tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-06-19 00:38:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Can authorise routes based on claims, there is also a claims transformation middleware

Browse Source
This commit is contained in:
tom.pallister
2016-10-19 11:56:05 +01:00
parent 3285be3c73
commit b8951c4698
39 changed files with 700 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src/Ocelot/Authorisation/AddClaims.cs
View File

@ -1,45 +0,0 @@
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
using Ocelot.Claims.Parser;
using Ocelot.Configuration;
using Ocelot.HeaderBuilder;
using Ocelot.Responses;
namespace Ocelot.Authorisation
{
public class AddClaims : IAddHeadersToRequest
{
private readonly IClaimsParser _claimsParser;
public AddClaims(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties, HttpContext context)
{
foreach (var config in configurationHeaderExtractorProperties)
{
var value = _claimsParser.GetValue(context.User.Claims, config.ClaimKey, config.Delimiter, config.Index);
if (value.IsError)
{
return new ErrorResponse(value.Errors);
}
var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.HeaderKey);
if (!string.IsNullOrEmpty(exists.Key))
{
context.Request.Headers.Remove(exists);
}
context.Request.Headers.Add(config.HeaderKey, new StringValues(value.Data));
}
return new OkResponse();
}
}
}

60
src/Ocelot/Authorisation/AuthorisationMiddleware.cs
View File

@ -1,60 +0,0 @@
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Ocelot.DownstreamRouteFinder;
using Ocelot.Errors;
using Ocelot.Middleware;
using Ocelot.Responses;
using Ocelot.ScopedData;
namespace Ocelot.Authorisation
{
public class AuthorisationMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
private readonly IAuthoriser _authoriser;
public AuthorisationMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAuthoriser authoriser)
: base(scopedRequestDataRepository)
{
_next = next;
_scopedRequestDataRepository = scopedRequestDataRepository;
_authoriser = authoriser;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.IsError)
{
SetPipelineError(downstreamRoute.Errors);
return;
}
//todo - call authoriser
var authorised = new OkResponse<bool>(true); //_authoriser.Authorise(context.User, new RouteClaimsRequirement(new Dictionary<string, string>()));
if (authorised.IsError)
{
SetPipelineError(authorised.Errors);
return;
}
if (authorised.Data)
{
await _next.Invoke(context);
}
else
{
SetPipelineError(new List<Error>
{
new UnauthorisedError($"{context.User.Identity.Name} unable to access {downstreamRoute.Data.ReRoute.UpstreamTemplate}")
});
}
}
}
}

7
src/Ocelot/Authorisation/ClaimsAuthoriser.cs
View File

@ -1,12 +1,13 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Ocelot.Claims.Parser;
using Ocelot.Errors;
using Ocelot.Responses;
namespace Ocelot.Authorisation
{
using Infrastructure.Claims.Parser;
public class ClaimsAuthoriser : IAuthoriser
{
private readonly IClaimsParser _claimsParser;
@ -16,9 +17,9 @@ namespace Ocelot.Authorisation
_claimsParser = claimsParser;
}
public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, RouteClaimsRequirement routeClaimsRequirement)
public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, Dictionary<string, string> routeClaimsRequirement)
{
foreach (var required in routeClaimsRequirement.RequiredClaimsAndValues)
foreach (var required in routeClaimsRequirement)
{
var value = _claimsParser.GetValue(claimsPrincipal.Claims, required.Key, string.Empty, 0);

13
src/Ocelot/Authorisation/IAddClaims.cs
View File

@ -1,13 +0,0 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Http;
using Ocelot.Configuration;
using Ocelot.Responses;
namespace Ocelot.Authorisation
{
public interface IAddClaims
{
Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties,
HttpContext context);
}
}

