Reorganized folder structure

2024-09-26 10:20:30 +02:00
parent af7385678f
commit 27088f8217
92 changed files with 16 additions and 31 deletions
--- a/src/HopFrame.Security/Services/IPermissionService.cs
+++ b/src/HopFrame.Security/Services/IPermissionService.cs
@@ -0,0 +1,48 @@
+using HopFrame.Database.Models;
+
+namespace HopFrame.Security.Services;
+
+/// <summary>
+/// permission system:<br/>
+/// - "*" -> all rights<br/>
+/// - "group.[name]" -> group member<br/>
+/// - "[namespace].[name]" -> single permission<br/>
+/// - "[namespace].*" -> all permissions in the namespace
+/// </summary>
+public interface IPermissionService {
+
+    Task<bool> HasPermission(string permission, Guid user);
+
+    Task<IList<PermissionGroup>> GetPermissionGroups();
+
+    Task<PermissionGroup> GetPermissionGroup(string name);
+
+    Task EditPermissionGroup(PermissionGroup group);
+
+    Task<IList<PermissionGroup>> GetUserPermissionGroups(User user);
+
+    Task RemoveGroupFromUser(User user, PermissionGroup group);
+
+    Task<PermissionGroup> CreatePermissionGroup(string name, bool isDefault = false, string description = null);
+
+    Task DeletePermissionGroup(PermissionGroup group);
+
+    Task<Permission> GetPermission(string name, IPermissionOwner owner);
+
+    /// <summary>
+    /// permission system:<br/>
+    /// - "*" -> all rights<br/>
+    /// - "group.[name]" -> group member<br/>
+    /// - "[namespace].[name]" -> single permission<br/>
+    /// - "[namespace].*" -> all permissions in the namespace
+    /// </summary>
+    /// <param name="owner"></param>
+    /// <param name="permission"></param>
+    /// <returns></returns>
+    Task AddPermission(IPermissionOwner owner, string permission);
+
+    Task RemovePermission(Permission permission);
+
+    Task<string[]> GetFullPermissions(string user);
+
+}
--- a/src/HopFrame.Security/Services/IUserService.cs
+++ b/src/HopFrame.Security/Services/IUserService.cs
@@ -0,0 +1,29 @@
+using HopFrame.Database.Models;
+using HopFrame.Security.Models;
+
+namespace HopFrame.Security.Services;
+
+public interface IUserService {
+    Task<IList<User>> GetUsers();
+
+    Task<User> GetUser(Guid userId);
+
+    Task<User> GetUserByEmail(string email);
+
+    Task<User> GetUserByUsername(string username);
+    
+    Task<User> AddUser(UserRegister user);
+
+    /// <summary>
+    /// IMPORTANT:<br/>
+    /// This function does not add or remove any permissions to the user.
+    /// For that please use <see cref="IPermissionService"/>
+    /// </summary>
+    Task UpdateUser(User user);
+
+    Task DeleteUser(User user);
+
+    Task<bool> CheckUserPassword(User user, string password);
+
+    Task ChangePassword(User user, string password);
+}
--- a/src/HopFrame.Security/Services/Implementation/PermissionService.cs
+++ b/src/HopFrame.Security/Services/Implementation/PermissionService.cs
@@ -0,0 +1,178 @@
+using HopFrame.Database;
+using HopFrame.Database.Models;
+using HopFrame.Database.Models.Entries;
+using HopFrame.Security.Authorization;
+using HopFrame.Security.Claims;
+using Microsoft.EntityFrameworkCore;
+
+namespace HopFrame.Security.Services.Implementation;
+
+internal sealed class PermissionService<TDbContext>(TDbContext context, ITokenContext current) : IPermissionService where TDbContext : HopDbContextBase {
+    public async Task<bool> HasPermission(string permission) {
+        return await HasPermission(permission, current.User.Id);
+    }
+
+    public async Task<bool> HasPermissions(params string[] permissions) {
+        var user = current.User.Id.ToString();
+        var perms = await GetFullPermissions(user);
+        
+        foreach (var permission in permissions) {
+            if (!PermissionValidator.IncludesPermission(permission, perms)) return false;
+        }
+
+        return true;
+    }
+
+    public async Task<bool> HasAnyPermission(params string[] permissions) {
+        var user = current.User.Id.ToString();
+        var perms = await GetFullPermissions(user);
+        
+        foreach (var permission in permissions) {
+            if (PermissionValidator.IncludesPermission(permission, perms)) return true;
+        }
+
+        return false;
+    }
+
+    public async Task<bool> HasPermission(string permission, Guid user) {
+        var permissions = await GetFullPermissions(user.ToString());
+
+        return PermissionValidator.IncludesPermission(permission, permissions);
+    }
+
+    public async Task<IList<PermissionGroup>> GetPermissionGroups() {
