Moonlight-Panel/Moonlight
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement disabling of local oauth2 controller

Browse Source
This commit is contained in:
ChiaraBm
2025-04-15 13:08:28 +02:00
parent 7defc9a6a9
commit 65ea5985d3
1 changed files with 29 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs
View File

@@ -43,6 +43,9 @@ public class OAuth2Controller : Controller
[FromQuery(Name = "view")] string view = "login" [FromQuery(Name = "view")] string view = "login"
) )
{ {
if (!Configuration.Authentication.EnableLocalOAuth2)
throw new HttpApiException("Local OAuth2 has been disabled", 403);
if (Configuration.Authentication.OAuth2.ClientId != clientId || if (Configuration.Authentication.OAuth2.ClientId != clientId ||
redirectUri != ExpectedRedirectUri || redirectUri != ExpectedRedirectUri ||
responseType != "code") responseType != "code")
@@ -88,6 +91,9 @@ public class OAuth2Controller : Controller
[FromQuery(Name = "view")] string view = "login" [FromQuery(Name = "view")] string view = "login"
) )
{ {
if (!Configuration.Authentication.EnableLocalOAuth2)
throw new HttpApiException("Local OAuth2 has been disabled", 403);
if (Configuration.Authentication.OAuth2.ClientId != clientId || if (Configuration.Authentication.OAuth2.ClientId != clientId ||
redirectUri != ExpectedRedirectUri || redirectUri != ExpectedRedirectUri ||
responseType != "code") responseType != "code")
@@ -161,23 +167,26 @@ public class OAuth2Controller : Controller
[FromForm(Name = "client_id")] string clientId [FromForm(Name = "client_id")] string clientId
) )
{ {
if (!Configuration.Authentication.EnableLocalOAuth2)
throw new HttpApiException("Local OAuth2 has been disabled", 403);
// Check header // Check header
if(!Request.Headers.ContainsKey("Authorization")) if (!Request.Headers.ContainsKey("Authorization"))
throw new HttpApiException("You are missing the Authorization header", 400); throw new HttpApiException("You are missing the Authorization header", 400);
var authorizationHeaderValue = Request.Headers["Authorization"].FirstOrDefault() ?? ""; var authorizationHeaderValue = Request.Headers["Authorization"].FirstOrDefault() ?? "";
if(authorizationHeaderValue != $"Basic {Configuration.Authentication.OAuth2.ClientSecret}") if (authorizationHeaderValue != $"Basic {Configuration.Authentication.OAuth2.ClientSecret}")
throw new HttpApiException("Invalid Authorization header value", 400); throw new HttpApiException("Invalid Authorization header value", 400);
// Check form // Check form
if(grantType != "authorization_code") if (grantType != "authorization_code")
throw new HttpApiException("Invalid grant type provided", 400); throw new HttpApiException("Invalid grant type provided", 400);
if(clientId != Configuration.Authentication.OAuth2.ClientId) if (clientId != Configuration.Authentication.OAuth2.ClientId)
throw new HttpApiException("Invalid client id provided", 400); throw new HttpApiException("Invalid client id provided", 400);
if(redirectUri != ExpectedRedirectUri) if (redirectUri != ExpectedRedirectUri)
throw new HttpApiException("Invalid redirect uri provided", 400); throw new HttpApiException("Invalid redirect uri provided", 400);
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
@@ -211,7 +220,7 @@ public class OAuth2Controller : Controller
if (userIdClaim == null) if (userIdClaim == null)
throw new HttpApiException("Malformed code provided", 400); throw new HttpApiException("Malformed code provided", 400);
if(!int.TryParse(userIdClaim.Value, out var userId)) if (!int.TryParse(userIdClaim.Value, out var userId))
throw new HttpApiException("Malformed code provided", 400); throw new HttpApiException("Malformed code provided", 400);
var user = UserRepository var user = UserRepository
@@ -227,7 +236,7 @@ public class OAuth2Controller : Controller
}; };
} }
private async Task<string> GenerateCode(User user) private Task<string> GenerateCode(User user)
{ {
var securityTokenDescriptor = new SecurityTokenDescriptor() var securityTokenDescriptor = new SecurityTokenDescriptor()
{ {
@@ -252,7 +261,9 @@ public class OAuth2Controller : Controller
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
var securityToken = jwtSecurityTokenHandler.CreateToken(securityTokenDescriptor); var securityToken = jwtSecurityTokenHandler.CreateToken(securityTokenDescriptor);
return jwtSecurityTokenHandler.WriteToken(securityToken); return Task.FromResult(
jwtSecurityTokenHandler.WriteToken(securityToken)
);
} }
private async Task<User> Register(string username, string email, string password) private async Task<User> Register(string username, string email, string password)
@@ -270,9 +281,7 @@ public class OAuth2Controller : Controller
Password = HashHelper.Hash(password) Password = HashHelper.Hash(password)
}; };
var finalUser = await UserRepository.Add(user); return await UserRepository.Add(user);
return finalUser;
} }
private async Task<User> Login(string email, string password) private async Task<User> Login(string email, string password)