private bool Check(HttpContext context)
{
if (!context.Request.Path.Value.StartsWith("/iapi/"))
{
return(true);
}
if (context.Request.Headers[GlobalConstants.KeyHeader].Count == 0)
{
_logger.LogWarning("Required header is missing");
return(false);
}
var token = context.Request.Headers[GlobalConstants.KeyHeader][0];
if (token != _configuration.GetSection("Keys").GetValue <string>("InternalApiKey"))
{
return(false);
}
var ip = context.Connection.RemoteIpAddress.ToString();
var set = IpSet.ParseOrDefault(LocalIps);
if (!set.Contains(ip))
{
_logger.LogWarning($"Ip [{ip}] not allowed");
return(false);
}
return(true);
}
private bool Check(HttpContext context, MerchantManagerService merchantManager)
{
if (!context.Request.Path.Value.StartsWith("/api/"))
{
return(true);
}
if (context.Request.Headers[GlobalConstants.AuthHeader].Count == 0 ||
context.Request.Headers[GlobalConstants.SignHeader].Count == 0)
{
_logger.LogWarning("Required headers are missing");
return(false);
}
var token = context.Request.Headers[GlobalConstants.AuthHeader][0];
var merchant = merchantManager.GetMerchant(token);
context.Items.Add("Merchant", merchant);
if (merchant == null)
{
_logger.LogWarning("No merchant with token");
return(false);
}
if (!merchant.Active)
{
_logger.LogWarning($"Merchant id-[{merchant.Id}] name-[{merchant.ShortName}] deactivated");
return(false);
}
if (!_env.IsDevelopment() || _configuration.GetSection("DebugFlags").GetValue <bool>("CheckSign"))
{
var sign = context.Request.Headers[GlobalConstants.SignHeader][0];
var body = HttpContextHelper.GetBody(context.Request);
using var mySha256 = SHA256.Create();
var calculatedSign =
Convert.ToBase64String(mySha256.ComputeHash(Encoding.UTF8.GetBytes(body + merchant.SignKey)));
if (sign != calculatedSign)
{
_logger.LogWarning("Bad sign");
return(false);
}
}
if (!_env.IsDevelopment() || _configuration.GetSection("DebugFlags").GetValue <bool>("CheckIP"))
{
if (merchant.MerchantIpRange.Count != 0)
{
var ip = context.Connection.RemoteIpAddress.ToString();
var set = IpSet.ParseOrDefault(merchant.MerchantIpRange.Select(x => x.Iprange));
if (!set.Contains(ip))
{
_logger.LogWarning($"Ip [{ip}] not allowed");
return(false);
}
}
}
return(true);
}
public void Parse_And_Contains_Tests(string s, string testIp, bool expected)
{
// Act
var set = IpSet.ParseOrDefault(s);
var result = set.Contains(testIp);
// Assert
Assert.Equal(expected, result);
}
/// <summary>
/// Initializes a new instance of the <see cref="IpAddressRuleMatcher"/> class.
/// </summary>
/// <param name="ipWhiltlist">Whitlist of IP addresses.</param>
/// <param name="clientPolicies">Client policies.</param>
public IpAddressRuleMatcher(IEnumerable <string> ipWhiltlist, IEnumerable <ClientPolicy> clientPolicies)
{
_whitelist = IpSet.ParseOrDefault(ipWhiltlist);
if (clientPolicies != null)
{
foreach (var policy in clientPolicies)
{
var ipSet = IpSet.ParseOrDefault(policy?.ClientId) ?? throw new ArgumentException($"Cannot parse to an IP set/ range from [{policy?.ClientId}]");
_ipPolicies[ipSet] = policy;
}
}
}
/// <summary>
/// Checks whether the <see cref="IpSet"/> contains specified <see cref="IPAddress"/>.
/// </summary>
/// <param name="ipSet">The <see cref="IpSet"/> object.</param>
/// <param name="ipAddress">The IP address to be checked.</param>
/// <returns>True if contains; otherwise false.</returns>
public static bool Contains(this IpSet ipSet, string ipAddress)
{
var address = IPAddress.Parse(ipAddress);
return(ipSet.Contains(address));
}