+        return await context.Groups
+            .Select(group => group.ToPermissionGroup(context))
+            .ToListAsync();
+    }
+
+    public Task<PermissionGroup> GetPermissionGroup(string name) {
+        return context.Groups
+            .Where(group => group.Name == name)
+            .Select(group => group.ToPermissionGroup(context))
+            .SingleOrDefaultAsync();
+    }
+
+    public async Task EditPermissionGroup(PermissionGroup group) {
+        var orig = await context.Groups.SingleOrDefaultAsync(g => g.Name == group.Name);
+        
+        if (orig is null) return;
+
+        var entity = context.Groups.Update(orig);
+
+        entity.Entity.Default = group.IsDefaultGroup;
+        entity.Entity.Description = group.Description;
+
+        await context.SaveChangesAsync();
+    }
+
+    public async Task<IList<PermissionGroup>> GetUserPermissionGroups(User user) {
+        var groups = await context.Groups.ToListAsync();
+        var perms = await GetFullPermissions(user.Id.ToString());
+
+        return groups
+            .Where(group => perms.Contains(group.Name))
+            .Select(group => group.ToPermissionGroup(context))
+            .ToList();
+    }
+
+    public async Task RemoveGroupFromUser(User user, PermissionGroup group) {
+        var entry = await context.Permissions
+            .Where(perm => perm.PermissionText == group.Name && perm.UserId == user.Id.ToString())
+            .SingleOrDefaultAsync();
+        
+        if (entry is null) return;
+
+        context.Permissions.Remove(entry);
+        await context.SaveChangesAsync();
+    }
+
+    public async Task<PermissionGroup> CreatePermissionGroup(string name, bool isDefault = false, string description = null) {
+        var group = new GroupEntry {
+            Name = name,
+            Description = description,
+            Default = isDefault,
+            CreatedAt = DateTime.Now
+        };
+
+        await context.Groups.AddAsync(group);
+
+        if (isDefault) {
+            var users = await context.Users.ToListAsync();
+
+            foreach (var user in users) {
+                await context.Permissions.AddAsync(new PermissionEntry {
+                    GrantedAt = DateTime.Now,
+                    PermissionText = group.Name,
+                    UserId = user.Id
+                });
+            }
+        }
+        
+        await context.SaveChangesAsync();
+
+        return group.ToPermissionGroup(context);
+    }
+
+    public async Task DeletePermissionGroup(PermissionGroup group) {
+        var entry = await context.Groups.SingleOrDefaultAsync(entry => entry.Name == group.Name);
+        context.Groups.Remove(entry);
+
+        var permissions = await context.Permissions
+            .Where(perm => perm.UserId == group.Name || perm.PermissionText == group.Name)
+            .ToListAsync();
+
+        if (permissions.Count > 0) {
+            context.Permissions.RemoveRange(permissions);
+        }
+        
+        await context.SaveChangesAsync();
+    }
+
+    public async Task<Permission> GetPermission(string name, IPermissionOwner owner) {
+        var ownerId = (owner is User user) ? user.Id.ToString() : ((PermissionGroup)owner).Name;
+
+        return await context.Permissions
+            .Where(perm => perm.PermissionText == name && perm.UserId == ownerId)
+            .Select(perm => perm.ToPermissionModel())
+            .SingleOrDefaultAsync();
+    }
+
+    public async Task AddPermission(IPermissionOwner owner, string permission) {
+        var userId = owner is User user ? user.Id.ToString() : (owner as PermissionGroup)?.Name;
+
+        await context.Permissions.AddAsync(new PermissionEntry {
+            UserId = userId,
+            PermissionText = permission,
+            GrantedAt = DateTime.Now
+        });
+        await context.SaveChangesAsync();
+    }
+
+    public async Task RemovePermission(Permission permission) {
+        var entry = await context.Permissions.SingleOrDefaultAsync(entry => entry.RecordId == permission.Id);
+        context.Permissions.Remove(entry);
+        await context.SaveChangesAsync();
+    }
+
+    public async Task<string[]> GetFullPermissions(string user) {
+        var permissions = await context.Permissions
+            .Where(perm => perm.UserId == user)
+            .Select(perm => perm.PermissionText)
+            .ToListAsync();
+
+        var groups = permissions
+            .Where(perm => perm.StartsWith("group."))
