public async Task InvokeAsync(HttpContext context, IAuditService auditService) { // Call the MVC middleware so we know HTTP status code await _next(context); var request = context.Request; var response = context.Response; if (response.StatusCode == StatusCodes.Status200OK && request.Method == "GET" && request.Path.Value.Contains("Notifications")) { // We only want to audit reads of pages, i.e. where paths are of form Notifications/{id} or /Notifications/{id}/Edit/{modelName} // We also make get requests for validation etc (which have longer paths), so ensure we ignore these here var pathArray = request.Path.Value.Split('/'); var maxIndex = pathArray.Length - 1; var notificationIndex = Array.IndexOf(pathArray, "Notifications"); var shouldAudit = (maxIndex > notificationIndex && maxIndex <= notificationIndex + 3); if (shouldAudit && int.TryParse(pathArray[notificationIndex + 1], out var id)) { var userName = context.User.FindFirstValue(ClaimTypes.Upn); // Fallback if user doesn't have an email associated with them - as is the case with our test users if (string.IsNullOrEmpty(userName)) { userName = context.User.Identity.Name; } // TODO: Differentiate between Cluster and Full view. await auditService.AuditNotificationReadAsync(id, NotificationAuditType.Full, userName); } ; } }
public async Task InvokeAsync(HttpContext context, IAuditService auditService) { // Call the MVC middleware so we know HTTP status code await _next(context); var request = context.Request; var response = context.Response; var pathArray = request.Path.Value.ToLower().Split('/', StringSplitOptions.RemoveEmptyEntries); if (response.StatusCode == StatusCodes.Status200OK && request.Method == "GET" && pathArray.Contains("notifications")) { // We only want to audit reads of pages, i.e. where paths are of form Notifications/{id} or /Notifications/{id}/Edit/{modelName} // We also make get requests for validation etc (which have longer paths), so ensure we ignore these here var maxIndex = pathArray.Length - 1; var notificationIndex = Array.IndexOf(pathArray, "notifications"); var shouldAudit = (maxIndex > notificationIndex && maxIndex <= notificationIndex + 3); if (shouldAudit && int.TryParse(pathArray[notificationIndex + 1], out var id)) { var userName = UserHelper.GetUsername(context); // TODO: Differentiate between Cluster and Full view. await auditService.AuditNotificationReadAsync(id, NotificationAuditType.Full, userName); } ; } else if (response.StatusCode == StatusCodes.Status200OK && pathArray.Length == 1 && pathArray.Single() == "search" && request.QueryString.HasValue) { await auditService.AuditSearch(request.Query, UserHelper.GetUsername(context)); } }