async Task ValidateApiRoleResourceRole(HttpContext context, ApiResourceRouteEntity apiResourceRouteEntity, JwtSecurityToken jwtSecurityToken = null) { try { var apiRoleResourceRoutes = _restneerCacheService.GetApRoleResourceRoute(); var apiRoleResourceRoute = apiRoleResourceRoutes.Where( x => x.ApiRole.Id == Convert.ToInt64(jwtSecurityToken.Issuer) && x.ApiResourceRoute.Id == apiResourceRouteEntity.Id ).ToList(); if (!apiRoleResourceRoute.Any()) { await RespondError(context, "You do not have the permission to call this resource.", HttpStatusCode.Forbidden); } if (apiResourceRouteEntity.IsLogged) { LogRequest(context, apiResourceRouteEntity, apiRoleResourceRoute.ElementAt(0), jwtSecurityToken); } return; } catch { throw; } }
async Task ValidateAuthorization(HttpContext context, RequestDelegate next, ApiResourceRouteEntity apiResourceRoute) { try { var authorizationHeader = (string)context.Request.Headers["Authorization"]; if (authorizationHeader == null) { await RespondError(context, "Invalid authorization token", HttpStatusCode.Forbidden); return; } var parts = authorizationHeader.Split(" "); var audience = $"{context.Request.Scheme}://{context.Request.Host.Value}"; if (parts.Length != 2) { await RespondError(context, "Invalid authorization token", HttpStatusCode.Forbidden); return; } var jwtToken = _jwtUtility.DecodeJwt(parts[1]); if (jwtToken == null) { await RespondError(context, "Invalid authorization token", HttpStatusCode.Forbidden); return; } var isValidToken = _jwtUtility.ValidateJwt(parts[1], Configuration.GetSection("Server:Jwt:SecretKey").Value, audience, jwtToken.Issuer); if (parts[0] != "Bearer" || !isValidToken) { await RespondError(context, "Invalid authorization token", HttpStatusCode.Forbidden); } else { await ValidateApiRoleResourceRole(context, apiResourceRoute, jwtToken); await next(context); } return; } catch { throw; } }
void LogRequest(HttpContext context, ApiResourceRouteEntity apiResourceRoute, ApiRoleResourceRouteEntity apiRoleResourceRoute = null, JwtSecurityToken jwtSecurityToken = null) { try { var logObj = new { // body = await context.ReadAsStringAsync(), cookie = context.Request.Cookies, query = context.Request.QueryString.Value, headers = context.Request.Headers, apiResourceRoute, apiRoleResourceRoute, jwtSecurityToken, timestamp = DateTime.UtcNow }; Logger.LogInformation(JsonConvert.SerializeObject(logObj)); } catch { throw; } }