private bool VerifySignature(HttpContext context, ImageflowMiddlewareOptions options) { var pathAndQuery = context.Request.PathBase.HasValue ? "/" + context.Request.PathBase.Value.TrimStart('/') : ""; pathAndQuery += context.Request.Path.ToString() + context.Request.QueryString.ToString(); pathAndQuery = Signatures.NormalizePathAndQueryForSigning(pathAndQuery); if (context.Request.Query.TryGetValue("signature", out var actualSignature)) { foreach (var key in options.SigningKeys) { var expectedSignature = Signatures.SignString(pathAndQuery, key, 16); if (expectedSignature == actualSignature) { return(true); } } AuthorizedMessage = "Image signature does not match request, or used an invalid signing key."; return(false); } // A missing signature is only a problem if they are required if (!options.RequireRequestSignature) { return(true); } AuthorizedMessage = "Image requests must be signed. No &signature query key found. "; return(false); }
private bool VerifySignature(HttpContext context, ImageflowMiddlewareOptions middlewareOptions) { if (middlewareOptions.RequestSignatureOptions == null) { return(true); } var(requirement, signingKeys) = middlewareOptions.RequestSignatureOptions .GetRequirementForPath(context.Request.Path.Value); var queryString = context.Request.QueryString.ToString(); var pathAndQuery = context.Request.PathBase.HasValue ? "/" + context.Request.PathBase.Value.TrimStart('/') : ""; pathAndQuery += context.Request.Path.ToString() + queryString; pathAndQuery = Signatures.NormalizePathAndQueryForSigning(pathAndQuery); if (context.Request.Query.TryGetValue("signature", out var actualSignature)) { foreach (var key in signingKeys) { var expectedSignature = Signatures.SignString(pathAndQuery, key, 16); if (expectedSignature == actualSignature) { return(true); } } AuthorizedMessage = "Image signature does not match request, or used an invalid signing key."; return(false); } if (requirement == SignatureRequired.Never) { return(true); } if (requirement == SignatureRequired.ForQuerystringRequests) { if (queryString.Length <= 0) { return(true); } AuthorizedMessage = "Image processing requests must be signed. No &signature query key found. "; return(false); } AuthorizedMessage = "Image requests must be signed. No &signature query key found. "; return(false); }