private bool Check(HttpContext context) { if (!context.Request.Path.Value.StartsWith("/iapi/")) { return(true); } if (context.Request.Headers[GlobalConstants.KeyHeader].Count == 0) { _logger.LogWarning("Required header is missing"); return(false); } var token = context.Request.Headers[GlobalConstants.KeyHeader][0]; if (token != _configuration.GetSection("Keys").GetValue <string>("InternalApiKey")) { return(false); } var ip = context.Connection.RemoteIpAddress.ToString(); var set = IpSet.ParseOrDefault(LocalIps); if (!set.Contains(ip)) { _logger.LogWarning($"Ip [{ip}] not allowed"); return(false); } return(true); }
private bool Check(HttpContext context, MerchantManagerService merchantManager) { if (!context.Request.Path.Value.StartsWith("/api/")) { return(true); } if (context.Request.Headers[GlobalConstants.AuthHeader].Count == 0 || context.Request.Headers[GlobalConstants.SignHeader].Count == 0) { _logger.LogWarning("Required headers are missing"); return(false); } var token = context.Request.Headers[GlobalConstants.AuthHeader][0]; var merchant = merchantManager.GetMerchant(token); context.Items.Add("Merchant", merchant); if (merchant == null) { _logger.LogWarning("No merchant with token"); return(false); } if (!merchant.Active) { _logger.LogWarning($"Merchant id-[{merchant.Id}] name-[{merchant.ShortName}] deactivated"); return(false); } if (!_env.IsDevelopment() || _configuration.GetSection("DebugFlags").GetValue <bool>("CheckSign")) { var sign = context.Request.Headers[GlobalConstants.SignHeader][0]; var body = HttpContextHelper.GetBody(context.Request); using var mySha256 = SHA256.Create(); var calculatedSign = Convert.ToBase64String(mySha256.ComputeHash(Encoding.UTF8.GetBytes(body + merchant.SignKey))); if (sign != calculatedSign) { _logger.LogWarning("Bad sign"); return(false); } } if (!_env.IsDevelopment() || _configuration.GetSection("DebugFlags").GetValue <bool>("CheckIP")) { if (merchant.MerchantIpRange.Count != 0) { var ip = context.Connection.RemoteIpAddress.ToString(); var set = IpSet.ParseOrDefault(merchant.MerchantIpRange.Select(x => x.Iprange)); if (!set.Contains(ip)) { _logger.LogWarning($"Ip [{ip}] not allowed"); return(false); } } } return(true); }
public void Parse_And_Contains_Tests(string s, string testIp, bool expected) { // Act var set = IpSet.ParseOrDefault(s); var result = set.Contains(testIp); // Assert Assert.Equal(expected, result); }
/// <summary> /// Initializes a new instance of the <see cref="IpAddressRuleMatcher"/> class. /// </summary> /// <param name="ipWhiltlist">Whitlist of IP addresses.</param> /// <param name="clientPolicies">Client policies.</param> public IpAddressRuleMatcher(IEnumerable <string> ipWhiltlist, IEnumerable <ClientPolicy> clientPolicies) { _whitelist = IpSet.ParseOrDefault(ipWhiltlist); if (clientPolicies != null) { foreach (var policy in clientPolicies) { var ipSet = IpSet.ParseOrDefault(policy?.ClientId) ?? throw new ArgumentException($"Cannot parse to an IP set/ range from [{policy?.ClientId}]"); _ipPolicies[ipSet] = policy; } } }
/// <summary> /// Checks whether the <see cref="IpSet"/> contains specified <see cref="IPAddress"/>. /// </summary> /// <param name="ipSet">The <see cref="IpSet"/> object.</param> /// <param name="ipAddress">The IP address to be checked.</param> /// <returns>True if contains; otherwise false.</returns> public static bool Contains(this IpSet ipSet, string ipAddress) { var address = IPAddress.Parse(ipAddress); return(ipSet.Contains(address)); }