botris.social/femto-backend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remember me

Browse source
This commit is contained in:
john 2025-06-21 11:41:53 +02:00
parent dac3acfecf
commit 8629883f88
10 changed files with 278 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

113
Femto.Api/Auth/SessionAuthenticationHandler.cs
View file

@ -3,7 +3,8 @@ using System.Text.Encodings.Web;
using Femto.Api.Sessions;
using Femto.Common;
using Femto.Modules.Auth.Application;
using Femto.Modules.Auth.Application.Services;
using Femto.Modules.Auth.Application.Dto;
using Femto.Modules.Auth.Models;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Options;
@ -20,41 +21,14 @@ internal class SessionAuthenticationHandler(
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
Logger.LogDebug("{TraceId} Authenticating session", this.Context.TraceIdentifier);
var sessionId = this.Context.GetSessionId();
if (sessionId is null)
{
Logger.LogDebug("{TraceId} SessionId was null ", this.Context.TraceIdentifier);
return AuthenticateResult.NoResult();
}
var session = await authService.GetSession(sessionId);
if (session is null)
{
Logger.LogDebug("{TraceId} Loaded session was null ", this.Context.TraceIdentifier);
return await FailAndDeleteSession(sessionId);
}
var user = await this.TryAuthenticateWithSession();
if (session.IsExpired)
{
Logger.LogDebug("{TraceId} Loaded session was expired ", this.Context.TraceIdentifier);
return await FailAndDeleteSession(sessionId);
}
var user = await authService.GetUserWithId(session.UserId);
if (user is null)
user = await this.TryAuthenticateWithRememberMeToken();
if (user is null)
{
return await FailAndDeleteSession(sessionId);
}
if (session.ExpiresSoon)
{
session = await authService.CreateWeakSession(session.UserId);
this.Context.SetSession(session, user);
}
return AuthenticateResult.NoResult();
var claims = new List<Claim>
{
@ -72,10 +46,77 @@ internal class SessionAuthenticationHandler(
return AuthenticateResult.Success(new AuthenticationTicket(principal, this.Scheme.Name));
}
private async Task<AuthenticateResult> FailAndDeleteSession(string sessionId)
private async Task<UserInfo?> TryAuthenticateWithSession()
{
await authService.DeleteSession(sessionId);
this.Context.DeleteSession();
return AuthenticateResult.Fail("invalid session");
var sessionId = this.Context.GetSessionId();
if (sessionId is null)
{
Logger.LogDebug("{TraceId} SessionId was null ", this.Context.TraceIdentifier);
return null;
}
var session = await authService.GetSession(sessionId);
if (session is null)
{
Logger.LogDebug("{TraceId} Loaded session was null ", this.Context.TraceIdentifier);
return null;
}
if (session.IsExpired)
{
Logger.LogDebug("{TraceId} Loaded session was expired ", this.Context.TraceIdentifier);
await authService.DeleteSession(sessionId);
this.Context.DeleteSession();
return null;
}
var user = await authService.GetUserWithId(session.UserId);
if (user is null)
{
await authService.DeleteSession(sessionId);
this.Context.DeleteSession();
return null;
}
if (session.ExpiresSoon)
{
session = await authService.CreateWeakSession(session.UserId);
this.Context.SetSession(session, user);
}
return user;
}
private async Task<UserInfo?> TryAuthenticateWithRememberMeToken()
{
/*
* load remember me from token
* if it is null, return null
* if it exists, validate it
* if it is valid, create a new weak session, return the user
* if it is almost expired, refresh it
*/
var rememberMeToken = this.Context.GetRememberMeToken();
if (rememberMeToken is null)
return null;
var (user, newRememberMeToken) = await authService.GetUserWithRememberMeToken(rememberMeToken);
if (user is null)
return null;
var session = await authService.CreateWeakSession(user.Id);
this.Context.SetSession(session, user);
if (newRememberMeToken is not null)
this.Context.SetRememberMeToken(newRememberMeToken);
return user;
}
}