Foxnouns.NET/Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs

using Foxnouns.Backend.Database;
using Foxnouns.Backend.Database.Models;
using Foxnouns.Backend.Extensions;
using Foxnouns.Backend.Services;
using Foxnouns.Backend.Utils;
using JetBrains.Annotations;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using NodaTime;

namespace Foxnouns.Backend.Controllers.Authentication;

[Route("/api/internal/auth/discord")]
public class DiscordAuthController(
    [UsedImplicitly] Config config,
    ILogger logger,
    IClock clock,
    DatabaseContext db,
    KeyCacheService keyCacheService,
    AuthService authService,
    RemoteAuthService remoteAuthService,
    UserRendererService userRenderer
) : ApiControllerBase
{
    private readonly ILogger _logger = logger.ForContext<DiscordAuthController>();

    [HttpPost("callback")]
    // TODO: duplicating attribute doesn't work, find another way to mark both as possible response
    // leaving it here for documentation purposes
    [ProducesResponseType<AuthController.CallbackResponse>(StatusCodes.Status200OK)]
    public async Task<IActionResult> CallbackAsync([FromBody] AuthController.CallbackRequest req)
    {
        CheckRequirements();
        await keyCacheService.ValidateAuthStateAsync(req.State);

        var remoteUser = await remoteAuthService.RequestDiscordTokenAsync(req.Code);
        var user = await authService.AuthenticateUserAsync(AuthType.Discord, remoteUser.Id);
        if (user != null)
            return Ok(await GenerateUserTokenAsync(user));

        _logger.Debug(
            "Discord user {Username} ({Id}) authenticated with no local account",
            remoteUser.Username,
            remoteUser.Id
        );

        var ticket = AuthUtils.RandomToken();
        await keyCacheService.SetKeyAsync(
            $"discord:{ticket}",
            remoteUser,
            Duration.FromMinutes(20)
        );

        return Ok(
            new AuthController.CallbackResponse(
                HasAccount: false,
                Ticket: ticket,
                RemoteUsername: remoteUser.Username,
                User: null,
                Token: null,
                ExpiresAt: null
            )
        );
    }

    [HttpPost("register")]
    [ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
    public async Task<IActionResult> RegisterAsync(
        [FromBody] AuthController.OauthRegisterRequest req
    )
    {
        var remoteUser = await keyCacheService.GetKeyAsync<RemoteAuthService.RemoteUser>(
            $"discord:{req.Ticket}"
        );
        if (remoteUser == null)
            throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);
        if (
            await db.AuthMethods.AnyAsync(a =>
                a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id
            )
        )
        {
            _logger.Error(
                "Discord user {Id} has valid ticket but is already linked to an existing account",
                remoteUser.Id
            );
            throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);
        }

        var user = await authService.CreateUserWithRemoteAuthAsync(
            req.Username,
            AuthType.Discord,
            remoteUser.Id,
            remoteUser.Username
        );

        return Ok(await GenerateUserTokenAsync(user));
    }

    private async Task<AuthController.CallbackResponse> GenerateUserTokenAsync(
        User user,
        CancellationToken ct = default
    )
    {
        var frontendApp = await db.GetFrontendApplicationAsync(ct);
        _logger.Debug("Logging user {Id} in with Discord", user.Id);

        var (tokenStr, token) = authService.GenerateToken(
            user,
            frontendApp,
            ["*"],
            clock.GetCurrentInstant() + Duration.FromDays(365)
        );
        db.Add(token);

        _logger.Debug("Generated token {TokenId} for {UserId}", user.Id, token.Id);

        await db.SaveChangesAsync(ct);

        return new AuthController.CallbackResponse(
            HasAccount: true,
            Ticket: null,
            RemoteUsername: null,
            User: await userRenderer.RenderUserAsync(
                user,
                selfUser: user,
                renderMembers: false,
                ct: ct
            ),
            Token: tokenStr,
            ExpiresAt: token.ExpiresAt
        );
    }

    private void CheckRequirements()
    {
        if (!config.DiscordAuth.Enabled)
            throw new ApiError.BadRequest(
                "Discord authentication is not enabled on this instance."
            );
    }
}
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`using Foxnouns.Backend.Database;`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`using Foxnouns.Backend.Database.Models;`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`using Foxnouns.Backend.Extensions;`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`using Foxnouns.Backend.Services;`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`using Foxnouns.Backend.Utils;`
chore(backend): silence some more resharper errors 2024-09-14 16:37:52 +02:00			`using JetBrains.Annotations;`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`using Microsoft.AspNetCore.Mvc;`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`using Microsoft.EntityFrameworkCore;`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`using NodaTime;`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00
			`namespace Foxnouns.Backend.Controllers.Authentication;`

feat(backend): move internal endpoints to /api/internal 2024-10-02 00:15:14 +02:00			`[Route("/api/internal/auth/discord")]`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`public class DiscordAuthController(`
chore(backend): silence some more resharper errors 2024-09-14 16:37:52 +02:00			`[UsedImplicitly] Config config,`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`ILogger logger,`
			`IClock clock,`
			`DatabaseContext db,`
refactor: more consistent field names, also in STYLE.md 2024-09-09 14:50:00 +02:00			`KeyCacheService keyCacheService,`
			`AuthService authService,`
			`RemoteAuthService remoteAuthService,`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`UserRendererService userRenderer`
			`) : ApiControllerBase`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`{`
fix: add class context to all loggers, format 2024-09-04 14:25:44 +02:00			`private readonly ILogger _logger = logger.ForContext<DiscordAuthController>();`

feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`[HttpPost("callback")]`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`// TODO: duplicating attribute doesn't work, find another way to mark both as possible response`
			`// leaving it here for documentation purposes`
			`[ProducesResponseType<AuthController.CallbackResponse>(StatusCodes.Status200OK)]`
fix: don't pass CancellationToken to method that shouldn't abort also add license header to project 2024-11-02 21:23:49 +01:00			`public async Task<IActionResult> CallbackAsync([FromBody] AuthController.CallbackRequest req)`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`{`
			`CheckRequirements();`
fix: don't pass CancellationToken to method that shouldn't abort also add license header to project 2024-11-02 21:23:49 +01:00			`await keyCacheService.ValidateAuthStateAsync(req.State);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
fix: don't pass CancellationToken to method that shouldn't abort also add license header to project 2024-11-02 21:23:49 +01:00			`var remoteUser = await remoteAuthService.RequestDiscordTokenAsync(req.Code);`
			`var user = await authService.AuthenticateUserAsync(AuthType.Discord, remoteUser.Id);`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`if (user != null)`
fix: don't pass CancellationToken to method that shouldn't abort also add license header to project 2024-11-02 21:23:49 +01:00			`return Ok(await GenerateUserTokenAsync(user));`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`_logger.Debug(`
			`"Discord user {Username} ({Id}) authenticated with no local account",`
			`remoteUser.Username,`
			`remoteUser.Id`
			`);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
too many things to list (notably, user avatar update) 2024-07-08 19:03:04 +02:00			`var ticket = AuthUtils.RandomToken();`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`await keyCacheService.SetKeyAsync(`
			`$"discord:{ticket}",`
			`remoteUser,`
fix: don't pass CancellationToken to method that shouldn't abort also add license header to project 2024-11-02 21:23:49 +01:00			`Duration.FromMinutes(20)`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`);`

			`return Ok(`
			`new AuthController.CallbackResponse(`
			`HasAccount: false,`
			`Ticket: ticket,`
			`RemoteUsername: remoteUser.Username,`
			`User: null,`
			`Token: null,`
			`ExpiresAt: null`
			`)`
			`);`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`}`

			`[HttpPost("register")]`
			`[ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`public async Task<IActionResult> RegisterAsync(`
			`[FromBody] AuthController.OauthRegisterRequest req`
			`)`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`{`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`var remoteUser = await keyCacheService.GetKeyAsync<RemoteAuthService.RemoteUser>(`
			`$"discord:{req.Ticket}"`
			`);`
			`if (remoteUser == null)`
			`throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);`
			`if (`
			`await db.AuthMethods.AnyAsync(a =>`
			`a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id`
			`)`
			`)`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`{`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`_logger.Error(`
			`"Discord user {Id} has valid ticket but is already linked to an existing account",`
			`remoteUser.Id`
			`);`
chore(backend): silence some more resharper errors 2024-09-14 16:37:52 +02:00			`throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00			`}`

chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`var user = await authService.CreateUserWithRemoteAuthAsync(`
			`req.Username,`
			`AuthType.Discord,`
			`remoteUser.Id,`
			`remoteUser.Username`
			`);`
feat: initial working discord authentication 2024-06-13 02:23:55 +02:00
chore(backend): silence some more resharper errors 2024-09-14 16:37:52 +02:00			`return Ok(await GenerateUserTokenAsync(user));`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`}`

chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`private async Task<AuthController.CallbackResponse> GenerateUserTokenAsync(`
			`User user,`
			`CancellationToken ct = default`
			`)`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`{`
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`var frontendApp = await db.GetFrontendApplicationAsync(ct);`
fix: add class context to all loggers, format 2024-09-04 14:25:44 +02:00			`_logger.Debug("Logging user {Id} in with Discord", user.Id);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`var (tokenStr, token) = authService.GenerateToken(`
			`user,`
			`frontendApp,`
			`["*"],`
			`clock.GetCurrentInstant() + Duration.FromDays(365)`
			`);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`db.Add(token);`

fix: add class context to all loggers, format 2024-09-04 14:25:44 +02:00			`_logger.Debug("Generated token {TokenId} for {UserId}", user.Id, token.Id);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
start (actual) email auth, add CancellationToken to most async methods 2024-09-09 14:37:59 +02:00			`await db.SaveChangesAsync(ct);`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00
feat(frontend): add discord callback page this only handles existing accounts for now, still need to write an action function 2024-09-13 14:56:38 +02:00			`return new AuthController.CallbackResponse(`
			`HasAccount: true,`
			`Ticket: null,`
			`RemoteUsername: null,`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`User: await userRenderer.RenderUserAsync(`
			`user,`
			`selfUser: user,`
			`renderMembers: false,`
			`ct: ct`
			`),`
feat(frontend): add discord callback page this only handles existing accounts for now, still need to write an action function 2024-09-13 14:56:38 +02:00			`Token: tokenStr,`
			`ExpiresAt: token.ExpiresAt`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`);`
			`}`

feat(backend): start authentication controllers 2024-06-12 03:47:20 +02:00			`private void CheckRequirements()`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`{`
feat(backend): add RequestDiscordTokenAsync method 2024-06-12 16:19:49 +02:00			`if (!config.DiscordAuth.Enabled)`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`throw new ApiError.BadRequest(`
			`"Discord authentication is not enabled on this instance."`
			`);`
feat(backend): add skeleton discord auth controller 2024-06-10 16:25:49 +02:00			`}`
chore: add csharpier to husky, format backend with csharpier 2024-10-02 00:28:07 +02:00			`}`