public async Task InvokeAsync(HttpContext context, IAuditService auditService)
{
// Call the MVC middleware so we know HTTP status code
await _next(context);
var request = context.Request;
var response = context.Response;
if (response.StatusCode == StatusCodes.Status200OK && request.Method == "GET" && request.Path.Value.Contains("Notifications"))
{
// We only want to audit reads of pages, i.e. where paths are of form Notifications/{id} or /Notifications/{id}/Edit/{modelName}
// We also make get requests for validation etc (which have longer paths), so ensure we ignore these here
var pathArray = request.Path.Value.Split('/');
var maxIndex = pathArray.Length - 1;
var notificationIndex = Array.IndexOf(pathArray, "Notifications");
var shouldAudit = (maxIndex > notificationIndex && maxIndex <= notificationIndex + 3);
if (shouldAudit && int.TryParse(pathArray[notificationIndex + 1], out var id))
{
var userName = context.User.FindFirstValue(ClaimTypes.Upn);
// Fallback if user doesn't have an email associated with them - as is the case with our test users
if (string.IsNullOrEmpty(userName))
{
userName = context.User.Identity.Name;
}
// TODO: Differentiate between Cluster and Full view.
await auditService.AuditNotificationReadAsync(id, NotificationAuditType.Full, userName);
}
;
}
}
public async Task InvokeAsync(HttpContext context, IAuditService auditService)
{
// Call the MVC middleware so we know HTTP status code
await _next(context);
var request = context.Request;
var response = context.Response;
var pathArray = request.Path.Value.ToLower().Split('/', StringSplitOptions.RemoveEmptyEntries);
if (response.StatusCode == StatusCodes.Status200OK &&
request.Method == "GET" &&
pathArray.Contains("notifications"))
{
// We only want to audit reads of pages, i.e. where paths are of form Notifications/{id} or /Notifications/{id}/Edit/{modelName}
// We also make get requests for validation etc (which have longer paths), so ensure we ignore these here
var maxIndex = pathArray.Length - 1;
var notificationIndex = Array.IndexOf(pathArray, "notifications");
var shouldAudit = (maxIndex > notificationIndex && maxIndex <= notificationIndex + 3);
if (shouldAudit && int.TryParse(pathArray[notificationIndex + 1], out var id))
{
var userName = UserHelper.GetUsername(context);
// TODO: Differentiate between Cluster and Full view.
await auditService.AuditNotificationReadAsync(id, NotificationAuditType.Full, userName);
}
;
}
else if (response.StatusCode == StatusCodes.Status200OK &&
pathArray.Length == 1 &&
pathArray.Single() == "search" &&
request.QueryString.HasValue)
{
await auditService.AuditSearch(request.Query, UserHelper.GetUsername(context));
}
}
