SharpRSS/SharpRSS.API/Auth/SessionAuthorizeAttribute.cs

using System;
using System.Linq;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Primitives;
using ToolQit;
using ToolQit.Logging;

namespace SharpRSS.API.Auth
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
    public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter
    {
        public SessionAuthorizeAttribute(string permission = "")
        {
            _log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));
            _perm = permission;
        }

        private readonly ILog _log;
        private readonly string _perm;

        public void OnAuthorization(AuthorizationFilterContext context)
        {
            if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))
            {
                //context.Result = new OkResult();
                return;
            }

            if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out StringValues val))
            {
                //TODO: if no permission check for valid session, if permission check if session has access!
                return;
            }

            //TODO: Check session ID!
            context.Result = new UnauthorizedResult();
        }
    }
}
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`using System;`
			`using System.Linq;`
			`using Microsoft.AspNetCore.Authorization;`
			`using Microsoft.AspNetCore.Mvc;`
			`using Microsoft.AspNetCore.Mvc.Filters;`
Working on auth attribute 2023-09-21 20:51:16 +02:00			`using Microsoft.Extensions.Primitives;`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`using ToolQit;`
			`using ToolQit.Logging;`

			`namespace SharpRSS.API.Auth`
			`{`
			`[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method, AllowMultiple = true, Inherited = true)]`
			`public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter`
			`{`
			`public SessionAuthorizeAttribute(string permission = "")`
			`{`
			`_log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));`
			`_perm = permission;`
			`}`

			`private readonly ILog _log;`
			`private readonly string _perm;`

			`public void OnAuthorization(AuthorizationFilterContext context)`
			`{`
			`if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))`
			`{`
Working on auth attribute 2023-09-21 20:51:16 +02:00			`//context.Result = new OkResult();`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`return;`
			`}`
Working on auth attribute 2023-09-21 20:51:16 +02:00
			`if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out StringValues val))`
			`{`
			`//TODO: if no permission check for valid session, if permission check if session has access!`
			`return;`
			`}`

Working on auth implentation. 2023-09-17 21:41:31 +02:00			`//TODO: Check session ID!`
			`context.Result = new UnauthorizedResult();`
			`}`
			`}`
			`}`