// Copyright (C) 2023-present sam/u1f320 (vulpine.solutions) // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published // by the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . using System.Diagnostics.CodeAnalysis; using System.Web; using Foxnouns.Backend.Database; using Foxnouns.Backend.Database.Models; using Foxnouns.Backend.Extensions; using Foxnouns.Backend.Utils; using Humanizer; using Microsoft.EntityFrameworkCore; namespace Foxnouns.Backend.Services.Auth; public partial class RemoteAuthService( Config config, ILogger logger, DatabaseContext db, KeyCacheService keyCacheService ) { private readonly ILogger _logger = logger.ForContext(); private readonly HttpClient _httpClient = new(); public record RemoteUser(string Id, string Username); /// /// Validates whether a user can still add a new account of the given AuthType, and throws an error if they can't. /// /// The user to check. /// The auth type to check. /// The optional fediverse instance to generate a state for. /// A state for the given auth type and user ID. /// The given user can't add another account of this type. /// This exception should not be caught by controller code. public async Task ValidateAddAccountRequestAsync( Snowflake userId, AuthType authType, string? instance = null ) { int existingAccounts = await db .AuthMethods.Where(m => m.UserId == userId && m.AuthType == authType) .CountAsync(); if (existingAccounts > AuthUtils.MaxAuthMethodsPerType) { throw new ApiError.BadRequest( $"Too many linked {authType.Humanize()} accounts, maximum of {AuthUtils.MaxAuthMethodsPerType} per account." ); } return HttpUtility.UrlEncode( await keyCacheService.GenerateAddExtraAccountStateAsync(authType, userId, instance) ); } /// /// Checks whether the given state is correct for the given user/auth type combination. /// /// The state doesn't match. /// This exception should not be caught by controller code. public async Task ValidateAddAccountStateAsync( string state, Snowflake userId, AuthType authType, string? instance = null ) { AddExtraAccountState? accountState = await keyCacheService.GetAddExtraAccountStateAsync( state ); if ( accountState == null || accountState.AuthType != authType || accountState.UserId != userId || (instance != null && accountState.Instance != instance) ) { throw new ApiError.BadRequest("Invalid state", "state", state); } } }