-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathProxyMiddleware.cs
More file actions
96 lines (79 loc) · 3.68 KB
/
ProxyMiddleware.cs
File metadata and controls
96 lines (79 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
namespace AzureADProxy
{
using System;
using System.Globalization;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Extensions;
public sealed class ProxyMiddleware
{
private static readonly int LoadBalancerPort = int.Parse(Environment.GetEnvironmentVariable("LBPORT"), CultureInfo.InvariantCulture);
private static readonly string HttpsHostName = Environment.GetEnvironmentVariable("HTTPS_HOST_NAME");
private static readonly byte[] OK = { (byte)'O', (byte)'K' };
private readonly RequestDelegate next;
private readonly IHost host;
public ProxyMiddleware(RequestDelegate next, IHost host)
{
this.next = next;
this.host = host;
}
public async Task Invoke(HttpContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var response = context.Response;
if (context.Connection.LocalPort == LoadBalancerPort)
{
response.StatusCode = 200;
await response.Body.WriteAsync(OK, 0, OK.Length).ConfigureAwait(false);
return;
}
if (context.Connection.LocalPort == 80)
{
response.StatusCode = 301;
response.Headers.Add("Location", HttpsHostName);
return;
}
var request = context.Request;
var useJwt = context.Request.Headers.ContainsKey("Authorization");
AuthenticateResult authResult;
if (useJwt)
{
authResult = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme).ConfigureAwait(false);
if (!authResult.Succeeded || !authResult.Principal.Identity.IsAuthenticated)
{
await context.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme).ConfigureAwait(false);
return;
}
}
else
{
authResult = await context.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme).ConfigureAwait(false);
if (!authResult.Succeeded || !authResult.Principal.Identity.IsAuthenticated)
{
await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = request.GetEncodedPathAndQuery() }).ConfigureAwait(false);
return;
}
}
var username = authResult.Principal?.Identity?.Name ?? "(app)";
var uri = new Uri(UriHelper.BuildAbsolute(this.host.ForwardScheme, new HostString(this.host.ForwardHost), default, request.Path, request.QueryString));
await ProxyRequest(context, uri, username).ConfigureAwait(false);
}
private static async Task ProxyRequest(HttpContext context, Uri destinationUri, string username)
{
if (context.WebSockets.IsWebSocketRequest)
{
throw new NotSupportedException();
}
using var requestMessage = context.CreateProxyHttpRequest(destinationUri, username);
using var responseMessage = await context.SendProxyHttpRequest(requestMessage).ConfigureAwait(false);
await context.CopyProxyHttpResponse(responseMessage).ConfigureAwait(false);
}
}
}