Foxnouns.NET/Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs

// Copyright (C) 2023-present sam/u1f320 (vulpine.solutions)
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
// by the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <https://www.gnu.org/licenses/>.
using System.Net;
using System.Web;
using EntityFramework.Exceptions.Common;
using Foxnouns.Backend.Database;
using Foxnouns.Backend.Database.Models;
using Foxnouns.Backend.Dto;
using Foxnouns.Backend.Extensions;
using Foxnouns.Backend.Middleware;
using Foxnouns.Backend.Services;
using Foxnouns.Backend.Services.Auth;
using Foxnouns.Backend.Utils;
using JetBrains.Annotations;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using NodaTime;

namespace Foxnouns.Backend.Controllers.Authentication;

[Route("/api/internal/auth/discord")]
[ApiExplorerSettings(IgnoreApi = true)]
public class DiscordAuthController(
    [UsedImplicitly] Config config,
    ILogger logger,
    DatabaseContext db,
    KeyCacheService keyCacheService,
    AuthService authService,
    RemoteAuthService remoteAuthService
) : ApiControllerBase
{
    private readonly ILogger _logger = logger.ForContext<DiscordAuthController>();

    [HttpPost("callback")]
    [ProducesResponseType<CallbackResponse>(StatusCodes.Status200OK)]
    public async Task<IActionResult> CallbackAsync([FromBody] CallbackRequest req)
    {
        CheckRequirements();
        await keyCacheService.ValidateAuthStateAsync(req.State);

        RemoteAuthService.RemoteUser remoteUser = await remoteAuthService.RequestDiscordTokenAsync(
            req.Code
        );
        User? user = await authService.AuthenticateUserAsync(AuthType.Discord, remoteUser.Id);
        if (user != null)
            return Ok(await authService.GenerateUserTokenAsync(user));

        _logger.Debug(
            "Discord user {Username} ({Id}) authenticated with no local account",
            remoteUser.Username,
            remoteUser.Id
        );

        string ticket = AuthUtils.RandomToken();
        await keyCacheService.SetKeyAsync(
            $"discord:{ticket}",
            remoteUser,
            Duration.FromMinutes(20)
        );

        return Ok(new CallbackResponse(false, ticket, remoteUser.Username, null, null, null));
    }

    [HttpPost("register")]
    [ProducesResponseType<AuthResponse>(StatusCodes.Status200OK)]
    public async Task<IActionResult> RegisterAsync([FromBody] OauthRegisterRequest req)
    {
        RemoteAuthService.RemoteUser? remoteUser =
            await keyCacheService.GetKeyAsync<RemoteAuthService.RemoteUser>(
                $"discord:{req.Ticket}"
            );
        if (remoteUser == null)
            throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);
        if (
            await db.AuthMethods.AnyAsync(a =>
                a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id
            )
        )
        {
            _logger.Error(
                "Discord user {Id} has valid ticket but is already linked to an existing account",
                remoteUser.Id
            );
            throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);
        }

        User user = await authService.CreateUserWithRemoteAuthAsync(
            req.Username,
            AuthType.Discord,
            remoteUser.Id,
            remoteUser.Username
        );

        return Ok(await authService.GenerateUserTokenAsync(user));
    }

    [HttpGet("add-account")]
    [Authorize("*")]
    public async Task<IActionResult> AddDiscordAccountAsync()
    {
        CheckRequirements();

        string state = await remoteAuthService.ValidateAddAccountRequestAsync(
            CurrentUser!.Id,
            AuthType.Discord
        );

        string url =
            "https://discord.com/oauth2/authorize?response_type=code"
            + $"&client_id={config.DiscordAuth.ClientId}&scope=identify"
            + $"&prompt=none&state={state}"
            + $"&redirect_uri={HttpUtility.UrlEncode($"{config.BaseUrl}/auth/callback/discord")}";

        return Ok(new SingleUrlResponse(url));
    }

    [HttpPost("add-account/callback")]
    [Authorize("*")]
    public async Task<IActionResult> AddAccountCallbackAsync([FromBody] CallbackRequest req)
    {
        CheckRequirements();

        await remoteAuthService.ValidateAddAccountStateAsync(
            req.State,
            CurrentUser!.Id,
            AuthType.Discord
        );

