public override void OnActionExecuting(HttpActionContext context)
{
using (IUnitOfWork unitOfWork = new UnitOfWork())
{
IRepository <User> repository = new Repository <User>(unitOfWork);
IUserService userService = new UserService(repository);
IAuthService authService = new AuthService(repository);
bool skipAuthorization = context.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() ||
context.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any();
if (skipAuthorization)
{
return;
}
if (context.Request.Headers.Authorization == null)
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Authorization key required" });
return;
}
string apiKey = context.Request.Headers.Authorization.ToString();
User user = userService.FindBy(x => x.ApiKey == apiKey).FirstOrDefault();
DateTime now = DateUtil.GetDateTimeNow();
if (user == null || (user.ExpiraApiKey.HasValue && user.ExpiraApiKey.Value < now))
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Invalid authorization token" });
return;
}
LanguageMngr.SetLanguage(user.Language);
UserApiAuthenticated.SetUserAuthenticated(context, user);
}
}
public override void OnActionExecuting(HttpActionContext context)
{
using (IUnitOfWork unitOfWork = new UnitOfWork())
{
IRepository <User> repository = new Repository <User>(unitOfWork);
IUserService userService = new UserService(repository);
IAuthService authService = new AuthService(repository);
bool skipAuthorization = context.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() ||
context.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any();
if (skipAuthorization)
{
return;
}
if (context.Request.Headers.Authorization == null)
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Authorization key required" });
return;
}
string apiKey = context.Request.Headers.Authorization.ToString();
User user = userService.FindBy(x => x.ApiKey == apiKey).FirstOrDefault();
DateTime now = DateUtil.GetDateTimeNow();
if (user == null || (user.ExpiraApiKey.HasValue && user.ExpiraApiKey.Value < now))
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message = "Invalid authorization token" });
return;
}
string actionName = context.ActionDescriptor.ActionName;
string controllerName = context.ActionDescriptor.ControllerDescriptor.ControllerName;
IEnumerable <Permission> permissions = authService.GetPermissions(user.Id,
actionName, controllerName,
Constants.PERMISSIONS_TYPE_ENUM.API.GetEnumValue <string>());
if (!permissions.Any())
{
context.Response = context.Request.CreateResponse(HttpStatusCode.Forbidden, new { message = "User has no permissions for this action" });
return;
}
LanguageMngr.SetLanguage(user.Language);
UserApiAuthenticated.SetUserAuthenticated(context, user);
//Validacion de tokens generados
/*
* if (!tokenEngine.ValidateToken(apiKey, out clienteId))
* {
* context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new { mensaje = "invalid authorization token" });
* return;
* }
* context.Request.Properties.Add(new KeyValuePair<string, object>("clienteId", clienteId));*/
//context.Request.Properties.Add(new KeyValuePair<string, object>("clientEmail", clientEmail));
}
}
//<summary>Recibe la peticion del servidor antes de que llegue al controlador para realzar el log de la peticion.</summary>
/// <param name="cancellationToken"></param>
/// <param name="request">Objeto que contiene informacion de las peticiones.</param>
/// <returns>Respuesta del servidor</returns>
protected override async System.Threading.Tasks.Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
{
using (IUnitOfWork unitOfWork = new UnitOfWork())
{
IRepository <ApiLog> repository = new Repository <ApiLog>(unitOfWork);
IRepository <User> repositoryUser = new Repository <User>(unitOfWork);
apiLogService = new ApiLogService(repository);
userService = new UserService(repositoryUser);
StringBuilder content = new StringBuilder();
string requestUuid = request.GetCorrelationId().ToString();
HttpConfiguration config = GlobalConfiguration.Configuration;
IHttpRouteData routeData = config.Routes.GetRouteData(request);
HttpControllerContext controllerContext = new HttpControllerContext(config, routeData, request);
DefaultHttpControllerSelector controllerSelector = new DefaultHttpControllerSelector(config);
HttpControllerDescriptor controllerDescriptor = controllerSelector.SelectController(request);
ApiControllerActionSelector apiControllerSelection = new ApiControllerActionSelector();
controllerContext.ControllerDescriptor = controllerDescriptor;
HttpActionDescriptor actionDescriptor = apiControllerSelection.SelectAction(controllerContext);
ApiLog requestLog = new ApiLog();
requestLog.Uuid = requestUuid;
requestLog.Controller = controllerDescriptor.ControllerName;
requestLog.Action = actionDescriptor.ActionName;
//Obtiene y decodifica el post para que se muestre la informacion de la manera adecuada
string data = HttpUtility.UrlDecode(request.Content.ReadAsStringAsync().Result);
requestLog.Data = data;
requestLog.CreatedAt = DateTime.Now;
requestLog.Url = request.RequestUri.AbsoluteUri;//request.RequestUri.Host + HttpUtility.UrlDecode(request.RequestUri.PathAndQuery);
requestLog.Method = request.Method.Method;
requestLog.Status = "Started";
object headers = request.Headers.ToDictionary(x => x.Key, y => y.Value);
requestLog.Headers = JsonConvert.SerializeObject(headers);
//unitOfWork.BeginTransaction();
try
{
apiLogService.Create(requestLog);
//unitOfWork.Commit();
}
catch (Exception e)
{
//unitOfWork.Rollback();
}
//Se espera la respuesta del controlador
var response = await base.SendAsync(request, cancellationToken);
requestUuid = request.GetCorrelationId().ToString();
//unitOfWork.BeginTransaction();
try
{
requestLog = apiLogService.FindBy(x => x.Uuid == requestUuid).FirstOrDefault();
User user = null;
int? userId = UserApiAuthenticated.GetUserAuthenticatedId(request.GetRequestContext());
if (userId.HasValue)
{
user = userService.GetById(userId.Value);
}
if (user != null)
{
requestLog.CreatedBy = user;
}
if (requestLog != null)
{
if (response.RequestMessage != null && response.Content != null)
{
var responseContent = await response.Content.ReadAsStringAsync();
if (requestLog.Exception != null)
{
requestLog.Status = "HasException";
}
else
{
requestLog.Status = "Completed";
}
requestLog.Result = responseContent.ToString();
apiLogService.Update(requestLog);
}
}
//unitOfWork.Commit();
}catch (Exception e)
{
//unitOfWork.Rollback();
}
return(response);
}
}
