Hydra/Hydra.Backend/Utils/AuthUtils.cs

using System.Security.Cryptography;
using Hydra.Backend.Database.Models;

namespace Hydra.Backend.Utils;

public static class AuthUtils
{
    public const string ClientCredentials = "client_credentials";
    public const string AuthorizationCode = "authorization_code";
    private static readonly string[] ForbiddenSchemes = ["javascript", "file", "data", "mailto", "tel"];

    // TODO: add actual scopes
    public static readonly string[] Scopes = ["*"];

    public static bool ValidateScopes(Application application, string[] scopes)
    {
        return !scopes.Except(application.Scopes).Any();
    }

    public static bool ValidateRedirectUri(string uri)
    {
        try
        {
            var scheme = new Uri(uri).Scheme;
            return !ForbiddenSchemes.Contains(scheme);
        }
        catch
        {
            return false;
        }
    }

    public static bool TryFromBase64String(string b64, out byte[] bytes)
    {
        try
        {
            bytes = Convert.FromBase64String(b64);
            return true;
        }
        catch
        {
            bytes = [];
            return false;
        }
    }

    public static string RandomToken(int bytes = 48) =>
        Convert.ToBase64String(RandomNumberGenerator.GetBytes(bytes)).Trim('=');

    public const int MaxAuthMethodsPerType = 3; // Maximum of 3 Discord accounts, 3 emails, etc
}