6
src/Ocelot/Authorisation/IAuthoriser.cs
View File

@ -3,9 +3,11 @@ using Ocelot.Responses;
namespace Ocelot.Authorisation
{
using System.Collections.Generic;
public interface IAuthoriser
{
Response<bool> Authorise(ClaimsPrincipal claimsPrincipal,
RouteClaimsRequirement routeClaimsRequirement);
Response<bool> Authorise(ClaimsPrincipal claimsPrincipal,
Dictionary<string, string> routeClaimsRequirement);
}
}

66
src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs Normal file
View File

@ -0,0 +1,66 @@
namespace Ocelot.Authorisation.Middleware
{
using System.Collections.Generic;
using System.Threading.Tasks;
using DownstreamRouteFinder;
using Errors;
using Microsoft.AspNetCore.Http;
using Ocelot.Middleware;
using ScopedData;
public class AuthorisationMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
private readonly IAuthoriser _authoriser;
public AuthorisationMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAuthoriser authoriser)
: base(scopedRequestDataRepository)
{
_next = next;
_scopedRequestDataRepository = scopedRequestDataRepository;
_authoriser = authoriser;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.IsError)
{
SetPipelineError(downstreamRoute.Errors);
return;
}
if (downstreamRoute.Data.ReRoute.IsAuthorised)
{
var authorised = _authoriser.Authorise(context.User, downstreamRoute.Data.ReRoute.RouteClaimsRequirement);
if (authorised.IsError)
{
SetPipelineError(authorised.Errors);
return;
}
if (authorised.Data)
{
await _next.Invoke(context);
}
else
{
SetPipelineError(new List<Error>
{
new UnauthorisedError(
$"{context.User.Identity.Name} unable to access {downstreamRoute.Data.ReRoute.UpstreamTemplate}")
});
}
}
else
{
await _next.Invoke(context);
}
}
}
}

6
src/Ocelot/Authorisation/AuthorisationMiddlewareMiddlewareExtensions.cs → src/Ocelot/Authorisation/Middleware/AuthorisationMiddlewareMiddlewareExtensions.cs
View File

@ -1,7 +1,7 @@
using Microsoft.AspNetCore.Builder;
namespace Ocelot.Authorisation
namespace Ocelot.Authorisation.Middleware
{
using Microsoft.AspNetCore.Builder;
public static class AuthorisationMiddlewareMiddlewareExtensions
{
public static IApplicationBuilder UseAuthorisationMiddleware(this IApplicationBuilder builder)

14
src/Ocelot/Authorisation/RouteClaimsRequirement.cs
View File

@ -1,14 +0,0 @@
using System.Collections.Generic;
namespace Ocelot.Authorisation
{
public class RouteClaimsRequirement
{
public RouteClaimsRequirement(Dictionary<string, string> requiredClaimsAndValues)
{
RequiredClaimsAndValues = requiredClaimsAndValues;
}
public Dictionary<string, string> RequiredClaimsAndValues { get; private set; }
}
}

46
src/Ocelot/ClaimsBuilder/AddClaimsToRequest.cs Normal file
View File

@ -0,0 +1,46 @@
namespace Ocelot.ClaimsBuilder
{
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Configuration;
using Infrastructure.Claims.Parser;
using Microsoft.AspNetCore.Http;
using Responses;
public class AddClaimsToRequest : IAddClaimsToRequest
{
private readonly IClaimsParser _claimsParser;
public AddClaimsToRequest(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response SetClaimsOnContext(List<ClaimToThing> claimsToThings, HttpContext context)
{
foreach (var config in claimsToThings)
{
var value = _claimsParser.GetValue(context.User.Claims, config.NewKey, config.Delimiter, config.Index);
if (value.IsError)
{
return new ErrorResponse(value.Errors);
}
var exists = context.User.Claims.FirstOrDefault(x => x.Type == config.ExistingKey);
var identity = context.User.Identity as ClaimsIdentity;
if (exists != null)
{
identity?.RemoveClaim(exists);
}
identity?.AddClaim(new Claim(config.ExistingKey, value.Data));
}
return new OkResponse();
}
}
}

