Finished database management and user authentication

2024-07-13 16:37:36 +02:00
parent fe5b5d28eb
commit c1ac7f9972
47 changed files with 1620 additions and 0 deletions
--- a/HopFrame.Api/Controller/SecurityController.cs
+++ b/HopFrame.Api/Controller/SecurityController.cs
@@ -0,0 +1,178 @@
+using System.Globalization;
+using System.Text;
+using HopFrame.Api.Logic;
+using HopFrame.Api.Models;
+using HopFrame.Database;
+using HopFrame.Database.Models.Entries;
+using HopFrame.Security.Authentication;
+using HopFrame.Security.Authorization;
+using HopFrame.Security.Claims;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace HopFrame.Api.Controller;
+
+[ApiController]
+[Route("authentication")]
+public class SecurityController<TDbContext>(TDbContext context) : ControllerBase where TDbContext : HopDbContextBase {
+
+    private const string RefreshTokenType = "HopFrame.Security.RefreshToken";
+
+    [HttpPut("login")]
+    public async Task<ILogicResult<SingleValueResult<string>>> Login([FromBody] UserLogin login) {
+        var user = await context.Users.SingleOrDefaultAsync(user => user.Email == login.Email);
+
+        if (user is null)
+            return LogicResult<SingleValueResult<string>>.NotFound("The provided email address was not found");
+
+        var hashedPassword = EncryptionManager.Hash(login.Password, Encoding.Default.GetBytes(user.CreatedAt.ToString(CultureInfo.InvariantCulture)));
+        if (hashedPassword != user.Password)
+            return LogicResult<SingleValueResult<string>>.Forbidden("The provided password is not correct");
+
+        var refreshToken = new TokenEntry {
+            CreatedAt = DateTime.Now,
+            Token = Guid.NewGuid().ToString(),
+            Type = TokenEntry.RefreshTokenType,
+            UserId = user.Id
+        };
+        var accessToken = new TokenEntry {
+            CreatedAt = DateTime.Now,
+            Token = Guid.NewGuid().ToString(),
+            Type = TokenEntry.AccessTokenType,
+            UserId = user.Id
+        };
+        
+        HttpContext.Response.Cookies.Append(RefreshTokenType, refreshToken.Token, new CookieOptions {
+            MaxAge = HopFrameAuthentication<TDbContext>.RefreshTokenTime,
+            HttpOnly = true,
+            Secure = true
+        });
+
+        await context.Tokens.AddRangeAsync(refreshToken, accessToken);
+        await context.SaveChangesAsync();
+
+        return LogicResult<SingleValueResult<string>>.Ok(accessToken.Token);
+    }
+
+    [HttpPost("register")]
+    public async Task<ILogicResult<SingleValueResult<string>>> Register([FromBody] UserRegister register) {
+        //TODO: Validate Password requirements
+        
+        if (await context.Users.AnyAsync(user => user.Username == register.Username || user.Email == register.Email))
+            return LogicResult<SingleValueResult<string>>.Conflict("Username or Email is already registered");
+
+        var user = new UserEntry {
+            CreatedAt = DateTime.Now,
+            Email = register.Email,
+            Username = register.Username,
+            Id = Guid.NewGuid().ToString()
+        };
+        user.Password = EncryptionManager.Hash(register.Password, Encoding.Default.GetBytes(user.CreatedAt.ToString(CultureInfo.InvariantCulture)));
+
+        await context.Users.AddAsync(user);
+        
+        var refreshToken = new TokenEntry {
+            CreatedAt = DateTime.Now,
+            Token = Guid.NewGuid().ToString(),
+            Type = TokenEntry.RefreshTokenType,
+            UserId = user.Id
+        };
+        var accessToken = new TokenEntry {
+            CreatedAt = DateTime.Now,
+            Token = Guid.NewGuid().ToString(),
+            Type = TokenEntry.AccessTokenType,
+            UserId = user.Id
+        };
+        
+        HttpContext.Response.Cookies.Append(RefreshTokenType, refreshToken.Token, new CookieOptions {
+            MaxAge = HopFrameAuthentication<TDbContext>.RefreshTokenTime,
+            HttpOnly = true,
+            Secure = true
+        });
+
+        await context.Tokens.AddRangeAsync(refreshToken, accessToken);
+        await context.SaveChangesAsync();
+
+        return LogicResult<SingleValueResult<string>>.Ok(accessToken.Token);
+    }
+
+    [HttpGet("authenticate")]
+    public async Task<ILogicResult<SingleValueResult<string>>> Authenticate() {
+        var refreshToken = HttpContext.Request.Cookies[RefreshTokenType];
