sam/Foxchat.NET
sam/Foxchat.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

identity: add proxy controller

Browse source
This commit is contained in:
sam 2024-05-21 21:21:34 +02:00
parent 727f2f6ba2
commit b95fb76cd4
9 changed files with 446 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
Foxchat.Identity/Controllers/Oauth/PasswordAuthController.cs
View file

@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Identity;
using Foxchat.Identity.Database.Models;
using Foxchat.Core;
using System.Diagnostics;
using Foxchat.Identity.Utils;
using NodaTime;
using Microsoft.EntityFrameworkCore;
@ -24,10 +25,11 @@ public class PasswordAuthController(ILogger logger, IdentityContext db, IClock c
var appToken =
HttpContext.GetToken() ??
throw new UnreachableException(); // GetApplicationOrThrow already gets the token and throws if it's null
var appScopes = appToken.ExpandScopes();
if (req.Scopes.Except(appToken.Scopes).Any())
if (req.Scopes.Except(appScopes).Any())
throw new ApiError.Forbidden("Cannot request token scopes that are not allowed for this token",
req.Scopes.Except(appToken.Scopes));
req.Scopes.Except(appScopes));
var acct = new Account
{
@ -52,10 +54,11 @@ public class PasswordAuthController(ILogger logger, IdentityContext db, IClock c
{
var app = HttpContext.GetApplicationOrThrow();
var appToken = HttpContext.GetToken() ?? throw new UnreachableException();
var appScopes = appToken.ExpandScopes();
if (req.Scopes.Except(appToken.Scopes).Any())
if (req.Scopes.Except(appScopes).Any())
throw new ApiError.Forbidden("Cannot request token scopes that are not allowed for this token",
req.Scopes.Except(appToken.Scopes));
req.Scopes.Except(appScopes));
var acct = await db.Accounts.FirstOrDefaultAsync(a => a.Email == req.Email)
?? throw new ApiError.NotFound("No user with that email found, or password is incorrect");

6
Foxchat.Identity/Controllers/Oauth/TokenController.cs
View file

@ -1,6 +1,7 @@
using Foxchat.Core;
using Foxchat.Identity.Database;
using Foxchat.Identity.Database.Models;
using Foxchat.Identity.Utils;
using Microsoft.AspNetCore.Mvc;
using NodaTime;
@ -14,11 +15,12 @@ public class TokenController(ILogger logger, IdentityContext db, IClock clock) :
public async Task<IActionResult> PostToken([FromBody] PostTokenRequest req)
{
var app = await db.GetApplicationAsync(req.ClientId, req.ClientSecret);
var appScopes = app.ExpandScopes();
var scopes = req.Scope.Split(' ');
if (scopes.Except(app.Scopes).Any())
if (scopes.Except(appScopes).Any())
{
throw new ApiError.BadRequest("Invalid or unauthorized scopes");
throw new ApiError.Forbidden("Invalid or unauthorized scopes", scopes.Except(appScopes));
}
switch (req.GrantType)