2024-12-09 21:11:46 +01:00
|
|
|
// Copyright (C) 2023-present sam/u1f320 (vulpine.solutions)
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published
|
|
|
|
// by the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2024-05-28 15:29:18 +02:00
|
|
|
using Foxnouns.Backend.Database;
|
|
|
|
using Foxnouns.Backend.Database.Models;
|
|
|
|
using Foxnouns.Backend.Utils;
|
|
|
|
|
|
|
|
namespace Foxnouns.Backend.Middleware;
|
|
|
|
|
2024-09-13 14:56:38 +02:00
|
|
|
public class AuthenticationMiddleware(DatabaseContext db) : IMiddleware
|
2024-05-28 15:29:18 +02:00
|
|
|
{
|
|
|
|
public async Task InvokeAsync(HttpContext ctx, RequestDelegate next)
|
|
|
|
{
|
2024-12-08 15:07:25 +01:00
|
|
|
Endpoint? endpoint = ctx.GetEndpoint();
|
|
|
|
AuthenticateAttribute? metadata = endpoint?.Metadata.GetMetadata<AuthenticateAttribute>();
|
2024-05-28 15:29:18 +02:00
|
|
|
|
|
|
|
if (metadata == null)
|
|
|
|
{
|
|
|
|
await next(ctx);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2024-10-02 00:28:07 +02:00
|
|
|
if (
|
2024-12-08 15:07:25 +01:00
|
|
|
!AuthUtils.TryParseToken(
|
|
|
|
ctx.Request.Headers.Authorization.ToString(),
|
|
|
|
out byte[]? rawToken
|
|
|
|
)
|
2024-10-02 00:28:07 +02:00
|
|
|
)
|
2024-05-28 15:29:18 +02:00
|
|
|
{
|
|
|
|
await next(ctx);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2024-12-08 15:07:25 +01:00
|
|
|
Token? oauthToken = await db.GetToken(rawToken);
|
2024-05-28 15:29:18 +02:00
|
|
|
if (oauthToken == null)
|
|
|
|
{
|
|
|
|
await next(ctx);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx.SetToken(oauthToken);
|
|
|
|
await next(ctx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public static class HttpContextExtensions
|
|
|
|
{
|
|
|
|
private const string Key = "token";
|
|
|
|
|
|
|
|
public static void SetToken(this HttpContext ctx, Token token) => ctx.Items.Add(Key, token);
|
2024-10-02 00:28:07 +02:00
|
|
|
|
2024-05-28 15:29:18 +02:00
|
|
|
public static User? GetUser(this HttpContext ctx) => ctx.GetToken()?.User;
|
|
|
|
|
|
|
|
public static User GetUserOrThrow(this HttpContext ctx) =>
|
|
|
|
ctx.GetUser() ?? throw new ApiError.AuthenticationError("No user in HttpContext");
|
|
|
|
|
|
|
|
public static Token? GetToken(this HttpContext ctx)
|
|
|
|
{
|
2024-12-08 15:07:25 +01:00
|
|
|
if (ctx.Items.TryGetValue(Key, out object? token))
|
2024-05-28 15:29:18 +02:00
|
|
|
return token as Token;
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
|
2024-10-02 00:28:07 +02:00
|
|
|
public class AuthenticateAttribute : Attribute;
|