+        
+        if (string.IsNullOrEmpty(refreshToken))
+            return LogicResult<SingleValueResult<string>>.Conflict("Refresh token not provided");
+
+        var token = await context.Tokens.SingleOrDefaultAsync(token => token.Token == refreshToken && token.Type == TokenEntry.RefreshTokenType);
+        
+        if (token is null)
+            return LogicResult<SingleValueResult<string>>.NotFound("Refresh token not valid");
+
+        if (token.CreatedAt + HopFrameAuthentication<TDbContext>.RefreshTokenTime < DateTime.Now)
+            return LogicResult<SingleValueResult<string>>.Conflict("Refresh token is expired");
+
+        var accessToken = new TokenEntry {
+            CreatedAt = DateTime.Now,
+            Token = Guid.NewGuid().ToString(),
+            Type = TokenEntry.AccessTokenType,
+            UserId = token.UserId
+        };
+
+        await context.Tokens.AddAsync(accessToken);
+        await context.SaveChangesAsync();
+        
+        return LogicResult<SingleValueResult<string>>.Ok(accessToken.Token);
+    }
+
+    [HttpDelete("logout"), Authorized]
+    public async Task<ILogicResult> Logout() {
+        var accessToken = HttpContext.User.GetAccessTokenId();
+        var refreshToken = HttpContext.Request.Cookies[RefreshTokenType];
+        
+        if (string.IsNullOrEmpty(accessToken) || string.IsNullOrEmpty(refreshToken))
+            return LogicResult.Conflict("access or refresh token not provided");
+
+        var tokenEntries = await context.Tokens.Where(token =>
+                (token.Token == accessToken && token.Type == TokenEntry.AccessTokenType) ||
+                (token.Token == refreshToken && token.Type == TokenEntry.RefreshTokenType))
+            .ToArrayAsync();
+        
+        if (tokenEntries.Length != 2)
+            return LogicResult.NotFound("One or more of the provided tokens was not found");
+
+        context.Tokens.Remove(tokenEntries[0]);
+        context.Tokens.Remove(tokenEntries[1]);
+        await context.SaveChangesAsync();
+        
+        HttpContext.Response.Cookies.Delete(RefreshTokenType);
+        
+        return LogicResult.Ok();
+    }
+
+    [HttpDelete("delete"), Authorized]
+    public async Task<ILogicResult> Delete([FromBody] UserLogin login) {
+        var token = HttpContext.User.GetAccessTokenId();
+        var userId = (await context.Tokens.SingleOrDefaultAsync(t => t.Token == token && t.Type == TokenEntry.AccessTokenType))?.UserId;
+
+        if (string.IsNullOrEmpty(userId))
+            return LogicResult.NotFound("Access token does not match any user");
+
+        var user = await context.Users.SingleAsync(user => user.Id == userId);
+        
+        var password = EncryptionManager.Hash(login.Password, Encoding.Default.GetBytes(user.CreatedAt.ToString(CultureInfo.InvariantCulture)));
+        if (user.Password != password)
+            return LogicResult.Forbidden("The provided password is not correct");
+
+        var tokens = await context.Tokens.Where(t => t.UserId == userId).ToArrayAsync();
+        
+        context.Tokens.RemoveRange(tokens);
+        context.Users.Remove(user);
+        await context.SaveChangesAsync();
+        
+        HttpContext.Response.Cookies.Delete(RefreshTokenType);
+
+        return LogicResult.Ok();
+    }
+    
+}
--- a/HopFrame.Api/ControllerExtensions.cs
+++ b/HopFrame.Api/ControllerExtensions.cs
@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace HopFrame.Api;
+
+public static class ControllerExtensions {
+
+    public static IMvcBuilder AddController<TController>(this IMvcBuilder builder) where TController : ControllerBase {
+        return builder.AddApplicationPart(typeof(TController).Assembly);
+    }
+    
+}
--- a/HopFrame.Api/EncryptionManager.cs
+++ b/HopFrame.Api/EncryptionManager.cs
@@ -0,0 +1,17 @@
+using Microsoft.AspNetCore.Cryptography.KeyDerivation;
+
+namespace HopFrame.Api;
+
+public static class EncryptionManager {
+
+    public static string Hash(string input, byte[] salt, KeyDerivationPrf method = KeyDerivationPrf.HMACSHA256) {
+        return Convert.ToBase64String(KeyDerivation.Pbkdf2(
+            password: input,
+            salt: salt,
+            prf: method,
+            iterationCount: 100000,
+            numBytesRequested: 256 / 8
+        ));
+    }
+    
+}
--- a/HopFrame.Api/HopFrame.Api.csproj
+++ b/HopFrame.Api/HopFrame.Api.csproj