13
src/Ocelot/ClaimsBuilder/IAddClaimsToRequest.cs Normal file
View File

@ -0,0 +1,13 @@
namespace Ocelot.ClaimsBuilder
{
using System.Collections.Generic;
using Configuration;
using Microsoft.AspNetCore.Http;
using Responses;
public interface IAddClaimsToRequest
{
Response SetClaimsOnContext(List<ClaimToThing> claimsToThings,
HttpContext context);
}
}

44
src/Ocelot/ClaimsBuilder/Middleware/ClaimsBuilderMiddleware.cs Normal file
View File

@ -0,0 +1,44 @@
namespace Ocelot.ClaimsBuilder.Middleware
{
using System.Linq;
using System.Threading.Tasks;
using DownstreamRouteFinder;
using Microsoft.AspNetCore.Http;
using Ocelot.Middleware;
using ScopedData;
public class ClaimsBuilderMiddleware : OcelotMiddleware
{
private readonly RequestDelegate _next;
private readonly IAddClaimsToRequest _addClaimsToRequest;
private readonly IScopedRequestDataRepository _scopedRequestDataRepository;
public ClaimsBuilderMiddleware(RequestDelegate next,
IScopedRequestDataRepository scopedRequestDataRepository,
IAddClaimsToRequest addClaimsToRequest)
: base(scopedRequestDataRepository)
{
_next = next;
_addClaimsToRequest = addClaimsToRequest;
_scopedRequestDataRepository = scopedRequestDataRepository;
}
public async Task Invoke(HttpContext context)
{
var downstreamRoute = _scopedRequestDataRepository.Get<DownstreamRoute>("DownstreamRoute");
if (downstreamRoute.Data.ReRoute.ClaimsToClaims.Any())
{
var result = _addClaimsToRequest.SetClaimsOnContext(downstreamRoute.Data.ReRoute.ClaimsToClaims, context);
if (result.IsError)
{
SetPipelineError(result.Errors);
return;
}
}
await _next.Invoke(context);
}
}
}

12
src/Ocelot/ClaimsBuilder/Middleware/ClaimsBuilderMiddlewareExtensions.cs Normal file
View File

@ -0,0 +1,12 @@
namespace Ocelot.ClaimsBuilder.Middleware
{
using Microsoft.AspNetCore.Builder;
public static class ClaimsBuilderMiddlewareExtensions
{
public static IApplicationBuilder UseClaimsBuilderMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware<ClaimsBuilderMiddleware>();
}
}
}

29
src/Ocelot/Configuration/Builder/ReRouteBuilder.cs
View File

@ -15,7 +15,10 @@ namespace Ocelot.Configuration.Builder
private List<string> _additionalScopes;
private bool _requireHttps;
private string _scopeSecret;
private List<ClaimToHeader> _configHeaderExtractorProperties;
private List<ClaimToThing> _configHeaderExtractorProperties;
private List<ClaimToThing> _claimToClaims;
private Dictionary<string, string> _routeClaimRequirement;
private bool _isAuthorised;
public ReRouteBuilder()
{
@ -48,8 +51,14 @@ namespace Ocelot.Configuration.Builder
{
_isAuthenticated = input;
return this;
}
public ReRouteBuilder WithIsAuthorised(bool input)
{
_isAuthorised = input;
return this;
}
public ReRouteBuilder WithAuthenticationProvider(string input)
{
_authenticationProvider = input;
@ -86,15 +95,27 @@ namespace Ocelot.Configuration.Builder
return this;
}
public ReRouteBuilder WithConfigurationHeaderExtractorProperties(List<ClaimToHeader> input)
public ReRouteBuilder WithClaimsToHeaders(List<ClaimToThing> input)
{
_configHeaderExtractorProperties = input;
return this;
}
public ReRouteBuilder WithClaimsToClaims(List<ClaimToThing> input)
{
_claimToClaims = input;
return this;
}
public ReRouteBuilder WithRouteClaimsRequirement(Dictionary<string, string> input)
{
_routeClaimRequirement = input;
return this;
}
public ReRoute Build()
{
return new ReRoute(_downstreamTemplate, _upstreamTemplate, _upstreamHttpMethod, _upstreamTemplatePattern, _isAuthenticated, new AuthenticationOptions(_authenticationProvider, _authenticationProviderUrl, _scopeName, _requireHttps, _additionalScopes, _scopeSecret), _configHeaderExtractorProperties);
return new ReRoute(_downstreamTemplate, _upstreamTemplate, _upstreamHttpMethod, _upstreamTemplatePattern, _isAuthenticated, new AuthenticationOptions(_authenticationProvider, _authenticationProviderUrl, _scopeName, _requireHttps, _additionalScopes, _scopeSecret), _configHeaderExtractorProperties, _claimToClaims, _routeClaimRequirement, _isAuthorised);
}
}
}

