Started implementing oauth2 based on MoonCore helper services

Its more or less a test how well the helper services improve the implementation. I havent implemented anything fancy here atm. Just testing the oauth2 flow
2024-10-18 00:03:20 +02:00
parent 13daa3cbac
commit 9d1351527d
13 changed files with 513 additions and 178 deletions
--- a/Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs
+++ b/Moonlight.ApiServer/Http/Controllers/OAuth2/OAuth2Controller.cs
@@ -0,0 +1,133 @@
+using Microsoft.AspNetCore.Mvc;
+using MoonCore.Exceptions;
+using MoonCore.Extended.Abstractions;
+using MoonCore.Extended.OAuth2.AuthServer;
+using MoonCore.Extended.OAuth2.Models;
+using MoonCore.Services;
+using Moonlight.ApiServer.Configuration;
+using Moonlight.ApiServer.Database.Entities;
+using Moonlight.ApiServer.Services;
+
+namespace Moonlight.ApiServer.Http.Controllers.OAuth2;
+
+[ApiController]
+[Route("oauth2")]
+public class OAuth2Controller : Controller
+{
+    private readonly OAuth2Service OAuth2Service;
+    private readonly AuthService AuthService;
+    private readonly DatabaseRepository<User> UserRepository;
+    private readonly ConfigService<AppConfiguration> ConfigService;
+
+    public OAuth2Controller(OAuth2Service oAuth2Service, ConfigService<AppConfiguration> configService,
+        AuthService authService, DatabaseRepository<User> userRepository)
+    {
+        OAuth2Service = oAuth2Service;
+        ConfigService = configService;
+        AuthService = authService;
+        UserRepository = userRepository;
+    }
+
+    [HttpGet("authorize")]
+    public async Task Authorize(
+        [FromQuery(Name = "response_type")] string responseType,
+        [FromQuery(Name = "client_id")] string clientId,
+        [FromQuery(Name = "redirect_uri")] string redirectUri
+    )
+    {
+        if (responseType != "code")
+            throw new HttpApiException("Invalid response type", 400);
+
+        var config = ConfigService.Get();
+
+        // TODO: This call should be handled by the OAuth2Service
+        if (clientId != config.Authentication.ClientId)
+            throw new HttpApiException("Invalid client id", 400);
+
+        if (redirectUri != (config.Authentication.AuthorizationRedirect ?? $"{config.PublicUrl}/api/auth/handle"))
+            throw new HttpApiException("Invalid redirect uri", 400);
+
+        Response.StatusCode = 200;
+        await Response.WriteAsync(
+            "<h1>Login lol</h1><br />" +
+            "<br />" +
+            "<br />" +
+            "<form method=\"post\">" +
+            "<label for=\"email\">Email:</label>" +
+            "<input type=\"email\" id=\"email\" name=\"email\"><br>" +
+            "<br>" +
+            "<label for=\"password\">Password:</label>" +
+            "<input type=\"password\" id=\"password\" name=\"password\"><br>" +
+            "<br>" +
+            "<input type=\"submit\" value=\"Submit\">" +
+            "</form>"
+        );
+    }
+
+    [HttpPost("authorize")]
+    public async Task AuthorizePost(
+        [FromQuery(Name = "response_type")] string responseType,
+        [FromQuery(Name = "client_id")] string clientId,
+        [FromQuery(Name = "redirect_uri")] string redirectUri,
+        [FromForm(Name = "email")] string email,
+        [FromForm(Name = "password")] string password
+    )
+    {
+        if (responseType != "code")
+            throw new HttpApiException("Invalid response type", 400);
+
+        var config = ConfigService.Get();
+
+        // TODO: This call should be handled by the OAuth2Service
+        if (clientId != config.Authentication.ClientId)
+            throw new HttpApiException("Invalid client id", 400);
+
+        if (redirectUri != (config.Authentication.AuthorizationRedirect ?? $"{config.PublicUrl}/api/auth/handle"))
+            throw new HttpApiException("Invalid redirect uri", 400);
+
+        var user = await AuthService.Login(email, password);
+
+        var code = await OAuth2Service.GenerateCode(data => { data.Add("userId", user.Id.ToString()); });
+
+        var redirectUrl = redirectUri +
+                          $"?code={code}";
+
+        Response.Redirect(redirectUrl);
+    }
+
+    [HttpPost("access")]
+    public async Task<AccessData> Access(
+        [FromForm(Name = "client_id")] string clientId,
+        [FromForm(Name = "client_secret")] string clientSecret,
+        [FromForm(Name = "redirect_uri")] string redirectUri,
+        [FromForm(Name = "grant_type")] string grantType,
+        [FromForm(Name = "code")] string code
+        )
+    {
+        if (grantType != "authorization_code")
+            throw new HttpApiException("Invalid grant type", 400);
+
+        User? user = null;
+
+        var access = await OAuth2Service.ValidateAccess(clientId, clientSecret, redirectUri, code, data =>
+        {
+            if (!data.TryGetValue("userId", out var userIdStr))
+                return false;
+
+            if (!int.TryParse(userIdStr, out var userId))
+                return false;
+
+            user = UserRepository.Get().FirstOrDefault(x => x.Id == userId);
+
+            return user != null;
+        }, data =>
+        {
+            data.Add("userId", user!.Id.ToString());
+        });
+
+        if (access == null)
+            throw new HttpApiException("Unable to validate access", 400);
+
+        return access;
+    }
+}