public async Task InvokeAsync(HttpContext httpContext, CineGestDB context)
        {
            var token = httpContext.Request.Headers["token"].ToString();

            // pesquisar o utilizador pelo token na base de dados e verifica a data de expiração do token
            var user = context.User.Where(u => u.Token == token && u.TokenExpiresAt > DateTime.Now).FirstOrDefault();

            // Call the next delegate/middleware in the pipeline
            if (user != null)
            {
                //role do user
                var userRole = context.Roles.Where(r => r.Id == user.RoleFK).Select(r => r.Name).First();

                var routeValues = httpContext.Request.RouteValues;

                var allowed = Routes.Rules.Any(rule => rule.Action.Equals(routeValues.ElementAt(0).Value) &&
                                               rule.Controller.Equals(routeValues.ElementAt(1).Value) && rule.Roles.Contains(userRole));

                if (allowed)
                {
                    await _next(httpContext);
                }
                else
                {
                    httpContext.Response.StatusCode = 401;
                    httpContext.Response.Headers.Clear();
                }
            }
            else
            {
                httpContext.Response.StatusCode = 401;
                httpContext.Response.Headers.Clear();
            }
        }
Пример #2
0
 public UsersController(CineGestDB context, IWebHostEnvironment environment)
 {
     _context     = context;
     _environment = environment;
 }
Пример #3
0
 public RolesController(CineGestDB context)
 {
     _context = context;
 }
 public CinemasController(CineGestDB context)
 {
     _context = context;
 }
Пример #5
0
 public SessionsController(CineGestDB context)
 {
     _context = context;
 }
 public TicketsController(CineGestDB context)
 {
     _context = context;
 }