From 88110f536f9c3843ecf5016122e101f8a424af77 Mon Sep 17 00:00:00 2001
From: ivarlovlie <git@ivarlovlie.no>
Date: Sat, 22 Jan 2022 22:43:38 +0100
Subject: Initial commit

---
 src/server/Utilities/BasicAuthenticationHandler.cs | 49 ++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 src/server/Utilities/BasicAuthenticationHandler.cs

(limited to 'src/server/Utilities/BasicAuthenticationHandler.cs')

diff --git a/src/server/Utilities/BasicAuthenticationHandler.cs b/src/server/Utilities/BasicAuthenticationHandler.cs
new file mode 100644
index 0000000..7961b82
--- /dev/null
+++ b/src/server/Utilities/BasicAuthenticationHandler.cs
@@ -0,0 +1,49 @@
+using System.Net.Http.Headers;
+using System.Text;
+using System.Text.Encodings.Web;
+using Microsoft.Extensions.Options;
+
+namespace IOL.BookmarkThing.Server.Utilities;
+
+public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+{
+	private readonly AppDbContext _context;
+
+	public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, AppDbContext context) :
+			base(options, logger, encoder, clock) {
+		_context = context;
+	}
+
+	protected override Task<AuthenticateResult> HandleAuthenticateAsync() {
+		var endpoint = Context.GetEndpoint();
+		if (endpoint?.Metadata.GetMetadata<IAllowAnonymous>() != null)
+			return Task.FromResult(AuthenticateResult.NoResult());
+
+		if (!Request.Headers.ContainsKey("Authorization"))
+			return Task.FromResult(AuthenticateResult.Fail("Missing Authorization Header"));
+
+		try {
+			var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
+			if (authHeader.Parameter == null) return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
+			var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
+			var token_is_guid = Guid.TryParse(Encoding.UTF8.GetString(credentialBytes), out var token_id);
+			if (token_is_guid) {
+				var token = _context.AccessTokens.Include(c => c.User).SingleOrDefault(c => c.Id == token_id);
+				if (token == default) {
+					return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
+				}
+
+				var claims = token.User.DefaultClaims();
+				var identity = new ClaimsIdentity(claims, Scheme.Name);
+				var principal = new ClaimsPrincipal(identity);
+				var ticket = new AuthenticationTicket(principal, Scheme.Name);
+
+				return Task.FromResult(AuthenticateResult.Success(ticket));
+			}
+
+			return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
+		} catch {
+			return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
+		}
+	}
+}
-- 
cgit v1.3