18
src/Ocelot/Configuration/ClaimToHeader.cs
View File

@ -1,18 +0,0 @@
namespace Ocelot.Configuration
{
public class ClaimToHeader
{
public ClaimToHeader(string headerKey, string claimKey, string delimiter, int index)
{
ClaimKey = claimKey;
Delimiter = delimiter;
Index = index;
HeaderKey = headerKey;
}
public string HeaderKey { get; private set; }
public string ClaimKey { get; private set; }
public string Delimiter { get; private set; }
public int Index { get; private set; }
}
}

18
src/Ocelot/Configuration/ClaimToThing.cs Normal file
View File

@ -0,0 +1,18 @@
namespace Ocelot.Configuration
{
public class ClaimToThing
{
public ClaimToThing(string existingKey, string newKey, string delimiter, int index)
{
NewKey = newKey;
Delimiter = delimiter;
Index = index;
ExistingKey = existingKey;
}
public string ExistingKey { get; private set; }
public string NewKey { get; private set; }
public string Delimiter { get; private set; }
public int Index { get; private set; }
}
}

31
src/Ocelot/Configuration/Creator/YamlOcelotConfigurationCreator.cs
View File

@ -18,18 +18,18 @@ namespace Ocelot.Configuration.Creator
private readonly IConfigurationValidator _configurationValidator;
private const string RegExMatchEverything = ".*";
private const string RegExMatchEndString = "$";
private readonly IClaimToHeaderConfigurationParser _claimToHeaderConfigurationParser;
private readonly IClaimToThingConfigurationParser _claimToThingConfigurationParser;
private readonly ILogger<YamlOcelotConfigurationCreator> _logger;
public YamlOcelotConfigurationCreator(
IOptions<YamlConfiguration> options,
IConfigurationValidator configurationValidator,
IClaimToHeaderConfigurationParser claimToHeaderConfigurationParser,
IClaimToThingConfigurationParser claimToThingConfigurationParser,
ILogger<YamlOcelotConfigurationCreator> logger)
{
_options = options;
_configurationValidator = configurationValidator;
_claimToHeaderConfigurationParser = claimToHeaderConfigurationParser;
_claimToThingConfigurationParser = claimToThingConfigurationParser;
_logger = logger;
}
@ -89,6 +89,8 @@ namespace Ocelot.Configuration.Creator
var isAuthenticated = !string.IsNullOrEmpty(reRoute.AuthenticationOptions?.Provider);
var isAuthorised = reRoute.RouteClaimsRequirement?.Count > 0;
if (isAuthenticated)
{
var authOptionsForRoute = new AuthenticationOptions(reRoute.AuthenticationOptions.Provider,
@ -96,37 +98,38 @@ namespace Ocelot.Configuration.Creator
reRoute.AuthenticationOptions.RequireHttps, reRoute.AuthenticationOptions.AdditionalScopes,
reRoute.AuthenticationOptions.ScopeSecret);
var configHeaders = GetHeadersToAddToRequest(reRoute);
var claimsToHeaders = GetAddThingsToRequest(reRoute.AddHeadersToRequest);
var claimsToClaims = GetAddThingsToRequest(reRoute.AddClaimsToRequest);
return new ReRoute(reRoute.DownstreamTemplate, reRoute.UpstreamTemplate,
reRoute.UpstreamHttpMethod, upstreamTemplate, isAuthenticated,
authOptionsForRoute, configHeaders
authOptionsForRoute, claimsToHeaders, claimsToClaims, reRoute.RouteClaimsRequirement, isAuthorised
);
}
