From 2488615953423458cba3491a22542f06cfd968a1 Mon Sep 17 00:00:00 2001 From: area363 Date: Tue, 3 Dec 2024 10:22:44 +0900 Subject: [PATCH] test jwt header --- NineChronicles.Headless.Executable/Program.cs | 1 + .../Middleware/CustomRateLimitMiddleware.cs | 24 +++++++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/NineChronicles.Headless.Executable/Program.cs b/NineChronicles.Headless.Executable/Program.cs index fcf00694f..8caff2e51 100644 --- a/NineChronicles.Headless.Executable/Program.cs +++ b/NineChronicles.Headless.Executable/Program.cs @@ -331,6 +331,7 @@ public async Task Run( try { IHostBuilder hostBuilder = Host.CreateDefaultBuilder(); + hostBuilder.ConfigureAppConfiguration(builder => builder.AddConfiguration(configuration)); var standaloneContext = new StandaloneContext { diff --git a/NineChronicles.Headless/Middleware/CustomRateLimitMiddleware.cs b/NineChronicles.Headless/Middleware/CustomRateLimitMiddleware.cs index a1b3df76b..51e0e5166 100644 --- a/NineChronicles.Headless/Middleware/CustomRateLimitMiddleware.cs +++ b/NineChronicles.Headless/Middleware/CustomRateLimitMiddleware.cs @@ -9,22 +9,34 @@ namespace NineChronicles.Headless.Middleware { + using System.Linq; + using Microsoft.Extensions.Configuration; + public class CustomRateLimitMiddleware : RateLimitMiddleware { private readonly ILogger _logger; private readonly IRateLimitConfiguration _config; private readonly IOptions _options; + private readonly string _whitelistedIp; + private readonly string _jwtKey; public CustomRateLimitMiddleware(RequestDelegate next, IProcessingStrategy processingStrategy, IOptions options, IIpPolicyStore policyStore, - IRateLimitConfiguration config) + IRateLimitConfiguration config, + Microsoft.Extensions.Configuration.IConfiguration configuration) : base(next, options?.Value, new CustomIpRateLimitProcessor(options?.Value!, policyStore, processingStrategy), config) { _config = config; _options = options!; _logger = Log.Logger.ForContext(); + + // Cache the JWT key + _jwtKey = configuration["Jwt:Key"] ?? string.Empty; + + // Retrieve the first IP from the IpWhitelist array, fallback to "127.0.0.1" if null or empty + _whitelistedIp = configuration.GetSection("IpRateLimiting:IpWhitelist")?.Get()?.FirstOrDefault() ?? "127.0.0.1"; } protected override void LogBlockedRequest(HttpContext httpContext, ClientRequestIdentity identity, RateLimitCounter counter, RateLimitRule rule) @@ -43,16 +55,24 @@ public override async Task ResolveIdentityAsync(HttpConte { var identity = await base.ResolveIdentityAsync(httpContext); + // Check if the protocol is HTTP/1.1 if (httpContext.Request.Protocol == "HTTP/1.1") { + // Read the body to check for stageTransaction var body = await new StreamReader(httpContext.Request.Body).ReadToEndAsync(); httpContext.Request.Body.Seek(0, SeekOrigin.Begin); if (body.Contains("stageTransaction")) { identity.Path = "/graphql/stagetransaction"; } + } - return identity; + // Check for JWT secret key in headers + if (httpContext.Request.Headers.TryGetValue("Authorization", out var authHeaderValue) && + !string.IsNullOrEmpty(_jwtKey) && + authHeaderValue.ToString().Equals($"Bearer {_jwtKey}", System.StringComparison.OrdinalIgnoreCase)) + { + identity.ClientIp = _whitelistedIp; // Set ClientIp to the first value in IpWhitelist or fallback to "127.0.0.1" } return identity;