public async Task Invoke(HttpContext httpContext)
{
string requestPath = httpContext.Request.Path.ToString().ToLower();
//判断请求路径是否是不需要排除权限限制的
if (AppHostDefaults.PublicUris.Contains(requestPath))
{
await _nextDelegate(httpContext);
return;
}
//从request header中寻找authorization token
string userToken = string.Empty;
bool hasValue = httpContext.Request.Headers.TryGetValue(AppHostDefaults.INVOKER_TOKEN_HEADER, out StringValues token);
if (!hasValue || token.Count == 0)
{
//从request cookie中找token
userToken = httpContext.Request.Cookies[AppHostDefaults.INVOKER_TOKEN_HEADER];
if (string.IsNullOrWhiteSpace(userToken))
{
//未授权,跳转到授权入口
await UtilityService.CreateUnauthorizedResponse(httpContext);
return;
}
}
else
{
userToken = token[0];
}
//TO DO: check that whether the token is valid
await _nextDelegate(httpContext);
}