feat: initial working discord authentication

2024-06-13 02:23:55 +02:00 · 2024-06-13 02:23:55 +02:00 · a7950671e1
commit a7950671e1
parent 6186eda092
12 changed files with 262 additions and 25 deletions
--- a/Foxnouns.Backend/Controllers/Authentication/AuthController.cs
+++ b/Foxnouns.Backend/Controllers/Authentication/AuthController.cs
@ -1,4 +1,5 @@
 using System.Web;
+using Foxnouns.Backend.Extensions;
 using Foxnouns.Backend.Services;
 using Microsoft.AspNetCore.Mvc;
 using NodaTime;
@ -34,11 +35,19 @@ public class AuthController(Config config, KeyCacheService keyCacheSvc, ILogger
        string? Tumblr
    );

-    internal record AuthResponse(
+    public record AuthResponse(
        UserRendererService.UserResponse User,
        string Token,
        Instant ExpiresAt
    );

+    public record CallbackResponse(
+        bool HasAccount, // If true, user has an account, but it's deleted
+        string Ticket,
+        string? RemoteUsername
+    );
+
+    public record OauthRegisterRequest(string Ticket, string Username);
+
    public record CallbackRequest(string Code, string State);
 }
--- a/Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs
+++ b/Foxnouns.Backend/Controllers/Authentication/DiscordAuthController.cs
@ -1,7 +1,10 @@
 using Foxnouns.Backend.Database;
 using Foxnouns.Backend.Database.Models;
+using Foxnouns.Backend.Extensions;
 using Foxnouns.Backend.Services;
+using Foxnouns.Backend.Utils;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
 using NodaTime;

 namespace Foxnouns.Backend.Controllers.Authentication;
@ -18,6 +21,10 @@ public class DiscordAuthController(
    UserRendererService userRendererSvc) : ApiControllerBase
 {
    [HttpPost("callback")]
+    // TODO: duplicating attribute doesn't work, find another way to mark both as possible response
+    // leaving it here for documentation purposes
+    [ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
+    [ProducesResponseType<AuthController.CallbackResponse>(StatusCodes.Status200OK)]
    public async Task<IActionResult> CallbackAsync([FromBody] AuthController.CallbackRequest req)
    {
        CheckRequirements();
@ -30,7 +37,29 @@ public class DiscordAuthController(
        logger.Debug("Discord user {Username} ({Id}) authenticated with no local account", remoteUser.Username,
            remoteUser.Id);

-        throw new NotImplementedException();
+        var ticket = OauthUtils.RandomToken();
+        await keyCacheSvc.SetKeyAsync($"discord:{ticket}", remoteUser, Duration.FromMinutes(20));
+
+        return Ok(new AuthController.CallbackResponse(false, ticket, remoteUser.Username));
+    }
+
+    [HttpPost("register")]
+    [ProducesResponseType<AuthController.AuthResponse>(StatusCodes.Status200OK)]
+    public async Task<IActionResult> RegisterAsync([FromBody] AuthController.OauthRegisterRequest req)
+    {
+        var remoteUser = await keyCacheSvc.GetKeyAsync<RemoteAuthService.RemoteUser>($"discord:{req.Ticket}");
+        if (remoteUser == null) throw new ApiError.BadRequest("Invalid ticket");
+        if (await db.AuthMethods.AnyAsync(a => a.AuthType == AuthType.Discord && a.RemoteId == remoteUser.Id))
+        {
+            logger.Error("Discord user {Id} has valid ticket but is already linked to an existing account",
+                remoteUser.Id);
+            throw new FoxnounsError("Discord ticket was issued for user with existing link");
+        }
+
+        var user = await authSvc.CreateUserWithRemoteAuthAsync(req.Username, AuthType.Discord, remoteUser.Id,
+            remoteUser.Username);
+
+        return Ok(await GenerateUserTokenAsync(user));
    }

    private async Task<AuthController.AuthResponse> GenerateUserTokenAsync(User user)
--- a/Foxnouns.Backend/Extensions/KeyCacheExtensions.cs
+++ b/Foxnouns.Backend/Extensions/KeyCacheExtensions.cs
@ -0,0 +1,21 @@
+using Foxnouns.Backend.Services;
+using Foxnouns.Backend.Utils;
+using NodaTime;
+
+namespace Foxnouns.Backend.Extensions;
+
+public static class KeyCacheExtensions
+{
+    public static async Task<string> GenerateAuthStateAsync(this KeyCacheService keyCacheSvc)
+    {
+        var state = OauthUtils.RandomToken();
+        await keyCacheSvc.SetKeyAsync($"oauth_state:{state}", "", Duration.FromMinutes(10));
+        return state;
+    }
+
+    public static async Task ValidateAuthStateAsync(this KeyCacheService keyCacheSvc, string state)
+    {
+        var val = await keyCacheSvc.GetKeyAsync($"oauth_state:{state}", delete: true);
+        if (val == null) throw new ApiError.BadRequest("Invalid OAuth state");
+    }
+}
--- a/Foxnouns.Backend/Program.cs
+++ b/Foxnouns.Backend/Program.cs
@ -6,7 +6,6 @@ using Foxnouns.Backend.Services;
 using Microsoft.AspNetCore.Mvc;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Serialization;
-using NodaTime;