return new ReRoute(reRoute.DownstreamTemplate, reRoute.UpstreamTemplate, reRoute.UpstreamHttpMethod,
upstreamTemplate, isAuthenticated, null, new List<ClaimToHeader>());
upstreamTemplate, isAuthenticated, null, new List<ClaimToThing>(), new List<ClaimToThing>(), reRoute.RouteClaimsRequirement, isAuthorised);
}
private List<ClaimToHeader> GetHeadersToAddToRequest(YamlReRoute reRoute)
private List<ClaimToThing> GetAddThingsToRequest(Dictionary<string,string> thingBeingAdded)
{
var configHeaders = new List<ClaimToHeader>();
var claimsToTHings = new List<ClaimToThing>();
foreach (var add in reRoute.AddHeadersToRequest)
foreach (var add in thingBeingAdded)
{
var configurationHeader = _claimToHeaderConfigurationParser.Extract(add.Key, add.Value);
var claimToHeader = _claimToThingConfigurationParser.Extract(add.Key, add.Value);
if (configurationHeader.IsError)
if (claimToHeader.IsError)
{
_logger.LogCritical(new EventId(1, "Application Failed to start"),
$"Unable to extract configuration for key: {add.Key} and value: {add.Value} your configuration file is incorrect");
throw new Exception(configurationHeader.Errors[0].Message);
throw new Exception(claimToHeader.Errors[0].Message);
}
configHeaders.Add(configurationHeader.Data);
claimsToTHings.Add(claimToHeader.Data);
}
return configHeaders;
return claimsToTHings;
}
private bool IsPlaceHolder(string upstreamTemplate, int i)

16
src/Ocelot/Configuration/Parser/ClaimToHeaderConfigurationParser.cs → src/Ocelot/Configuration/Parser/ClaimToThingConfigurationParser.cs
View File

@ -6,13 +6,13 @@ using Ocelot.Responses;
namespace Ocelot.Configuration.Parser
{
public class ClaimToHeaderConfigurationParser : IClaimToHeaderConfigurationParser
public class ClaimToThingConfigurationParser : IClaimToThingConfigurationParser
{
private readonly Regex _claimRegex = new Regex("Claims\\[.*\\]");
private readonly Regex _indexRegex = new Regex("value\\[.*\\]");
private const string SplitToken = ">";
public Response<ClaimToHeader> Extract(string headerKey, string value)
public Response<ClaimToThing> Extract(string existingKey, string value)
{
try
{
@ -20,7 +20,7 @@ namespace Ocelot.Configuration.Parser
if (instructions.Length <= 1)
{
return new ErrorResponse<ClaimToHeader>(
return new ErrorResponse<ClaimToThing>(
new List<Error>
{
new NoInstructionsError(SplitToken)
@ -31,14 +31,14 @@ namespace Ocelot.Configuration.Parser
if (!claimMatch)
{
return new ErrorResponse<ClaimToHeader>(
return new ErrorResponse<ClaimToThing>(
new List<Error>
{
new InstructionNotForClaimsError()
});
}
var claimKey = GetIndexValue(instructions[0]);
var newKey = GetIndexValue(instructions[0]);
var index = 0;
var delimiter = string.Empty;
@ -48,12 +48,12 @@ namespace Ocelot.Configuration.Parser
delimiter = instructions[2].Trim();
}
return new OkResponse<ClaimToHeader>(
new ClaimToHeader(headerKey, claimKey, delimiter, index));
return new OkResponse<ClaimToThing>(
new ClaimToThing(existingKey, newKey, delimiter, index));
}
catch (Exception exception)
{
return new ErrorResponse<ClaimToHeader>(
return new ErrorResponse<ClaimToThing>(
new List<Error>
{
new ParsingConfigurationHeaderError(exception)

