Exemplo n.º 1
0
        //Create a token if already registered user with api key and signature - clean up of old tokens need to be considered.
        public HttpResponseMessage Post([FromBody] TokenRequestModel model)
        {
            try
            {
                var user = _exampleRepository.GetApiUsers().FirstOrDefault(u => u.AppId == model.ApiKey);

                if (user != null)
                {
                    var secret = user.Secret;

                    // Simplistic implementation DO NOT USE
                    var key      = Convert.FromBase64String(secret);
                    var provider = new System.Security.Cryptography.HMACSHA256(key);
                    // Compute Hash from API Key (NOT SECURE)
                    var hash      = provider.ComputeHash(Encoding.UTF8.GetBytes(user.AppId));
                    var signature = Convert.ToBase64String(hash);

                    if (signature == model.Signature)
                    {
                        var rawTokenInfo = string.Concat(user.AppId + DateTime.UtcNow.ToString("d"));
                        var rawTokenByte = Encoding.UTF8.GetBytes(rawTokenInfo);
                        var token        = provider.ComputeHash(rawTokenByte);
                        var authToken    = new AuthToken()
                        {
                            Token      = Convert.ToBase64String(token),
                            Expiration = DateTime.UtcNow.AddDays(7),
                            ApiUser    = user
                        };

                        if (_exampleRepository.Insert(authToken) && _exampleRepository.SaveAll())
                        {
                            return(Request.CreateResponse(HttpStatusCode.Created, CreateAuthModel(authToken)));
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
            }

            return(Request.CreateResponse(HttpStatusCode.BadRequest));
        }