nugroho/agper-perubahan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor helpers usage into extensions usage; /me endpoint

Browse Source
This commit is contained in:
nugroho 2025-05-17 03:55:56 +07:00
parent c84da9336a
commit 3d9ef0de95
1 changed files with 57 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
Auth.cs
View File

@ -30,40 +30,44 @@ public static class Auth
internal static void Handle(IApplicationBuilder App)
{
App
.Map("/logout", logout =>{
logout.Run(async runner=>{
.Map("/logout", logout =>
{
logout.Run(async runner =>
{
if (!HttpMethods.IsGet(runner.Request.Method) || runner.Request.HasJsonContentType() || runner.Request.HasFormContentType)
{
await WriteJsonResponse(runner,StatusCodes.Status400BadRequest,"Improper request to log out.");
await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "Improper request to log out.");
return;
}
runner.Response.Cookies.Append("session", "", Delete);
if (runner.Items.ContainsKey("AuthorizedUser"))
{
await WriteJsonResponse(runner,StatusCodes.Status200OK,"Log out successful. Authorisation token deleted.");
await runner.WriteJsonResponse(StatusCodes.Status200OK, "Log out successful. Authorisation token deleted.");
}
else
{
await WriteJsonResponse(runner,StatusCodes.Status200OK,"No user to log out. Authorisation token does not exists.");
await runner.WriteJsonResponse(StatusCodes.Status200OK, "No user to log out. Authorisation token does not exists.");
}
});
})
.Map("/login", login =>{
login.Run(async runner=>{
.Map("/login", login =>
{
login.Run(async runner =>
{
if (runner.Items.ContainsKey("AuthorizedUser"))
{
await WriteJsonResponse(runner,StatusCodes.Status409Conflict,"Log in not allowed when an authorized user is already logged in.");
await runner.WriteJsonResponse(StatusCodes.Status409Conflict, "Log in not allowed when an authorized user is already logged in.");
}
else if (runner.Request.ContentType != "application/json")
{
await WriteJsonResponse(runner,StatusCodes.Status400BadRequest,"Request Content-Type mismatch.");
await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "Request Content-Type mismatch.");
}
else
{
LoginUser LoginInfo = (await runner.Request.ReadFromJsonAsync(SGContext.Default.LoginUser))!;
if (LoginInfo.Username is null || LoginInfo.Password is null)
{
await WriteJsonResponse(runner,StatusCodes.Status401Unauthorized,"No valid user information provided.");
await runner.WriteJsonResponse(StatusCodes.Status401Unauthorized, "No valid user information provided.");
return;
}
string SHA256Pass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(LoginInfo.Password)));
@ -73,40 +77,61 @@ public static class Auth
string LoggedInBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonSerializer.Serialize(LoggedIn, SGContext.Default.SafeUser)));
string Signature = Convert.ToBase64String(SHA256.HashData(Encoding.UTF8.GetBytes(LoggedInBase64 + SecretKey)));
runner.Response.Cookies.Append("session", $"{LoggedInBase64}.{Signature}", HttpOnly);
await WriteJsonResponse(runner,StatusCodes.Status200OK,"User authorised. Authorisation token created.",LoggedIn);
await runner.WriteJsonResponse(StatusCodes.Status200OK, "User authorised. Authorisation token created.", LoggedIn);
}
else
{
await WriteJsonResponse(runner,StatusCodes.Status401Unauthorized,"Provided user information cannot be authorized");
await runner.WriteJsonResponse(StatusCodes.Status401Unauthorized, "Provided user information cannot be authorized");
}
}
});
})
.Map("/gate", auth =>{
auth.Run(async runner=>{
.Map("/gate", auth =>
{
auth.Run(async runner =>
{
if (runner.Request.ContentType != "application/json")
{
await WriteJsonResponse(runner,StatusCodes.Status400BadRequest,"Request Content-Type mismatch.");
await runner.WriteJsonResponse(StatusCodes.Status400BadRequest, "Request Content-Type mismatch.");
}
else
{
LoginUser LoginInfo = (await runner.Request.ReadFromJsonAsync(SGContext.Default.LoginUser))!;
if (LoginInfo.Username is null || LoginInfo.Password is null)
{
await WriteJsonResponse(runner,StatusCodes.Status401Unauthorized,"No valid user information provided.");
await runner.WriteJsonResponse(StatusCodes.Status401Unauthorized, "No valid user information provided.");
return;
}
string SHA256Pass = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(LoginInfo.Password)));
if (UserAccounts.TryGetValue(LoginInfo.Username, out User? FoundUser) && FoundUser.Password.Equals(SHA256Pass, StringComparison.InvariantCultureIgnoreCase) && FoundUser.Active)
{
await WriteJsonResponse(runner,StatusCodes.Status200OK,"User authorised. Operation may continue.",SafeUser.FromUser(FoundUser));
await runner.WriteJsonResponse(StatusCodes.Status200OK, "User authorised. Operation may continue.", SafeUser.FromUser(FoundUser));
}
else
{
await WriteJsonResponse(runner,StatusCodes.Status401Unauthorized,"Provided user information cannot be authorized");
await runner.WriteJsonResponse(StatusCodes.Status401Unauthorized, "Provided user information cannot be authorized");
}
}
});
})
.Map("/me", me =>
{
me.Run(async runner =>
{
if (TryGetUser(runner, out SafeUser user))
{
await runner.WriteJsonResponse(StatusCodes.Status200OK, "Success.", user);
}
else
{
await runner.WriteJsonResponse(StatusCodes.Status401Unauthorized, "No user session token is included with the request.");
}
});
})
.Run(async runner=>
{
await runner.WriteJsonResponse(StatusCodes.Status404NotFound);
})
;
}
}