forked from ddrilling/AsbCloudServer
85 lines
3.0 KiB
C#
85 lines
3.0 KiB
C#
using AsbCloudApp.Repositories;
|
|
using AsbCloudApp.Services;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using System;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace AsbCloudWebApi.Middlewares
|
|
{
|
|
#nullable enable
|
|
public class PermissionsMiddlware
|
|
{
|
|
private readonly RequestDelegate next;
|
|
private readonly UserConnectionsLimitMiddlware userConnectionsLimitMiddlware;
|
|
|
|
public PermissionsMiddlware(RequestDelegate next, IConfiguration configuration)
|
|
{
|
|
this.next = next;
|
|
userConnectionsLimitMiddlware = new UserConnectionsLimitMiddlware(next, configuration);
|
|
}
|
|
|
|
public async Task InvokeAsync(HttpContext context)
|
|
{
|
|
var endpoint = context.GetEndpoint();
|
|
var permission = endpoint?.Metadata.GetMetadata<PermissionAttribute>();
|
|
if (permission is null)
|
|
{
|
|
await next(context);
|
|
return;
|
|
}
|
|
|
|
var idUser = context.User.GetUserId();
|
|
if (idUser is null)
|
|
{
|
|
await context.ForbidAsync();
|
|
return;
|
|
}
|
|
|
|
var controllerName = endpoint!.Metadata
|
|
.GetMetadata<Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor>()
|
|
?.ControllerName;
|
|
|
|
bool isAuthorized;
|
|
if (idUser == 1)
|
|
isAuthorized = true;
|
|
else
|
|
{
|
|
var permissionName = permission.Name;
|
|
if (string.IsNullOrEmpty(permissionName))
|
|
{
|
|
var httpMethod = endpoint.Metadata
|
|
.GetMetadata<Microsoft.AspNetCore.Routing.HttpMethodMetadata>()
|
|
?.HttpMethods[0]
|
|
.ToLower();
|
|
|
|
permissionName = httpMethod switch
|
|
{
|
|
"get" or "delete" => $"{controllerName}.{httpMethod}",
|
|
"post" or "put" or "patch" => $"{controllerName}.edit",
|
|
_ => throw new NotImplementedException(),
|
|
};
|
|
PermissionAttribute.Registered.Add(permissionName);
|
|
}
|
|
else if (permissionName.Contains("[controller]"))
|
|
{
|
|
permissionName = permissionName.Replace("[controller]", controllerName);
|
|
PermissionAttribute.Registered.Add(permissionName);
|
|
}
|
|
|
|
var userService = context.RequestServices.GetRequiredService<IUserRepository>();
|
|
isAuthorized = userService.HasPermission(idUser.Value, permissionName);
|
|
}
|
|
|
|
if (isAuthorized)
|
|
await userConnectionsLimitMiddlware.InvokeAsync(context, idUser!.Value, controllerName!);
|
|
else
|
|
await context.ForbidAsync();
|
|
}
|
|
}
|
|
#nullable disable
|
|
}
|