        RemoteAuthService.RemoteUser remoteUser = await remoteAuthService.RequestDiscordTokenAsync(
            req.Code
        );
        try
        {
            AuthMethod authMethod = await authService.AddAuthMethodAsync(
                CurrentUser.Id,
                AuthType.Discord,
                remoteUser.Id,
                remoteUser.Username
            );
            _logger.Debug(
                "Added new Discord auth method {AuthMethodId} to user {UserId}",
                authMethod.Id,
                CurrentUser.Id
            );

            return Ok(
                new AddOauthAccountResponse(
                    authMethod.Id,
                    AuthType.Discord,
                    authMethod.RemoteId,
                    authMethod.RemoteUsername
                )
            );
        }
        catch (UniqueConstraintException)
        {
            throw new ApiError(
                "That account is already linked.",
                HttpStatusCode.BadRequest,
                ErrorCode.AccountAlreadyLinked
            );
        }
    }

    private void CheckRequirements()
    {
        if (!config.DiscordAuth.Enabled)
        {
            throw new ApiError.BadRequest(
                "Discord authentication is not enabled on this instance."
            );
        }
    }
}
chore: add license headers to all c# files 2024-12-09 21:11:46 +01:00			`// Copyright (C) 2023-present sam/u1f320 (vulpine.solutions)`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published`
			`// by the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <https://www.gnu.org/licenses/>.`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`using System.Net;`
			`using System.Web;`
			`using EntityFramework.Exceptions.Common;`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`using Foxnouns.Backend.Database;`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`using Foxnouns.Backend.Database.Models;`
refactor(backend): move all request/response types to a new Dto namespace 2024-12-08 20:17:30 +01:00			`using Foxnouns.Backend.Dto;`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`using Foxnouns.Backend.Extensions;`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`using Foxnouns.Backend.Middleware;`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`using Foxnouns.Backend.Services;`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`using Foxnouns.Backend.Services.Auth;`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`using Foxnouns.Backend.Utils;`
chore(backend): silence some more resharper errors 2024-09-14 16:37:52 +02:00			`using JetBrains.Annotations;`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`using Microsoft.AspNetCore.Mvc;`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`using Microsoft.EntityFrameworkCore;`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`using NodaTime;`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00
			`namespace Foxnouns.Backend.Controllers.Authentication;`

feat(backend): move internal endpoints to /api/internal 2024-10-02 00:15:14 +02:00			`[Route("/api/internal/auth/discord")]`
update to .net 9 and add new OpenAPI packages 2024-12-10 15:28:44 +01:00			`[ApiExplorerSettings(IgnoreApi = true)]`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`public class DiscordAuthController(`
chore(backend): silence some more resharper errors 2024-09-14 16:37:52 +02:00			`[UsedImplicitly] Config config,`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`ILogger logger,`
			`DatabaseContext db,`
refactor: more consistent field names, also in STYLE.md 2024-09-09 14:50:00 +02:00			`KeyCacheService keyCacheService,`
			`AuthService authService,`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`RemoteAuthService remoteAuthService`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`) : ApiControllerBase`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`{`
fix: add class context to all loggers, format 2024-09-04 14:25:44 +02:00			`private readonly ILogger _logger = logger.ForContext<DiscordAuthController>();`

feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`[HttpPost("callback")]`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`[ProducesResponseType<CallbackResponse>(StatusCodes.Status200OK)]`
refactor(backend): move all request/response types to a new Dto namespace 2024-12-08 20:17:30 +01:00			`public async Task<IActionResult> CallbackAsync([FromBody] CallbackRequest req)`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`{`
			`CheckRequirements();`
fix: don't pass CancellationToken to method that shouldn't abort also add license header to project 2024-11-02 21:23:49 +01:00			`await keyCacheService.ValidateAuthStateAsync(req.State);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`RemoteAuthService.RemoteUser remoteUser = await remoteAuthService.RequestDiscordTokenAsync(`
			`req.Code`
			`);`
			`User? user = await authService.AuthenticateUserAsync(AuthType.Discord, remoteUser.Id);`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`if (user != null)`
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`return Ok(await authService.GenerateUserTokenAsync(user));`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`_logger.Debug(`
			`"Discord user {Username} ({Id}) authenticated with no local account",`
			`remoteUser.Username,`
			`remoteUser.Id`
			`);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`string ticket = AuthUtils.RandomToken();`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`await keyCacheService.SetKeyAsync(`
			`$"discord:{ticket}",`
			`remoteUser,`
fix: don't pass CancellationToken to method that shouldn't abort also add license header to project 2024-11-02 21:23:49 +01:00			`Duration.FromMinutes(20)`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`);`

refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`return Ok(new CallbackResponse(false, ticket, remoteUser.Username, null, null, null));`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`}`

