mirror of
https://github.com/hmaxnl/SharpRSS.git
synced 2025-01-18 12:54:20 +01:00
Working on auth attribute
This commit is contained in:
parent
8511401bff
commit
b114bf3a10
|
@ -3,6 +3,7 @@ using System.Linq;
|
|||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Mvc.Filters;
|
||||
using Microsoft.Extensions.Primitives;
|
||||
using ToolQit;
|
||||
using ToolQit.Logging;
|
||||
|
||||
|
@ -24,9 +25,16 @@ namespace SharpRSS.API.Auth
|
|||
{
|
||||
if (context.ActionDescriptor.EndpointMetadata.Any(obj => obj.GetType() == typeof(AllowAnonymousAttribute)))
|
||||
{
|
||||
context.Result = new OkResult();
|
||||
//context.Result = new OkResult();
|
||||
return;
|
||||
}
|
||||
|
||||
if (context.HttpContext.Request.Headers.TryGetValue("SRSS-Session", out StringValues val))
|
||||
{
|
||||
//TODO: if no permission check for valid session, if permission check if session has access!
|
||||
return;
|
||||
}
|
||||
|
||||
//TODO: Check session ID!
|
||||
context.Result = new UnauthorizedResult();
|
||||
}
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Threading.Tasks;
|
||||
|
@ -28,20 +29,22 @@ namespace SharpRSS.API.Controllers
|
|||
[HttpPost("[action]")]
|
||||
[AllowAnonymous]
|
||||
public async Task<ActionResult<string>> Authenticate(AuthenticateUser authenticateUser)
|
||||
{
|
||||
return Ok("Ok!");
|
||||
{ // Return test result
|
||||
return Ok(new { Expires = DateTime.Now.Add(TimeSpan.FromDays(7)), SessionToken = Guid.NewGuid().ToString(), Released = DateTime.Now });
|
||||
}
|
||||
|
||||
[HttpPost("user")]
|
||||
[SessionAuthorize("auth:user:create")]
|
||||
public async Task<ActionResult<UserDto>> CreateUser(AuthenticateUser authenticateUser)
|
||||
{
|
||||
Result<User> result = await _authService.CreateUser(authenticateUser);
|
||||
if (result.Success)
|
||||
if (result.Success)
|
||||
return Ok(Models.Auth.User.ToDto(result.Value ?? new User()));
|
||||
return BadRequest(new ApiResult(result.Message, ApiResults.Error));
|
||||
}
|
||||
|
||||
[HttpGet("user")]
|
||||
[SessionAuthorize("auth:user:get")]
|
||||
public async Task<ActionResult<ApiListResult<IEnumerable<UserDto>>>> GetUsers(int take, int skip)
|
||||
{
|
||||
var usersAuth = await _authService.GetUsers(take, skip);
|
||||
|
|
19
SharpRSS.API/Net/SwaggerSessionHeader.cs
Normal file
19
SharpRSS.API/Net/SwaggerSessionHeader.cs
Normal file
|
@ -0,0 +1,19 @@
|
|||
using Microsoft.OpenApi.Models;
|
||||
using Swashbuckle.AspNetCore.SwaggerGen;
|
||||
|
||||
namespace SharpRSS.API.Net
|
||||
{
|
||||
public class SwaggerSessionHeader : IOperationFilter
|
||||
{
|
||||
public void Apply(OpenApiOperation operation, OperationFilterContext context)
|
||||
{
|
||||
operation.Parameters.Add(new OpenApiParameter()
|
||||
{
|
||||
Name = "SRSS-Session",
|
||||
In = ParameterLocation.Header,
|
||||
Required = false,
|
||||
Schema = new OpenApiSchema() { Type = "string" }
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
|
@ -3,9 +3,11 @@ using System.IO;
|
|||
using Microsoft.AspNetCore.Builder;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Hosting;
|
||||
using Microsoft.OpenApi.Models;
|
||||
using Serilog;
|
||||
using Serilog.Formatting.Compact;
|
||||
using SharpRSS.API.Data;
|
||||
using SharpRSS.API.Net;
|
||||
using ToolQit;
|
||||
using ToolQit.Logging.Serilog;
|
||||
|
||||
|
@ -18,7 +20,11 @@ builder.Logging.AddSerilog();
|
|||
builder.Services.AddControllers();
|
||||
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
|
||||
builder.Services.AddEndpointsApiExplorer();
|
||||
builder.Services.AddSwaggerGen();
|
||||
builder.Services.AddSwaggerGen(con =>
|
||||
{
|
||||
con.SwaggerDoc("v1", new OpenApiInfo() { Title = "SharRSS API", Version = "v1"});
|
||||
con.OperationFilter<SwaggerSessionHeader>();
|
||||
});
|
||||
builder.Services.AddScoped<AuthService>();
|
||||
builder.Services.AddScoped<SharpRssService>();
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user