Moonlight-Panel/Moonlight
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improved token handling and used new validate auth request for oauth2

Browse Source
This commit is contained in:
Masu Baumgartner
2024-10-18 13:11:02 +02:00
parent 9d1351527d
commit 6be3b8338d
5 changed files with 76 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs
View File

@@ -17,13 +17,11 @@ public class OAuth2Controller : Controller
private readonly OAuth2Service OAuth2Service;
private readonly AuthService AuthService;
private readonly DatabaseRepository<User> UserRepository;
private readonly ConfigService<AppConfiguration> ConfigService;
public OAuth2Controller(OAuth2Service oAuth2Service, ConfigService<AppConfiguration> configService,
public OAuth2Controller(OAuth2Service oAuth2Service,
AuthService authService, DatabaseRepository<User> userRepository)
{
OAuth2Service = oAuth2Service;
ConfigService = configService;
AuthService = authService;
UserRepository = userRepository;
}
@@ -38,14 +36,8 @@ public class OAuth2Controller : Controller
if (responseType != "code")
throw new HttpApiException("Invalid response type", 400);
var config = ConfigService.Get();
// TODO: This call should be handled by the OAuth2Service
if (clientId != config.Authentication.ClientId)
throw new HttpApiException("Invalid client id", 400);
if (redirectUri != (config.Authentication.AuthorizationRedirect ?? $"{config.PublicUrl}/api/auth/handle"))
throw new HttpApiException("Invalid redirect uri", 400);
if (!await OAuth2Service.IsValidAuthorization(clientId, redirectUri))
throw new HttpApiException("Invalid authorization request", 400);
Response.StatusCode = 200;
await Response.WriteAsync(
@@ -76,14 +68,8 @@ public class OAuth2Controller : Controller
if (responseType != "code")
throw new HttpApiException("Invalid response type", 400);
var config = ConfigService.Get();
// TODO: This call should be handled by the OAuth2Service
if (clientId != config.Authentication.ClientId)
throw new HttpApiException("Invalid client id", 400);
if (redirectUri != (config.Authentication.AuthorizationRedirect ?? $"{config.PublicUrl}/api/auth/handle"))
throw new HttpApiException("Invalid redirect uri", 400);
if (!await OAuth2Service.IsValidAuthorization(clientId, redirectUri))
throw new HttpApiException("Invalid authorization request", 400);
var user = await AuthService.Login(email, password);

21
Moonlight.ApiServer/Http/Middleware/AuthenticationMiddleware.cs
View File

@@ -1,14 +1,4 @@
using System.Text.Json;
using MoonCore.Extended.Abstractions;
using MoonCore.Extended.Helpers;
using MoonCore.Extended.Models;
using MoonCore.Extended.OAuth2.ApiServer;
using MoonCore.Services;
using Moonlight.ApiServer.Configuration;
using Moonlight.ApiServer.Database.Entities;
using Moonlight.ApiServer.Helpers.Authentication;
namespace Moonlight.ApiServer.Http.Middleware;
namespace Moonlight.ApiServer.Http.Middleware;
public class AuthenticationMiddleware
{
@@ -23,10 +13,10 @@ public class AuthenticationMiddleware
public async Task InvokeAsync(HttpContext context)
{
await Authenticate(context);
//await Authenticate(context);
await Next(context);
}
/*
private async Task Authenticate(HttpContext context)
{
var request = context.Request;
@@ -105,7 +95,7 @@ public class AuthenticationMiddleware
// Save permission state
context.User = new PermClaimsPrinciple(permissions, user);
/*
/// IGNORE
string? token = null;
// Cookie for Moonlight.Client
@@ -140,7 +130,7 @@ public class AuthenticationMiddleware
if (token.Count(x => x == '.') == 2) // JWT only has two dots
await AuthenticateUser(context, token);
else
await AuthenticateApiKey(context, token);*/
await AuthenticateApiKey(context, token);
}
private async Task AuthenticateUser(HttpContext context, string jwt)
@@ -182,4 +172,5 @@ public class AuthenticationMiddleware
private async Task AuthenticateApiKey(HttpContext context, string apiKey)
{
}
*/
}