129 lines
3.8 KiB
C#
129 lines
3.8 KiB
C#
using System.Security.Claims;
|
|
using System.Text.Encodings.Web;
|
|
using Femto.Api.Sessions;
|
|
using Femto.Common;
|
|
using Femto.Modules.Auth.Application;
|
|
using Femto.Modules.Auth.Application.Dto;
|
|
using Femto.Modules.Auth.Contracts;
|
|
using Femto.Modules.Auth.Models;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace Femto.Api.Auth;
|
|
|
|
internal class SessionAuthenticationHandler(
|
|
IOptionsMonitor<AuthenticationSchemeOptions> options,
|
|
ILoggerFactory logger,
|
|
UrlEncoder encoder,
|
|
IAuthService authService,
|
|
CurrentUserContext currentUserContext
|
|
) : AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
|
|
{
|
|
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
|
|
{
|
|
Logger.LogDebug("{TraceId} Authenticating session", this.Context.TraceIdentifier);
|
|
|
|
var user = await this.TryAuthenticateWithSession();
|
|
|
|
if (user is null)
|
|
user = await this.TryAuthenticateWithRememberMeToken();
|
|
|
|
if (user is null)
|
|
return AuthenticateResult.NoResult();
|
|
|
|
var claims = new List<Claim>
|
|
{
|
|
new(ClaimTypes.Name, user.Username),
|
|
new("sub", user.Id.ToString()),
|
|
new("user_id", user.Id.ToString()),
|
|
};
|
|
|
|
claims.AddRange(user.Roles.Select(role => new Claim(ClaimTypes.Role, role.ToString())));
|
|
|
|
var identity = new ClaimsIdentity(claims, this.Scheme.Name);
|
|
var principal = new ClaimsPrincipal(identity);
|
|
currentUserContext.CurrentUser = new CurrentUser(
|
|
user.Id,
|
|
user.Username,
|
|
user.Roles.Contains(Role.SuperUser)
|
|
);
|
|
|
|
return AuthenticateResult.Success(new AuthenticationTicket(principal, this.Scheme.Name));
|
|
}
|
|
|
|
private async Task<UserInfo?> TryAuthenticateWithSession()
|
|
{
|
|
var sessionId = this.Context.GetSessionId();
|
|
|
|
if (sessionId is null)
|
|
{
|
|
Logger.LogDebug("{TraceId} SessionId was null ", this.Context.TraceIdentifier);
|
|
return null;
|
|
}
|
|
|
|
var session = await authService.GetSession(sessionId);
|
|
|
|
if (session is null)
|
|
{
|
|
Logger.LogDebug("{TraceId} Loaded session was null ", this.Context.TraceIdentifier);
|
|
return null;
|
|
}
|
|
|
|
if (session.IsExpired)
|
|
{
|
|
Logger.LogDebug("{TraceId} Loaded session was expired ", this.Context.TraceIdentifier);
|
|
await authService.DeleteSession(sessionId);
|
|
this.Context.DeleteSession();
|
|
return null;
|
|
}
|
|
|
|
var user = await authService.GetUserWithId(session.UserId);
|
|
|
|
if (user is null)
|
|
{
|
|
await authService.DeleteSession(sessionId);
|
|
this.Context.DeleteSession();
|
|
return null;
|
|
}
|
|
|
|
if (session.ExpiresSoon)
|
|
{
|
|
session = await authService.CreateWeakSession(session.UserId);
|
|
this.Context.SetSession(session, user);
|
|
}
|
|
|
|
return user;
|
|
}
|
|
|
|
private async Task<UserInfo?> TryAuthenticateWithRememberMeToken()
|
|
{
|
|
/*
|
|
* load remember me from token
|
|
* if it is null, return null
|
|
* if it exists, validate it
|
|
* if it is valid, create a new weak session, return the user
|
|
* if it is almost expired, refresh it
|
|
*/
|
|
|
|
var rememberMeToken = this.Context.GetRememberMeToken();
|
|
|
|
if (rememberMeToken is null)
|
|
return null;
|
|
|
|
var (user, newRememberMeToken) = await authService.GetUserWithRememberMeToken(
|
|
rememberMeToken
|
|
);
|
|
|
|
if (user is null)
|
|
return null;
|
|
|
|
var session = await authService.CreateWeakSession(user.Id);
|
|
|
|
this.Context.SetSession(session, user);
|
|
|
|
if (newRememberMeToken is not null)
|
|
this.Context.SetRememberMeToken(newRememberMeToken);
|
|
|
|
return user;
|
|
}
|
|
}
|