wip

Femto.Api/Auth/SessionAuthenticationHandler.cs

@@ -0,0 +1,53 @@
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using Femto.Api.Sessions;
+using Femto.Common;
+using Femto.Modules.Auth.Application;
+using Femto.Modules.Auth.Application.Commands.ValidateSession;
+using Femto.Modules.Auth.Errors;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Options;
+
+namespace Femto.Api.Auth;
+
+internal class SessionAuthenticationHandler(
+    IOptionsMonitor<AuthenticationSchemeOptions> options,
+    ILoggerFactory logger,
+    UrlEncoder encoder,
+    IAuthenticationModule authModule,
+    CurrentUserContext currentUserContext
+) : AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
+{
+    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+    {
+        var sessionId = this.Request.Cookies["session"];
+        if (string.IsNullOrWhiteSpace(sessionId))
+            return AuthenticateResult.NoResult();
+
+        try
+        {
+            var result = await authModule.PostCommand(new ValidateSessionCommand(sessionId));
+
+            var claims = new List<Claim>
+            {
+                new(ClaimTypes.Name, result.Username),
+                new("sub", result.UserId.ToString()),
+                new("user_id", result.UserId.ToString()),
+            };
+
+            var identity = new ClaimsIdentity(claims, this.Scheme.Name);
+            var principal = new ClaimsPrincipal(identity);
+
+            this.Context.SetSession(result.Session);
+            currentUserContext.CurrentUser = new CurrentUser(result.UserId, result.Username);
+
+            return AuthenticateResult.Success(
+                new AuthenticationTicket(principal, this.Scheme.Name)
+            );
+        }
+        catch (InvalidSessionError)
+        {
+            return AuthenticateResult.Fail("Invalid session");
+        }
+    }
+}