			`[HttpPost("register")]`
refactor(backend): move all request/response types to a new Dto namespace 2024-12-08 20:17:30 +01:00			`[ProducesResponseType<AuthResponse>(StatusCodes.Status200OK)]`
			`public async Task<IActionResult> RegisterAsync([FromBody] OauthRegisterRequest req)`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`{`
refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`RemoteAuthService.RemoteUser? remoteUser =`
			`await keyCacheService.GetKeyAsync<RemoteAuthService.RemoteUser>(`
			`$"discord:{req.Ticket}"`
			`);`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`if (remoteUser == null)`
			`throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);`
			`if (`
			`await db.AuthMethods.AnyAsync(a =>`
			`a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id`
			`)`
			`)`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`{`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`_logger.Error(`
			`"Discord user {Id} has valid ticket but is already linked to an existing account",`
			`remoteUser.Id`
			`);`
chore(backend): silence some more resharper errors 2024-09-14 16:37:52 +02:00			`throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`}`

refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`User user = await authService.CreateUserWithRemoteAuthAsync(`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`req.Username,`
			`AuthType.Discord,`
			`remoteUser.Id,`
			`remoteUser.Username`
			`);`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00
feat: initial fediverse registration/login 2024-11-03 02:07:07 +01:00			`return Ok(await authService.GenerateUserTokenAsync(user));`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`}`

feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`[HttpGet("add-account")]`
			`[Authorize("*")]`
			`public async Task<IActionResult> AddDiscordAccountAsync()`
			`{`
			`CheckRequirements();`

refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`string state = await remoteAuthService.ValidateAddAccountRequestAsync(`
feat: link fediverse account to existing user 2024-12-04 01:48:52 +01:00			`CurrentUser!.Id,`
			`AuthType.Discord`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`);`

refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`string url =`
chore(backend): add roslynator and fix diagnostics 2024-12-08 15:17:18 +01:00			`"https://discord.com/oauth2/authorize?response_type=code"`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`+ $"&client_id={config.DiscordAuth.ClientId}&scope=identify"`
			`+ $"&prompt=none&state={state}"`
			`+ $"&redirect_uri={HttpUtility.UrlEncode($"{config.BaseUrl}/auth/callback/discord")}";`

refactor(backend): move all request/response types to a new Dto namespace 2024-12-08 20:17:30 +01:00			`return Ok(new SingleUrlResponse(url));`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`}`

			`[HttpPost("add-account/callback")]`
			`[Authorize("*")]`
refactor(backend): move all request/response types to a new Dto namespace 2024-12-08 20:17:30 +01:00			`public async Task<IActionResult> AddAccountCallbackAsync([FromBody] CallbackRequest req)`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`{`
			`CheckRequirements();`

feat: link fediverse account to existing user 2024-12-04 01:48:52 +01:00			`await remoteAuthService.ValidateAddAccountStateAsync(`
			`req.State,`
			`CurrentUser!.Id,`
			`AuthType.Discord`
			`);`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00
refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`RemoteAuthService.RemoteUser remoteUser = await remoteAuthService.RequestDiscordTokenAsync(`
			`req.Code`
			`);`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`try`
			`{`
refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`AuthMethod authMethod = await authService.AddAuthMethodAsync(`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`CurrentUser.Id,`
			`AuthType.Discord,`
			`remoteUser.Id,`
			`remoteUser.Username`
			`);`
			`_logger.Debug(`
			`"Added new Discord auth method {AuthMethodId} to user {UserId}",`
			`authMethod.Id,`
			`CurrentUser.Id`
			`);`

			`return Ok(`
refactor(backend): move all request/response types to a new Dto namespace 2024-12-08 20:17:30 +01:00			`new AddOauthAccountResponse(`
feat: link discord account to existing account 2024-11-03 13:53:16 +01:00			`authMethod.Id,`
			`AuthType.Discord,`
			`authMethod.RemoteId,`
			`authMethod.RemoteUsername`
			`)`
			`);`
			`}`
			`catch (UniqueConstraintException)`
			`{`
			`throw new ApiError(`
			`"That account is already linked.",`
			`HttpStatusCode.BadRequest,`
			`ErrorCode.AccountAlreadyLinked`
			`);`
			`}`
			`}`

feat(backend): start authentication controllers 2024-06-12 03:47:20 +02:00			`private void CheckRequirements()`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`{`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`if (!config.DiscordAuth.Enabled)`
refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`{`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`throw new ApiError.BadRequest(`
			`"Discord authentication is not enabled on this instance."`
			`);`
refactor(backend): use explicit types instead of var by default 2024-12-08 15:07:25 +01:00			`}`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`}`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`}`