9
src/Ocelot/Configuration/Parser/IClaimToHeaderConfigurationParser.cs
View File

@ -1,9 +0,0 @@
using Ocelot.Responses;
namespace Ocelot.Configuration.Parser
{
public interface IClaimToHeaderConfigurationParser
{
Response<ClaimToHeader> Extract(string headerKey, string value);
}
}

9
src/Ocelot/Configuration/Parser/IClaimToThingConfigurationParser.cs Normal file
View File

@ -0,0 +1,9 @@
using Ocelot.Responses;
namespace Ocelot.Configuration.Parser
{
public interface IClaimToThingConfigurationParser
{
Response<ClaimToThing> Extract(string existingKey, string value);
}
}

14
src/Ocelot/Configuration/ReRoute.cs
View File

@ -4,7 +4,7 @@ namespace Ocelot.Configuration
{
public class ReRoute
{
public ReRoute(string downstreamTemplate, string upstreamTemplate, string upstreamHttpMethod, string upstreamTemplatePattern, bool isAuthenticated, AuthenticationOptions authenticationOptions, List<ClaimToHeader> configurationHeaderExtractorProperties)
public ReRoute(string downstreamTemplate, string upstreamTemplate, string upstreamHttpMethod, string upstreamTemplatePattern, bool isAuthenticated, AuthenticationOptions authenticationOptions, List<ClaimToThing> configurationHeaderExtractorProperties, List<ClaimToThing> claimsToClaims, Dictionary<string, string> routeClaimsRequirement, bool isAuthorised)
{
DownstreamTemplate = downstreamTemplate;
UpstreamTemplate = upstreamTemplate;
@ -12,8 +12,12 @@ namespace Ocelot.Configuration
UpstreamTemplatePattern = upstreamTemplatePattern;
IsAuthenticated = isAuthenticated;
AuthenticationOptions = authenticationOptions;
RouteClaimsRequirement = routeClaimsRequirement;
IsAuthorised = isAuthorised;
ClaimsToClaims = claimsToClaims
?? new List<ClaimToThing>();
ClaimsToHeaders = configurationHeaderExtractorProperties
?? new List<ClaimToHeader>();
?? new List<ClaimToThing>();
}
public string DownstreamTemplate { get; private set; }
@ -21,7 +25,11 @@ namespace Ocelot.Configuration
public string UpstreamTemplatePattern { get; private set; }
public string UpstreamHttpMethod { get; private set; }
public bool IsAuthenticated { get; private set; }
public bool IsAuthorised { get; private set; }
public AuthenticationOptions AuthenticationOptions { get; private set; }
public List<ClaimToHeader> ClaimsToHeaders { get; private set; }
public List<ClaimToThing> ClaimsToHeaders { get; private set; }
public List<ClaimToThing> ClaimsToClaims { get; private set; }
public Dictionary<string, string> RouteClaimsRequirement { get; private set; }
}
}

