started adding route authorisation

2025-06-19 07:08:14 +08:00 · 2016-10-18 21:38:18 +01:00
parent cb4b000b21
commit 0221ee9ccb
11 changed files with 213 additions and 2 deletions
--- a/src/Ocelot/Authorisation/AuthorisationMiddleware.cs
+++ b/src/Ocelot/Authorisation/AuthorisationMiddleware.cs
@ -0,0 +1,53 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Ocelot.DownstreamRouteFinder;
+using Ocelot.Errors;
+using Ocelot.Middleware;
+using Ocelot.ScopedData;
+
+namespace Ocelot.Authorisation
+{
+    public class AuthorisationMiddleware : OcelotMiddleware
+    {
+        private readonly RequestDelegate _next;
+        private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
+        private readonly IAuthoriser _authoriser;
+
+        public AuthorisationMiddleware(RequestDelegate next, 
+            IScopedRequestDataRepository scopedRequestDataRepository, 
+            IAuthoriser authoriser)
+            : base(scopedRequestDataRepository)
+        {
+            _next = next;
+            _scopedRequestDataRepository = scopedRequestDataRepository;
+            _authoriser = authoriser;
+        }
+
+        public async Task Invoke(HttpContext context)
+        {
+            var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
+
+            if (downstreamRoute.IsError)
+            {
+                SetPipelineError(downstreamRoute.Errors);
+                return;
+            }
+
+            var authorised = _authoriser.Authorise(context.User, new RouteClaimsRequirement());
+
+            if (authorised)
+            {
+                await _next.Invoke(context);
+            }
+            else
+            {
+                //set an error
+                SetPipelineError(new List<Error>
+                {
+                    new UnauthorisedError($"{context.User.Identity.Name} unable to access {downstreamRoute.Data.ReRoute.UpstreamTemplate}")
+                });
+            }
+        }
+    }
+}
--- a/src/Ocelot/Authorisation/AuthorisationMiddlewareMiddlewareExtensions.cs
+++ b/src/Ocelot/Authorisation/AuthorisationMiddlewareMiddlewareExtensions.cs
@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Builder;
+
+namespace Ocelot.Authorisation
+{
+    public static class AuthorisationMiddlewareMiddlewareExtensions
+    {
+        public static IApplicationBuilder UseAuthorisationMiddleware(this IApplicationBuilder builder)
+        {
+            return builder.UseMiddleware<AuthorisationMiddleware>();
+        }
+    }
+}
--- a/src/Ocelot/Authorisation/ClaimsAuthoriser.cs
+++ b/src/Ocelot/Authorisation/ClaimsAuthoriser.cs
@ -0,0 +1,12 @@
+using System.Security.Claims;
+
+namespace Ocelot.Authorisation
+{
+    public class ClaimsAuthoriser : IAuthoriser
+    {
+        public bool Authorise(ClaimsPrincipal claimsPrincipal, RouteClaimsRequirement routeClaimsRequirement)
+        {
+            return false;
+        }
+    }
+}
--- a/src/Ocelot/Authorisation/IAuthoriser.cs
+++ b/src/Ocelot/Authorisation/IAuthoriser.cs
@ -0,0 +1,10 @@
+using System.Security.Claims;
+
+namespace Ocelot.Authorisation
+{
+    public interface IAuthoriser
+    {
+        bool Authorise(ClaimsPrincipal claimsPrincipal, 
+            RouteClaimsRequirement routeClaimsRequirement);
+    }
+}
--- a/src/Ocelot/Authorisation/RouteClaimsRequirement.cs
+++ b/src/Ocelot/Authorisation/RouteClaimsRequirement.cs
@ -0,0 +1,11 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace Ocelot.Authorisation
+{
+    public class RouteClaimsRequirement
+    {
+    }
+}
--- a/src/Ocelot/Authorisation/UnauthorisedError.cs
+++ b/src/Ocelot/Authorisation/UnauthorisedError.cs
@ -0,0 +1,12 @@
+using Ocelot.Errors;
+
+namespace Ocelot.Authorisation
+{
+    public class UnauthorisedError : Error
+    {
+        public UnauthorisedError(string message) 
+            : base(message, OcelotErrorCode.UnauthorizedError)
+        {
+        }
+    }
+}
--- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
+++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
@ -1,8 +1,10 @@
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Ocelot.Authentication.Handler.Creator;
 using Ocelot.Authentication.Handler.Factory;
+using Ocelot.Authorisation;
 using Ocelot.Configuration.Creator;
 using Ocelot.Configuration.Parser;
 using Ocelot.Configuration.Provider;
@ -45,6 +47,7 @@ namespace Ocelot.DependencyInjection
            services.AddLogging();

            // ocelot services.
+            services.AddSingleton<IAuthoriser, ClaimsAuthoriser>();
            services.AddSingleton<IAddHeadersToRequest, AddHeadersToRequest>();
            services.AddSingleton<IClaimsParser, ClaimsParser>();
            services.AddSingleton<IUrlPathToUrlTemplateMatcher, RegExUrlMatcher>();
--- a/src/Ocelot/Errors/OcelotErrorCode.cs
+++ b/src/Ocelot/Errors/OcelotErrorCode.cs
@ -14,6 +14,7 @@
        CannotFindClaimError,
        ParsingConfigurationHeaderError,
        NoInstructionsError,
-        InstructionNotForClaimsError
+        InstructionNotForClaimsError,
+        UnauthorizedError
    }
 }
--- a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
+++ b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
@ -1,5 +1,6 @@
 using Microsoft.AspNetCore.Builder;
 using Ocelot.Authentication.Middleware;
+using Ocelot.Authorisation;
 using Ocelot.DownstreamRouteFinder.Middleware;
 using Ocelot.DownstreamUrlCreator.Middleware;
 using Ocelot.HeaderBuilder.Middleware;
@ -19,6 +20,8 @@ namespace Ocelot.Middleware

            builder.UseAuthenticationMiddleware();

+            //builder.UseAuthorisationMiddleware();
+
            builder.UseHttpRequestHeadersBuilderMiddleware();

            builder.UseDownstreamUrlCreatorMiddleware();