using System.Threading.Tasks; using AcaMate.Common.Data; using Microsoft.AspNetCore.Http; using Microsoft.EntityFrameworkCore; namespace AcaMate.Common.Token; public interface IHeaderConfig { Task GetExpectedHeaderValueAsync(string headerName); } /// /// DB에서 헤더 키값 찾아서 그 밸류 값 빼오기 위해서 사용 /// public class HeaderConfigRepository : IHeaderConfig { private readonly AppDbContext _dbContext; public HeaderConfigRepository(AppDbContext dbContext) { _dbContext = dbContext; } public async Task GetExpectedHeaderValueAsync(string headerName) { var config = await _dbContext.APIHeader .FirstOrDefaultAsync(h => h.h_key == headerName); return config?.h_value ?? string.Empty; } } public class APIHeaderMiddleware { private readonly RequestDelegate _next; private readonly string[] _headerNames; // private readonly IHeaderConfig _headerConfig; public APIHeaderMiddleware(RequestDelegate next, string[] headerNames)//, IHeaderConfig headerConfig) { _next = next; _headerNames = headerNames; } public async Task Invoke(HttpContext context) { if (context.Request.Path.Equals("/api/v1/in/app", StringComparison.OrdinalIgnoreCase)) { await _next(context); return; } // Scoped 사용해서 값 가져오는 곳임 var headerConfig = context.RequestServices.GetRequiredService(); bool valid = false; foreach (var header in _headerNames) { /// context.Request.Headers.TryGetValue(header, out var headerValue) /// header 를 찾는데 header if (context.Request.Headers.TryGetValue(header, out var headerValue) && !string.IsNullOrWhiteSpace(headerValue)) { var dbValue = await headerConfig.GetExpectedHeaderValueAsync(header); if (headerValue == dbValue) { valid = true; break; } } } if (!valid) { context.Response.StatusCode = StatusCodes.Status401Unauthorized; await context.Response.WriteAsync($"Invalid header value"); return; } await _next(context); } }