DD.WellWorkover.Cloud/AsbCloudWebApi/Middlewares/PermissionsMiddlware.cs

using AsbCloudApp.Repositories;
using AsbCloudApp.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using System;
using System.Threading.Tasks;

namespace AsbCloudWebApi.Middlewares
{

    public class PermissionsMiddlware
    {
        private readonly RequestDelegate next;
        private readonly UserConnectionsLimitMiddlware userConnectionsLimitMiddlware;

        public PermissionsMiddlware(RequestDelegate next, IConfiguration configuration)
        {
            this.next = next;
            userConnectionsLimitMiddlware = new UserConnectionsLimitMiddlware(next, configuration);
        }

        public async Task InvokeAsync(HttpContext context)
        {
            var endpoint = context.GetEndpoint();
            var permission = endpoint?.Metadata.GetMetadata<PermissionAttribute>();
            if (permission is null)
            {
                await next(context);
                return;
            }

            var idUser = context.User.GetUserId();
            if (idUser is null)
            {
                await context.ForbidAsync();
                return;
            }

            var controllerName = endpoint!.Metadata
                .GetMetadata<Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor>()
                ?.ControllerName;

            bool isAuthorized;
            if (idUser == 1)
                isAuthorized = true;
            else
            {
                var permissionName = permission.Name;
                if (string.IsNullOrEmpty(permissionName))
                {
                    var httpMethod = endpoint.Metadata
                        .GetMetadata<Microsoft.AspNetCore.Routing.HttpMethodMetadata>()
                        ?.HttpMethods[0]
                        .ToLower();

                    permissionName = httpMethod switch
                    {
                        "get" or "delete" => $"{controllerName}.{httpMethod}",
                        "post" or "put" or "patch" => $"{controllerName}.edit",
                        _ => throw new NotImplementedException(),
                    };
                    PermissionAttribute.Registered.Add(permissionName);
                }
                else if (permissionName.Contains("[controller]"))
                {
                    permissionName = permissionName.Replace("[controller]", controllerName);
                    PermissionAttribute.Registered.Add(permissionName);
                }

                var userService = context.RequestServices.GetRequiredService<IUserRepository>();
                isAuthorized = userService.HasPermission(idUser.Value, permissionName);
            }

            if (isAuthorized)
                await userConnectionsLimitMiddlware.InvokeAsync(context, idUser!.Value, controllerName!);
            else
                await context.ForbidAsync();
        }
    }

}