//app.UseWhen( // c => c.Request.Path.Value.Contains("upload"), // _ => _.UseMiddleware<AuthorizeStaticFilesMiddleware>()); //进行访问权限控制 app.Map("/upload", c => c.UseMiddleware<AuthorizeStaticFilesMiddleware>()); //进行访问权限控制
/// <summary> /// 文件管理中间件 /// </summary> public class AuthorizeStaticFilesMiddleware { private readonly RequestDelegate _next; public AuthorizeStaticFilesMiddleware( RequestDelegate next) { _next = next; } public async Task Invoke(HttpContext context, IAuthorizationService authorService) { var url = context.Request.Path; var sid = context.Request.Headers["sid"].ToString(); if (string.IsNullOrEmpty(sid)) { throw new Exception("resource 403 forbidden sid is empty"); } var result = ValidateResourceAuthor(url,sid); if (result == false) { await context.ForbidAsync(); } await _next(context); } public bool ValidateResourceAuthor(string url,string sid) { //var loginUser = UserHelper._GetUser(req.SID); if (string.IsNullOrEmpty(url)) { throw new Exception("url is empty"); } //https://localhost:5001/assets/upload/images/20181018/0d9819d2-14d2-47eb-a763-be9d19c69e42.jpg url = url.Trim().ToLower(); if (url.EndsWith(".mp4") || url.EndsWith(".mp3")) { //... } return true; }
中间件:
.NET Core中间件类使用约定,约定好了中间件类中必须包含一个叫Invoke的方法,
Map 扩展用作约定来创建管道分支。 Map 基于给定请求路径的匹配项来创建请求管道分支。 如果请求路径以给定路径开头,则执行分支