@@ -0,0 +1,15 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>net8.0</TargetFramework>
+        <LangVersion>latest</LangVersion>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <Nullable>disable</Nullable>
+    </PropertyGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\HopFrame.Database\HopFrame.Database.csproj" />
+      <ProjectReference Include="..\HopFrame.Security\HopFrame.Security.csproj" />
+    </ItemGroup>
+
+</Project>
--- a/HopFrame.Api/Logic/ControllerBaseExtension.cs
+++ b/HopFrame.Api/Logic/ControllerBaseExtension.cs
@@ -0,0 +1,50 @@
+using System.Net;
+using Microsoft.AspNetCore.Mvc;
+
+namespace HopFrame.Api.Logic;
+
+public static class ControllerBaseExtension {
+    public static ActionResult FromLogicResult(this ControllerBase controller, ILogicResult result) {
+        switch (result.State) {
+            case LogicResultState.Ok:
+                return controller.Ok();
+
+            case LogicResultState.BadRequest:
+                return controller.StatusCode((int)HttpStatusCode.BadRequest, result.Message);
+
+            case LogicResultState.Forbidden:
+                return controller.StatusCode((int)HttpStatusCode.Forbidden, result.Message);
+
+            case LogicResultState.NotFound:
+                return controller.StatusCode((int)HttpStatusCode.NotFound, result.Message);
+
+            case LogicResultState.Conflict:
+                return controller.StatusCode((int)HttpStatusCode.Conflict, result.Message);
+
+            default:
+                throw new Exception("An unhandled result has occurred as a result of a service call.");
+        }
+    }
+
+    public static ActionResult FromLogicResult<T>(this ControllerBase controller, ILogicResult<T> result) {
+        switch (result.State) {
+            case LogicResultState.Ok:
+                return controller.Ok(result.Data);
+
+            case LogicResultState.BadRequest:
+                return controller.StatusCode((int)HttpStatusCode.BadRequest, result.Message);
+
+            case LogicResultState.Forbidden:
+                return controller.StatusCode((int)HttpStatusCode.Forbidden, result.Message);
+
+            case LogicResultState.NotFound:
+                return controller.StatusCode((int)HttpStatusCode.NotFound, result.Message);
+
+            case LogicResultState.Conflict:
+                return controller.StatusCode((int)HttpStatusCode.Conflict, result.Message);
+
+            default:
+                throw new Exception("An unhandled result has occurred as a result of a service call.");
+        }
+    }
+}
--- a/HopFrame.Api/Logic/ILogicResult.cs
+++ b/HopFrame.Api/Logic/ILogicResult.cs
@@ -0,0 +1,19 @@
+namespace HopFrame.Api.Logic;
+
+public interface ILogicResult {
+    LogicResultState State { get; set; }
+
+    string Message { get; set; }
+
+    bool IsSuccessful { get; }
+}
+
+public interface ILogicResult<T> {
+    LogicResultState State { get; set; }
+
+    T Data { get; set; }
+
+    string Message { get; set; }
+
+    bool IsSuccessful { get; }
+}
--- a/HopFrame.Api/Logic/LogicResult.cs
+++ b/HopFrame.Api/Logic/LogicResult.cs
@@ -0,0 +1,170 @@
+namespace HopFrame.Api.Logic;
+
+public class LogicResult : ILogicResult {
+    public LogicResultState State { get; set; }
+
+    public string Message { get; set; }
+
+    public bool IsSuccessful => State == LogicResultState.Ok;
+
+    public static LogicResult Ok() {
+        return new LogicResult() {
+            State = LogicResultState.Ok
+        };
+    }
+
+    public static LogicResult BadRequest() {
+        return new LogicResult() {
+            State = LogicResultState.BadRequest
+        };
+    }
+
+    public static LogicResult BadRequest(string message) {
+        return new LogicResult() {
+            State = LogicResultState.BadRequest,
+            Message = message
+        };
+    }
+
+    public static LogicResult Forbidden() {
+        return new LogicResult() {
+            State = LogicResultState.Forbidden
+        };
+    }
+
+    public static LogicResult Forbidden(string message) {
+        return new LogicResult() {
+            State = LogicResultState.Forbidden,
+            Message = message
+        };
+    }
+
+    public static LogicResult NotFound() {
+        return new LogicResult() {
+            State = LogicResultState.NotFound
+        };
+    }
+
+    public static LogicResult NotFound(string message) {
+        return new LogicResult() {
+            State = LogicResultState.NotFound,
