示例#1
0
        public async Task Invoke(HttpContext httpContext, IClientAuthorizeBusiness bizAuthorize, CurrentProcess process)
        {
            var path = httpContext.Request.Path;

            if (!path.HasValue)
            {
                httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                return;
            }

            if (!_listPathByPass.Any(a => path.Value.StartsWith(a)))
            {
                var headers = ClientAuthorizeModel.Create(
                    httpContext.Request.Headers["X-my8-Key"].FirstOrDefault(),
                    httpContext.Request.Headers["X-my8-Signature"].FirstOrDefault());
                var personId = httpContext.Request.Headers["X-my8-PersonId"].FirstOrDefault();
                process.PersonId = personId;
                if (!headers.IsValid)
                {
                    httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                    return;
                }

                var client = await _getClient(headers, bizAuthorize);

                if (client == null)
                {
                    httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                    return;
                }

                var originalData = _getOriginalDataToHash(httpContext);

                var checksum = string.Empty;

                var segments = path.Value.Split('/');
                checksum = Utils.HmacSha256ToBase64(client.ApiKey + originalData, client.SecretKey);

                if (checksum != headers.Signature)
                {
                    httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                    return;
                }
            }

            await _next(httpContext);
        }
示例#2
0
        private async Task <ClientAuthorize> _getClient(ClientAuthorizeModel headers, IClientAuthorizeBusiness bizAuthorize)
        {
            var client = await bizAuthorize.Get(headers.ClientKey);

            return(client);
        }