Implemented basic ui for server sharing. Extracted server authorization. Refactoring and small improvements
This commit is contained in:
@@ -1,103 +1,38 @@
|
||||
using System.Security.Claims;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using MoonCore.Attributes;
|
||||
using MoonCore.Extended.Abstractions;
|
||||
using MoonlightServers.ApiServer.Database.Entities;
|
||||
using MoonlightServers.ApiServer.Interfaces;
|
||||
using MoonlightServers.ApiServer.Models;
|
||||
using MoonlightServers.Shared.Enums;
|
||||
using MoonlightServers.Shared.Models;
|
||||
|
||||
namespace MoonlightServers.ApiServer.Services;
|
||||
|
||||
[Scoped]
|
||||
public class ServerAuthorizeService
|
||||
{
|
||||
private readonly IAuthorizationService AuthorizationService;
|
||||
private readonly DatabaseRepository<ServerShare> ShareRepository;
|
||||
private readonly IEnumerable<IServerAuthorizationFilter> AuthorizationFilters;
|
||||
|
||||
public ServerAuthorizeService(
|
||||
IAuthorizationService authorizationService,
|
||||
DatabaseRepository<ServerShare> shareRepository
|
||||
IEnumerable<IServerAuthorizationFilter> authorizationFilters
|
||||
)
|
||||
{
|
||||
AuthorizationService = authorizationService;
|
||||
ShareRepository = shareRepository;
|
||||
AuthorizationFilters = authorizationFilters;
|
||||
}
|
||||
|
||||
public async Task<AuthorizationResult> Authorize(ClaimsPrincipal user, Server server, Func<ServerSharePermission, bool>? filter = null)
|
||||
public async Task<ServerAuthorizationResult> Authorize(
|
||||
ClaimsPrincipal user,
|
||||
Server server,
|
||||
Func<ServerSharePermission, bool>? filter = null
|
||||
)
|
||||
{
|
||||
var userIdClaim = user.FindFirst("userId");
|
||||
|
||||
// User specific authorization
|
||||
if (userIdClaim != null)
|
||||
foreach (var authorizationFilter in AuthorizationFilters)
|
||||
{
|
||||
var result = await AuthorizeViaUser(userIdClaim, server, filter);
|
||||
var result = await authorizationFilter.Process(user, server, filter);
|
||||
|
||||
if (result.Succeeded)
|
||||
if (result != null)
|
||||
return result;
|
||||
}
|
||||
|
||||
// Permission specific authorization
|
||||
return await AuthorizeViaPermission(user);
|
||||
}
|
||||
|
||||
private async Task<AuthorizationResult> AuthorizeViaUser(Claim userIdClaim, Server server, Func<ServerSharePermission, bool>? filter = null)
|
||||
{
|
||||
var userId = int.Parse(userIdClaim.Value);
|
||||
|
||||
if (server.OwnerId == userId)
|
||||
return AuthorizationResult.Success();
|
||||
|
||||
var possibleShare = await ShareRepository
|
||||
.Get()
|
||||
.FirstOrDefaultAsync(x => x.Server.Id == server.Id && x.UserId == userId);
|
||||
|
||||
if (possibleShare == null)
|
||||
return AuthorizationResult.Failed();
|
||||
|
||||
// If no filter has been specified every server share is valid
|
||||
// no matter which permission the share actually has
|
||||
if (filter == null)
|
||||
return AuthorizationResult.Success();
|
||||
|
||||
if(possibleShare.Content.Permissions.Any(filter))
|
||||
return AuthorizationResult.Success();
|
||||
|
||||
return AuthorizationResult.Failed();
|
||||
}
|
||||
|
||||
private async Task<AuthorizationResult> AuthorizeViaPermission(ClaimsPrincipal user)
|
||||
{
|
||||
return await AuthorizationService.AuthorizeAsync(
|
||||
user,
|
||||
"permissions:admin.servers.get"
|
||||
);
|
||||
}
|
||||
|
||||
private ServerSharePermission[] ParsePermissions(string permissionsString)
|
||||
{
|
||||
var result = new List<ServerSharePermission>();
|
||||
|
||||
var permissions = permissionsString.Split(';', StringSplitOptions.RemoveEmptyEntries);
|
||||
|
||||
foreach (var permission in permissions)
|
||||
{
|
||||
var permissionParts = permission.Split(':', StringSplitOptions.RemoveEmptyEntries);
|
||||
|
||||
// Skipped malformed permission parts
|
||||
if(permissionParts.Length != 2)
|
||||
continue;
|
||||
|
||||
if(!Enum.TryParse(permissionParts[1], true, out ServerPermissionType permissionType))
|
||||
continue;
|
||||
|
||||
result.Add(new()
|
||||
{
|
||||
Name = permissionParts[0],
|
||||
Type = permissionType
|
||||
});
|
||||
}
|
||||
|
||||
return result.ToArray();
|
||||
return ServerAuthorizationResult.Failed();
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,3 @@
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using MoonCore.Attributes;
|
||||
using MoonCore.Extended.Abstractions;
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using System.Text.Json;
|
||||
using System.Text.Json.Nodes;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using MoonCore.Attributes;
|
||||
using MoonCore.Exceptions;
|
||||
|
||||
Reference in New Issue
Block a user