using AsbCloudApp.Services; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; using System; using System.Threading.Tasks; namespace AsbCloudWebApi.Middlewares { public class PermissionsMiddlware { private readonly RequestDelegate next; public PermissionsMiddlware(RequestDelegate next) { this.next = next; } public async Task InvokeAsync(HttpContext context) { var endpoint = context.GetEndpoint(); var permission = endpoint?.Metadata.GetMetadata(); if (permission is null) { await next(context); return; } var idUser = context.User.GetUserId(); if (idUser is null) { context.User = null; await context.ForbidAsync(); return; } bool isAuthorized; if (idUser == 1) isAuthorized = true; else { var permissionName = permission.Name; if (string.IsNullOrEmpty(permissionName)) { var controller = endpoint.Metadata .GetMetadata() ?.ControllerName; var httpMethod = endpoint.Metadata .GetMetadata() .HttpMethods[0] .ToLower(); permissionName = httpMethod switch { "get" or "delete" => $"{controller}.{httpMethod}", "post" or "put" or "patch" => $"{controller}.edit", _ => throw new NotImplementedException(), }; PermissionAttribute.Registered.Add(permissionName); } else if (permissionName.Contains("[controller]")) { var controller = endpoint.Metadata .GetMetadata() ?.ControllerName; permissionName = permissionName.Replace("[controller]", controller); PermissionAttribute.Registered.Add(permissionName); } var userService = context.RequestServices.GetRequiredService(); isAuthorized = userService.HasPermission((int)idUser, permissionName); } if (isAuthorized) await next?.Invoke(context); else await context.ForbidAsync(); } } }