 // Read version information from .version in the repository root
 await BuildInfo.ReadBuildInfo();
--- a/Foxnouns.Backend/Services/AuthService.cs
+++ b/Foxnouns.Backend/Services/AuthService.cs
@ -34,6 +34,37 @@ public class AuthService(ILogger logger, DatabaseContext db, ISnowflakeGenerator

        return user;
    }
+    
+    /// <summary>
+    /// Creates a new user with the given username and remote authentication method.
+    /// To create a user with email authentication, use <see cref="CreateUserWithPasswordAsync" />
+    /// This method does <i>not</i> save the resulting user, the caller must still call <see cref="M:Microsoft.EntityFrameworkCore.DbContext.SaveChanges" />.
+    /// </summary>
+    public async Task<User> CreateUserWithRemoteAuthAsync(string username, AuthType authType, string remoteId,
+        string remoteUsername, FediverseApplication? instance = null)
+    {
+        AssertValidAuthType(authType, instance);
+        
+        if (await db.Users.AnyAsync(u => u.Username == username))
+            throw new ApiError.BadRequest("Username is already taken");
+
+        var user = new User
+        {
+            Id = snowflakeGenerator.GenerateSnowflake(),
+            Username = username,
+            AuthMethods =
+            {
+                new AuthMethod
+                {
+                    Id = snowflakeGenerator.GenerateSnowflake(), AuthType = authType, RemoteId = remoteId,
+                    RemoteUsername = remoteUsername, FediverseApplication = instance
+                }
+            }
+        };
+
+        db.Add(user);
+        return user;
+    }

    /// <summary>
    /// Authenticates a user with email and password.
@ -81,10 +112,7 @@ public class AuthService(ILogger logger, DatabaseContext db, ISnowflakeGenerator
    public async Task<User?> AuthenticateUserAsync(AuthType authType, string remoteId,
        FediverseApplication? instance = null)
    {
-        if (authType == AuthType.Fediverse && instance == null)
-            throw new FoxnounsError("Fediverse authentication requires an instance.");
-        if (authType != AuthType.Fediverse && instance != null)
-            throw new FoxnounsError("Non-Fediverse authentication does not require an instance.");
+        AssertValidAuthType(authType, instance);

        return await db.Users.FirstOrDefaultAsync(u =>
            u.AuthMethods.Any(a =>
@ -115,4 +143,12 @@ public class AuthService(ILogger logger, DatabaseContext db, ISnowflakeGenerator

        return (token, hash);
    }
+
+    private static void AssertValidAuthType(AuthType authType, FediverseApplication? instance)
+    {
+        if (authType == AuthType.Fediverse && instance == null)
+            throw new FoxnounsError("Fediverse authentication requires an instance.");
+        if (authType != AuthType.Fediverse && instance != null)
+            throw new FoxnounsError("Non-Fediverse authentication does not require an instance.");
+    }
 }
--- a/Foxnouns.Backend/Services/KeyCacheService.cs
+++ b/Foxnouns.Backend/Services/KeyCacheService.cs
@ -2,6 +2,7 @@ using Foxnouns.Backend.Database;
 using Foxnouns.Backend.Database.Models;
 using Foxnouns.Backend.Utils;
 using Microsoft.EntityFrameworkCore;
+using Newtonsoft.Json;
 using NodaTime;

 namespace Foxnouns.Backend.Services;
@ -42,16 +43,18 @@ public class KeyCacheService(DatabaseContext db, IClock clock, ILogger logger)
        if (count != 0) logger.Information("Removed {Count} expired keys from the database", count);
    }

-    public async Task<string> GenerateAuthStateAsync()
+    public Task SetKeyAsync<T>(string key, T obj, Duration expiresAt) where T : class =>
+        SetKeyAsync(key, obj, clock.GetCurrentInstant() + expiresAt);
+
+    public async Task SetKeyAsync<T>(string key, T obj, Instant expires) where T : class
    {
-        var state = OauthUtils.RandomToken();
-        await SetKeyAsync($"oauth_state:{state}", "", Duration.FromMinutes(10));
-        return state;
+        var value = JsonConvert.SerializeObject(obj);
+        await SetKeyAsync(key, value, expires);
    }

-    public async Task ValidateAuthStateAsync(string state)
+    public async Task<T?> GetKeyAsync<T>(string key, bool delete = false) where T : class
    {
-        var val = await GetKeyAsync($"oauth_state:{state}", delete: true);
-        if (val == null) throw new ApiError.BadRequest("Invalid OAuth state");
+        var value = await GetKeyAsync(key, delete: false);
+        return value == null ? default : JsonConvert.DeserializeObject<T>(value);
    }
 }