public async Task <IActionResult> Delete(CancellationToken cancellationToken) { var session = await _authorizationRepository.GetSession(HttpContext.GetSessionId(), cancellationToken); session.ExtendSession(-1 * 60 * 27); await _authorizationRepository.SaveSession(session); return(Ok(new { })); }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { String authorization = Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorization)) { return(AuthenticateResult.NoResult()); } if (!authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { throw new ApiException(HttpStatusCode.Unauthorized, ErrorCodes.Unauthorized, "Session not found"); } if (!Guid.TryParse(authorization.Substring("Bearer ".Length).Trim(), out var sessionId)) { throw new ApiException(HttpStatusCode.Unauthorized, ErrorCodes.Unauthorized, "Session not found"); } var session = await _authorizationRepository.GetSession(sessionId, CancellationToken.None); if (session == null) { throw new ApiException(HttpStatusCode.Unauthorized, ErrorCodes.Unauthorized, "Session not found"); } if (session.IsExpired) { throw new ApiException(HttpStatusCode.Unauthorized, ErrorCodes.Unauthorized, "Session expired"); } #if !DEBUG //если изменился ip говорим что сессия стухла. if (!session.Ip.Equals(Request.HttpContext.GetIp(), StringComparison.InvariantCultureIgnoreCase)) { throw new ApiException(HttpStatusCode.Unauthorized, ErrorCodes.Unauthorized, "Session expired"); } #endif session.ExtendSession(60 * 26); await _authorizationRepository.SaveSession(session); IEnumerable <Claim> claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, session.SessionId.ToString(), ClaimValueTypes.String), new Claim(ClaimType.UserId, session.User.Id.ToString(), ClaimValueTypes.String), new Claim(ClaimType.GuildId, session.User.GuildId.ToString(), ClaimValueTypes.String), new Claim(ClaimTypes.Role, String.Join(",", session.User.Roles ?? new[] { "" }), ClaimValueTypes.String), }; var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "Token")); var authTicket = new AuthenticationTicket(principal, null, "Token"); return(AuthenticateResult.Success(authTicket)); }