public async Task Invoke(HttpContext context)
{
var isAuthorize = context.Session.GetInt32(SessionConstant.NeedAuthorize);
var site = context.Session.GetString(SessionConstant.Site);
if (isAuthorize == 0 || site == SessionConstant.Client)
{
await next(context);
}
else
{
string method = context.Request.Method;
var route = method + "/" + context.Session.GetString("route") + "/";
var role = context.Session.GetString("role");
var permission = PermissionPath.mapApi.FirstOrDefault(x => route.Contains(x.Value)).Key;
if (role == "admin")
{
var allowed = RolePermission.admin.FirstOrDefault(x => x == permission);
if (allowed == null)
{
await MiddlewareHelper.AccessDenied(context);
return;
}
else
{
await next(context);
}
}
else if (role == "staff")
{
var allowed = RolePermission.staff.FirstOrDefault(x => x == permission);
if (allowed == null)
{
await MiddlewareHelper.AccessDenied(context);
return;
}
else
{
await next(context);
}
}
else
{
await MiddlewareHelper.AccessDenied(context);
}
}
}
public async Task Invoke(HttpContext context, DataContext dataContext)
{
string authorize = context.Request.Headers["Authorization"];
string route = context.Request.Path;
// Validate
if (!route.StartsWith("/api"))
{
context.Session.SetInt32(SessionConstant.NeedAuthorize, 0);
await next(context);
return;
}
route = route.Substring("/api/".Length);
var isAuthorize = needAuthorize(route);
if (isAuthorize == false)
{
context.Session.SetInt32(SessionConstant.NeedAuthorize, 0);
await next(context);
}
else
{
context.Session.SetInt32(SessionConstant.NeedAuthorize, 1);
if (authorize != null && authorize.StartsWith("Bearer"))
{
string token = authorize.Substring("Bearer ".Length).Trim();
var handler = new JwtSecurityTokenHandler();
if (handler.CanReadToken(token))
{
var decodeToken = handler.ReadJwtToken(token);
if (route.StartsWith("admin/"))
{
context.Session.SetString(SessionConstant.Site, SessionConstant.Admin);
var userId = decodeToken.Claims.FirstOrDefault(c => c.Type == "nameid") != null?
decodeToken.Claims.FirstOrDefault(c => c.Type == "nameid").Value : null;
var username = decodeToken.Claims.FirstOrDefault(c => c.Type == "unique_name") != null?
decodeToken.Claims.FirstOrDefault(c => c.Type == "unique_name").Value : null;
var role = decodeToken.Claims.FirstOrDefault(c => c.Type == "role") != null?
decodeToken.Claims.FirstOrDefault(c => c.Type == "role").Value : null;
var user = await dataContext.Users.FirstOrDefaultAsync(u => u.Id.ToString() == userId);
if (user == null || user.Username != username || userId == null)
{
await MiddlewareHelper.AccessDenied(context);
return;
}
context.Session.SetString(SessionConstant.Route, route);
context.Session.SetString(SessionConstant.Role, role);
context.Session.SetString(SessionConstant.Username, username);
}
else if (route.StartsWith("client/"))
{
context.Session.SetString(SessionConstant.Site, SessionConstant.Client);
var username = decodeToken.Claims.FirstOrDefault(c => c.Type == "sub") != null?
decodeToken.Claims.FirstOrDefault(c => c.Type == "sub").Value : null;
//
// var customer = await dataContext.Customers.FirstOrDefaultAsync(c => c.Username == username);
if (username == null)
{
await MiddlewareHelper.AccessDenied(context);
return;
}
context.Session.SetString(SessionConstant.Username, username);
}
await next(context);
}
else
{
await MiddlewareHelper.AccessDenied(context);
return;
}
}
else
{
await MiddlewareHelper.AccessDenied(context);
return;
}
}
}