Initial
This commit is contained in:
Zurazan
@@ -0,0 +1,89 @@
|
||||
using LightlessSync.API.Routes;
|
||||
using LightlessSyncAuthService.Services;
|
||||
using LightlessSyncShared;
|
||||
using LightlessSyncShared.Data;
|
||||
using LightlessSyncShared.Services;
|
||||
using LightlessSyncShared.Utils;
|
||||
using LightlessSyncShared.Utils.Configuration;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using StackExchange.Redis;
|
||||
|
||||
namespace LightlessSyncAuthService.Controllers;
|
||||
|
||||
[Route(LightlessAuth.Auth)]
|
||||
public class JwtController : AuthControllerBase
|
||||
{
|
||||
public JwtController(ILogger<JwtController> logger,
|
||||
IHttpContextAccessor accessor, IDbContextFactory<LightlessDbContext> lightlessDbContextFactory,
|
||||
SecretKeyAuthenticatorService secretKeyAuthenticatorService,
|
||||
IConfigurationService<AuthServiceConfiguration> configuration,
|
||||
IDatabase redisDb, GeoIPService geoIPProvider)
|
||||
: base(logger, accessor, lightlessDbContextFactory, secretKeyAuthenticatorService,
|
||||
configuration, redisDb, geoIPProvider)
|
||||
{
|
||||
}
|
||||
|
||||
[AllowAnonymous]
|
||||
[HttpPost(LightlessAuth.Auth_CreateIdent)]
|
||||
public async Task<IActionResult> CreateToken(string auth, string charaIdent)
|
||||
{
|
||||
using var dbContext = await LightlessDbContextFactory.CreateDbContextAsync();
|
||||
return await AuthenticateInternal(dbContext, auth, charaIdent).ConfigureAwait(false);
|
||||
}
|
||||
|
||||
[Authorize(Policy = "Authenticated")]
|
||||
[HttpGet(LightlessAuth.Auth_RenewToken)]
|
||||
public async Task<IActionResult> RenewToken()
|
||||
{
|
||||
using var dbContext = await LightlessDbContextFactory.CreateDbContextAsync();
|
||||
try
|
||||
{
|
||||
var uid = HttpContext.User.Claims.Single(p => string.Equals(p.Type, LightlessClaimTypes.Uid, StringComparison.Ordinal))!.Value;
|
||||
var ident = HttpContext.User.Claims.Single(p => string.Equals(p.Type, LightlessClaimTypes.CharaIdent, StringComparison.Ordinal))!.Value;
|
||||
var alias = HttpContext.User.Claims.SingleOrDefault(p => string.Equals(p.Type, LightlessClaimTypes.Alias))?.Value ?? string.Empty;
|
||||
|
||||
if (await dbContext.Auth.Where(u => u.UserUID == uid || u.PrimaryUserUID == uid).AnyAsync(a => a.MarkForBan))
|
||||
{
|
||||
var userAuth = await dbContext.Auth.SingleAsync(u => u.UserUID == uid);
|
||||
await EnsureBan(uid, userAuth.PrimaryUserUID, ident);
|
||||
|
||||
return Unauthorized("Your Lightless account is banned.");
|
||||
}
|
||||
|
||||
if (await IsIdentBanned(dbContext, ident))
|
||||
{
|
||||
return Unauthorized("Your XIV service account is banned from using the service.");
|
||||
}
|
||||
|
||||
Logger.LogInformation("RenewToken:SUCCESS:{id}:{ident}", uid, ident);
|
||||
return await CreateJwtFromId(uid, ident, alias);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
Logger.LogError(ex, "RenewToken:FAILURE");
|
||||
return Unauthorized("Unknown error while renewing authentication token");
|
||||
}
|
||||
}
|
||||
|
||||
protected async Task<IActionResult> AuthenticateInternal(LightlessDbContext dbContext, string auth, string charaIdent)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (string.IsNullOrEmpty(auth)) return BadRequest("No Authkey");
|
||||
if (string.IsNullOrEmpty(charaIdent)) return BadRequest("No CharaIdent");
|
||||
|
||||
var ip = HttpAccessor.GetIpAddress();
|
||||
|
||||
var authResult = await SecretKeyAuthenticatorService.AuthorizeAsync(ip, auth);
|
||||
|
||||
return await GenericAuthResponse(dbContext, charaIdent, authResult);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
Logger.LogWarning(ex, "Authenticate:UNKNOWN");
|
||||
return Unauthorized("Unknown internal server error during authentication");
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user