public async Task InvokeAsync(HttpContext httpContext, CineGestDB context) { var token = httpContext.Request.Headers["token"].ToString(); // pesquisar o utilizador pelo token na base de dados e verifica a data de expiração do token var user = context.User.Where(u => u.Token == token && u.TokenExpiresAt > DateTime.Now).FirstOrDefault(); // Call the next delegate/middleware in the pipeline if (user != null) { //role do user var userRole = context.Roles.Where(r => r.Id == user.RoleFK).Select(r => r.Name).First(); var routeValues = httpContext.Request.RouteValues; var allowed = Routes.Rules.Any(rule => rule.Action.Equals(routeValues.ElementAt(0).Value) && rule.Controller.Equals(routeValues.ElementAt(1).Value) && rule.Roles.Contains(userRole)); if (allowed) { await _next(httpContext); } else { httpContext.Response.StatusCode = 401; httpContext.Response.Headers.Clear(); } } else { httpContext.Response.StatusCode = 401; httpContext.Response.Headers.Clear(); } }
public UsersController(CineGestDB context, IWebHostEnvironment environment) { _context = context; _environment = environment; }
public RolesController(CineGestDB context) { _context = context; }
public CinemasController(CineGestDB context) { _context = context; }
public SessionsController(CineGestDB context) { _context = context; }
public TicketsController(CineGestDB context) { _context = context; }