dropped/docker/crupest-api/CrupestApi/CrupestApi.Commons/HttpContextExtensions.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

using System.Text.Json;
using CrupestApi.Commons.Secrets;
using Microsoft.Extensions.Options;

namespace CrupestApi.Commons;

public delegate void HttpResponseAction(HttpResponse response);

public class MessageBody
{
    public MessageBody(string message)
    {
        Message = message;
    }

    public string Message { get; set; }
}

public static class CrupestApiJsonExtensions
{
    public static IServiceCollection AddJsonOptions(this IServiceCollection services)
    {
        services.AddOptions<JsonSerializerOptions>();
        services.Configure<JsonSerializerOptions>(config =>
        {
            config.AllowTrailingCommas = true;
            config.PropertyNameCaseInsensitive = true;
            config.PropertyNamingPolicy = JsonNamingPolicy.CamelCase;
        });

        return services;
    }

    public static async Task<JsonDocument> ReadJsonAsync(this HttpRequest request)
    {
        var jsonOptions = request.HttpContext.RequestServices.GetRequiredService<IOptionsSnapshot<JsonSerializerOptions>>();
        using var stream = request.Body;
        var body = await JsonSerializer.DeserializeAsync<JsonDocument>(stream, jsonOptions.Value);
        return body!;
    }

    public static async Task WriteJsonAsync<T>(this HttpResponse response, T bodyObject, int statusCode = 200, HttpResponseAction? beforeWriteBody = null, CancellationToken cancellationToken = default)
    {
        var jsonOptions = response.HttpContext.RequestServices.GetRequiredService<IOptionsSnapshot<JsonSerializerOptions>>();
        byte[] json = JsonSerializer.SerializeToUtf8Bytes<T>(bodyObject, jsonOptions.Value);

        var byteCount = json.Length;

        response.StatusCode = statusCode;
        response.Headers.ContentType = "application/json; charset=utf-8";
        response.Headers.ContentLength = byteCount;

        if (beforeWriteBody is not null)
        {
            beforeWriteBody(response);
        }

        await response.Body.WriteAsync(json, cancellationToken);
    }

    public static async Task WriteMessageAsync(this HttpResponse response, string message, int statusCode = 400, HttpResponseAction? beforeWriteBody = null, CancellationToken cancellationToken = default)
    {
        await response.WriteJsonAsync(new MessageBody(message), statusCode: statusCode, beforeWriteBody, cancellationToken);
    }

    public static Task ResponseJsonAsync<T>(this HttpContext context, T bodyObject, int statusCode = 200, HttpResponseAction? beforeWriteBody = null, CancellationToken cancellationToken = default)
    {
        return context.Response.WriteJsonAsync<T>(bodyObject, statusCode, beforeWriteBody, cancellationToken);
    }

    public static Task ResponseMessageAsync(this HttpContext context, string message, int statusCode = 400, HttpResponseAction? beforeWriteBody = null, CancellationToken cancellationToken = default)
    {
        return context.Response.WriteMessageAsync(message, statusCode, beforeWriteBody, cancellationToken);
    }

    public static string? GetToken(this HttpRequest request)
    {
        var token = request.Headers["Authorization"].ToString();
        if (token.StartsWith("Bearer "))
        {
            token = token.Substring("Bearer ".Length);
            return token;
        }

        if (request.Query.TryGetValue("token", out var tokenValues))
        {
            return tokenValues.Last();
        }

        return null;
    }

    public static bool RequirePermission(this HttpContext context, string? permission)
    {
        if (permission is null) return true;

        var token = context.Request.GetToken();
        if (token is null)
        {
            context.ResponseMessageAsync("Unauthorized", 401);
            return false;
        }

        var secretService = context.RequestServices.GetRequiredService<ISecretService>();
        var permissions = secretService.GetPermissions(token);
        if (!permissions.Contains(permission))
        {
            context.ResponseMessageAsync("Forbidden", 403);
            return false;
        }
        return true;
    }
}