private static void AddCustomClaims(string token, ClaimsPrincipal principal, HttpContext httpContext)
{
var headers = httpContext.Response.Headers;
var httpConnectionFeature = httpContext.Features.Get <IHttpConnectionFeature>();
var correlationId = new Microsoft.Extensions.Primitives.StringValues(Guid.Empty.ToString());
var claimsAditionals = new ClaimsIdentity();
headers.TryGetValue(Constants.HeaderNameCorrelationId, out correlationId);
claimsAditionals.AddClaim(new Claim("token", token));
claimsAditionals.AddClaim(new Claim("correlationId", correlationId.FirstOrDefault().ToString()));
claimsAditionals.AddClaim(new Claim("host_ip", GetIpAddress(httpConnectionFeature)));
claimsAditionals.AddClaim(new Claim("local_ip", GetLocalIpAddress(httpConnectionFeature)));
principal.AddIdentity(claimsAditionals);
httpContext.User = principal;
}
/// <summary>
/// Create meta
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
protected AppUserProviderMeta _createMeta(HttpContext context)
{
var userAgent = "Unknown agent";
Microsoft.Extensions.Primitives.StringValues agent = new Microsoft.Extensions.Primitives.StringValues();
if (context.Request.Headers.TryGetValue("User-Agent", out agent))
{
userAgent = agent.FirstOrDefault() ?? "Unknown agent";
}
return(new AppUserProviderMeta
{
Ip = context.Connection.RemoteIpAddress.ToString(),
UserAgent = userAgent,
UpdatedTime = DateTime.UtcNow
});
}
// http header to grpc header
private IDictionary<string, string> GetRequestHeaders(DownstreamContext context)
{
Dictionary<string, string> headers = new Dictionary<string, string>();
foreach (string key in context.HttpContext.Request.Headers.Keys)
{
string grpcKey = null;
string prefix = "grpc.";
if (key.Length > prefix.Length && key.StartsWith(prefix))
{
grpcKey = key.Substring(prefix.Length);
}
else
{
continue;
}
Microsoft.Extensions.Primitives.StringValues value = context.HttpContext.Request.Headers[key];
headers.Add(grpcKey, value.FirstOrDefault());
}
return headers;
}
/// <summary>
///
/// </summary>
/// <param name="context"></param>
/// <param name="keyNameFilter"></param>
/// <returns></returns>
private IDictionary <string, string> GetRequestHeaders(HttpContext context, GrpcRequestHeaderFilter keyNameFilter)
{
Dictionary <string, string> headers = new Dictionary <string, string>();
foreach (string key in context.Request.Headers.Keys)
{
string grpcKey = null;
if (keyNameFilter != null && !keyNameFilter(key, out grpcKey))
{
continue;
}
Microsoft.Extensions.Primitives.StringValues value = context.Request.Headers[key];
headers.Add(grpcKey, value.FirstOrDefault());
}
return(headers);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
//if (!context.ModelState.IsValid)
//{
// context.Result = new BadRequestObjectResult(context.ModelState);
//}
string requestControllerAndMethodName = context.ActionDescriptor.DisplayName.Replace("Product.Api.Controllers.", "").Replace(" (Product.Api)", "");;
context.HttpContext.Request.Headers.TryGetValue("Token", out _Token);
bool isAccess = false;
if (_Token.Count > 0)
{
UserView visitorUser = null;
ProductDatabaseContext _productDatabaseContext = (ProductDatabaseContext)context.HttpContext.RequestServices.GetService(typeof(ProductDatabaseContext));
//IJwtService _jwtService = (JwtService)context.HttpContext.RequestServices.GetService(typeof(IJwtService));
UserView systemUserView = AsyncHelpers.RunSync <UserView>(() => identityClient.GetSystemUserCacheAsync(new UserLoginView {
Email = Config.IdentitySystemUserName, Password = Config.IdentitySystemPassword
}));
List <RoleView> systemRoleList = AsyncHelpers.RunSync <List <RoleView> >(() => identityClient.GetRoleListCacheAsync(systemUserView.Jwt.Token));
List <Permission> permissionList = AsyncHelpers.RunSync <List <Permission> >(() => identityClient.GetPermissionListCacheAsync(systemUserView.Jwt.Token));
Guid token;
Jwt jwt = new Jwt();
try
{
//jwt guid format kontrol ediliyor.
token = Guid.Parse(_Token.FirstOrDefault());
jwt = identityClient.CheckTokenAsync(token).Result;
if (jwt == null)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.OK, false, null, "Token geçersiz.");
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
visitorUser = AsyncHelpers.RunSync <UserView>(() => identityClient.GetUserByTokenAsync(jwt.Token));//userGetirildi.
