diff --git a/src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs b/src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs index 94def5e07c..64700292d7 100644 --- a/src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs +++ b/src/SimplCommerce.Infrastructure/Web/CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter.cs @@ -1,37 +1,34 @@ -//using System; -//using Microsoft.AspNetCore.Antiforgery; -//using Microsoft.AspNetCore.Authentication.JwtBearer; -//using Microsoft.AspNetCore.Mvc.Filters; -//using Microsoft.AspNetCore.Mvc.ViewFeatures.Internal; -//using Microsoft.Extensions.Logging; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Antiforgery; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc.Filters; -//namespace SimplCommerce.Infrastructure.Web -//{ -// public class CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter : AutoValidateAntiforgeryTokenAuthorizationFilter -// { -// public CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery, ILoggerFactory loggerFactory) -// : base(antiforgery, loggerFactory) -// { -// } +namespace SimplCommerce.Infrastructure.Web +{ + public class CookieOnlyAutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery) : IAsyncAuthorizationFilter + { + public async Task OnAuthorizationAsync(AuthorizationFilterContext context) + { + var httpContext = context.HttpContext; + if (HttpMethods.IsGet(httpContext.Request.Method) || + HttpMethods.IsHead(httpContext.Request.Method) || + HttpMethods.IsOptions(httpContext.Request.Method) || + HttpMethods.IsTrace(httpContext.Request.Method)) + { + return; + } -// protected override bool ShouldValidate(AuthorizationFilterContext context) -// { -// if (context == null) -// { -// throw new ArgumentNullException(nameof(context)); -// } + if (!httpContext.Request.Path.StartsWithSegments("/api")) + { + return; + } -// if (!context.HttpContext.Request.Path.StartsWithSegments("/api")) -// { -// return false; -// } + if (httpContext.User.Identity?.AuthenticationType != "Identity.Application") + { + return; + } -// if (context.HttpContext.User.Identity?.AuthenticationType != "Identity.Application") -// { -// return false; -// } - -// return base.ShouldValidate(context); -// } -// } -//} + await antiforgery.ValidateRequestAsync(httpContext); + } + } +} diff --git a/src/SimplCommerce.WebHost/Extensions/ServiceCollectionExtensions.cs b/src/SimplCommerce.WebHost/Extensions/ServiceCollectionExtensions.cs index 7894c18e3b..3787af5b87 100644 --- a/src/SimplCommerce.WebHost/Extensions/ServiceCollectionExtensions.cs +++ b/src/SimplCommerce.WebHost/Extensions/ServiceCollectionExtensions.cs @@ -21,6 +21,7 @@ using Microsoft.Extensions.Localization; using SimplCommerce.Infrastructure; using SimplCommerce.Infrastructure.Modules; +using SimplCommerce.Infrastructure.Web; using SimplCommerce.Infrastructure.Web.ModelBinders; using SimplCommerce.Module.Core.Data; using SimplCommerce.Module.Core.Extensions; @@ -59,10 +60,13 @@ public static IServiceCollection AddModules(this IServiceCollection services) public static IServiceCollection AddCustomizedMvc(this IServiceCollection services, IList modules) { var mvcBuilder = services - .AddMvc(o => + .AddMvc(options => { - o.EnableEndpointRouting = false; - o.ModelBinderProviders.Insert(0, new InvariantDecimalModelBinderProvider()); + options.EnableEndpointRouting = false; + options.ModelBinderProviders.Insert(0, new InvariantDecimalModelBinderProvider()); + + options.Filters.Add(); + }) .AddViewLocalization() .AddModelBindingMessagesLocalizer(services)