+            Message = message
+        };
+    }
+
+    public static LogicResult Conflict() {
+        return new LogicResult() {
+            State = LogicResultState.Conflict
+        };
+    }
+
+    public static LogicResult Conflict(string message) {
+        return new LogicResult() {
+            State = LogicResultState.Conflict,
+            Message = message
+        };
+    }
+
+    public static LogicResult Forward(LogicResult result) {
+        return new LogicResult() {
+            State = result.State,
+            Message = result.Message
+        };
+    }
+
+    public static LogicResult Forward<T>(ILogicResult<T> result) {
+        return new LogicResult() {
+            State = result.State,
+            Message = result.Message
+        };
+    }
+}
+
+public class LogicResult<T> : ILogicResult<T> {
+    public LogicResultState State { get; set; }
+
+    public T Data { get; set; }
+
+    public string Message { get; set; }
+
+    public bool IsSuccessful => State == LogicResultState.Ok;
+
+    public static LogicResult<T> Ok() {
+        return new LogicResult<T>() {
+            State = LogicResultState.Ok
+        };
+    }
+
+    public static LogicResult<T> Ok(T result) {
+        return new LogicResult<T>() {
+            State = LogicResultState.Ok,
+            Data = result
+        };
+    }
+
+    public static LogicResult<T> BadRequest() {
+        return new LogicResult<T>() {
+            State = LogicResultState.BadRequest
+        };
+    }
+
+    public static LogicResult<T> BadRequest(string message) {
+        return new LogicResult<T>() {
+            State = LogicResultState.BadRequest,
+            Message = message
+        };
+    }
+
+    public static LogicResult<T> Forbidden() {
+        return new LogicResult<T>() {
+            State = LogicResultState.Forbidden
+        };
+    }
+
+    public static LogicResult<T> Forbidden(string message) {
+        return new LogicResult<T>() {
+            State = LogicResultState.Forbidden,
+            Message = message
+        };
+    }
+
+    public static LogicResult<T> NotFound() {
+        return new LogicResult<T>() {
+            State = LogicResultState.NotFound
+        };
+    }
+
+    public static LogicResult<T> NotFound(string message) {
+        return new LogicResult<T>() {
+            State = LogicResultState.NotFound,
+            Message = message
+        };
+    }
+
+    public static LogicResult<T> Conflict() {
+        return new LogicResult<T>() {
+            State = LogicResultState.Conflict
+        };
+    }
+
+    public static LogicResult<T> Conflict(string message) {
+        return new LogicResult<T>() {
+            State = LogicResultState.Conflict,
+            Message = message
+        };
+    }
+
+    public static LogicResult<T> Forward(ILogicResult result) {
+        return new LogicResult<T>() {
+            State = result.State,
+            Message = result.Message
+        };
+    }
+
+    public static LogicResult<T> Forward<T2>(ILogicResult<T2> result) {
+        return new LogicResult<T>() {
+            State = result.State,
+            Message = result.Message
+        };
+    }
+}
--- a/HopFrame.Api/Logic/LogicResultState.cs
+++ b/HopFrame.Api/Logic/LogicResultState.cs
@@ -0,0 +1,9 @@
+namespace HopFrame.Api.Logic;
+
+public enum LogicResultState {
+    Ok,
+    BadRequest,
+    Forbidden,
+    NotFound,
+    Conflict
+}
--- a/HopFrame.Api/Models/SingleValueResult.cs
+++ b/HopFrame.Api/Models/SingleValueResult.cs
@@ -0,0 +1,13 @@
+namespace HopFrame.Api.Models;
+
+public struct SingleValueResult<T>(T value) {
+    public T Value { get; set; } = value;
+
+    public static implicit operator T(SingleValueResult<T> v) {
+        return v.Value;
+    }
+
+    public static implicit operator SingleValueResult<T>(T v) {
+        return new SingleValueResult<T>(v);
+    }
+}
--- a/HopFrame.Api/Models/UserLogin.cs
+++ b/HopFrame.Api/Models/UserLogin.cs
@@ -0,0 +1,6 @@
+namespace HopFrame.Api.Models;
+
+public struct UserLogin {
+    public string Email { get; set; }
+    public string Password { get; set; }
+}
--- a/HopFrame.Api/Models/UserRegister.cs
+++ b/HopFrame.Api/Models/UserRegister.cs
@@ -0,0 +1,7 @@
+namespace HopFrame.Api.Models;
+
+public struct UserRegister {
+    public string Username { get; set; }
+    public string Email { get; set; }
+    public string Password { get; set; }
+}