private static async Task <bool> IsUserOwnershipValidAsync(ActionFilterProperty filterProperty)
{
filterProperty.Get("UserId", out var userId);
filterProperty.Get("AuthToken", out var token);
filterProperty.Get("courseId", out var courseId);
filterProperty.Get("type", out var type);
if (type.Equals("Timed"))
{
using (var client = new HttpClient())
{
var courseUri = $"http://localhost:5004/api/v1/courses/{courseId}";
client.DefaultRequestHeaders.Add("AuthToken", token.ToString());
var checkResponse = client.GetAsync(courseUri).Result;
if (checkResponse.StatusCode != HttpStatusCode.OK)
{
return(false);
}
var courseResponse = await client.GetStringAsync(courseUri);
var course = JsonConvert.DeserializeObject <Dictionary <string, string> >(courseResponse);
return(course.TryGetValue("createdBy", out var owner) && owner.Equals(userId));
}
}
return(true);
}
public override async Task OnActionExecutionAsync(
ActionExecutingContext filterContext,
ActionExecutionDelegate next)
{
var filterProperty = new ActionFilterProperty(filterContext, false);
var resultContext = await IsUserRoleValidAsync(filterProperty);
if (!resultContext)
{
filterContext.Result = new BadRequestObjectResult("Unauthorized user!");
}
else
{
await next();
}
}
private static bool IsAuthTokenValid(ActionFilterProperty filterProperty)
{
filterProperty.Get("AuthToken", out var token);
var uri = $"http://localhost:5003/api/v1/auth/loggedIn/{token}";
var authResponse = new HttpClient().GetAsync(uri).Result;
if (authResponse.StatusCode != HttpStatusCode.OK)
{
return(false);
}
var authContent = authResponse.Content.ReadAsStringAsync().Result;
var userId = JsonConvert.DeserializeObject <string>(authContent);
filterProperty.Set("UserId", userId);
return(true);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var filterProperty = new ActionFilterProperty(filterContext, true);
var headers = filterContext.HttpContext.Request.Headers["AuthToken"];
var token = headers.FirstOrDefault();
if (token != null)
{
filterProperty.Set("AuthToken", token);
if (IsAuthTokenValid(filterProperty))
{
return;
}
}
filterContext.Result = new UnauthorizedResult();
}
private static async Task <bool> IsUserRoleValidAsync(ActionFilterProperty filterProperty)
{
filterProperty.Get("UserId", out var userId);
filterProperty.Get("AuthToken", out var token);
using (var client = new HttpClient())
{
var userUri = $"http://localhost:5001/api/v1/users/{userId}";
client.DefaultRequestHeaders.Add("AuthToken", token.ToString());
var checkResponse = client.GetAsync(userUri).Result;
if (checkResponse.StatusCode != HttpStatusCode.OK)
{
return(false);
}
var userResponse = await client.GetStringAsync(userUri);
var userRole = JsonConvert.DeserializeObject <Dictionary <string, string> >(userResponse);
return(userRole.TryGetValue("role", out var role) && int.Parse(role) == 2);
}
}
