Foxchat.NET/Foxchat.Identity/Controllers/Oauth/TokenController.cs

using Foxchat.Core;
using Foxchat.Identity.Database;
using Foxchat.Identity.Database.Models;
using Foxchat.Identity.Utils;
using Microsoft.AspNetCore.Mvc;
using NodaTime;

namespace Foxchat.Identity.Controllers.Oauth;

[ApiController]
[Route("/_fox/ident/oauth/token")]
public class TokenController(ILogger logger, IdentityContext db, IClock clock) : ControllerBase
{
    [HttpPost]
    public async Task<IActionResult> PostToken([FromBody] PostTokenRequest req)
    {
        var app = await db.GetApplicationAsync(req.ClientId, req.ClientSecret);
        var appScopes = app.Scopes.ExpandScopes();

        var scopes = req.Scope.Split(' ');
        if (scopes.Except(appScopes).Any())
        {
            throw new ApiError.Forbidden("Invalid or unauthorized scopes", scopes.Except(appScopes));
        }

        switch (req.GrantType)
        {
            case OauthUtils.ClientCredentials:
                return await HandleClientCredentialsAsync(app, scopes);
            case OauthUtils.AuthorizationCode:
                // TODO
                break;
            default:
                throw new ApiError.BadRequest("Unknown grant_type");
        }

        throw new NotImplementedException();
    }

    private async Task<IActionResult> HandleClientCredentialsAsync(Application app, string[] scopes)
    {
        // TODO: make this configurable
        var expiry = clock.GetCurrentInstant() + Duration.FromDays(365);
        var (token, tokenObj) = Token.Create(null, app, scopes, expiry);

        db.Add(tokenObj);
        await db.SaveChangesAsync();

        logger.Debug("Created token with scopes {Scopes} for application {ApplicationId}", scopes, app.Id);

        return Ok(new PostTokenResponse(token, scopes, expiry));
    }

    public record PostTokenRequest(
        string GrantType,
        string ClientId,
        string ClientSecret,
        string Scope,
        // Optional parameters
        string? Code,
        string? RedirectUri
    );

    public record PostTokenResponse(
        string Token,
        string[] Scopes,
        Instant Expires
    );
}
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00			`using Foxchat.Core;`
			`using Foxchat.Identity.Database;`
			`using Foxchat.Identity.Database.Models;`
identity: add proxy controller 2024-05-21 21:21:34 +02:00			`using Foxchat.Identity.Utils;`
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00			`using Microsoft.AspNetCore.Mvc;`
			`using NodaTime;`

			`namespace Foxchat.Identity.Controllers.Oauth;`

			`[ApiController]`
			`[Route("/_fox/ident/oauth/token")]`
			`public class TokenController(ILogger logger, IdentityContext db, IClock clock) : ControllerBase`
			`{`
			`[HttpPost]`
			`public async Task<IActionResult> PostToken([FromBody] PostTokenRequest req)`
			`{`
			`var app = await db.GetApplicationAsync(req.ClientId, req.ClientSecret);`
refactor(identity): change receiver of OauthUtils.ExpandScopes() 2024-05-22 17:19:45 +02:00			`var appScopes = app.Scopes.ExpandScopes();`
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00
			`var scopes = req.Scope.Split(' ');`
identity: add proxy controller 2024-05-21 21:21:34 +02:00			`if (scopes.Except(appScopes).Any())`
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00			`{`
identity: add proxy controller 2024-05-21 21:21:34 +02:00			`throw new ApiError.Forbidden("Invalid or unauthorized scopes", scopes.Except(appScopes));`
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00			`}`

			`switch (req.GrantType)`
			`{`
refactor(identity): change receiver of OauthUtils.ExpandScopes() 2024-05-22 17:19:45 +02:00			`case OauthUtils.ClientCredentials:`
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00			`return await HandleClientCredentialsAsync(app, scopes);`
refactor(identity): change receiver of OauthUtils.ExpandScopes() 2024-05-22 17:19:45 +02:00			`case OauthUtils.AuthorizationCode:`
add basic account creation 2024-05-20 20:37:22 +02:00			`// TODO`
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00			`break;`
			`default:`
			`throw new ApiError.BadRequest("Unknown grant_type");`
			`}`

			`throw new NotImplementedException();`
			`}`

			`private async Task<IActionResult> HandleClientCredentialsAsync(Application app, string[] scopes)`
			`{`
			`// TODO: make this configurable`
			`var expiry = clock.GetCurrentInstant() + Duration.FromDays(365);`
add password-based login endpoint 2024-05-20 21:59:30 +02:00			`var (token, tokenObj) = Token.Create(null, app, scopes, expiry);`
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00
chat: add hello controller 2024-05-21 17:45:35 +02:00			`db.Add(tokenObj);`
add basic suppport for client_credentials oauth grant 2024-05-20 17:00:21 +02:00			`await db.SaveChangesAsync();`

			`logger.Debug("Created token with scopes {Scopes} for application {ApplicationId}", scopes, app.Id);`

			`return Ok(new PostTokenResponse(token, scopes, expiry));`
			`}`

			`public record PostTokenRequest(`
			`string GrantType,`
			`string ClientId,`
			`string ClientSecret,`
			`string Scope,`
			`// Optional parameters`
			`string? Code,`
			`string? RedirectUri`
			`);`

			`public record PostTokenResponse(`
			`string Token,`
			`string[] Scopes,`
			`Instant Expires`
			`);`
			`}`