SharpRSS/SharpRSS.API/Auth/SessionAuthorizeAttribute.cs

70 lines
2.8 KiB
C#
Raw Normal View History

2023-09-17 21:41:31 +02:00
using System;
using System.Linq;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using SharpRSS.API.Contracts.Models;
using SharpRSS.API.Data;
using SharpRSS.API.Models;
2023-09-17 21:41:31 +02:00
using ToolQit;
using ToolQit.Extensions;
2023-09-17 21:41:31 +02:00
using ToolQit.Logging;
namespace SharpRSS.API.Auth
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter
{
public SessionAuthorizeAttribute(bool admin = true)
2023-09-17 21:41:31 +02:00
{
_admin = admin;
2023-09-17 21:41:31 +02:00
_log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));
}
2023-09-17 21:41:31 +02:00
private readonly ILog _log;
private readonly bool _admin;
public void OnAuthorization(AuthorizationFilterContext context)
2023-09-17 21:41:31 +02:00
{
if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))
return;
var authService = context.HttpContext.RequestServices.GetService(typeof(AuthService)) as AuthService;
if (authService == null)
2023-09-17 21:41:31 +02:00
{
context.Result = new UnauthorizedObjectResult(new Result("Failed to initialize service!", ResultStatus.InternalFail));
2023-09-17 21:41:31 +02:00
return;
}
2023-09-21 20:51:16 +02:00
if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out var val))
2023-09-21 20:51:16 +02:00
{
string? headerVal = val.ToString();
if (headerVal == null || headerVal.IsNullEmptyWhiteSpace())
{
context.Result = new UnauthorizedObjectResult(new Result("Invalid session ID"));
return;
}
var authSetResult = authService.ValidateSession(headerVal).Result;
if (!authSetResult.Success || authSetResult.Value == null)
{
context.Result = new UnauthorizedResult();
return;
}
if (authSetResult.Value.Session is { Expired: true })
{
context.Result = new UnauthorizedObjectResult(new Result("Session expired", ResultStatus.Failed));
return;
}
if (!authSetResult.Value.User.Active)
{
context.Result = new UnauthorizedObjectResult(new Result(
"User is not active, contact your administrator to enable this account!", ResultStatus.Failed));
return;
}
authSetResult.Value.AdminRequired = _admin;
context.RouteData.Values.Add(nameof(AuthorizationSet), authSetResult.Value);
2023-09-21 20:51:16 +02:00
return;
}
2023-09-17 21:41:31 +02:00
context.Result = new UnauthorizedResult();
}
}
}