100 lines
3.8 KiB
C#
100 lines
3.8 KiB
C#
// Copyright (C) 2023-present sam/u1f320 (vulpine.solutions)
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published
|
|
// by the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
using System.Diagnostics.CodeAnalysis;
|
|
using System.Text.Json.Serialization;
|
|
using System.Web;
|
|
using Foxnouns.Backend.Database;
|
|
using Foxnouns.Backend.Database.Models;
|
|
using Foxnouns.Backend.Extensions;
|
|
using Foxnouns.Backend.Utils;
|
|
using Humanizer;
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
namespace Foxnouns.Backend.Services.Auth;
|
|
|
|
public partial class RemoteAuthService(
|
|
Config config,
|
|
ILogger logger,
|
|
DatabaseContext db,
|
|
KeyCacheService keyCacheService
|
|
)
|
|
{
|
|
private readonly ILogger _logger = logger.ForContext<RemoteAuthService>();
|
|
private readonly HttpClient _httpClient = new();
|
|
|
|
public record RemoteUser(string Id, string Username);
|
|
|
|
[SuppressMessage("ReSharper", "ClassNeverInstantiated.Local")]
|
|
private record OauthTokenResponse(
|
|
[property: JsonPropertyName("access_token")] string AccessToken,
|
|
[property: JsonPropertyName("token_type")] string TokenType
|
|
);
|
|
|
|
/// <summary>
|
|
/// Validates whether a user can still add a new account of the given AuthType, and throws an error if they can't.
|
|
/// </summary>
|
|
/// <param name="userId">The user to check.</param>
|
|
/// <param name="authType">The auth type to check.</param>
|
|
/// <param name="instance">The optional fediverse instance to generate a state for.</param>
|
|
/// <returns>A state for the given auth type and user ID.</returns>
|
|
/// <exception cref="ApiError.BadRequest">The given user can't add another account of this type.
|
|
/// This exception should not be caught by controller code.</exception>
|
|
public async Task<string> ValidateAddAccountRequestAsync(
|
|
Snowflake userId,
|
|
AuthType authType,
|
|
string? instance = null
|
|
)
|
|
{
|
|
int existingAccounts = await db
|
|
.AuthMethods.Where(m => m.UserId == userId && m.AuthType == authType)
|
|
.CountAsync();
|
|
if (existingAccounts > AuthUtils.MaxAuthMethodsPerType)
|
|
{
|
|
throw new ApiError.BadRequest(
|
|
$"Too many linked {authType.Humanize()} accounts, maximum of {AuthUtils.MaxAuthMethodsPerType} per account."
|
|
);
|
|
}
|
|
|
|
return HttpUtility.UrlEncode(
|
|
await keyCacheService.GenerateAddExtraAccountStateAsync(authType, userId, instance)
|
|
);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Checks whether the given state is correct for the given user/auth type combination.
|
|
/// </summary>
|
|
/// <exception cref="ApiError.BadRequest">The state doesn't match.
|
|
/// This exception should not be caught by controller code.</exception>
|
|
public async Task ValidateAddAccountStateAsync(
|
|
string state,
|
|
Snowflake userId,
|
|
AuthType authType,
|
|
string? instance = null
|
|
)
|
|
{
|
|
AddExtraAccountState? accountState = await keyCacheService.GetAddExtraAccountStateAsync(
|
|
state
|
|
);
|
|
if (
|
|
accountState == null
|
|
|| accountState.AuthType != authType
|
|
|| accountState.UserId != userId
|
|
|| (instance != null && accountState.Instance != instance)
|
|
)
|
|
{
|
|
throw new ApiError.BadRequest("Invalid state", "state", state);
|
|
}
|
|
}
|
|
}
|