Foxnouns.NET/Foxnouns.Backend/Controllers/Authentication/FediverseAuthController.cs

using Foxnouns.Backend.Database;
using Foxnouns.Backend.Database.Models;
using Foxnouns.Backend.Services;
using Foxnouns.Backend.Services.Auth;
using Foxnouns.Backend.Utils;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using NodaTime;

namespace Foxnouns.Backend.Controllers.Authentication;

[Route("/api/internal/auth/fediverse")]
public class FediverseAuthController(
    ILogger logger,
    DatabaseContext db,
    FediverseAuthService fediverseAuthService,
    AuthService authService,
    KeyCacheService keyCacheService
) : ApiControllerBase
{
    private readonly ILogger _logger = logger.ForContext<FediverseAuthController>();

    [HttpGet]
    [ProducesResponseType<FediverseUrlResponse>(statusCode: StatusCodes.Status200OK)]
    public async Task<IActionResult> GetFediverseUrlAsync([FromQuery] string instance)
    {
        if (instance.Any(c => c is '@' or ':' or '/') || !instance.Contains('.'))
            throw new ApiError.BadRequest("Not a valid domain.", "instance", instance);

        var url = await fediverseAuthService.GenerateAuthUrlAsync(instance);
        return Ok(new FediverseUrlResponse(url));
    }

    [HttpPost("callback")]
    [ProducesResponseType<CallbackResponse>(statusCode: StatusCodes.Status200OK)]
    public async Task<IActionResult> FediverseCallbackAsync([FromBody] CallbackRequest req)
    {
        var app = await fediverseAuthService.GetApplicationAsync(req.Instance);
        var remoteUser = await fediverseAuthService.GetRemoteFediverseUserAsync(app, req.Code);

        var user = await authService.AuthenticateUserAsync(
            AuthType.Fediverse,
            remoteUser.Id,
            instance: app
        );
        if (user != null)
            return Ok(await authService.GenerateUserTokenAsync(user));

        var ticket = AuthUtils.RandomToken();
        await keyCacheService.SetKeyAsync(
            $"fediverse:{ticket}",
            new FediverseTicketData(app.Id, remoteUser),
            Duration.FromMinutes(20)
        );

        return Ok(
            new CallbackResponse(
                HasAccount: false,
                Ticket: ticket,
                RemoteUsername: $"@{remoteUser.Username}@{app.Domain}",
                User: null,
                Token: null,
                ExpiresAt: null
            )
        );
    }

    [HttpPost("register")]
    [ProducesResponseType<AuthController.AuthResponse>(statusCode: StatusCodes.Status200OK)]
    public async Task<IActionResult> RegisterAsync(
        [FromBody] AuthController.OauthRegisterRequest req
    )
    {
        var ticketData = await keyCacheService.GetKeyAsync<FediverseTicketData>(
            $"fediverse:{req.Ticket}"
        );
        if (ticketData == null)
            throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);

        var app = await db.FediverseApplications.FindAsync(ticketData.ApplicationId);
        if (
            await db.AuthMethods.AnyAsync(a =>
                a.AuthType == AuthType.Fediverse
                && a.RemoteId == ticketData.User.Id
                && a.FediverseApplicationId == app.Id
            )
        )
        {
            _logger.Error(
                "Fediverse user {Id}/{ApplicationId} ({Username} on {Domain}) has valid ticket but is already linked to an existing account",
                ticketData.User.Id,
                ticketData.ApplicationId,
                ticketData.User.Username,
                app.Domain
            );
            throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);
        }

        var user = await authService.CreateUserWithRemoteAuthAsync(
            req.Username,
            AuthType.Fediverse,
            ticketData.User.Id,
            ticketData.User.Username,
            instance: app
        );

        return Ok(await authService.GenerateUserTokenAsync(user));
    }

    public record CallbackRequest(string Instance, string Code);

    private record FediverseUrlResponse(string Url);

    private record FediverseTicketData(
        Snowflake ApplicationId,
        FediverseAuthService.FediverseUser User
    );
}
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`using Foxnouns.Backend.Database;`
			`using Foxnouns.Backend.Database.Models;`
feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00			`using Foxnouns.Backend.Services;`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`using Foxnouns.Backend.Services.Auth;`
			`using Foxnouns.Backend.Utils;`
feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00			`using Microsoft.AspNetCore.Mvc;`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`using Microsoft.EntityFrameworkCore;`
			`using NodaTime;`
feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00
			`namespace Foxnouns.Backend.Controllers.Authentication;`

