private bool Check(HttpContext context, MerchantManagerService merchantManager) { if (!context.Request.Path.Value.StartsWith("/api/")) { return(true); } if (context.Request.Headers[GlobalConstants.AuthHeader].Count == 0 || context.Request.Headers[GlobalConstants.SignHeader].Count == 0) { _logger.LogWarning("Required headers are missing"); return(false); } var token = context.Request.Headers[GlobalConstants.AuthHeader][0]; var merchant = merchantManager.GetMerchant(token); context.Items.Add("Merchant", merchant); if (merchant == null) { _logger.LogWarning("No merchant with token"); return(false); } if (!merchant.Active) { _logger.LogWarning($"Merchant id-[{merchant.Id}] name-[{merchant.ShortName}] deactivated"); return(false); } if (!_env.IsDevelopment() || _configuration.GetSection("DebugFlags").GetValue <bool>("CheckSign")) { var sign = context.Request.Headers[GlobalConstants.SignHeader][0]; var body = HttpContextHelper.GetBody(context.Request); using var mySha256 = SHA256.Create(); var calculatedSign = Convert.ToBase64String(mySha256.ComputeHash(Encoding.UTF8.GetBytes(body + merchant.SignKey))); if (sign != calculatedSign) { _logger.LogWarning("Bad sign"); return(false); } } if (!_env.IsDevelopment() || _configuration.GetSection("DebugFlags").GetValue <bool>("CheckIP")) { if (merchant.MerchantIpRange.Count != 0) { var ip = context.Connection.RemoteIpAddress.ToString(); var set = IpSet.ParseOrDefault(merchant.MerchantIpRange.Select(x => x.Iprange)); if (!set.Contains(ip)) { _logger.LogWarning($"Ip [{ip}] not allowed"); return(false); } } } return(true); }
public async Task InvokeAsync(HttpContext context) { if (!context.Request.Path.Value.StartsWith("/api/")) { await _next(context); } else { var logId = Guid.NewGuid().ToString(); var sign = context.Request.Headers[GlobalConstants.SignHeader]; var auth = context.Request.Headers[GlobalConstants.AuthHeader]; _logger.LogInformation($"REQUEST - [{logId}] auth - [{MaskHelper.MaskHeader(auth)}] sign - [{MaskHelper.MaskHeader(sign)}] body - [{MaskHelper.MaskApiRequest(HttpContextHelper.GetBody(context.Request))}]"); string responseContent; var originalBodyStream = context.Response.Body; await using (var fakeResponseBody = new MemoryStream()) { context.Response.Body = fakeResponseBody; await _next(context); fakeResponseBody.Seek(0, SeekOrigin.Begin); using var reader = new StreamReader(fakeResponseBody); responseContent = await reader.ReadToEndAsync(); fakeResponseBody.Seek(0, SeekOrigin.Begin); await fakeResponseBody.CopyToAsync(originalBodyStream); } _logger.LogInformation($"RESPONSE -[{logId}] body - [{responseContent}]"); } }