+            .ToList();
+
+        var groupPerms = new List<string>();
+        foreach (var group in groups) {
+            var perms = await GetFullPermissions(group);
+            groupPerms.AddRange(perms);
+        }
+        
+        permissions.AddRange(groupPerms);
+
+        return permissions.ToArray();
+    }
+}
--- a/src/HopFrame.Security/Services/Implementation/UserService.cs
+++ b/src/HopFrame.Security/Services/Implementation/UserService.cs
@@ -0,0 +1,128 @@
+using System.Globalization;
+using System.Text;
+using HopFrame.Database;
+using HopFrame.Database.Models;
+using HopFrame.Database.Models.Entries;
+using HopFrame.Security.Models;
+using Microsoft.EntityFrameworkCore;
+
+namespace HopFrame.Security.Services.Implementation;
+
+internal sealed class UserService<TDbContext>(TDbContext context) : IUserService where TDbContext : HopDbContextBase {
+    public async Task<IList<User>> GetUsers() {
+        return await context.Users
+            .Select(user => user.ToUserModel(context))
+            .ToListAsync();
+    }
+
+    public Task<User> GetUser(Guid userId) {
+        var id = userId.ToString();
+        
+        return context.Users
+            .Where(user => user.Id == id)
+            .Select(user => user.ToUserModel(context))
+            .SingleOrDefaultAsync();
+    }
+
+    public Task<User> GetUserByEmail(string email) {
+        return context.Users
+            .Where(user => user.Email == email)
+            .Select(user => user.ToUserModel(context))
+            .SingleOrDefaultAsync();
+    }
+
+    public Task<User> GetUserByUsername(string username) {
+        return context.Users
+            .Where(user => user.Username == username)
+            .Select(user => user.ToUserModel(context))
+            .SingleOrDefaultAsync();
+    }
+
+    public async Task<User> AddUser(UserRegister user) {
+        if (await GetUserByEmail(user.Email) is not null) return null;
+        if (await GetUserByUsername(user.Username) is not null) return null;
+        
+        var entry = new UserEntry {
+            Id = Guid.NewGuid().ToString(),
+            Email = user.Email,
+            Username = user.Username,
+            CreatedAt = DateTime.Now
+        };
+        entry.Password = EncryptionManager.Hash(user.Password, Encoding.Default.GetBytes(entry.CreatedAt.ToString(CultureInfo.InvariantCulture)));
+
+        await context.Users.AddAsync(entry);
+        
+        var defaultGroups = await context.Groups
+            .Where(group => group.Default)
+            .Select(group => "group." + group.Name)
+            .ToListAsync();
+
+        await context.Permissions.AddRangeAsync(defaultGroups.Select(group => new PermissionEntry {
+            GrantedAt = DateTime.Now,
+            PermissionText = group,
+            UserId = entry.Id
+        }));
+        
+        await context.SaveChangesAsync();
+        return entry.ToUserModel(context);
+    }
+
+    public async Task UpdateUser(User user) {
+        var id = user.Id.ToString();
+        var entry = await context.Users
+            .SingleOrDefaultAsync(entry => entry.Id == id);
+        if (entry is null) return;
+
+        entry.Email = user.Email;
+        entry.Username = user.Username;
+
+        await context.SaveChangesAsync();
+    }
+
+    public async Task DeleteUser(User user) {
+        var id = user.Id.ToString();
+        var entry = await context.Users
+            .SingleOrDefaultAsync(entry => entry.Id == id);
+        
+        if (entry is null) return;
+
+        context.Users.Remove(entry);
+
+        var userTokens = await context.Tokens
+            .Where(token => token.UserId == id)
+            .ToArrayAsync();
+        context.Tokens.RemoveRange(userTokens);
+
+        var userPermissions = await context.Permissions
+            .Where(perm => perm.UserId == id)
+            .ToArrayAsync();
+        context.Permissions.RemoveRange(userPermissions);
+
+        context.OnUserDelete(entry);
+        
+        await context.SaveChangesAsync();
+    }
+
+    public async Task<bool> CheckUserPassword(User user, string password) {
+        var id = user.Id.ToString();
+        var hash = EncryptionManager.Hash(password, Encoding.Default.GetBytes(user.CreatedAt.ToString(CultureInfo.InvariantCulture)));
+
+        var entry = await context.Users
+            .Where(entry => entry.Id == id)
+            .SingleOrDefaultAsync();
+
+        return entry.Password == hash;
+    }
+
+    public async Task ChangePassword(User user, string password) {
+        var entry = await context.Users
+            .Where(entry => entry.Id == user.Id.ToString())
+            .SingleOrDefaultAsync();
+        
+        if (entry is null) return;
+        
+        var hash = EncryptionManager.Hash(password, Encoding.Default.GetBytes(user.CreatedAt.ToString(CultureInfo.InvariantCulture)));
+        entry.Password = hash;
+        await context.SaveChangesAsync();
+    }
+}