diff options
| author | ivarlovlie <git@ivarlovlie.no> | 2022-01-22 22:43:38 +0100 |
|---|---|---|
| committer | ivarlovlie <git@ivarlovlie.no> | 2022-01-22 22:43:38 +0100 |
| commit | 88110f536f9c3843ecf5016122e101f8a424af77 (patch) | |
| tree | e8be4e77ccfb5ad37f49f89adad59ff12b4c85ea /src/server/Utilities/BasicAuthenticationHandler.cs | |
| download | bookmark-thing-88110f536f9c3843ecf5016122e101f8a424af77.tar.xz bookmark-thing-88110f536f9c3843ecf5016122e101f8a424af77.zip | |
Initial commit
Diffstat (limited to 'src/server/Utilities/BasicAuthenticationHandler.cs')
| -rw-r--r-- | src/server/Utilities/BasicAuthenticationHandler.cs | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/server/Utilities/BasicAuthenticationHandler.cs b/src/server/Utilities/BasicAuthenticationHandler.cs new file mode 100644 index 0000000..7961b82 --- /dev/null +++ b/src/server/Utilities/BasicAuthenticationHandler.cs @@ -0,0 +1,49 @@ +using System.Net.Http.Headers; +using System.Text; +using System.Text.Encodings.Web; +using Microsoft.Extensions.Options; + +namespace IOL.BookmarkThing.Server.Utilities; + +public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions> +{ + private readonly AppDbContext _context; + + public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, AppDbContext context) : + base(options, logger, encoder, clock) { + _context = context; + } + + protected override Task<AuthenticateResult> HandleAuthenticateAsync() { + var endpoint = Context.GetEndpoint(); + if (endpoint?.Metadata.GetMetadata<IAllowAnonymous>() != null) + return Task.FromResult(AuthenticateResult.NoResult()); + + if (!Request.Headers.ContainsKey("Authorization")) + return Task.FromResult(AuthenticateResult.Fail("Missing Authorization Header")); + + try { + var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]); + if (authHeader.Parameter == null) return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header")); + var credentialBytes = Convert.FromBase64String(authHeader.Parameter); + var token_is_guid = Guid.TryParse(Encoding.UTF8.GetString(credentialBytes), out var token_id); + if (token_is_guid) { + var token = _context.AccessTokens.Include(c => c.User).SingleOrDefault(c => c.Id == token_id); + if (token == default) { + return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header")); + } + + var claims = token.User.DefaultClaims(); + var identity = new ClaimsIdentity(claims, Scheme.Name); + var principal = new ClaimsPrincipal(identity); + var ticket = new AuthenticationTicket(principal, Scheme.Name); + + return Task.FromResult(AuthenticateResult.Success(ticket)); + } + + return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header")); + } catch { + return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header")); + } + } +} |