paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add Api scope

Browse Source
This commit is contained in:
Paul Schneider
2025-02-08 21:58:23 +00:00
parent 4d15d50e12
commit 442d8a4c39
2 changed files with 35 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Yavsc/ApiControllers/accounting/AccountController.cs
View File

@ -13,8 +13,7 @@ using System.Diagnostics;
namespace Yavsc.WebApi.Controllers
{
[Authorize(),Route("~/api/account")]
[Authorize("ApiScope"),Route("~/api/account")]
public class ApiAccountController : Controller
{
private UserManager<ApplicationUser> _userManager;
@ -44,7 +43,7 @@ namespace Yavsc.WebApi.Controllers
}
// POST api/Account/ChangePassword
[Authorize]
public async Task<IActionResult> ChangePassword(ChangePasswordBindingModel model)
{
if (!ModelState.IsValid)
@ -66,7 +65,7 @@ namespace Yavsc.WebApi.Controllers
}
// POST api/Account/SetPassword
[Authorize]
public async Task<IActionResult> SetPassword(SetPasswordBindingModel model)
{
if (!ModelState.IsValid)
@ -123,7 +122,7 @@ namespace Yavsc.WebApi.Controllers
base.Dispose(disposing);
}
[HttpGet("~/api/me"),Authorize]
[HttpGet("~/api/otherme")]
public async Task<IActionResult> Me ()
{
if (User==null)
@ -149,7 +148,7 @@ namespace Yavsc.WebApi.Controllers
return Ok(user);
}
[HttpGet("~/api/myhost"),Authorize]
[HttpGet("~/api/myhost")]
public IActionResult MyHost ()
{
return Ok(new { host = Request.ForHost() });
@ -160,7 +159,7 @@ namespace Yavsc.WebApi.Controllers
/// </summary>
/// <param name="me">MyUpdate containing the new user name </param>
/// <returns>Ok when all is ok.</returns>
[HttpPut("~/api/me"),Authorize]
[HttpPut("~/api/me")]
public async Task<IActionResult> UpdateMe(UserInfo me)
{
if (!ModelState.IsValid) return new BadRequestObjectResult(
@ -175,7 +174,7 @@ namespace Yavsc.WebApi.Controllers
/// Updates the avatar
/// </summary>
/// <returns></returns>
[HttpPost("~/api/setavatar"),Authorize]
[HttpPost("~/api/setavatar")]
public async Task<IActionResult> SetAvatar()
{
var root = User.InitPostToFileSystem(null);

30
src/Yavsc/Extensions/HostingExtensions.cs
View File

@ -172,6 +172,17 @@ internal static class HostingExtensions
services.AddDbContext<ApplicationDbContext>(options =>
options.UseNpgsql(builder.Configuration.GetConnectionString("Default")));
services
.AddAuthorization(options =>
{
options.AddPolicy("ApiScope", policy =>
{
policy
.RequireAuthenticatedUser()
.RequireClaim("scope", "api1");
});
});
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
@ -210,7 +221,14 @@ internal static class HostingExtensions
// TODO .AddServerSideSessionStore<YavscServerSideSessionStore>()
var authenticationBuilder = services.AddAuthentication();
var authenticationBuilder = services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
options.Authority = "https://localhost:5001";
options.TokenValidationParameters =
new() { ValidateAudience = false };
});
authenticationBuilder.AddGoogle(options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
@ -313,7 +331,12 @@ internal static class HostingExtensions
services.AddDataProtection().PersistKeysToFileSystem(dataDir);
services.AddAuthorization(options =>
{
options.AddPolicy("ApiScope", policy =>
{
policy
.RequireAuthenticatedUser()
.RequireClaim("scope", "scope2");
});
options.AddPolicy("AdministratorOnly", policy =>
{
_ = policy.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", Constants.AdminGroupName);
@ -351,6 +374,9 @@ internal static class HostingExtensions
app.UseRouting();
app.UseIdentityServer();
app.UseAuthorization();
app.MapGet("/api/me", (HttpContext context) =>
new JsonResult(context?.User?.Claims.Select(c => new { c.Type, c.Value }))
).RequireAuthorization("ApiScope");
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");