.net core 3.0 MVC学习-中间件之静态文件权限管理

//app.UseWhen(
            //    c => c.Request.Path.Value.Contains("upload"),
            //    _ => _.UseMiddleware<AuthorizeStaticFilesMiddleware>()); //进行访问权限控制
            app.Map("/upload",
                c => c.UseMiddleware<AuthorizeStaticFilesMiddleware>()); //进行访问权限控制

/// <summary>
    /// 文件管理中间件
    /// </summary>
    public class AuthorizeStaticFilesMiddleware
    {
        private readonly RequestDelegate _next;

        public AuthorizeStaticFilesMiddleware(
            RequestDelegate next)
        {
            _next = next;
        }

        public async Task Invoke(HttpContext context, IAuthorizationService authorService)
        {
            var url = context.Request.Path;
            var sid = context.Request.Headers["sid"].ToString();
            if (string.IsNullOrEmpty(sid))
            {
                throw new Exception("resource 403 forbidden sid is empty");
            }

            var result = ValidateResourceAuthor(url,sid);

            if (result == false)
            {
                await context.ForbidAsync();
            }

            await _next(context);
        }
        public bool ValidateResourceAuthor(string url,string sid)
        {
            //var loginUser = UserHelper._GetUser(req.SID);

            if (string.IsNullOrEmpty(url))
            {
                throw new Exception("url is empty");
            }
            //https://localhost:5001/assets/upload/images/20181018/0d9819d2-14d2-47eb-a763-be9d19c69e42.jpg
            url = url.Trim().ToLower();

            if (url.EndsWith(".mp4") || url.EndsWith(".mp3"))
            {
                //...
            }

            return true;
        }

中间件：

 

 

　　.NET Core中间件类使用约定，约定好了中间件类中必须包含一个叫Invoke的方法，

       Map 扩展用作约定来创建管道分支。 Map 基于给定请求路径的匹配项来创建请求管道分支。 如果请求路径以给定路径开头，则执行分支