53 lines
1.8 KiB
C#
53 lines
1.8 KiB
C#
using System.Security.Claims;
|
|
using System.Text.Encodings.Web;
|
|
using Femto.Api.Sessions;
|
|
using Femto.Common;
|
|
using Femto.Modules.Auth.Application;
|
|
using Femto.Modules.Auth.Application.Commands.ValidateSession;
|
|
using Femto.Modules.Auth.Errors;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace Femto.Api.Auth;
|
|
|
|
internal class SessionAuthenticationHandler(
|
|
IOptionsMonitor<AuthenticationSchemeOptions> options,
|
|
ILoggerFactory logger,
|
|
UrlEncoder encoder,
|
|
IAuthenticationModule authModule,
|
|
CurrentUserContext currentUserContext
|
|
) : AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
|
|
{
|
|
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
|
|
{
|
|
var sessionId = this.Request.Cookies["session"];
|
|
if (string.IsNullOrWhiteSpace(sessionId))
|
|
return AuthenticateResult.NoResult();
|
|
|
|
try
|
|
{
|
|
var result = await authModule.PostCommand(new ValidateSessionCommand(sessionId));
|
|
|
|
var claims = new List<Claim>
|
|
{
|
|
new(ClaimTypes.Name, result.Username),
|
|
new("sub", result.UserId.ToString()),
|
|
new("user_id", result.UserId.ToString()),
|
|
};
|
|
|
|
var identity = new ClaimsIdentity(claims, this.Scheme.Name);
|
|
var principal = new ClaimsPrincipal(identity);
|
|
|
|
this.Context.SetSession(result.Session);
|
|
currentUserContext.CurrentUser = new CurrentUser(result.UserId, result.Username);
|
|
|
|
return AuthenticateResult.Success(
|
|
new AuthenticationTicket(principal, this.Scheme.Name)
|
|
);
|
|
}
|
|
catch (InvalidSessionError)
|
|
{
|
|
return AuthenticateResult.Fail("Invalid session");
|
|
}
|
|
}
|
|
}
|