidationHmac(actionExecutedContext.ActionContext) && actionExecutedContext.Exception.IsNull() && actionExecutedContext.Response.IsSuccessStatusCode)
{
var headerTimespan = actionExecutedContext.Request.Headers.GetValues(GlobalConstants.Timespan).First();
var headerPublicKey = actionExecutedContext.Request.Headers.GetValues(GlobalConstants.PublicKey).First();
var headerLoginType = actionExecutedContext.Request.Headers.GetValues(GlobalConstants.LoginType).First();
var newPublicKey = RefreshPublicKey(headerTimespan, headerPublicKey, headerLoginType);
if (newPublicKey.IsNotNullOrEmpty())
{
actionExecutedContext.Response.Headers.Add(GlobalConstants.PublicKey, newPublicKey);
}
}
var dataBaseSqlServerOrmLite = SimpleInjectorModule.GetContainer().GetInstance <IDataBaseSqlServerOrmLite>();
if (actionExecutedContext.Exception.IsNull() && actionExecutedContext.Response.IsSuccessStatusCode)
{
dataBaseSqlServerOrmLite.Commit();
}
else
{
dataBaseSqlServerOrmLite.Rollback();
}
}
public static void ResolveSimpleInjector()
{
var container = new Container();
SimpleInjectorModule.SetContainer(container);
SimpleInjectorModule.LoadServices();
SimpleInjectorModule.VerifyContainer();
SimpleInjectorModule.SetFilters();
SimpleInjectorModule.LoadFilters();
}
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
var dataBaseSqlServerOrmLite = SimpleInjectorModule.GetContainer().GetInstance <IDataBaseSqlServerEntityFramework>();
if (actionExecutedContext.Exception.IsNull() && actionExecutedContext.Response.IsSuccessStatusCode)
{
dataBaseSqlServerOrmLite.Commit();
}
else
{
dataBaseSqlServerOrmLite.Rollback();
}
}
public static void WorkerHeaderValidation(string headerTimespan, string headerPublicKey, string headerPrivateKey, HttpActionContext actionContext)
{
var hmacHelper = SimpleInjectorModule.GetContainer().GetInstance <IHmacHelper>();
var worker = hmacHelper.FindWorkerByPublicKey(headerPublicKey);
worker.ThrowExceptionIfIsNull(HttpStatusCode.ExpectationFailed, "Llave publica invalida");
TimeSpanValidation(headerTimespan, worker.Time);
var messageToValidate = worker.Badge + headerTimespan;
PrivateKeyValidation(headerPrivateKey, messageToValidate);
if (ActionValidationRole(actionContext))
{
RoleValidation(worker.RoleId, actionContext);
}
}
public static void UserHeaderValidation(string headerTimespan, string headerPublicKey, string headerPrivateKey, HttpActionContext actionContext)
{
var hmacHelper = SimpleInjectorModule.GetContainer().GetInstance <IHmacHelper>();
var user = hmacHelper.FindUserByPublicKey(headerPublicKey);
user.ThrowExceptionIfIsNull(HttpStatusCode.ExpectationFailed, "Llave publica invalida");
TimeSpanValidation(headerTimespan, user.Time);
var messageToValidate = user.UserName + Cryptography.Decrypt(user.Password) + headerTimespan;
PrivateKeyValidation(headerPrivateKey, messageToValidate);
if (ActionValidationRole(actionContext))
{
RoleValidation(user.RoleId, actionContext);
}
}
private static void RoleValidation(int roleId, HttpActionContext actionContext)
{
var actionName = actionContext.ActionDescriptor.ActionName;
var controllerName = actionContext.ControllerContext.ControllerDescriptor.ControllerName;
var roleConfigurationRepository = SimpleInjectorModule.GetContainer().GetInstance <IRoleConfigurationRepository>();
var permissionType = new PermissionType().GetValue(controllerName);
var roleConfigsValidatePermission = roleConfigurationRepository.FindBy(roleConfig => roleConfig.RoleId == roleId && roleConfig.PermissionId == permissionType);
if (roleConfigsValidatePermission.IsEmpty())
{
ExceptionExtensions.ThrowCustomException(HttpStatusCode.Forbidden, "No tienes permisos");
}
var accessLevelType = new AccessLevelType().GetValue(actionName);
var roleConfigsValidateAccesLevel = roleConfigsValidatePermission.FirstOrDefault(roleConfig => roleConfig.PermissionId == permissionType && roleConfig.AccessLevelId == accessLevelType);
if (roleConfigsValidateAccesLevel.IsNull())
{
ExceptionExtensions.ThrowCustomException(HttpStatusCode.Forbidden, "No tienes nivel de acceso");
}
}
private static void InitializeContainer(Container container)
{
SimpleInjectorModule.RegisterServices(container);
SimpleInjectorConfig.StartServiceLocator(container);
}
