Egalware/cms_thermo_active
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17100d2f930cde68d9875482953d3e388a97012d
cms_thermo_active/Thermo.Active/Attributes/WebApiAuthorizeAttribute.cs
T
Samuele E. Locatelli b5a024ba0e CMSConnect Fix
2020-10-21 10:54:37 +02:00

120 lines
4.9 KiB
C#
Raw Blame History

using System.Linq;
using System.Security.Claims;
using System.Web.Http;
using System.Web.Http.Controllers;
using Thermo.Active.Config;
using Thermo.Active.Database.Controllers;
using Thermo.Active.Model.DatabaseModels;
using static Thermo.Active.Config.ServerConfig;
using static Thermo.Active.Listeners.SignalRStaticObjects;
using static Thermo.Active.Model.Constants;
namespace Thermo.Active
{
class WebApiAuthorizeAttribute : AuthorizeAttribute
{
public string FunctionAccess;
public ACTIONS Action;
protected override bool IsAuthorized(HttpActionContext actionContext)
{
// Get token from headers
if (actionContext.Request.Headers.Authorization == null)
return false;
string token = actionContext.Request.Headers.Authorization.ToString();
token = token.Split(' ')[1];
if (!base.IsAuthorized(actionContext))
if (string.IsNullOrEmpty(token))
return false;
// check authorization
if (!CheckAuthorization(FunctionAccess, token, out int machineId, out int userId))
return false;
var claims = new ClaimsIdentity(AUTHENTICATION_TYPE);
claims.AddClaim(new Claim(USER_ID_KEY, userId.ToString()));
claims.AddClaim(new Claim(MACHINE_ID_KEY, machineId.ToString()));
actionContext.RequestContext.Principal = new ClaimsPrincipal(claims);
// Get claims from token
//ClaimsPrincipal principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
//// Get user id stored in the bearer token
//var userId = principal.Claims.Where(c => c.Type == USER_ID_KEY).FirstOrDefault();
//// Get machine unique id stored in the bearer token
//var machineId = principal.Claims.Where(c => c.Type == MACHINE_ID_KEY).FirstOrDefault();
////User data not found -> not authorized
//if (userId == null || machineId == null)
// return false;
return true;
}
private bool CheckAuthorization(string functionName, string token, out int machineId, out int userId)
{
machineId = userId = 0;
using (SessionsController sessionsController = new SessionsController())
{
// Find user session on this machine
SessionModel session = sessionsController.FindSessionByToken(token);
if (session == null)
return false;
// Check if the machine is the same where the user logged in
if (session.MachineUser.MachineId != MachineConfig.MachineId)
return false;
machineId = session.MachineUser.MachineId;
userId = session.MachineUser.UserId;
MachineUserModel machineUser = new MachineUserModel();
using (MachinesUsersController machineUsersController = new MachinesUsersController())
{
// Find machineUser data and joined to user data, role data, machine data
machineUser = machineUsersController.FindByIdWithData(session.MachineUserId);
RedisController.WriteCurrentUser(machineUser.User.Username);
}
using (FunctionsAccessController acController = new FunctionsAccessController())
{
// Read from db function levels
FunctionAccessModel functionAccess = acController.FindEnabledFunctionByName(functionName);
if (functionAccess != null && ServerConfigController.CheckAreaStatus(functionAccess.Area))
{
if (Action == ACTIONS.READ)
{ // Check read permissions
if (functionAccess.ReadLevelMin > machineUser.Role.Level)
return false; // Not authorized
}
else
{ // Check write permissions
if (functionAccess.WriteLevelMin > machineUser.Role.Level)
return false; // Not authorized
}
// Check if PLC bit exists
if (functionAccess.PlcId != 0)
{
// Check if functionality is enabled by PLC
var functionalityIsEnabled = LastRuntimeFunctionality.Where(x => x.Name == functionName).FirstOrDefault();
if (functionalityIsEnabled == null || functionalityIsEnabled.Enabled == false)
return false;
}
}
else
return false;
// Authorized
return true;
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink