sam/Foxnouns.NET
sam/Foxnouns.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

start (actual) email auth, add CancellationToken to most async methods

Browse source
This commit is contained in:
sam 2024-09-09 14:37:59 +02:00
parent acc54a55bc
commit 344a0071e5
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
22 changed files with 325 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Foxnouns.Backend/Controllers/Authentication/AuthController.cs
View file

@ -13,13 +13,13 @@ public class AuthController(Config config, KeyCacheService keyCacheSvc, ILogger
[HttpPost("urls")]
[ProducesResponseType<UrlsResponse>(StatusCodes.Status200OK)]
public async Task<IActionResult> UrlsAsync()
public async Task<IActionResult> UrlsAsync(CancellationToken ct = default)
{
_logger.Debug("Generating auth URLs for Discord: {Discord}, Google: {Google}, Tumblr: {Tumblr}",
config.DiscordAuth.Enabled,
config.GoogleAuth.Enabled,
config.TumblrAuth.Enabled);
var state = HttpUtility.UrlEncode(await keyCacheSvc.GenerateAuthStateAsync());
var state = HttpUtility.UrlEncode(await keyCacheSvc.GenerateAuthStateAsync(ct));
string? discord = null;
if (config.DiscordAuth is { ClientId: not null, ClientSecret: not null })
discord =

30
Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs
View file

@ -27,31 +27,31 @@ public class DiscordAuthController(
// leaving it here for documentation purposes
[ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
[ProducesResponseType<AuthController.CallbackResponse>(StatusCodes.Status200OK)]
public async Task<IActionResult> CallbackAsync([FromBody] AuthController.CallbackRequest req)
public async Task<IActionResult> CallbackAsync([FromBody] AuthController.CallbackRequest req, CancellationToken ct = default)
{
CheckRequirements();
await keyCacheSvc.ValidateAuthStateAsync(req.State);
await keyCacheSvc.ValidateAuthStateAsync(req.State, ct);
var remoteUser = await remoteAuthSvc.RequestDiscordTokenAsync(req.Code, req.State);
var user = await authSvc.AuthenticateUserAsync(AuthType.Discord, remoteUser.Id);
if (user != null) return Ok(await GenerateUserTokenAsync(user));
var remoteUser = await remoteAuthSvc.RequestDiscordTokenAsync(req.Code, req.State, ct);
var user = await authSvc.AuthenticateUserAsync(AuthType.Discord, remoteUser.Id, ct: ct);
if (user != null) return Ok(await GenerateUserTokenAsync(user,ct));
_logger.Debug("Discord user {Username} ({Id}) authenticated with no local account", remoteUser.Username,
remoteUser.Id);
var ticket = AuthUtils.RandomToken();
await keyCacheSvc.SetKeyAsync($"discord:{ticket}", remoteUser, Duration.FromMinutes(20));
await keyCacheSvc.SetKeyAsync($"discord:{ticket}", remoteUser, Duration.FromMinutes(20), ct);
return Ok(new AuthController.CallbackResponse(false, ticket, remoteUser.Username));
}
[HttpPost("register")]
[ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
public async Task<IActionResult> RegisterAsync([FromBody] AuthController.OauthRegisterRequest req)
public async Task<IActionResult> RegisterAsync([FromBody] AuthController.OauthRegisterRequest req, CancellationToken ct = default)
{
var remoteUser = await keyCacheSvc.GetKeyAsync<RemoteAuthService.RemoteUser>($"discord:{req.Ticket}");
var remoteUser = await keyCacheSvc.GetKeyAsync<RemoteAuthService.RemoteUser>($"discord:{req.Ticket}",ct:ct);
if (remoteUser == null) throw new ApiError.BadRequest("Invalid ticket", "ticket", req.Ticket);
if (await db.AuthMethods.AnyAsync(a => a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id))
if (await db.AuthMethods.AnyAsync(a => a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id, ct))
{
_logger.Error("Discord user {Id} has valid ticket but is already linked to an existing account",
remoteUser.Id);
@ -59,14 +59,14 @@ public class DiscordAuthController(
}
var user = await authSvc.CreateUserWithRemoteAuthAsync(req.Username, AuthType.Discord, remoteUser.Id,
remoteUser.Username);
remoteUser.Username, ct: ct);
return Ok(await GenerateUserTokenAsync(user));
return Ok(await GenerateUserTokenAsync(user, ct));
}
private async Task<AuthController.AuthResponse> GenerateUserTokenAsync(User user)
private async Task<AuthController.AuthResponse> GenerateUserTokenAsync(User user, CancellationToken ct = default)
{
var frontendApp = await db.GetFrontendApplicationAsync();
var frontendApp = await db.GetFrontendApplicationAsync(ct);
_logger.Debug("Logging user {Id} in with Discord", user.Id);
var (tokenStr, token) =
@ -75,10 +75,10 @@ public class DiscordAuthController(
_logger.Debug("Generated token {TokenId} for {UserId}", user.Id, token.Id);
await db.SaveChangesAsync();
await db.SaveChangesAsync(ct);
return new AuthController.AuthResponse(
await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false),
await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false, ct: ct),
tokenStr,
token.ExpiresAt
);

53
Foxnouns.Backend/Controllers/Authentication/EmailAuthController.cs
View file

@ -1,6 +1,10 @@
using Foxnouns.Backend.Database;
using Foxnouns.Backend.Database.Models;
using Foxnouns.Backend.Extensions;
using Foxnouns.Backend.Services;
using Foxnouns.Backend.Utils;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using NodaTime;
namespace Foxnouns.Backend.Controllers.Authentication;
@ -9,21 +13,56 @@ namespace Foxnouns.Backend.Controllers.Authentication;
public class EmailAuthController(
DatabaseContext db,
AuthService authSvc,
MailService mailSvc,
KeyCacheService keyCacheSvc,
UserRendererService userRendererSvc,
IClock clock,
ILogger logger) : ApiControllerBase
{
private readonly ILogger _logger = logger.ForContext<EmailAuthController>();
[HttpPost("register")]
public async Task<IActionResult> RegisterAsync([FromBody] RegisterRequest req, CancellationToken ct = default)
{
if (!req.Email.Contains('@')) throw new ApiError.BadRequest("Email is invalid", "email", req.Email);
var state = await keyCacheSvc.GenerateRegisterEmailStateAsync(req.Email, userId: null, ct);
if (await db.AuthMethods.AnyAsync(a => a.AuthType == AuthType.Email && a.RemoteId == req.Email, ct))
return NoContent();
mailSvc.QueueAccountCreationEmail(req.Email, state);
return NoContent();
}
[HttpPost("callback")]
public async Task<IActionResult> CallbackAsync([FromBody] CallbackRequest req, CancellationToken ct = default)
{
var state = await keyCacheSvc.GetRegisterEmailStateAsync(req.State, ct);
if (state == null) throw new ApiError.BadRequest("Invalid state", "state", req.State);
if (state.ExistingUserId != null)
{
var authMethod =
await authSvc.AddAuthMethodAsync(state.ExistingUserId.Value, AuthType.Email, state.Email, ct: ct);
_logger.Debug("Added email auth {AuthId} for user {UserId}", authMethod.Id, state.ExistingUserId);
return NoContent();
}
var ticket = AuthUtils.RandomToken();
await keyCacheSvc.SetKeyAsync($"email:{ticket}", state.Email, Duration.FromMinutes(20));
return Ok(new AuthController.CallbackResponse(false, ticket, state.Email));
}
[HttpPost("login")]
[ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
public async Task<IActionResult> LoginAsync([FromBody] LoginRequest req)
public async Task<IActionResult> LoginAsync([FromBody] LoginRequest req, CancellationToken ct = default)
{
var (user, authenticationResult) = await authSvc.AuthenticateUserAsync(req.Email, req.Password);
var (user, authenticationResult) = await authSvc.AuthenticateUserAsync(req.Email, req.Password, ct);
if (authenticationResult == AuthService.EmailAuthenticationResult.MfaRequired)
throw new NotImplementedException("MFA is not implemented yet");
var frontendApp = await db.GetFrontendApplicationAsync();
var frontendApp = await db.GetFrontendApplicationAsync(ct);
_logger.Debug("Logging user {Id} in with email and password", user.Id);
@ -33,14 +72,18 @@ public class EmailAuthController(
_logger.Debug("Generated token {TokenId} for {UserId}", token.Id, user.Id);
await db.SaveChangesAsync();
await db.SaveChangesAsync(ct);
return Ok(new AuthController.AuthResponse(
await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false),
await userRendererSvc.RenderUserAsync(user, selfUser: user, renderMembers: false, ct: ct),
tokenStr,
token.ExpiresAt
));
}
public record LoginRequest(string Email, string Password);
public record RegisterRequest(string Email);
public record CallbackRequest(string State);
}

20
Foxnouns.Backend/Controllers/MembersController.cs
View file

@ -25,24 +25,24 @@ public class MembersController(
[HttpGet]
[ProducesResponseType<IEnumerable<MemberRendererService.PartialMember>>(StatusCodes.Status200OK)]
public async Task<IActionResult> GetMembersAsync(string userRef)
public async Task<IActionResult> GetMembersAsync(string userRef, CancellationToken ct = default)
{
var user = await db.ResolveUserAsync(userRef, CurrentToken);
var user = await db.ResolveUserAsync(userRef, CurrentToken, ct);
return Ok(await memberRendererService.RenderUserMembersAsync(user, CurrentToken));
}
[HttpGet("{memberRef}")]
[ProducesResponseType<MemberRendererService.MemberResponse>(StatusCodes.Status200OK)]
public async Task<IActionResult> GetMemberAsync(string userRef, string memberRef)
public async Task<IActionResult> GetMemberAsync(string userRef, string memberRef, CancellationToken ct = default)
{
var member = await db.ResolveMemberAsync(userRef, memberRef, CurrentToken);
var member = await db.ResolveMemberAsync(userRef, memberRef, CurrentToken, ct);
return Ok(memberRendererService.RenderMember(member, CurrentToken));
}
[HttpPost("/api/v2/users/@me/members")]
[ProducesResponseType<MemberRendererService.MemberResponse>(StatusCodes.Status200OK)]
[Authorize("member.create")]
public async Task<IActionResult> CreateMemberAsync([FromBody] CreateMemberRequest req)
public async Task<IActionResult> CreateMemberAsync([FromBody] CreateMemberRequest req, CancellationToken ct = default)
{
ValidationUtils.Validate([
("name", ValidationUtils.ValidateMemberName(req.Name)),
@ -71,7 +71,7 @@ public class MembersController(
try
{
await db.SaveChangesAsync();
await db.SaveChangesAsync(ct);
}
catch (UniqueConstraintException)
{
@ -88,18 +88,18 @@ public class MembersController(
[HttpDelete("/api/v2/users/@me/members/{memberRef}")]
[Authorize("member.update")]
public async Task<IActionResult> DeleteMemberAsync(string memberRef)
public async Task<IActionResult> DeleteMemberAsync(string memberRef, CancellationToken ct = default)
{
var member = await db.ResolveMemberAsync(CurrentUser!.Id, memberRef);
var member = await db.ResolveMemberAsync(CurrentUser!.Id, memberRef, ct);
var deleteCount = await db.Members.Where(m => m.UserId == CurrentUser!.Id && m.Id == member.Id)
.ExecuteDeleteAsync();
.ExecuteDeleteAsync(ct);
if (deleteCount == 0)
{
_logger.Warning("Successfully resolved member {Id} but could not delete them", member.Id);
return NoContent();
}
await db.SaveChangesAsync();
await db.SaveChangesAsync(ct);
if (member.Avatar != null) await objectStorage.DeleteMemberAvatarAsync(member.Id, member.Avatar);
return NoContent();

18
Foxnouns.Backend/Controllers/UsersController.cs
View file

@ -36,10 +36,10 @@ public class UsersController(
[HttpPatch("@me")]
[Authorize("user.update")]
[ProducesResponseType<UserRendererService.UserResponse>(statusCode: StatusCodes.Status200OK)]
public async Task<IActionResult> UpdateUserAsync([FromBody] UpdateUserRequest req)
public async Task<IActionResult> UpdateUserAsync([FromBody] UpdateUserRequest req, CancellationToken ct = default)
{
await using var tx = await db.Database.BeginTransactionAsync();
var user = await db.Users.FirstAsync(u => u.Id == CurrentUser!.Id);
await using var tx = await db.Database.BeginTransactionAsync(ct);
var user = await db.Users.FirstAsync(u => u.Id == CurrentUser!.Id, ct);
var errors = new List<(string, ValidationError?)>();
if (req.Username != null && req.Username != user.Username)
@ -76,20 +76,20 @@ public class UsersController(
queue.QueueInvocableWithPayload<UserAvatarUpdateInvocable, AvatarUpdatePayload>(
new AvatarUpdatePayload(CurrentUser!.Id, req.Avatar));
await db.SaveChangesAsync();
await tx.CommitAsync();
await db.SaveChangesAsync(ct);
await tx.CommitAsync(ct);
return Ok(await userRendererService.RenderUserAsync(user, CurrentUser, renderMembers: false,
renderAuthMethods: false));
renderAuthMethods: false, ct: ct));
}
[HttpPatch("@me/custom-preferences")]
[Authorize("user.update")]
[ProducesResponseType<Dictionary<Snowflake, User.CustomPreference>>(StatusCodes.Status200OK)]
public async Task<IActionResult> UpdateCustomPreferencesAsync([FromBody] List<CustomPreferencesUpdateRequest> req)
public async Task<IActionResult> UpdateCustomPreferencesAsync([FromBody] List<CustomPreferencesUpdateRequest> req, CancellationToken ct = default)
{
ValidationUtils.Validate(ValidateCustomPreferences(req));
var user = await db.ResolveUserAsync(CurrentUser!.Id);
var user = await db.ResolveUserAsync(CurrentUser!.Id, ct);
var preferences = user.CustomPreferences.Where(x => req.Any(r => r.Id == x.Key)).ToDictionary();
foreach (var r in req)
@ -119,7 +119,7 @@ public class UsersController(
}
user.CustomPreferences = preferences;
await db.SaveChangesAsync();
await db.SaveChangesAsync(ct);
return Ok(user.CustomPreferences);
}