private async Task <string> CheckBitId(HttpContext httpContext, string sig, string id) { httpContext.Request.EnableBuffering(); string body = string.Empty; if (httpContext.Request.ContentLength != 0 && httpContext.Request.Body != null) { using (StreamReader reader = new StreamReader(httpContext.Request.Body, Encoding.UTF8, true, 1024, true)) { body = await reader.ReadToEndAsync(); } httpContext.Request.Body.Position = 0; } var url = httpContext.Request.GetEncodedUrl(); try { var key = new PubKey(id); if (BitIdExtensions.CheckBitIDSignature(key, sig, url, body)) { return(key.GetBitIDSIN()); } } catch { } return(null); }
private async Task <(string StoreId, bool SuccessAuth)> CheckBitId(HttpContext httpContext, string sig, string id, List <Claim> claims) { httpContext.Request.EnableRewind(); string storeId = null; string body = string.Empty; if (httpContext.Request.ContentLength != 0 && httpContext.Request.Body != null) { using (StreamReader reader = new StreamReader(httpContext.Request.Body, Encoding.UTF8, true, 1024, true)) { body = reader.ReadToEnd(); } httpContext.Request.Body.Position = 0; } var url = httpContext.Request.GetEncodedUrl(); try { var key = new PubKey(id); if (BitIdExtensions.CheckBitIDSignature(key, sig, url, body)) { var sin = key.GetBitIDSIN(); claims.Add(new Claim(Claims.SIN, sin)); string token = null; if (httpContext.Request.Query.TryGetValue("token", out var tokenValues)) { token = tokenValues[0]; } if (token == null && !String.IsNullOrEmpty(body) && httpContext.Request.Method == "POST") { try { token = JObject.Parse(body)?.Property("token")?.Value?.Value <string>(); } catch { } } if (token != null) { var bitToken = await GetTokenPermissionAsync(sin, token); if (bitToken == null) { return(null, false); } storeId = bitToken.StoreId; } } else { return(storeId, false); } } catch (FormatException) { } return(storeId, true); }