mirror of
https://github.com/hmaxnl/SharpRSS.git
synced 2024-09-20 01:54:20 +02:00
42 lines
1.4 KiB
C#
42 lines
1.4 KiB
C#
using System;
|
|
using System.Linq;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using Microsoft.Extensions.Primitives;
|
|
using ToolQit;
|
|
using ToolQit.Logging;
|
|
|
|
namespace SharpRSS.API.Auth
|
|
{
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
|
|
public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter
|
|
{
|
|
public SessionAuthorizeAttribute(string permission = "")
|
|
{
|
|
_log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));
|
|
_perm = permission;
|
|
}
|
|
|
|
private readonly ILog _log;
|
|
private readonly string _perm;
|
|
|
|
public void OnAuthorization(AuthorizationFilterContext context)
|
|
{
|
|
if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))
|
|
{
|
|
//context.Result = new OkResult();
|
|
return;
|
|
}
|
|
|
|
if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out StringValues val))
|
|
{
|
|
//TODO: if no permission check for valid session, if permission check if session has access!
|
|
return;
|
|
}
|
|
|
|
//TODO: Check session ID!
|
|
context.Result = new UnauthorizedResult();
|
|
}
|
|
}
|
|
} |