diff --git a/server/AyaNova/Startup.cs b/server/AyaNova/Startup.cs index 4f7ce322..7672c7cf 100644 --- a/server/AyaNova/Startup.cs +++ b/server/AyaNova/Startup.cs @@ -62,7 +62,6 @@ namespace AyaNova { _newLog.LogDebug("Initializing services..."); - _newLog.LogDebug("Profiler"); //https://dotnetthoughts.net/using-miniprofiler-in-aspnetcore-webapi/ services.AddMemoryCache(); @@ -70,61 +69,22 @@ namespace AyaNova { options.RouteBasePath = "/profiler"; //options.ShouldProfile = request => MyShouldThisBeProfiledFunction(request); - options.ShouldProfile = request => - { + // options.ShouldProfile = request => + // { - return true; - }; - //options.IgnoredPaths + // return true; + // }; + // options.IgnoredPaths.Add("/auth"); + options.IgnorePath("/auth").IgnorePath("/user").IgnorePath("/docs"); options.ResultsAuthorize = request => { - // if(request.HttpContext.Items) - //{[AY_ROLES, 0]} if (request.HttpContext.Items["AY_PROFILER_ALLOWED"] != null) - { return true; - } - - // //Idea: use a query parameter on page link to stats - // //that param is download token, if it's present it tries to validate it and then allow if ok - // //weirdly this gets called on any request not just for the results, so need to check the path first then do the rest I guess or just default to false - // //System.Diagnostics.Debug.WriteLine(request.Path.Value); - // // /profiler/results-index - // // /profiler/results-list - // // /profiler/results-list - // // /profiler/results-list - // // /profiler/results - // if (request.Path.Value.StartsWith("/profiler/results")) - // { - // //someone is requesting the profiler - // //check for a dl token "t" and rehydrate user if found - // //if(request.Query.Count==0) return false; - // if (!request.Query.ContainsKey("t")) return false; - // var token = request.Query["t"]; - // using (AyContext ct = ServiceProviderProvider.DBContext) - // { - // var DownloadUser = ct.User.AsNoTracking().SingleOrDefault(z => z.DlKey == token && z.Active == true); - // if (DownloadUser == null) return false; - - - // //this is necessary because they might have an expired JWT but this would just keep on working without a date check - // //the default is the same timespan as the jwt so it's all good - // var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero); - // if (DownloadUser.DlKeyExpire < utcNow.DateTime) return false; - - // //Ok, it's allowed, let's go - // return true; - - - // } - - // } - return false; }; // options.ShouldProfile` - options.EnableServerTimingHeader = false; - options.TrackConnectionOpenClose = false; + // options.EnableServerTimingHeader = false; + // options.TrackConnectionOpenClose = false; // options.ShouldProfile=false; }).AddEntityFramework(); @@ -473,7 +433,7 @@ namespace AyaNova //the default is the same timespan as the jwt so it's all good var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero); if (u.DlKeyExpire > utcNow.DateTime) - { + { if (AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(u.Roles, AyaType.Metrics)) context.Request.HttpContext.Items["AY_PROFILER_ALLOWED"] = true; }