Added permission checks to all controllers. Added role permission loading. Added frontend permission checks. Implemented user logout in admin panel.

Moonlight.Api/Services/UserAuthService.cs

@@ -6,6 +6,7 @@ using Microsoft.Extensions.Options;
 using Moonlight.Api.Configuration;
 using Moonlight.Api.Database;
 using Moonlight.Api.Database.Entities;
+using Moonlight.Shared;
 
 namespace Moonlight.Api.Services;
 
@@ -18,6 +19,8 @@ public class UserAuthService
 
     private const string UserIdClaim = "UserId";
     private const string IssuedAtClaim = "IssuedAt";
+    
+    public const string ValidationCacheKeyPattern = $"Moonlight.{nameof(UserAuthService)}.{nameof(ValidateAsync)}-{{0}}";
 
     public UserAuthService(
         DatabaseRepository<User> userRepository,
@@ -93,7 +96,10 @@ public class UserAuthService
                 .Query()
                 .AsNoTracking()
                 .Where(u => u.Id == userId)
-                .Select(u => new UserSession(u.InvalidateTimestamp))
+                .Select(u => new UserSession(
+                    u.InvalidateTimestamp,
+                    u.RoleMemberships.SelectMany(x => x.Role.Permissions).ToArray())
+                )
                 .FirstOrDefaultAsync();
 
             if (user == null)
@@ -122,10 +128,17 @@ public class UserAuthService
         // everything is fine. If not, it means that the token should be invalidated
         // as it is too old
 
-        return issuedAt > user.InvalidateTimestamp;
+        if (issuedAt < user.InvalidateTimestamp)
+            return false;
+
+        principal.Identities.First().AddClaims(
+            user.Permissions.Select(x => new Claim(Permissions.ClaimType, x))
+        );
+
+        return true;
     }
 
     // A small model which contains data queried per session validation after the defined cache time.
     // Used for projection
-    private record UserSession(DateTimeOffset InvalidateTimestamp);
+    private record UserSession(DateTimeOffset InvalidateTimestamp, string[] Permissions);
 }