paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add Api scope

Browse Source
This commit is contained in:
Paul Schneider
2025-02-08 21:58:23 +00:00
parent 4d15d50e12
commit 442d8a4c39
2 changed files with 35 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Yavsc/ApiControllers/accounting/AccountController.cs
View File

@ -13,8 +13,7 @@ using System.Diagnostics;
namespace Yavsc.WebApi.Controllers namespace Yavsc.WebApi.Controllers
{ {
[Authorize("ApiScope"),Route("~/api/account")]
[Authorize(),Route("~/api/account")]
public class ApiAccountController : Controller public class ApiAccountController : Controller
{ {
private UserManager<ApplicationUser> _userManager; private UserManager<ApplicationUser> _userManager;
@ -44,7 +43,7 @@ namespace Yavsc.WebApi.Controllers
} }
// POST api/Account/ChangePassword // POST api/Account/ChangePassword
[Authorize]
public async Task<IActionResult> ChangePassword(ChangePasswordBindingModel model) public async Task<IActionResult> ChangePassword(ChangePasswordBindingModel model)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
@ -66,7 +65,7 @@ namespace Yavsc.WebApi.Controllers
} }
// POST api/Account/SetPassword // POST api/Account/SetPassword
[Authorize]
public async Task<IActionResult> SetPassword(SetPasswordBindingModel model) public async Task<IActionResult> SetPassword(SetPasswordBindingModel model)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
@ -123,7 +122,7 @@ namespace Yavsc.WebApi.Controllers
base.Dispose(disposing); base.Dispose(disposing);
} }
[HttpGet("~/api/me"),Authorize] [HttpGet("~/api/otherme")]
public async Task<IActionResult> Me () public async Task<IActionResult> Me ()
{ {
if (User==null) if (User==null)
@ -149,7 +148,7 @@ namespace Yavsc.WebApi.Controllers
return Ok(user); return Ok(user);
} }
[HttpGet("~/api/myhost"),Authorize] [HttpGet("~/api/myhost")]
public IActionResult MyHost () public IActionResult MyHost ()
{ {
return Ok(new { host = Request.ForHost() }); return Ok(new { host = Request.ForHost() });
@ -160,7 +159,7 @@ namespace Yavsc.WebApi.Controllers
/// </summary> /// </summary>
/// <param name="me">MyUpdate containing the new user name </param> /// <param name="me">MyUpdate containing the new user name </param>
/// <returns>Ok when all is ok.</returns> /// <returns>Ok when all is ok.</returns>
[HttpPut("~/api/me"),Authorize] [HttpPut("~/api/me")]
public async Task<IActionResult> UpdateMe(UserInfo me) public async Task<IActionResult> UpdateMe(UserInfo me)
{ {
if (!ModelState.IsValid) return new BadRequestObjectResult( if (!ModelState.IsValid) return new BadRequestObjectResult(
@ -175,7 +174,7 @@ namespace Yavsc.WebApi.Controllers
/// Updates the avatar /// Updates the avatar
/// </summary> /// </summary>
/// <returns></returns> /// <returns></returns>
[HttpPost("~/api/setavatar"),Authorize] [HttpPost("~/api/setavatar")]
public async Task<IActionResult> SetAvatar() public async Task<IActionResult> SetAvatar()
{ {
var root = User.InitPostToFileSystem(null); var root = User.InitPostToFileSystem(null);

30
src/Yavsc/Extensions/HostingExtensions.cs
View File

@ -172,6 +172,17 @@ internal static class HostingExtensions
services.AddDbContext<ApplicationDbContext>(options => services.AddDbContext<ApplicationDbContext>(options =>
options.UseNpgsql(builder.Configuration.GetConnectionString("Default"))); options.UseNpgsql(builder.Configuration.GetConnectionString("Default")));
services
.AddAuthorization(options =>
{
options.AddPolicy("ApiScope", policy =>
{
policy
.RequireAuthenticatedUser()
.RequireClaim("scope", "api1");
});
});
services.AddIdentity<ApplicationUser, IdentityRole>() services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>() .AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders(); .AddDefaultTokenProviders();
@ -210,7 +221,14 @@ internal static class HostingExtensions
// TODO .AddServerSideSessionStore<YavscServerSideSessionStore>() // TODO .AddServerSideSessionStore<YavscServerSideSessionStore>()
var authenticationBuilder = services.AddAuthentication(); var authenticationBuilder = services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
options.Authority = "https://localhost:5001";
options.TokenValidationParameters =
new() { ValidateAudience = false };
});
authenticationBuilder.AddGoogle(options => authenticationBuilder.AddGoogle(options =>
{ {
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
@ -313,7 +331,12 @@ internal static class HostingExtensions
services.AddDataProtection().PersistKeysToFileSystem(dataDir); services.AddDataProtection().PersistKeysToFileSystem(dataDir);
services.AddAuthorization(options => services.AddAuthorization(options =>
{ {
options.AddPolicy("ApiScope", policy =>
{
policy
.RequireAuthenticatedUser()
.RequireClaim("scope", "scope2");
});
options.AddPolicy("AdministratorOnly", policy => options.AddPolicy("AdministratorOnly", policy =>
{ {
_ = policy.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", Constants.AdminGroupName); _ = policy.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", Constants.AdminGroupName);
@ -351,6 +374,9 @@ internal static class HostingExtensions
app.UseRouting(); app.UseRouting();
app.UseIdentityServer(); app.UseIdentityServer();
app.UseAuthorization(); app.UseAuthorization();
app.MapGet("/api/me", (HttpContext context) =>
new JsonResult(context?.User?.Claims.Select(c => new { c.Type, c.Value }))
).RequireAuthorization("ApiScope");
app.MapControllerRoute( app.MapControllerRoute(
name: "default", name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}"); pattern: "{controller=Home}/{action=Index}/{id?}");