			`[Route("/api/internal/auth/fediverse")]`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`public class FediverseAuthController(`
			`ILogger logger,`
			`DatabaseContext db,`
			`FediverseAuthService fediverseAuthService,`
			`AuthService authService,`
			`KeyCacheService keyCacheService`
			`) : ApiControllerBase`
feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00			`{`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`private readonly ILogger _logger = logger.ForContext<FediverseAuthController>();`

feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00			`[HttpGet]`
			`[ProducesResponseType<FediverseUrlResponse>(statusCode: StatusCodes.Status200OK)]`
			`public async Task<IActionResult> GetFediverseUrlAsync([FromQuery] string instance)`
			`{`
fix: check for obviously invalid instance URLs, use correct JSON key for mastodon scopes 2024-11-23 20:40:09 +01:00			`if (instance.Any(c => c is '@' or ':' or '/') \|\| !instance.Contains('.'))`
			`throw new ApiError.BadRequest("Not a valid domain.", "instance", instance);`

feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00			`var url = await fediverseAuthService.GenerateAuthUrlAsync(instance);`
			`return Ok(new FediverseUrlResponse(url));`
			`}`

feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`[HttpPost("callback")]`
			`[ProducesResponseType<CallbackResponse>(statusCode: StatusCodes.Status200OK)]`
feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00			`public async Task<IActionResult> FediverseCallbackAsync([FromBody] CallbackRequest req)`
			`{`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`var app = await fediverseAuthService.GetApplicationAsync(req.Instance);`
			`var remoteUser = await fediverseAuthService.GetRemoteFediverseUserAsync(app, req.Code);`

			`var user = await authService.AuthenticateUserAsync(`
			`AuthType.Fediverse,`
			`remoteUser.Id,`
			`instance: app`
			`);`
			`if (user != null)`
			`return Ok(await authService.GenerateUserTokenAsync(user));`

			`var ticket = AuthUtils.RandomToken();`
			`await keyCacheService.SetKeyAsync(`
			`$"fediverse:{ticket}",`
			`new FediverseTicketData(app.Id, remoteUser),`
			`Duration.FromMinutes(20)`
			`);`

			`return Ok(`
			`new CallbackResponse(`
			`HasAccount: false,`
			`Ticket: ticket,`
			`RemoteUsername: $"@{remoteUser.Username}@{app.Domain}",`
			`User: null,`
			`Token: null,`
			`ExpiresAt: null`
			`)`
			`);`
			`}`

			`[HttpPost("register")]`
			`[ProducesResponseType<AuthController.AuthResponse>(statusCode: StatusCodes.Status200OK)]`
			`public async Task<IActionResult> RegisterAsync(`
			`[FromBody] AuthController.OauthRegisterRequest req`
			`)`
			`{`
			`var ticketData = await keyCacheService.GetKeyAsync<FediverseTicketData>(`
			`$"fediverse:{req.Ticket}"`
			`);`
			`if (ticketData == null)`
			`throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);`

			`var app = await db.FediverseApplications.FindAsync(ticketData.ApplicationId);`
			`if (`
			`await db.AuthMethods.AnyAsync(a =>`
			`a.AuthType == AuthType.Fediverse`
			`&& a.RemoteId == ticketData.User.Id`
			`&& a.FediverseApplicationId == app.Id`
			`)`
			`)`
			`{`
			`_logger.Error(`
			`"Fediverse user {Id}/{ApplicationId} ({Username} on {Domain}) has valid ticket but is already linked to an existing account",`
			`ticketData.User.Id,`
			`ticketData.ApplicationId,`
			`ticketData.User.Username,`
			`app.Domain`
			`);`
			`throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);`
			`}`

			`var user = await authService.CreateUserWithRemoteAuthAsync(`
			`req.Username,`
			`AuthType.Fediverse,`
			`ticketData.User.Id,`
			`ticketData.User.Username,`
			`instance: app`
			`);`

			`return Ok(await authService.GenerateUserTokenAsync(user));`
feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00			`}`

			`public record CallbackRequest(string Instance, string Code);`

			`private record FediverseUrlResponse(string Url);`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00
			`private record FediverseTicketData(`
			`Snowflake ApplicationId,`
			`FediverseAuthService.FediverseUser User`
			`);`
feat: add some fediverse authentication code * create applications on instances * generate authorize URLs * exchange oauth code for token and user info (untested) * recreate mastodon app on authentication failure 2024-10-06 15:34:31 +02:00			`}`