}
catch (Exception ex)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.InternalServerError, false, null, ex.Message);
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
try
{
//Burada jwt ile gelen kullanıcının istekte bulunduğu controller içindeki fonksiyona erişimi olup olmadığı sorgulanıyor
isAccess = Client.IsAccessRole(systemRoleList, permissionList, visitorUser.Roles, requestControllerAndMethodName);
if (!isAccess)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.OK, false, null, "Yetkiniz yok.");
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
var controller = context.Controller as Controller;
controller.ViewBag.Jwt = jwt;
}
catch (Exception ex)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.InternalServerError, false, null, ex.Message);
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
}
else
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.OK, false, null, "Header Token bulunamadı.");
ObjectResult badReq = new ObjectResult(response);
context.Result = badReq;
return;
}
}
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
token_err = "token_error";
token_detail = "";
//Initial Part
var client_secret = secret_key;
var role = role_auth;
HttpRequest rq = context.HttpContext.Request;
var header = rq.Headers;
var response = context.HttpContext.Response;
if (header.ContainsKey("token"))
{
Microsoft.Extensions.Primitives.StringValues r = "";
var tk = header.TryGetValue("token", out r);
var token = r.FirstOrDefault();
if (tk && token.Length != 0 && token != null)
{
/*
* success to get token from header
*/
try
{
Redis rd = new Redis();
if (checkDebug())
{
rd = new Redis(authServ);
}
else
{
rd = new Redis(redisServ);
}
var secretKey = await rd.getSecret(token, client_secret, role);
if (secretKey == "token_error" || secretKey == null)
{
token_err = "token_error";
ChallengeAuthorization(response);
return;
}
/*
* If JwtCore.JsonWebToken.Decode not success it mean
* token has expired (timeout).
*/
string jsonPayload = JwtCore.JsonWebToken.Decode(token, secretKey);
await next();
}
catch (Exception e)
{
token_err = "token_expired";
ChallengeAuthorization(response);
return;
}
}
else
{
/*
* fail to get token from header
* token = null || length = 0
*/
ChallengeAuthorization(response);
return;
}
}
else if (header.ContainsKey("access") && header.ContainsKey("refresh"))
{
/*
* request for new token
*/
Microsoft.Extensions.Primitives.StringValues at = "";
var ac = header.TryGetValue("access", out at);
var access = at.FirstOrDefault();
Microsoft.Extensions.Primitives.StringValues rt = "";
var re = header.TryGetValue("refresh", out rt);
var refresh = rt.FirstOrDefault();
if (ac && re && access.Length != 0 && access != null && refresh.Length != 0 && refresh != null)
{
/*
* request for new token
* with old access and refresh token
*/
RefreshToken ref_token = new RefreshToken(authServ, redisServ);
token_detail = ref_token.GenerateNewToken(access, refresh);
ChallengeAuthorization(response);
return;
}
else
{
/*
* fail to get access_token or refresh_token
* length = 0 || value is null
*/
ChallengeAuthorization(response);
return;
}
}
else
{
/*
* empty header
* not contain token or ( access_token and refresh_token )
*/
ChallengeAuthorization(response);
return;
}
}
public override void OnActionExecuting(ActionExecutingContext context)
{
IdentityDatabaseContext _identityDatabaseContext = (IdentityDatabaseContext)context.HttpContext.RequestServices.GetService(typeof(IdentityDatabaseContext));
IJwtService _jwtService = (JwtService)context.HttpContext.RequestServices.GetService(typeof(IJwtService));
IUserService _userService = (UserService)context.HttpContext.RequestServices.GetService(typeof(IUserService));
IRoleService _roleService = (RoleService)context.HttpContext.RequestServices.GetService(typeof(IRoleService));
IUserRoleService _userRoleService = (UserRoleService)context.HttpContext.RequestServices.GetService(typeof(IUserRoleService));
context.HttpContext.Request.Headers.TryGetValue("Token", out _Token);
if (_Token.Count > 0)
{
Guid token;
Jwt jwt = new Jwt();
try
{
token = Guid.Parse(_Token.FirstOrDefault());
jwt = (Jwt)_jwtService.CheckToken(token).Data;
if (jwt == null)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.OK, false, null, "Token geçersiz.");
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
}
catch (Exception ex)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.InternalServerError, false, null, ex.Message);
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
try
{
var controller = context.Controller as Controller;
User user = _userService.GetById(jwt.UserId);
List <UserRoleView> userRoleViewList = _userRoleService.GetByUserId(jwt.UserId);
if (user == null)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.OK, false, null, "Kullanıcı bulunamadı.");
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
if (requiredRoleList.Count > 0)
{
foreach (string requiredRoleName in requiredRoleList)
{
foreach (var userRole in userRoleViewList)
{
if (Guid.Parse(requiredRoleName) == userRole.RoleId)
{
IsAcces = true;
break;
}
}
}
if (!IsAcces)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.OK, false, null, "Yetkiniz yok.");
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
}
controller.ViewBag.Jwt = jwt;
controller.ViewBag.User = user;
}
catch (Exception ex)
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.InternalServerError, false, null, ex.Message);
BadRequestObjectResult badReq = new BadRequestObjectResult(response);
context.Result = badReq;
return;
}
}
else
{
CommonApiResponse <dynamic> response = CommonApiResponse <dynamic> .Create(context.HttpContext.Response, System.Net.HttpStatusCode.OK, false, null, "Header Token bulunamadı.");
ObjectResult badReq = new ObjectResult(response);
context.Result = badReq;
}
}
