From e972610aed99f70de3f7fce8a8a648d58a21fdf9 Mon Sep 17 00:00:00 2001
From: ivarlovlie <git@ivarlovlie.no>
Date: Sat, 4 Jun 2022 21:28:13 +0200
Subject: refactor: Use Vault to get configuration

---
 server/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs | 11 ++++++-----
 server/src/Program.cs                                 |  4 ++--
 server/src/Utilities/BasicAuthenticationHandler.cs    | 18 +++++++++---------
 3 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/server/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs b/server/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs
index e8abbf8..3e19626 100644
--- a/server/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs
+++ b/server/src/Endpoints/V1/ApiTokens/CreateTokenRoute.cs
@@ -1,16 +1,17 @@
 using System.Text;
+using Microsoft.Extensions.Options;
 
 namespace IOL.GreatOffice.Api.Endpoints.V1.ApiTokens;
 
 public class CreateTokenRoute : RouteBaseSync.WithRequest<ApiAccessToken.ApiAccessTokenDto>.WithActionResult
 {
 	private readonly AppDbContext _context;
-	private readonly IConfiguration _configuration;
+	private readonly AppConfiguration _configuration;
 	private readonly ILogger<CreateTokenRoute> _logger;
 
-	public CreateTokenRoute(AppDbContext context, IConfiguration configuration, ILogger<CreateTokenRoute> logger) {
+	public CreateTokenRoute(AppDbContext context, IOptions<AppConfiguration> configuration, ILogger<CreateTokenRoute> logger) {
 		_context = context;
-		_configuration = configuration;
+		_configuration = configuration.Value;
 		_logger = logger;
 	}
 
@@ -29,9 +30,9 @@ public class CreateTokenRoute : RouteBaseSync.WithRequest<ApiAccessToken.ApiAcce
 			return NotFound(new ErrorResult("User does not exist"));
 		}
 
-		var token_entropy = _configuration.GetValue<string>("TOKEN_ENTROPY");
+		var token_entropy = _configuration.APP_AES_KEY;
 		if (token_entropy.IsNullOrWhiteSpace()) {
-			_logger.LogWarning("No token entropy is available in env:TOKEN_ENTROPY, Basic auth is disabled");
+			_logger.LogWarning("No token entropy is available, Basic auth is disabled");
 			return NotFound();
 		}
 
diff --git a/server/src/Program.cs b/server/src/Program.cs
index d6e8929..e6e8369 100644
--- a/server/src/Program.cs
+++ b/server/src/Program.cs
@@ -143,8 +143,8 @@ public static class Program
 						   };
 			   })
 			   .AddGitHub(options => {
-				   options.ClientSecret = builder.Configuration.GetValue<string>(configuration.GITHUB_CLIENT_SECRET);
-				   options.ClientId = builder.Configuration.GetValue<string>(configuration.GITHUB_CLIENT_ID);
+				   options.ClientSecret = configuration.GITHUB_CLIENT_SECRET;
+				   options.ClientId = configuration.GITHUB_CLIENT_ID;
 				   options.SaveTokens = true;
 				   options.CorrelationCookie.Name = "gh_correlation";
 				   options.CorrelationCookie.SameSite = SameSiteMode.Lax;
diff --git a/server/src/Utilities/BasicAuthenticationHandler.cs b/server/src/Utilities/BasicAuthenticationHandler.cs
index 2b9d9ef..1793c95 100644
--- a/server/src/Utilities/BasicAuthenticationHandler.cs
+++ b/server/src/Utilities/BasicAuthenticationHandler.cs
@@ -8,7 +8,7 @@ namespace IOL.GreatOffice.Api.Utilities;
 public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 {
 	private readonly AppDbContext _context;
-	private readonly IConfiguration _configuration;
+	private readonly AppConfiguration _configuration;
 	private readonly ILogger<BasicAuthenticationHandler> _logger;
 
 	public BasicAuthenticationHandler(
@@ -17,11 +17,11 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
 			UrlEncoder encoder,
 			ISystemClock clock,
 			AppDbContext context,
-			IConfiguration configuration
+			IOptions<AppConfiguration> configuration
 	) :
 			base(options, logger, encoder, clock) {
 		_context = context;
-		_configuration = configuration;
+		_configuration = configuration.Value;
 		_logger = logger.CreateLogger<BasicAuthenticationHandler>();
 	}
 
@@ -34,8 +34,8 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
 			return Task.FromResult(AuthenticateResult.Fail("Missing Authorization Header"));
 
 		try {
-			var token_entropy = _configuration.GetValue<string>("TOKEN_ENTROPY");
-			if (token_entropy.IsNullOrWhiteSpace()) {
+			var tokenEntropy = _configuration.APP_AES_KEY;
+			if (tokenEntropy.IsNullOrWhiteSpace()) {
 				_logger.LogWarning("No token entropy is available in env:TOKEN_ENTROPY, Basic auth is disabled");
 				return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
 			}
@@ -43,14 +43,14 @@ public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSc
 			var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
 			if (authHeader.Parameter == null) return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
 			var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
-			var decrypted_string = Encoding.UTF8.GetString(credentialBytes).DecryptWithAes(token_entropy);
-			var token_is_guid = Guid.TryParse(decrypted_string, out var token_id);
+			var decryptedString = Encoding.UTF8.GetString(credentialBytes).DecryptWithAes(tokenEntropy);
+			var tokenIsGuid = Guid.TryParse(decryptedString, out var tokenId);
 
-			if (!token_is_guid) {
+			if (!tokenIsGuid) {
 				return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header"));
 			}
 
-			var token = _context.AccessTokens.Include(c => c.User).SingleOrDefault(c => c.Id == token_id);
+			var token = _context.AccessTokens.Include(c => c.User).SingleOrDefault(c => c.Id == tokenId);
 			if (token == default) {
 				return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header: Not Found"));
 			}
-- 
cgit v1.3