-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTokenAuthHandler.cs
105 lines (89 loc) · 3.33 KB
/
TokenAuthHandler.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
using System.Security.Claims;
using System.Text.Encodings.Web;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Server.Kestrel.Core;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
using Microsoft.Net.Http.Headers;
using XeonPwm.Api.Contexts;
using XeonPwm.Api.Models.Db;
using XeonPwm.Api.Services;
namespace XeonPwm.Api.Auth;
public class TokenAuthHandler : AuthenticationHandler<TokenAuthSchemeOptions>
{
private readonly XeonPwmContext _context;
private readonly ITokenCache _tokenCache;
public TokenAuthHandler(IOptionsMonitor<TokenAuthSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder,
XeonPwmContext context, ITokenCache tokenCache)
: base(options, logger, encoder)
{
_context = context;
_tokenCache = tokenCache;
}
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
var isHubAuth = Request.Path.StartsWithSegments("/hubs/pwm");
var isHubNegotation = Request.Path.StartsWithSegments("/hubs/pwm/negotiate");
Logger.LogDebug("Is hub: {IsHub}", isHubAuth);
Logger.LogDebug("URL: {Url}", Request.Path.ToString());
string receivedToken;
if (isHubAuth && !isHubNegotation)
{
if (string.IsNullOrEmpty(Request.Query["access_token"]))
{
return AuthenticateResult.NoResult();
}
receivedToken = "Bearer " + Request.Query["access_token"];
}
else
{
if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out var headerStrValues))
{
return AuthenticateResult.NoResult();
}
receivedToken = headerStrValues.ToString();
}
var split = receivedToken.Split(' ');
if (split.Length < 2)
{
return AuthenticateResult.Fail("Invalid token format");
}
receivedToken = split[1];
var token = await _tokenCache.CheckIfValidAsync(receivedToken, isHubAuth);
if (token == null)
{
token = await _context.Tokens
.Include(t => t.User)
.FirstOrDefaultAsync(t => t.Token == receivedToken);
if (token == null)
{
return AuthenticateResult.Fail("Invalid token");
}
if (token.ExpirationDate < DateTime.UtcNow)
{
_context.Tokens.Remove(token);
await _context.SaveChangesAsync();
return AuthenticateResult.Fail("Token expired");
}
}
else
{
Logger.LogDebug("Cache hit for token");
}
if (isHubAuth && !isHubNegotation)
{
Logger.LogDebug("INVALIDATING");
await _tokenCache.InvalidateTokenAsync(receivedToken);
}
var claims = new Claim[]
{
new(ClaimTypes.Name, token.User.Username),
new(ClaimTypes.NameIdentifier, token.UserId.ToString()),
new("Token", token.Token)
};
var identity = new ClaimsIdentity(claims, "Token");
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return AuthenticateResult.Success(ticket);
}
}