Foxchat.NET/Foxchat.Identity/Middleware/ClientAuthenticationMiddleware.cs

85 lines
2.5 KiB
C#
Raw Normal View History

2024-05-19 23:51:53 +02:00
using System.Security.Cryptography;
using Foxchat.Core;
using Foxchat.Core.Utils;
using Foxchat.Identity.Database;
using Foxchat.Identity.Database.Models;
using Microsoft.EntityFrameworkCore;
using NodaTime;
2024-05-20 19:42:04 +02:00
namespace Foxchat.Identity.Middleware;
2024-05-19 23:51:53 +02:00
2024-05-21 20:14:52 +02:00
public class ClientAuthenticationMiddleware(
2024-05-19 23:51:53 +02:00
IdentityContext db,
IClock clock
) : IMiddleware
{
public async Task InvokeAsync(HttpContext ctx, RequestDelegate next)
{
var endpoint = ctx.GetEndpoint();
2024-05-21 20:14:52 +02:00
var metadata = endpoint?.Metadata.GetMetadata<ClientAuthenticateAttribute>();
2024-05-19 23:51:53 +02:00
if (metadata == null)
{
await next(ctx);
return;
}
var header = ctx.Request.Headers.Authorization.ToString();
if (!header.StartsWith("bearer ", StringComparison.InvariantCultureIgnoreCase))
{
await next(ctx);
return;
}
var token = header[7..];
if (!CryptoUtils.TryFromBase64String(token, out var rawToken))
{
await next(ctx);
return;
}
var hash = SHA512.HashData(rawToken);
var oauthToken = await db.Tokens
.Include(t => t.Account)
.Include(t => t.Application)
.FirstOrDefaultAsync(t => t.Hash == hash && t.Expires > clock.GetCurrentInstant());
if (oauthToken == null)
{
await next(ctx);
return;
}
ctx.SetToken(oauthToken);
await next(ctx);
}
}
public static class HttpContextExtensions
{
private const string Key = "token";
public static void SetToken(this HttpContext ctx, Token token) => ctx.Items.Add(Key, token);
public static Account? GetAccount(this HttpContext ctx) => ctx.GetToken()?.Account;
public static Account GetAccountOrThrow(this HttpContext ctx) =>
ctx.GetAccount() ?? throw new ApiError.AuthenticationError("No account in HttpContext");
2024-05-19 23:51:53 +02:00
public static Token? GetToken(this HttpContext ctx)
{
if (ctx.Items.TryGetValue(Key, out var token))
return token as Token;
return null;
}
2024-05-20 21:59:30 +02:00
public static Application GetApplicationOrThrow(this HttpContext context)
{
var token = context.GetToken();
if (token is not { Account: null }) throw new ApiError.Forbidden("This endpoint requires a client token.");
return token.Application;
}
2024-05-19 23:51:53 +02:00
}
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
2024-05-21 20:14:52 +02:00
public class ClientAuthenticateAttribute : Attribute;