public static IServiceCollection AddWebhooksAuthorization(this IServiceCollection services, Action <WebhooksAuthorizationOptions> configure) { var options = new WebhooksAuthorizationOptions(); configure.Invoke(options); return(AddWebhooksAuthorization(services, options: options)); }
public async Task Invoke(HttpContext httpContext, WebhooksAuthorizationOptions options) { if (httpContext.Request.Path.StartsWithSegments(options.Segments) && httpContext.Request.Method.ToUpper() != "GET") { if (httpContext.Request.Headers.ContainsKey(WebhooksHttpClient.PayloadSignatureHeaderName) && !String.IsNullOrWhiteSpace(options.PayloadSigningSecret)) { httpContext.Request.EnableBuffering(); var requestPayload = new byte[Convert.ToInt32(httpContext.Request.ContentLength)]; await httpContext.Request.Body.ReadAsync(requestPayload, 0, requestPayload.Length).ConfigureAwait(false); httpContext.Request.Body.Position = 0; if (httpContext.Request.Headers[WebhooksHttpClient.PayloadSignatureHeaderName] != WebhooksHttpClient.GetSignature(options.PayloadSigningSecret, Encoding.UTF8.GetString(requestPayload))) { httpContext.Response.ContentType = "application/json"; httpContext.Response.StatusCode = StatusCodes.Status403Forbidden; var error = await CreateResponseBodyAsync("The request payload does not match the request payload signature.").ConfigureAwait(false); await httpContext.Response.Body.WriteAsync(error, 0, error.Length).ConfigureAwait(false); return; } } else { httpContext.Response.ContentType = "application/json"; httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized; var error = await CreateResponseBodyAsync($"The '{WebhooksHttpClient.PayloadSignatureHeaderName}' request header or payload signing secret is missing.").ConfigureAwait(false); await httpContext.Response.Body.WriteAsync(error, 0, error.Length).ConfigureAwait(false); return; } } await _next(httpContext); }
public static IServiceCollection AddWebhooksAuthorization(this IServiceCollection services, WebhooksAuthorizationOptions options) { if (options == null) { throw new InvalidOperationException("The webhooks autorization options are missing. Please check your configuration."); } services.AddSingleton(options); return(services); }