SharpRSS/SharpRSS.API/Auth/SessionAuthorizeAttribute.cs

using System;
using System.Linq;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Primitives;
using ToolQit;
using ToolQit.Logging;

namespace SharpRSS.API.Auth
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
    public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter
    {
        public SessionAuthorizeAttribute(string group = "")
        {
            _log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));
            _group = group;
        }

        private readonly ILog _log;
        private readonly string _group;

        public void OnAuthorization(AuthorizationFilterContext context)
        {
            if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))
            {
                //context.Result = new OkResult();
                return;
            }

            return;
            if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out StringValues val))
            {
                //TODO: if no permission check for valid session, permission check if session has access!
                return;
            }

            //TODO: Check session ID!
            context.Result = new UnauthorizedResult();
        }
    }
}
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`using System;`
			`using System.Linq;`
			`using Microsoft.AspNetCore.Authorization;`
			`using Microsoft.AspNetCore.Mvc;`
			`using Microsoft.AspNetCore.Mvc.Filters;`
Working on auth attribute 2023-09-21 20:51:16 +02:00			`using Microsoft.Extensions.Primitives;`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`using ToolQit;`
			`using ToolQit.Logging;`

			`namespace SharpRSS.API.Auth`
			`{`
			`[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method, AllowMultiple = true, Inherited = true)]`
			`public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter`
			`{`
Implemented users db & API side. 2023-10-08 00:46:42 +02:00			`public SessionAuthorizeAttribute(string group = "")`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`{`
			`_log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));`
Implemented users db & API side. 2023-10-08 00:46:42 +02:00			`_group = group;`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`}`

			`private readonly ILog _log;`
Implemented users db & API side. 2023-10-08 00:46:42 +02:00			`private readonly string _group;`
Working on auth implentation. 2023-09-17 21:41:31 +02:00
			`public void OnAuthorization(AuthorizationFilterContext context)`
			`{`
			`if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))`
			`{`
Working on auth attribute 2023-09-21 20:51:16 +02:00			`//context.Result = new OkResult();`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`return;`
			`}`
Working on auth attribute 2023-09-21 20:51:16 +02:00
Implemented users db & API side. 2023-10-08 00:46:42 +02:00			`return;`
Working on auth attribute 2023-09-21 20:51:16 +02:00			`if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out StringValues val))`
			`{`
Implemented users db & API side. 2023-10-08 00:46:42 +02:00			`//TODO: if no permission check for valid session, permission check if session has access!`
Working on auth attribute 2023-09-21 20:51:16 +02:00			`return;`
			`}`

Working on auth implentation. 2023-09-17 21:41:31 +02:00			`//TODO: Check session ID!`
			`context.Result = new UnauthorizedResult();`
			`}`
			`}`
			`}`