예제 #1
0
 private T GetService <T>(string url)
 {
     try
     {
         using (HttpClient client = new HttpClient())
         {
             string Uri      = url;
             var    response = client.GetAsync(Uri).Result;
             var    rtn      = response.Content.ReadAsStringAsync().Result;
             if (!string.IsNullOrEmpty(rtn) && rtn.ToLower().IndexOf("errorcode") < 0)
             {
                 var connobj = JsonSerializer.Deserialize <T>(rtn);
                 return(connobj);
             }
             else
             {
                 //訊息紀錄
                 NCLog.InfomationLog($"GetServiceErr> check {url} server log information");
                 return(default(T));
             }
         }
     }
     catch (Exception err)
     {
         //例外紀錄
         NCLog.ExceptionLog(err, $"GetService from url: {url}");
         return(default(T));
     }
 }
예제 #2
0
        private string getRedisData(IConfigurationSection section, string rediskey)
        {
            var redisconn = GetService <DBInfo>(section.Value);

            CSRedis.CSRedisClient csredis;
            try
            {
                csredis = new CSRedis.CSRedisClient(ConnSecure.Decrypt(redisconn.RedisConnStr));
                RedisHelper.Initialization(csredis);
            }
            catch (Exception err)
            {
                NCLog.ExceptionLog(err, $"getRedisData error: {err.Message}");
                throw new Exception($"getRedisData error: {err.Message}");
            }
            var tokenstr = csredis.Get(rediskey);

            return(tokenstr);
        }
예제 #3
0
        public async Task Invoke(HttpContext context)
        {
            var httpMethod = context.Request.Method;
            var action     = context.GetRouteValue("action");
            var controller = context.GetRouteValue("controller");

            var token    = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
            var _current = context.Request.Headers["CurrentData"].FirstOrDefault()?.ToString();

            if (string.IsNullOrEmpty(token))
            {
                // Note : 不用 jwt 驗證時的寫法 (預留) 先不處理,之後加上 access token 的方式檢查
                //context.Response.StatusCode = 401;
                //context.Response.ContentType = "application/json";
                //string response = JsonSerializer.Serialize(JWTErrorStruct.ErrorNum.token_invalid.JWTGetErrReturn());
                //await context.Response.WriteAsync(response);
                context.Items["TokenUserInfo"] = null;
                //return;
            }
            else
            {
                try
                {
                    new JwtSecurityTokenHandler().ValidateToken(token, new TokenValidationParameters
                    {
                        // 驗證 Issuer
                        ValidateIssuer = true,
                        //封裝成middleware library後改讀程式碼內部設定值
                        //ValidIssuer = _configuration.GetValue<string>("JwtSettings:Issuer"),
                        ValidIssuer = _Issuer,
                        // 取消驗證 Audience
                        ValidateAudience = false,

                        // 驗證 Token 的有效期間
                        ValidateLifetime = true,

                        // 驗證 Token 中的 key
                        ValidateIssuerSigningKey = true,
                        //封裝成middleware library後改讀程式碼內部設定值
                        //IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.GetValue<string>("JwtSettings:SignKey")))
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_SignKey))
                    }, out SecurityToken securityToken);

                    // Notde : Here can be validate user permission. If user has no permission then throws exception
                    // pass tokenUserInfo to next

                    //var _userinfo = JsonSerializer.Deserialize<TokenUserInfo>(((JwtSecurityToken)securityToken).Payload["permissions"].ToString());
                    var _userinfo = JsonSerializer.Deserialize <TokenUserInfo>(getRedisData(_configuration.GetSection("ServiceURL:Connection"), ((JwtSecurityToken)securityToken).Id));
                    if (!string.IsNullOrEmpty(_current))
                    {
                        var _cdata = JsonSerializer.Deserialize <CurrentData>(_current);
                        if (_userinfo.userCompany.Any(p => p.CompanyId == _cdata.CompanyId) && _userinfo.userCompany.Any(p => _cdata.BuildingId == null || p.BuildingId == _cdata.BuildingId) &&
                            _userinfo.userCompany.Any(p => _cdata.HouseId == null || p.HouseId == _cdata.HouseId) && _userinfo.userCompany.Any(p => _cdata.CustomerId == null || p.CustomerId == _cdata.CustomerId) &&
                            _userinfo.user_Roles.Any(p => _cdata.RoleId == null || p.Id == _cdata.RoleId))
                        {
                            _userinfo.CurrentUserData = _cdata;
                        }
                        else
                        {
                            throw new SecurityTokenValidationException("CurrentData is not allowed");
                        }
                    }

                    bool allow = false;
                    //_userinfo.programs.ToList().ForEach(p =>
                    //{
                    //    if (p.Value.Any(e =>
                    //    {
                    //        if (e.Id == Guid.Empty) return false;
                    //        return (e.HttpMethod.ToLower() == httpMethod.ToLower() && e.ActionUrl.ToLower().Contains(action.ToString().ToLower())
                    //        && e.ActionUrl.ToLower().Contains(controller.ToString().ToLower()));
                    //    }))
                    //    {
                    //        allow = true;
                    //    }
                    //});
                    if (_userinfo.user_Roles.Exists(p => p.Name == "Admin"))
                    {
                        allow = true;
                    }
                    else
                    {
                        allow = _userinfo.programActions.Any(e => {
                            if (e.Id == Guid.Empty)
                            {
                                return(false);
                            }
                            return(e.HttpMethod.ToLower() == httpMethod.ToLower() && e.ActionUrl.ToLower().Contains(action == null ? "" : action.ToString().ToLower()) &&
                                   e.ActionUrl.ToLower().Contains(controller == null ? "" : controller.ToString().ToLower()));
                        });
                    }

                    if (!allow)
                    {
                        //throw new Exception("request is not allow for this user");
                        context.Response.StatusCode  = StatusCodes.Status405MethodNotAllowed;
                        context.Response.ContentType = "application/json";
                        string response = JsonSerializer.Serialize(JWTErrorStruct.ErrorNum.token_invalid.JWTGetErrReturn("request is not allow for this user"));
                        await context.Response.WriteAsync(response);

                        return;
                    }
                    context.Items["TokenUserInfo"] = _userinfo;
                }
                catch (SecurityTokenExpiredException steex)
                {
                    NCLog.ExceptionLog(steex, $"Token={token}");

                    context.Response.StatusCode  = StatusCodes.Status401Unauthorized;
                    context.Response.ContentType = "application/json";

                    string response = JsonSerializer.Serialize(JWTErrorStruct.ErrorNum.token_expired.JWTGetErrReturn(steex.Message));
                    await context.Response.WriteAsync(response);

                    return;
                }
                catch (SecurityTokenValidationException stvex)
                {
                    NCLog.ExceptionLog(stvex, $"Token={token}");

                    context.Response.StatusCode  = StatusCodes.Status401Unauthorized;
                    context.Response.ContentType = "application/json";

                    string response = JsonSerializer.Serialize(JWTErrorStruct.ErrorNum.token_invalid.JWTGetErrReturn(stvex.Message));
                    await context.Response.WriteAsync(response);

                    return;
                }
                catch (Exception ex)
                {
                    NCLog.ExceptionLog(ex, $"Token={token}");

                    context.Response.StatusCode  = StatusCodes.Status500InternalServerError;
                    context.Response.ContentType = "application/json";

                    string response = JsonSerializer.Serialize(JWTErrorStruct.ErrorNum.error_undefined.JWTGetErrReturn(ex.Message));
                    await context.Response.WriteAsync(response);

                    return;
                }
            }

            await _next(context);
        }