bff21ead95
* some groups stuff * further groups rework * fixes for pause changes * adjsut timeout interval * fixes and namespace change to file scoped * more fixes * further implement groups * fix change group ownership * add some more stuff for groups * more fixes and additions * some fixes based on analyzers, add shard info to ui * add discord command, cleanup * fix regex * add group migration and deletion on user deletion * add api method for client to check health of connection * adjust regex for vanity * fixes for server and bot * fixes some string comparison in linq queries * fixes group leave and sets alias to null * fix syntax in changeownership * add better logging, fixes for group leaving * fixes for group leave Co-authored-by: Stanley Dimant <root.darkarchon@outlook.com>
57 lines
2.0 KiB
C#
57 lines
2.0 KiB
C#
using System.Security.Claims;
|
|
using System.Text.Encodings.Web;
|
|
using MareSynchronosServer;
|
|
using MareSynchronosShared.Protos;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Options;
|
|
using ISystemClock = Microsoft.AspNetCore.Authentication.ISystemClock;
|
|
|
|
namespace MareSynchronosShared.Authentication;
|
|
|
|
public class SecretKeyGrpcAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
|
|
{
|
|
public const string AuthScheme = "SecretKeyGrpcAuth";
|
|
|
|
private readonly AuthService.AuthServiceClient _authClient;
|
|
private readonly IHttpContextAccessor _accessor;
|
|
|
|
public SecretKeyGrpcAuthenticationHandler(IHttpContextAccessor accessor, AuthService.AuthServiceClient authClient,
|
|
IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
|
|
{
|
|
this._authClient = authClient;
|
|
_accessor = accessor;
|
|
}
|
|
|
|
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
|
|
{
|
|
if(!Request.Headers.TryGetValue("Authorization", out var authHeader))
|
|
{
|
|
authHeader = string.Empty;
|
|
}
|
|
var ip = _accessor.GetIpAddress();
|
|
|
|
var authResult = await _authClient.AuthorizeAsync(new AuthRequest() {Ip = ip, SecretKey = authHeader}).ConfigureAwait(false);
|
|
|
|
if (!authResult.Success)
|
|
{
|
|
return AuthenticateResult.Fail("Failed Authorization");
|
|
}
|
|
|
|
string uid = authResult.Uid;
|
|
|
|
var claims = new List<Claim>
|
|
{
|
|
new(ClaimTypes.NameIdentifier, uid),
|
|
new(ClaimTypes.Authentication, authHeader)
|
|
};
|
|
|
|
var identity = new ClaimsIdentity(claims, nameof(SecretKeyGrpcAuthenticationHandler));
|
|
var principal = new ClaimsPrincipal(identity);
|
|
var ticket = new AuthenticationTicket(principal, Scheme.Name);
|
|
|
|
return AuthenticateResult.Success(ticket);
|
|
}
|
|
}
|