6
src/Ocelot/Configuration/Yaml/YamlReRoute.cs
View File

@ -7,7 +7,8 @@ namespace Ocelot.Configuration.Yaml
public YamlReRoute()
{
AddHeadersToRequest = new Dictionary<string, string>();
AddClaims = new Dictionary<string, string>();
AddClaimsToRequest = new Dictionary<string, string>();
RouteClaimsRequirement = new Dictionary<string, string>();
}
public string DownstreamTemplate { get; set; }
@ -15,6 +16,7 @@ namespace Ocelot.Configuration.Yaml
public string UpstreamHttpMethod { get; set; }
public YamlAuthenticationOptions AuthenticationOptions { get; set; }
public Dictionary<string, string> AddHeadersToRequest { get; set; }
public Dictionary<string, string> AddClaims { get; set; }
public Dictionary<string, string> AddClaimsToRequest { get; set; }
public Dictionary<string, string> RouteClaimsRequirement { get; set; }
}
}

7
src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
View File

@ -5,7 +5,6 @@ using Microsoft.Extensions.DependencyInjection;
using Ocelot.Authentication.Handler.Creator;
using Ocelot.Authentication.Handler.Factory;
using Ocelot.Authorisation;
using Ocelot.Claims.Parser;
using Ocelot.Configuration.Creator;
using Ocelot.Configuration.Parser;
using Ocelot.Configuration.Provider;
@ -23,6 +22,9 @@ using Ocelot.ScopedData;
namespace Ocelot.DependencyInjection
{
using ClaimsBuilder;
using Infrastructure.Claims.Parser;
public static class ServiceCollectionExtensions
{
public static IServiceCollection AddOcelotYamlConfiguration(this IServiceCollection services, IConfigurationRoot configurationRoot)
@ -34,7 +36,7 @@ namespace Ocelot.DependencyInjection
services.AddSingleton<IOcelotConfigurationCreator, YamlOcelotConfigurationCreator>();
services.AddSingleton<IOcelotConfigurationProvider, YamlOcelotConfigurationProvider>();
services.AddSingleton<IOcelotConfigurationRepository, InMemoryOcelotConfigurationRepository>();
services.AddSingleton<IClaimToHeaderConfigurationParser, ClaimToHeaderConfigurationParser>();
services.AddSingleton<IClaimToThingConfigurationParser, ClaimToThingConfigurationParser>();
services.AddSingleton<IConfigurationValidator, ConfigurationValidator>();
return services;
@ -48,6 +50,7 @@ namespace Ocelot.DependencyInjection
// ocelot services.
services.AddSingleton<IAuthoriser, ClaimsAuthoriser>();
services.AddSingleton<IAddClaimsToRequest, AddClaimsToRequest>();
services.AddSingleton<IAddHeadersToRequest, AddHeadersToRequest>();
services.AddSingleton<IClaimsParser, ClaimsParser>();
services.AddSingleton<IUrlPathToUrlTemplateMatcher, RegExUrlMatcher>();

13
src/Ocelot/HeaderBuilder/AddHeadersToRequest.cs
View File

@ -2,12 +2,13 @@
using System.Linq;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
using Ocelot.Claims.Parser;
using Ocelot.Configuration;
using Ocelot.Responses;
namespace Ocelot.HeaderBuilder
{
using Infrastructure.Claims.Parser;
public class AddHeadersToRequest : IAddHeadersToRequest
{
private readonly IClaimsParser _claimsParser;
@ -17,25 +18,25 @@ namespace Ocelot.HeaderBuilder
_claimsParser = claimsParser;
}
public Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties, HttpContext context)
public Response SetHeadersOnContext(List<ClaimToThing> claimsToThings, HttpContext context)
{
foreach (var config in configurationHeaderExtractorProperties)
foreach (var config in claimsToThings)
{
var value = _claimsParser.GetValue(context.User.Claims, config.ClaimKey, config.Delimiter, config.Index);
var value = _claimsParser.GetValue(context.User.Claims, config.NewKey, config.Delimiter, config.Index);
if (value.IsError)
{
return new ErrorResponse(value.Errors);
}
var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.HeaderKey);
var exists = context.Request.Headers.FirstOrDefault(x => x.Key == config.ExistingKey);
if (!string.IsNullOrEmpty(exists.Key))
{
context.Request.Headers.Remove(exists);
}
context.Request.Headers.Add(config.HeaderKey, new StringValues(value.Data));
context.Request.Headers.Add(config.ExistingKey, new StringValues(value.Data));
}
return new OkResponse();

