Working on auth attribute

This commit is contained in:
Max 2023-09-21 20:51:16 +02:00
parent 8511401bff
commit b114bf3a10
4 changed files with 41 additions and 5 deletions

View File

@ -3,6 +3,7 @@ using System.Linq;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Primitives;
using ToolQit; using ToolQit;
using ToolQit.Logging; using ToolQit.Logging;
@ -24,9 +25,16 @@ namespace SharpRSS.API.Auth
{ {
if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute))) if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))
{ {
context.Result = new OkResult(); //context.Result = new OkResult();
return; return;
} }
if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out StringValues val))
{
//TODO: if no permission check for valid session, if permission check if session has access!
return;
}
//TODO: Check session ID! //TODO: Check session ID!
context.Result = new UnauthorizedResult(); context.Result = new UnauthorizedResult();
} }

View File

@ -1,3 +1,4 @@
using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -28,20 +29,22 @@ namespace SharpRSS.API.Controllers
[HttpPost("[action]")] [HttpPost("[action]")]
[AllowAnonymous] [AllowAnonymous]
public async Task<ActionResult<string>> Authenticate(AuthenticateUser authenticateUser) public async Task<ActionResult<string>> Authenticate(AuthenticateUser authenticateUser)
{ { // Return test result
return Ok("Ok!"); return Ok(new { Expires = DateTime.Now.Add(TimeSpan.FromDays(7)), SessionToken = Guid.NewGuid().ToString(), Released = DateTime.Now });
} }
[HttpPost("user")] [HttpPost("user")]
[SessionAuthorize("auth:user:create")]
public async Task<ActionResult<UserDto>> CreateUser(AuthenticateUser authenticateUser) public async Task<ActionResult<UserDto>> CreateUser(AuthenticateUser authenticateUser)
{ {
Result<User> result = await _authService.CreateUser(authenticateUser); Result<User> result = await _authService.CreateUser(authenticateUser);
if (result.Success) if (result.Success)
return Ok(Models.Auth.User.ToDto(result.Value ?? new User())); return Ok(Models.Auth.User.ToDto(result.Value ?? new User()));
return BadRequest(new ApiResult(result.Message, ApiResults.Error)); return BadRequest(new ApiResult(result.Message, ApiResults.Error));
} }
[HttpGet("user")] [HttpGet("user")]
[SessionAuthorize("auth:user:get")]
public async Task<ActionResult<ApiListResult<IEnumerable<UserDto>>>> GetUsers(int take, int skip) public async Task<ActionResult<ApiListResult<IEnumerable<UserDto>>>> GetUsers(int take, int skip)
{ {
var usersAuth = await _authService.GetUsers(take, skip); var usersAuth = await _authService.GetUsers(take, skip);

View File

@ -0,0 +1,19 @@
using Microsoft.OpenApi.Models;
using Swashbuckle.AspNetCore.SwaggerGen;
namespace SharpRSS.API.Net
{
public class SwaggerSessionHeader : IOperationFilter
{
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
operation.Parameters.Add(new OpenApiParameter()
{
Name = "SRSS-Session",
In = ParameterLocation.Header,
Required = false,
Schema = new OpenApiSchema() { Type = "string" }
});
}
}
}

View File

@ -3,9 +3,11 @@ using System.IO;
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Hosting;
using Microsoft.OpenApi.Models;
using Serilog; using Serilog;
using Serilog.Formatting.Compact; using Serilog.Formatting.Compact;
using SharpRSS.API.Data; using SharpRSS.API.Data;
using SharpRSS.API.Net;
using ToolQit; using ToolQit;
using ToolQit.Logging.Serilog; using ToolQit.Logging.Serilog;
@ -18,7 +20,11 @@ builder.Logging.AddSerilog();
builder.Services.AddControllers(); builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer(); builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(); builder.Services.AddSwaggerGen(con =>
{
con.SwaggerDoc("v1", new OpenApiInfo() { Title = "SharRSS API", Version = "v1"});
con.OperationFilter<SwaggerSessionHeader>();
});
builder.Services.AddScoped<AuthService>(); builder.Services.AddScoped<AuthService>();
builder.Services.AddScoped<SharpRssService>(); builder.Services.AddScoped<SharpRssService>();