using Microsoft.AspNetCore.Http; using System.Threading.Tasks; using IRaCIS.Core.Domain.Share; using IRaCIS.Application.Contracts; using Dicom.IO; using IRaCIS.Core.Infrastructure; using Newtonsoft.Json; namespace IRaCIS.Core.API.Middleware { public class AuthenticationMiddleware { private readonly RequestDelegate _next; private readonly IRepository _userTypeMenuRepository; private readonly IUserInfo _userInfo; public AuthenticationMiddleware(RequestDelegate next, IRepository userTypeMenuTypeRepository, IUserInfo userInfo) { _next = next; _userTypeMenuRepository = userTypeMenuTypeRepository; _userInfo = userInfo; } public async Task InvokeAsync(HttpContext context) { if (!await IsValidRequest(context)) { context.Response.StatusCode = StatusCodes.Status200OK; ; context.Response.ContentType = "application/json"; var msg = JsonConvert.SerializeObject(ResponseOutput.NotOk("Access was denied due to lack of permission")); Console.WriteLine(msg); await context.Response.WriteAsync(msg); await context.Response.Body.FlushAsync(); context.Response.Body.Close(); } else { await _next(context); } } private async Task IsValidRequest(HttpContext context) { if (!Jurisdiction.IsSearch) { var apiPathList = await _userTypeMenuRepository.Where(x => x.Menu.ApiPath != null && x.Menu.ApiPath != string.Empty) .Select(x => new MenuApi() { UserTypeEnum = (int)x.UserType.UserTypeEnum, ApiPath = x.Menu.ApiPath, }).ToListAsync(); Jurisdiction.MenuActionList = apiPathList.Select(x => new MenuApi() { UserTypeEnum = x.UserTypeEnum, ApiPath = x.ApiPath.ToLower(), }).ToList(); Jurisdiction.IsSearch = true; } if (_userInfo.UserTypeEnumInt != 0) { var url = _userInfo.RequestUrl.ToLower(); ; if (Jurisdiction.MenuActionList.Any(x => x.ApiPath.Contains(url)) && !Jurisdiction.MenuActionList.Any(x => x.ApiPath.Contains(url) && x.UserTypeEnum == _userInfo.UserTypeEnumInt)) { return false; } } return true; } } }