2
src/Ocelot/HeaderBuilder/IAddHeadersToRequest.cs
View File

@ -7,7 +7,7 @@ namespace Ocelot.HeaderBuilder
{
public interface IAddHeadersToRequest
{
Response SetHeadersOnContext(List<ClaimToHeader> configurationHeaderExtractorProperties,
Response SetHeadersOnContext(List<ClaimToThing> claimsToThings,
HttpContext context);
}
}

6
src/Ocelot/Claims/Parser/CannotFindClaimError.cs → src/Ocelot/Infrastructure/Claims/Parser/CannotFindClaimError.cs
View File

@ -1,7 +1,7 @@
using Ocelot.Errors;
namespace Ocelot.Claims.Parser
namespace Ocelot.Infrastructure.Claims.Parser
{
using Errors;
public class CannotFindClaimError : Error
{
public CannotFindClaimError(string message)

14
src/Ocelot/Claims/Parser/ClaimsParser.cs → src/Ocelot/Infrastructure/Claims/Parser/ClaimsParser.cs
View File

@ -1,11 +1,11 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Ocelot.Errors;
using Ocelot.Responses;
namespace Ocelot.Claims.Parser
namespace Ocelot.Infrastructure.Claims.Parser
{
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Errors;
using Responses;
public class ClaimsParser : IClaimsParser
{
public Response<string> GetValue(IEnumerable<Claim> claims, string key, string delimiter, int index)

10
src/Ocelot/Claims/Parser/IClaimsParser.cs → src/Ocelot/Infrastructure/Claims/Parser/IClaimsParser.cs
View File

@ -1,9 +1,9 @@
using System.Collections.Generic;
using System.Security.Claims;
using Ocelot.Responses;
namespace Ocelot.Claims.Parser
namespace Ocelot.Infrastructure.Claims.Parser
{
using System.Collections.Generic;
using System.Security.Claims;
using Responses;
public interface IClaimsParser
{
Response<string> GetValue(IEnumerable<Claim> claims, string key, string delimiter, int index);

6
src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
View File

@ -1,6 +1,5 @@
using Microsoft.AspNetCore.Builder;
using Ocelot.Authentication.Middleware;
using Ocelot.Authorisation;
using Ocelot.DownstreamRouteFinder.Middleware;
using Ocelot.DownstreamUrlCreator.Middleware;
using Ocelot.HeaderBuilder.Middleware;
@ -10,6 +9,9 @@ using Ocelot.Responder.Middleware;
namespace Ocelot.Middleware
{
using Authorisation.Middleware;
using ClaimsBuilder.Middleware;
public static class OcelotMiddlewareExtensions
{
public static IApplicationBuilder UseOcelot(this IApplicationBuilder builder)
@ -20,6 +22,8 @@ namespace Ocelot.Middleware
builder.UseAuthenticationMiddleware();
builder.UseClaimsBuilderMiddleware();
builder.UseAuthorisationMiddleware();
builder.UseHttpRequestHeadersBuilderMiddleware();

8
src/Ocelot/Responder/ErrorsToHttpStatusCodeMapper.cs
View File

@ -14,6 +14,14 @@ namespace Ocelot.Responder
return new OkResponse<int>(401);
}
if (errors.Any(e => e.Code == OcelotErrorCode.UnauthorizedError
|| e.Code == OcelotErrorCode.ClaimValueNotAuthorisedError
|| e.Code == OcelotErrorCode.UserDoesNotHaveClaimError
|| e.Code == OcelotErrorCode.CannotFindClaimError))
{
return new OkResponse<int>(403);
}
return new OkResponse<int>(404);
}
}