SharpRSS/SharpRSS.API/Auth/SessionAuthorizeAttribute.cs

using System;
using System.Linq;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using SharpRSS.API.Contracts.Models;
using SharpRSS.API.Data;
using SharpRSS.API.Models;
using ToolQit;
using ToolQit.Extensions;
using ToolQit.Logging;

namespace SharpRSS.API.Auth
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
    public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter
    {
        public SessionAuthorizeAttribute(bool admin = true)
        {
            _admin = admin;
            _log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));
        }
        
        private readonly ILog _log;
        private readonly bool _admin;
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))
                return;
            var authService = context.HttpContext.RequestServices.GetService(typeof(AuthService)) as AuthService;
            if (authService == null)
            {
                context.Result = new UnauthorizedObjectResult(new Result("Failed to initialize service!", ResultStatus.InternalFail));
                return;
            }

            if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out var val))
            {
                string? headerVal = val.ToString();
                if (headerVal == null || headerVal.IsNullEmptyWhiteSpace())
                {
                    context.Result = new UnauthorizedObjectResult(new Result("Invalid session ID"));
                    return;
                }
                var authSetResult = authService.ValidateSession(headerVal).Result;
                if (!authSetResult.Success || authSetResult.Value == null)
                {
                    context.Result = new UnauthorizedResult();
                    return;
                }
                if (authSetResult.Value.Session is { Expired: true })
                {
                    context.Result = new UnauthorizedObjectResult(new Result("Session expired", ResultStatus.Failed));
                    return;
                }
                if (!authSetResult.Value.User.Active)
                {
                    context.Result = new UnauthorizedObjectResult(new Result(
                        "User is not active, contact your administrator to enable this account!", ResultStatus.Failed));
                    return;
                }

                authSetResult.Value.AdminRequired = _admin;
                context.RouteData.Values.Add(nameof(AuthorizationSet), authSetResult.Value);
                return;
            }
            context.Result = new UnauthorizedResult();
        }
    }
}
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`using System;`
			`using System.Linq;`
			`using Microsoft.AspNetCore.Authorization;`
			`using Microsoft.AspNetCore.Mvc;`
			`using Microsoft.AspNetCore.Mvc.Filters;`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`using SharpRSS.API.Contracts.Models;`
			`using SharpRSS.API.Data;`
Implemented simple authorization, with users, groups & sessions. 2023-10-09 21:05:38 +02:00			`using SharpRSS.API.Models;`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`using ToolQit;`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`using ToolQit.Extensions;`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`using ToolQit.Logging;`

			`namespace SharpRSS.API.Auth`
			`{`
			`[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method, AllowMultiple = true, Inherited = true)]`
			`public class SessionAuthorizeAttribute : Attribute, IAuthorizationFilter`
			`{`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`public SessionAuthorizeAttribute(bool admin = true)`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`{`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`_admin = admin;`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`_log = LogManager.CreateLogger(typeof(SessionAuthorizeAttribute));`
			`}`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`private readonly ILog _log;`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`private readonly bool _admin;`
Implemented simple authorization, with users, groups & sessions. 2023-10-09 21:05:38 +02:00			`public void OnAuthorization(AuthorizationFilterContext context)`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`{`
			`if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`return;`
			`var authService = context.HttpContext.RequestServices.GetService(typeof(AuthService)) as AuthService;`
			`if (authService == null)`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`{`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`context.Result = new UnauthorizedObjectResult(new Result("Failed to initialize service!", ResultStatus.InternalFail));`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`return;`
			`}`
Working on auth attribute 2023-09-21 20:51:16 +02:00
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out var val))`
Working on auth attribute 2023-09-21 20:51:16 +02:00			`{`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`string? headerVal = val.ToString();`
			`if (headerVal == null \|\| headerVal.IsNullEmptyWhiteSpace())`
			`{`
			`context.Result = new UnauthorizedObjectResult(new Result("Invalid session ID"));`
			`return;`
			`}`
Implemented simple authorization, with users, groups & sessions. 2023-10-09 21:05:38 +02:00			`var authSetResult = authService.ValidateSession(headerVal).Result;`
			`if (!authSetResult.Success \|\| authSetResult.Value == null)`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`{`
			`context.Result = new UnauthorizedResult();`
			`return;`
			`}`
Implemented simple authorization, with users, groups & sessions. 2023-10-09 21:05:38 +02:00			`if (authSetResult.Value.Session is { Expired: true })`
Implemented groups, sessions & authorization basics. 2023-10-09 01:58:53 +02:00			`{`
			`context.Result = new UnauthorizedObjectResult(new Result("Session expired", ResultStatus.Failed));`
			`return;`
			`}`
Implemented simple authorization, with users, groups & sessions. 2023-10-09 21:05:38 +02:00			`if (!authSetResult.Value.User.Active)`
			`{`
			`context.Result = new UnauthorizedObjectResult(new Result(`
			`"User is not active, contact your administrator to enable this account!", ResultStatus.Failed));`
			`return;`
			`}`

			`authSetResult.Value.AdminRequired = _admin;`
			`context.RouteData.Values.Add(nameof(AuthorizationSet), authSetResult.Value);`
Working on auth attribute 2023-09-21 20:51:16 +02:00			`return;`
			`}`
Working on auth implentation. 2023-09-17 21:41:31 +02:00			`context.Result = new UnauthorizedResult();`
			`}`
			`}`
			`}`