public async Task InvokeAsync(HttpContext httpContext, CineGestDB context)
{
var token = httpContext.Request.Headers["token"].ToString();
// pesquisar o utilizador pelo token na base de dados e verifica a data de expiração do token
var user = context.User.Where(u => u.Token == token && u.TokenExpiresAt > DateTime.Now).FirstOrDefault();
// Call the next delegate/middleware in the pipeline
if (user != null)
{
//role do user
var userRole = context.Roles.Where(r => r.Id == user.RoleFK).Select(r => r.Name).First();
var routeValues = httpContext.Request.RouteValues;
var allowed = Routes.Rules.Any(rule => rule.Action.Equals(routeValues.ElementAt(0).Value) &&
rule.Controller.Equals(routeValues.ElementAt(1).Value) && rule.Roles.Contains(userRole));
if (allowed)
{
await _next(httpContext);
}
else
{
httpContext.Response.StatusCode = 401;
httpContext.Response.Headers.Clear();
}
}
else
{
httpContext.Response.StatusCode = 401;
httpContext.Response.Headers.Clear();
}
}
public UsersController(CineGestDB context, IWebHostEnvironment environment)
{
_context = context;
_environment = environment;
}
public RolesController(CineGestDB context)
{
_context = context;
}
public CinemasController(CineGestDB context)
{
_context = context;
}
public SessionsController(CineGestDB context)
{
_context = context;
}
public TicketsController(CineGestDB context)
{
_context = context;
}