Finished database management and user authentication

2024-07-13 16:37:36 +02:00
parent fe5b5d28eb
commit c1ac7f9972
47 changed files with 1620 additions and 0 deletions
--- a/HopFrame.Security/Authentication/HopFrameAuthentication.cs
+++ b/HopFrame.Security/Authentication/HopFrameAuthentication.cs
@@ -0,0 +1,56 @@
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using HopFrame.Database;
+using HopFrame.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
+
+namespace HopFrame.Security.Authentication;
+
+public class HopFrameAuthentication<TDbContext> : AuthenticationHandler<AuthenticationSchemeOptions> where TDbContext : HopDbContextBase {
+
+    public const string SchemeName = "HopCore.Authentication";
+    public static readonly TimeSpan AccessTokenTime = new(0, 0, 5, 0);
+    public static readonly TimeSpan RefreshTokenTime = new(30, 0, 0, 0);
+
+    private readonly TDbContext _context;
+
+    public HopFrameAuthentication(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger,
+        UrlEncoder encoder, ISystemClock clock, TDbContext context) : base(options, logger, encoder, clock) {
+        _context = context;
+    }
+    
+    protected override async Task<AuthenticateResult> HandleAuthenticateAsync() {
+        var accessToken = Request.Headers["Authorization"].ToString();
+        if (string.IsNullOrEmpty(accessToken)) return AuthenticateResult.Fail("No Access Token provided");
+        
+        var tokenEntry = await _context.Tokens.SingleOrDefaultAsync(token => token.Token == accessToken);
+        
+        if (tokenEntry is null) return AuthenticateResult.Fail("The provided Access Token does not exist");
+        if (tokenEntry.CreatedAt + AccessTokenTime < DateTime.Now) return AuthenticateResult.Fail("The provided Access Token is expired");
+        
+        if (!(await _context.Users.AnyAsync(user => user.Id == tokenEntry.UserId)))
+            return AuthenticateResult.Fail("The provided Access Token does not match any user");
+
+        var claims = new List<Claim> {
+            new(HopFrameClaimTypes.AccessTokenId, accessToken),
+            new(HopFrameClaimTypes.UserId, tokenEntry.UserId.ToString())
+        };
+
+        var permissions = await _context.Permissions
+            .Where(perm => perm.UserId == tokenEntry.UserId)
+            .Select(perm => perm.PermissionText)
+            .ToListAsync();
+        
+        claims.AddRange(permissions.Select(perm => new Claim(HopFrameClaimTypes.Permission, perm)));
+
+        var principal = new ClaimsPrincipal();
+        principal.AddIdentity(new ClaimsIdentity(claims, SchemeName));
+        return AuthenticateResult.Success(new AuthenticationTicket(principal, Scheme.Name));
+    }
+    
+}