2023-09-17 21:41:31 +02:00
|
|
|
using System;
|
|
|
|
using System.Linq;
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
2023-09-21 20:51:16 +02:00
|
|
|
using Microsoft.Extensions.Primitives;
|
2023-09-17 21:41:31 +02:00
|
|
|
using ToolQit;
|
|
|
|
using ToolQit.Logging;
|
|
|
|
|
|
|
|
namespace SharpRSS.API.Auth
|
|
|
|
{
|
|
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
|
|
|
|
public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter
|
|
|
|
{
|
2023-10-08 00:46:42 +02:00
|
|
|
public SessionAuthorizeAttribute(string group = "")
|
2023-09-17 21:41:31 +02:00
|
|
|
{
|
|
|
|
_log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));
|
2023-10-08 00:46:42 +02:00
|
|
|
_group = group;
|
2023-09-17 21:41:31 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
private readonly ILog _log;
|
2023-10-08 00:46:42 +02:00
|
|
|
private readonly string _group;
|
2023-09-17 21:41:31 +02:00
|
|
|
|
|
|
|
public void OnAuthorization(AuthorizationFilterContext context)
|
|
|
|
{
|
|
|
|
if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))
|
|
|
|
{
|
2023-09-21 20:51:16 +02:00
|
|
|
//context.Result = new OkResult();
|
2023-09-17 21:41:31 +02:00
|
|
|
return;
|
|
|
|
}
|
2023-09-21 20:51:16 +02:00
|
|
|
|
2023-10-08 00:46:42 +02:00
|
|
|
return;
|
2023-09-21 20:51:16 +02:00
|
|
|
if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out StringValues val))
|
|
|
|
{
|
2023-10-08 00:46:42 +02:00
|
|
|
//TODO: if no permission check for valid session, permission check if session has access!
|
2023-09-21 20:51:16 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-09-17 21:41:31 +02:00
|
|
|
//TODO: Check session ID!
|
|
|
|
context.Result = new UnauthorizedResult();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|