Foxnouns.NET/Foxnouns.Backend/Middleware/AuthenticationMiddleware.cs

using System.Security.Cryptography;
using Foxnouns.Backend.Database;
using Foxnouns.Backend.Database.Models;
using Foxnouns.Backend.Utils;
using Microsoft.EntityFrameworkCore;
using NodaTime;

namespace Foxnouns.Backend.Middleware;

public class AuthenticationMiddleware(DatabaseContext db, IClock clock) : IMiddleware
{
    public async Task InvokeAsync(HttpContext ctx, RequestDelegate next)
    {
        var endpoint = ctx.GetEndpoint();
        var metadata = endpoint?.Metadata.GetMetadata<AuthenticateAttribute>();

        if (metadata == null)
        {
            await next(ctx);
            return;
        }

        var header = ctx.Request.Headers.Authorization.ToString();
        if (!AuthUtils.TryFromBase64String(header, out var rawToken))
        {
            await next(ctx);
            return;
        }

        var hash = SHA512.HashData(rawToken);
        var oauthToken = await db.Tokens
            .Include(t => t.Application)
            .Include(t => t.User)
            .FirstOrDefaultAsync(t => t.Hash == hash && t.ExpiresAt > clock.GetCurrentInstant() && !t.ManuallyExpired);
        if (oauthToken == null)
        {
            await next(ctx);
            return;
        }

        ctx.SetToken(oauthToken);

        await next(ctx);
    }
}

public static class HttpContextExtensions
{
    private const string Key = "token";

    public static void SetToken(this HttpContext ctx, Token token) => ctx.Items.Add(Key, token);
    public static User? GetUser(this HttpContext ctx) => ctx.GetToken()?.User;

    public static User GetUserOrThrow(this HttpContext ctx) =>
        ctx.GetUser() ?? throw new ApiError.AuthenticationError("No user in HttpContext");

    public static Token? GetToken(this HttpContext ctx)
    {
        if (ctx.Items.TryGetValue(Key, out var token))
            return token as Token;
        return null;
    }
}

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthenticateAttribute : Attribute;
add a bunch of stuff copied from Foxchat.NET 2024-05-28 15:29:18 +02:00			`using System.Security.Cryptography;`
			`using Foxnouns.Backend.Database;`
			`using Foxnouns.Backend.Database.Models;`
			`using Foxnouns.Backend.Utils;`
			`using Microsoft.EntityFrameworkCore;`
			`using NodaTime;`

			`namespace Foxnouns.Backend.Middleware;`

			`public class AuthenticationMiddleware(DatabaseContext db, IClock clock) : IMiddleware`
			`{`
			`public async Task InvokeAsync(HttpContext ctx, RequestDelegate next)`
			`{`
			`var endpoint = ctx.GetEndpoint();`
			`var metadata = endpoint?.Metadata.GetMetadata<AuthenticateAttribute>();`

			`if (metadata == null)`
			`{`
			`await next(ctx);`
			`return;`
			`}`

			`var header = ctx.Request.Headers.Authorization.ToString();`
too many things to list (notably, user avatar update) 2024-07-08 19:03:04 +02:00			`if (!AuthUtils.TryFromBase64String(header, out var rawToken))`
add a bunch of stuff copied from Foxchat.NET 2024-05-28 15:29:18 +02:00			`{`
			`await next(ctx);`
			`return;`
			`}`

			`var hash = SHA512.HashData(rawToken);`
			`var oauthToken = await db.Tokens`
			`.Include(t => t.Application)`
			`.Include(t => t.User)`
			`.FirstOrDefaultAsync(t => t.Hash == hash && t.ExpiresAt > clock.GetCurrentInstant() && !t.ManuallyExpired);`
			`if (oauthToken == null)`
			`{`
			`await next(ctx);`
			`return;`
			`}`

			`ctx.SetToken(oauthToken);`

			`await next(ctx);`
			`}`
			`}`

			`public static class HttpContextExtensions`
			`{`
			`private const string Key = "token";`

			`public static void SetToken(this HttpContext ctx, Token token) => ctx.Items.Add(Key, token);`
			`public static User? GetUser(this HttpContext ctx) => ctx.GetToken()?.User;`

			`public static User GetUserOrThrow(this HttpContext ctx) =>`
			`ctx.GetUser() ?? throw new ApiError.AuthenticationError("No user in HttpContext");`

			`public static Token? GetToken(this HttpContext ctx)`
			`{`
			`if (ctx.Items.TryGetValue(Key, out var token))`
			`return token as Token;`
			`return null;`
			`}`
			`}`

			`[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method)]`
feat: replace Hangfire with Coravel 2024-09-03 16:29:51 +02:00			`public class AuthenticateAttribute : Attribute;`