1 files changed, 39 insertions, 0 deletions

diff --git a/server/src/Utilities/BasicAuthenticationAttribute.cs b/server/src/Utilities/BasicAuthenticationAttribute.cs
new file mode 100644
index 0000000..0bfd007
--- /dev/null
+++ b/server/src/Utilities/BasicAuthenticationAttribute.cs
@@ -0,0 +1,39 @@
+using System.Net.Http.Headers;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace IOL.GreatOffice.Api.Utilities;
+
+public class BasicAuthenticationAttribute : TypeFilterAttribute
+{
+	public BasicAuthenticationAttribute(string claimPermission) : base(typeof(BasicAuthenticationFilter)) {
+		Arguments = new object[] {
+				new Claim(claimPermission, "True")
+		};
+	}
+}
+
+public class BasicAuthenticationFilter : IAuthorizationFilter
+{
+	private readonly Claim _claim;
+
+	public BasicAuthenticationFilter(Claim claim) {
+		_claim = claim;
+	}
+
+	public void OnAuthorization(AuthorizationFilterContext context) {
+		if (!context.HttpContext.Request.Headers.ContainsKey("Authorization")) return;
+		try {
+			var authHeader = AuthenticationHeaderValue.Parse(context.HttpContext.Request.Headers["Authorization"]);
+			if (authHeader.Parameter is null) {
+				context.Result = new ForbidResult(AppConstants.BASIC_AUTH_SCHEME);
+			}
+
+			var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && c.Value == _claim.Value);
+			if (!hasClaim) {
+				context.Result = new ForbidResult(AppConstants.BASIC_AUTH_SCHEME);
+			}
+		} catch {
+			// ignore
+		}
+	}
+}