Moonlight-Panel/Moonlight
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Started adding api permission check

Browse Source
This commit is contained in:
Baumgartner Marcel
2024-06-05 16:20:24 +02:00
parent 77d24ed90f
commit 1cc32fa5c4
3 changed files with 69 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Moonlight/Core/Attributes/ApiPermissionAttribute.cs Normal file
View File

@@ -0,0 +1,11 @@
namespace Moonlight.Core.Attributes;
public class ApiPermissionAttribute : Attribute
{
public string Permission { get; set; }
public ApiPermissionAttribute(string permission)
{
Permission = permission;
}
}

3
Moonlight/Core/CoreFeature.cs
View File

@@ -22,6 +22,7 @@ using Moonlight.Core.Repositories;
using Moonlight.Core.Services; using Moonlight.Core.Services;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
using Moonlight.Core.Attributes; using Moonlight.Core.Attributes;
using Moonlight.Core.Http.Middleware;
using Moonlight.Core.Implementations.ApiDefinition; using Moonlight.Core.Implementations.ApiDefinition;
using Swashbuckle.AspNetCore.SwaggerGen; using Swashbuckle.AspNetCore.SwaggerGen;
@@ -252,6 +253,8 @@ public class CoreFeature : MoonlightFeature
// Api // Api
if (config.Development.EnableApiReference) if (config.Development.EnableApiReference)
app.MapSwagger("/api/core/reference/openapi/{documentName}"); app.MapSwagger("/api/core/reference/openapi/{documentName}");
app.UseMiddleware<ApiPermissionMiddleware>();
await pluginService.RegisterImplementation<IApiDefinition>(new InternalApiDefinition()); await pluginService.RegisterImplementation<IApiDefinition>(new InternalApiDefinition());
} }

55
Moonlight/Core/Http/Middleware/ApiPermissionMiddleware.cs Normal file
View File

@@ -0,0 +1,55 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Controllers;
using MoonCore.Helpers;
using Moonlight.Core.Attributes;
namespace Moonlight.Core.Http.Middleware;
public class ApiPermissionMiddleware
{
private RequestDelegate Next;
public ApiPermissionMiddleware(RequestDelegate next)
{
Next = next;
}
public async Task Invoke(HttpContext context)
{
if (CheckRequest(context))
await Next(context);
else
{
context.Response.StatusCode = 403;
await context.Response.WriteAsync("Permission denied");
}
}
private bool CheckRequest(HttpContext context)
{
var endpoint = context.GetEndpoint();
if (endpoint == null)
return true;
var metadata = endpoint
.Metadata
.GetMetadata<ControllerActionDescriptor>();
if (metadata == null)
return true;
if (metadata.ControllerTypeInfo.CustomAttributes
.All(x => x.AttributeType != typeof(ApiControllerAttribute)))
return true;
var permissionAttr =
metadata.ControllerTypeInfo.CustomAttributes.FirstOrDefault(x =>
x.AttributeType == typeof(ApiPermissionAttribute));
if (permissionAttr == null)
return true;
if(metadata.)
}
}