public IActionResult CheckToken(string token)
{
token = Request.Cookies["token"];
if (_storage.TryGetToken(token, out _))
{
return(Ok());
}
return(NotFound());
}
public void OnResourceExecuting(ResourceExecutingContext context)
{
string tokenId = context.HttpContext.Request.Cookies["token"]?.ToString();
Token token;
if (_storage.TryGetToken(tokenId, out token))
{
string[] roles = token.IsAdmin ? new string[] { "Admin" } : new string[0];
context.HttpContext.User = new GenericPrincipal(new GenericIdentity(token.UserID), roles);
string query = context.HttpContext.Request.QueryString.ToString();
if (query.Contains("Admin/") && !token.IsAdmin)
{
context.Result = new UnauthorizedResult();
}
}
else
{
context.Result = new UnauthorizedResult();
}
}
