Foxnouns.NET/Foxnouns.Backend/Middleware/AuthorizationMiddleware.cs

using Foxnouns.Backend.Database.Models;
using Foxnouns.Backend.Utils;

namespace Foxnouns.Backend.Middleware;

public class AuthorizationMiddleware : IMiddleware
{
    public async Task InvokeAsync(HttpContext ctx, RequestDelegate next)
    {
        var endpoint = ctx.GetEndpoint();
        var attribute = endpoint?.Metadata.GetMetadata<AuthorizeAttribute>();

        if (attribute == null)
        {
            await next(ctx);
            return;
        }

        var token = ctx.GetToken();
        if (token == null)
            throw new ApiError.Unauthorized("This endpoint requires an authenticated user.",
                ErrorCode.AuthenticationRequired);
        if (attribute.Scopes.Length > 0 && attribute.Scopes.Except(token.Scopes.ExpandScopes()).Any())
            throw new ApiError.Forbidden("This endpoint requires ungranted scopes.",
                attribute.Scopes.Except(token.Scopes.ExpandScopes()), ErrorCode.MissingScopes);
        if (attribute.RequireAdmin && token.User.Role != UserRole.Admin)
            throw new ApiError.Forbidden("This endpoint can only be used by admins.");
        if (attribute.RequireModerator && token.User.Role != UserRole.Admin && token.User.Role != UserRole.Moderator)
            throw new ApiError.Forbidden("This endpoint can only be used by moderators.");

        await next(ctx);
    }
}

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthorizeAttribute(params string[] scopes) : Attribute
{
    public readonly bool RequireAdmin = scopes.Contains(":admin");
    public readonly bool RequireModerator = scopes.Contains(":moderator");

    public readonly string[] Scopes = scopes.Except([":admin", ":moderator"]).ToArray();
}
feat: update custom preferences endpoint 2024-08-22 15:13:46 +02:00			`using Foxnouns.Backend.Database.Models;`
add a bunch of stuff copied from Foxchat.NET 2024-05-28 15:29:18 +02:00			`using Foxnouns.Backend.Utils;`

			`namespace Foxnouns.Backend.Middleware;`

			`public class AuthorizationMiddleware : IMiddleware`
			`{`
			`public async Task InvokeAsync(HttpContext ctx, RequestDelegate next)`
			`{`
			`var endpoint = ctx.GetEndpoint();`
			`var attribute = endpoint?.Metadata.GetMetadata<AuthorizeAttribute>();`

			`if (attribute == null)`
			`{`
			`await next(ctx);`
			`return;`
			`}`

			`var token = ctx.GetToken();`
			`if (token == null)`
format(frontend): change line width to 100 2024-09-06 15:01:44 +02:00			`throw new ApiError.Unauthorized("This endpoint requires an authenticated user.",`
			`ErrorCode.AuthenticationRequired);`
add a bunch of stuff copied from Foxchat.NET 2024-05-28 15:29:18 +02:00			`if (attribute.Scopes.Length > 0 && attribute.Scopes.Except(token.Scopes.ExpandScopes()).Any())`
			`throw new ApiError.Forbidden("This endpoint requires ungranted scopes.",`
fix: return correct error in GET /users/@me 2024-09-05 21:10:45 +02:00			`attribute.Scopes.Except(token.Scopes.ExpandScopes()), ErrorCode.MissingScopes);`
feat: update custom preferences endpoint 2024-08-22 15:13:46 +02:00			`if (attribute.RequireAdmin && token.User.Role != UserRole.Admin)`
			`throw new ApiError.Forbidden("This endpoint can only be used by admins.");`
			`if (attribute.RequireModerator && token.User.Role != UserRole.Admin && token.User.Role != UserRole.Moderator)`
			`throw new ApiError.Forbidden("This endpoint can only be used by moderators.");`
add a bunch of stuff copied from Foxchat.NET 2024-05-28 15:29:18 +02:00
			`await next(ctx);`
			`}`
			`}`

			`[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method)]`
			`public class AuthorizeAttribute(params string[] scopes) : Attribute`
			`{`
			`public readonly bool RequireAdmin = scopes.Contains(":admin");`
			`public readonly bool RequireModerator = scopes.Contains(":moderator");`

			`public readonly string[] Scopes = scopes.Except([":admin", ":moderator"]).ToArray();`
			`}`