Refactored project to module structure

2026-03-12 22:50:15 +01:00
parent 93de9c5d00
commit 1257e8b950
219 changed files with 1231 additions and 1259 deletions
--- a/Moonlight.Api/Admin/Sys/ApiKeys/Scheme/ApiKeySchemeHandler.cs
+++ b/Moonlight.Api/Admin/Sys/ApiKeys/Scheme/ApiKeySchemeHandler.cs
@@ -0,0 +1,78 @@
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Caching.Hybrid;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Moonlight.Api.Infrastructure.Database;
+using Moonlight.Api.Infrastructure.Database.Entities;
+using Moonlight.Shared;
+
+namespace Moonlight.Api.Admin.Sys.ApiKeys.Scheme;
+
+public class ApiKeySchemeHandler : AuthenticationHandler<ApiKeySchemeOptions>
+{
+    public const string CacheKeyFormat = $"Moonlight.Api.{nameof(ApiKeySchemeHandler)}.{{0}}";
+    private readonly DatabaseRepository<ApiKey> ApiKeyRepository;
+    private readonly HybridCache HybridCache;
+
+    public ApiKeySchemeHandler(
+        IOptionsMonitor<ApiKeySchemeOptions> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder,
+        DatabaseRepository<ApiKey> apiKeyRepository,
+        HybridCache hybridCache
+    ) : base(options, logger, encoder)
+    {
+        ApiKeyRepository = apiKeyRepository;
+        HybridCache = hybridCache;
+    }
+
+    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+    {
+        var authHeaderValue = Request.Headers.Authorization.FirstOrDefault() ?? null;
+
+        if (string.IsNullOrWhiteSpace(authHeaderValue))
+            return AuthenticateResult.NoResult();
+
+        if (authHeaderValue.Length > 32)
+            return AuthenticateResult.Fail("Invalid api key specified");
+
+        var cacheKey = string.Format(CacheKeyFormat, authHeaderValue);
+
+        var apiKey = await HybridCache.GetOrCreateAsync<ApiKeySession?>(
+            cacheKey,
+            async ct =>
+            {
+                return await ApiKeyRepository
+                    .Query()
+                    .Where(x => x.Key == authHeaderValue)
+                    .Select(x => new ApiKeySession(x.Permissions, x.ValidUntil))
+                    .FirstOrDefaultAsync(ct);
+            },
+            new HybridCacheEntryOptions
+            {
+                LocalCacheExpiration = Options.LookupL1CacheTime,
+                Expiration = Options.LookupL2CacheTime
+            }
+        );
+
+        if (apiKey == null)
+            return AuthenticateResult.Fail("Invalid api key specified");
+
+        if (DateTimeOffset.UtcNow > apiKey.ValidUntil)
+            return AuthenticateResult.Fail("Api key expired");
+
+        return AuthenticateResult.Success(new AuthenticationTicket(
+            new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    apiKey.Permissions.Select(x => new Claim(Permissions.ClaimType, x)).ToArray()
+                )
+            ),
+            Scheme.Name
+        ));
+    }
+
+    private record ApiKeySession(string[] Permissions, DateTimeOffset ValidUntil);
+}