9eb5967935
* rework server responsibilities add remote configuration * start metrics only when compiled as not debug * add some more logging to discord bot * fixes of some casts * make metrics port configurable, minor fixes * add docker bullshit * md formatting * adjustments to docker stuff * fix docker json files, fix some stuff in discord bot, add /useradd for Discord bot * adjust docker configs and fix sharded.bat * fixes for logs, cache file provider repeat trying to open filestream Co-authored-by: rootdarkarchon <root.darkarchon@outlook.com>
60 lines
2.1 KiB
C#
60 lines
2.1 KiB
C#
using System.Security.Claims;
|
|
using System.Text.Encodings.Web;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace MareSynchronosShared.Authentication;
|
|
|
|
public class SecretKeyAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
|
|
{
|
|
public const string AuthScheme = "SecretKeyGrpcAuth";
|
|
|
|
private readonly IHttpContextAccessor _accessor;
|
|
private readonly SecretKeyAuthenticatorService secretKeyAuthenticatorService;
|
|
|
|
public SecretKeyAuthenticationHandler(IHttpContextAccessor accessor, SecretKeyAuthenticatorService secretKeyAuthenticatorService,
|
|
IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
|
|
{
|
|
_accessor = accessor;
|
|
this.secretKeyAuthenticatorService = secretKeyAuthenticatorService;
|
|
}
|
|
|
|
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
|
|
{
|
|
var endpoint = Context.GetEndpoint();
|
|
if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
|
|
{
|
|
return AuthenticateResult.NoResult();
|
|
}
|
|
|
|
if (!Request.Headers.TryGetValue("Authorization", out var authHeader))
|
|
{
|
|
authHeader = string.Empty;
|
|
}
|
|
|
|
var ip = _accessor.GetIpAddress();
|
|
|
|
var authResult = await secretKeyAuthenticatorService.AuthorizeAsync(ip, authHeader).ConfigureAwait(false);
|
|
|
|
if (!authResult.Success)
|
|
{
|
|
return AuthenticateResult.Fail("Failed Authorization");
|
|
}
|
|
|
|
var claims = new List<Claim>
|
|
{
|
|
new(ClaimTypes.NameIdentifier, authResult.Uid),
|
|
new(ClaimTypes.Authentication, authHeader)
|
|
};
|
|
|
|
var identity = new ClaimsIdentity(claims, nameof(SecretKeyAuthenticationHandler));
|
|
var principal = new ClaimsPrincipal(identity);
|
|
var ticket = new AuthenticationTicket(principal, Scheme.Name);
|
|
|
|
return AuthenticateResult.Success(ticket);
|
|
}
|
|
}
|