Try your search with a different keyword or use * as a wildcard.
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using Nop.Core;
using Nop.Core.Domain.Security;
using Nop.Data;
namespace Nop.Web.Framework.Mvc.Filters;
///
/// Represents filter attribute that validates IP address
///
public sealed class ValidateIpAddressAttribute : TypeFilterAttribute
{
#region Ctor
///
/// Create instance of the filter attribute
///
public ValidateIpAddressAttribute() : base(typeof(ValidateIpAddressFilter))
{
}
#endregion
#region Nested filter
///
/// Represents a filter that validates IP address
///
private class ValidateIpAddressFilter : IAsyncActionFilter
{
#region Fields
protected readonly IWebHelper _webHelper;
protected readonly SecuritySettings _securitySettings;
#endregion
#region Ctor
public ValidateIpAddressFilter(IWebHelper webHelper,
SecuritySettings securitySettings)
{
_webHelper = webHelper;
_securitySettings = securitySettings;
}
#endregion
#region Utilities
///
/// Called asynchronously before the action, after model binding is complete.
///
/// A context for action filters
private void ValidateIpAddress(ActionExecutingContext context)
{
ArgumentNullException.ThrowIfNull(context);
if (context.HttpContext.Request == null)
return;
if (!DataSettingsManager.IsDatabaseInstalled())
return;
//get action and controller names
var actionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
var actionName = actionDescriptor?.ActionName;
var controllerName = actionDescriptor?.ControllerName;
if (string.IsNullOrEmpty(actionName) || string.IsNullOrEmpty(controllerName))
return;
//don't validate on the 'Access denied' page
if (controllerName.Equals("Security", StringComparison.InvariantCultureIgnoreCase) &&
actionName.Equals("AccessDenied", StringComparison.InvariantCultureIgnoreCase))
{
return;
}
//get allowed IP addresses
var ipAddresses = _securitySettings.AdminAreaAllowedIpAddresses;
//there are no restrictions
if (ipAddresses == null || !ipAddresses.Any())
return;
//whether current IP is allowed
var currentIp = _webHelper.GetCurrentIpAddress();
if (ipAddresses.Any(ip => ip.Equals(currentIp, StringComparison.InvariantCultureIgnoreCase)))
return;
//redirect to 'Access denied' page
context.Result = new RedirectToActionResult("AccessDenied", "Security", context.RouteData.Values);
}
#endregion
#region Methods
///
/// Called asynchronously before the action, after model binding is complete.
///
/// A context for action filters
/// A delegate invoked to execute the next action filter or the action itself
/// A task that represents the asynchronous operation
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
ValidateIpAddress(context);
if (context.Result == null)
await next();
}
#endregion
}
#endregion
}